Rashan 0 Posted ... I've been assisting a friend in getting set up with AirVPN. He's currently at a university out of the US and needs a VPN primarily for accessing US restricted content. Unfortunately, his university network effectively blocks everything, PPTP won't connect on other VPN providers, and AirVPN is unable to complete TLS handshakes on any port available. I did manage to get him up and running with AirVPN running over SSH, however, the performance is leaving a great deal to be desired: maybe 8-10 kilobytes/second. I spoke with a friend of mine who is a networking professional, and he recommended a possible solution. Basically, disable the encryption on the VPN tunnel, and instead rely on the encryption in SSH to protect the session. Given the architecture of AirVPN, will the servers allow unencrypted VPN tunnels? And is this a secure or practical thing to do? Thanks. Quote Share this post Link to post
Staff 10014 Posted ... Hello! Unfortunately at the moment the suggested solution is not available. However, it is very questionable that putting no encryption on the VPN Data Channel will have any benefit, UNLESS the system has some 10-15 years old CPU. Chances are that SSH is capped to 64-80 kbit/s or so. If your friend can access https web sites with higher speed, then the way to go is OpenVPN over SSL. Kind regards Quote Share this post Link to post
Rashan 0 Posted ... Thanks for the response. The concern cited also focused on possible fragmentation. I'll give the Stunnel option another go tomorrow. The internet connection in question is extremely poor(~200ms ping to google) which may be the primary factor here. SSH disconnects every few minutes or so. Quote Share this post Link to post
Staff 10014 Posted ... Hello! You're absolutely right, fragmentation would be "a disaster" for performance. Try fine tuning with mssfix and fragment directives on the client side, a good source to start is this thread https://forums.openvpn.net/topic8279.html (besides of course the OpenVPN manual). Fragmentation will not occur with TCP, but this does not mean of course that performance is not impaired in a high-latency network. Kind regards Quote Share this post Link to post