Jump to content
Not connected, Your IP: 3.215.182.81

Leaderboard


Popular Content

Showing content with the highest reputation since 03/01/20 in all areas

  1. 11 points
    Hello! We would like to inform you that we have made every effort to ensure AirVPN full and efficient operation during the pandemic caused by SARS-CoV-2. In order to reduce hazard and safeguard health, AirVPN staff and personnel work exclusively from home and worked from home well before the current situation appeared clearly as a pandemic Each member has a landline and one or more mobile lines, when possible in different infrastructures, to maximize likelihood to stay connected to the Internet 24/7 AirVPN system is more efficiently automated and basic functioning requires no manual interventions, even for several months (if kernel upgrades hadn't been necessary, we would have had servers uptime of 4 years or more) AirVPN inner staff members have now overlapping competences. Therefore if a key member, including a founder, is forced to stop working, the other ones can carry out his/her functions Emergency funds already secured in the past in different facilities as well as banks remain unaltered and ensure AirVPN financial health for a very long time even in very harsh scenarios. However, we would like to assure you that they are not needed at all currently, quite the contrary. In the last 10 days we have experienced a substantial increase in the growth of our customer base We have been informed by our most important partners and providers of housing and hosting in Europe, America and Asia they they are, and expect to, remain fully operational Kind regards AirVPN Staff
  2. 5 points
    Please stay healthy everyone!
  3. 4 points
    Already did before, for anything but Netflix airvpn is absolutely awesome. I'm a long time customer and already got a 3 year subscription 😎 Plus I've already got a buddy to also sign up to your service. So far I'm very happy. Cheers 🤘
  4. 2 points
    Clodo

    WINTUN replacement for Windows TAP driver

    Hi to all, the latest Eddie 2.18.8 experimental released today, works with wintun, please test if interested. Go to https://openvpn.net/community-downloads/, at bottom "OpenVPN 2.5_git wintun technology preview", click the "here" link and install. If you already have the right "openvpn.exe", use it directly: Eddie will install the wintun driver when needed, and also create the adapter. Eddie -> Settings -> Advanced -> OpenVPN Custom Path -> choose your "openvpn.exe" from 2.5, if already installed probably it is "C:\Program Files\OpenVPN\bin\openvpn.exe". At this point, Eddie will use OpenVPN 2.5 (but still with standard TUN driver). Eddie -> Settings -> OVPN directives -> Custom directives, add "windows-driver wintun". At this point, Eddie will use the OpenVPN 2.5 with the newest Wintun driver.
  5. 2 points
    arteryshelby

    Canada Servers are overloaded

    i would apreachiate if servers from upsala can be moved towards stockholm. Stockholm server are always at higher (not "high" but almost always arround 400 mbit - atm its more like 700 mbit per server) load. For me and many others upsalla location seems quite slow (check the user connected from upsalla and stockholm) Server add in Stockholm would be great!
  6. 2 points
    @pfillionqc Hello! Please make sure that UFW is disabled. It is an iptables frontend installed by default in Ubuntu. It creates custom chains and modifies rules, so you don't want it to interfere. Please allow packets to an additional bootstrap server too: -A OUTPUT -d 63.33.78.166 -j ACCEPT Also consider to drop Eddie 2.16.3 and use instead Eddie 2.18.7 beta or Hummingbird 1.0.2 Keep in mind that when you enable "Network Lock" feature your iptables rules will be overwritten by Eddie or Hummingbird and restored when the application exits, but that UFW can still cause troubles. @giganerd Those are filter table INPUT, OUTPUT and FORWARD chains' policies and it's correct that they are set to DROP. Any packet handled by any chain of the filter table that has not caused any jump in any rule is finally subjected to the default policy of the chain that's competent for that packet. Kind regards
  7. 2 points
    benfitita

    Custom random server config generator

    Parse bw_max server info field as an integer New version available here: https://ellie-app.com/8jfYjngsLk3a1
  8. 2 points
    @Staff Not sure what you mean about how I use the openvpn3 library. I am using the official openvpn repo described here: https://community.openvpn.net/openvpn/wiki/OpenVPN3Linux The linked libs for my openvpn3 binary from this repo are: linux-vdso.so.1 (0x00007ffc5e1f4000) libssl.so.1.1 => /usr/lib/x86_64-linux-gnu/libssl.so.1.1 (0x00007f08f745a000) libcrypto.so.1.1 => /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1 (0x00007f08f6f8f000) libgio-2.0.so.0 => /usr/lib/x86_64-linux-gnu/libgio-2.0.so.0 (0x00007f08f6bf0000) libgobject-2.0.so.0 => /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0 (0x00007f08f699c000) libglib-2.0.so.0 => /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0 (0x00007f08f6685000) libjsoncpp.so.1 => /usr/lib/x86_64-linux-gnu/libjsoncpp.so.1 (0x00007f08f6453000) liblz4.so.1 => /usr/lib/x86_64-linux-gnu/liblz4.so.1 (0x00007f08f6237000) libstdc++.so.6 => /usr/lib/x86_64-linux-gnu/libstdc++.so.6 (0x00007f08f5eae000) libgcc_s.so.1 => /lib/x86_64-linux-gnu/libgcc_s.so.1 (0x00007f08f5c96000) libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007f08f5a77000) libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f08f5686000) libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f08f5482000) libgmodule-2.0.so.0 => /usr/lib/x86_64-linux-gnu/libgmodule-2.0.so.0 (0x00007f08f527e000) libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1 (0x00007f08f5061000) libselinux.so.1 => /lib/x86_64-linux-gnu/libselinux.so.1 (0x00007f08f4e39000) libresolv.so.2 => /lib/x86_64-linux-gnu/libresolv.so.2 (0x00007f08f4c1e000) libmount.so.1 => /lib/x86_64-linux-gnu/libmount.so.1 (0x00007f08f49ca000) libffi.so.6 => /usr/lib/x86_64-linux-gnu/libffi.so.6 (0x00007f08f47c2000) libpcre.so.3 => /lib/x86_64-linux-gnu/libpcre.so.3 (0x00007f08f4550000) libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x00007f08f41b2000) /lib64/ld-linux-x86-64.so.2 (0x00007f08f7a62000) libblkid.so.1 => /lib/x86_64-linux-gnu/libblkid.so.1 (0x00007f08f3f65000) librt.so.1 => /lib/x86_64-linux-gnu/librt.so.1 (0x00007f08f3d5d000) libuuid.so.1 => /lib/x86_64-linux-gnu/libuuid.so.1 (0x00007f08f3b56000) If you need another information, pls elaborate
  9. 2 points
    @SurprisedItWorks It's a recognized bug affecting especially Sony TVs. Sony is not fixing it. You would experience the same with Eddie Android edition or any other VPN application, unfortunately. @Xianders APK for Android TV should be side loaded, as the Play Store will not make it available to Android TV because Eddie opens airvpn.org web site in some menu , while Amazon Appstore makes it available for Android TV (different evaluations). Here you can find the link to download the apk: https://airvpn.org/android Kind regards
  10. 2 points
    I would like to add another consideration, which I feel is important in the equation. My preference is VPNs (1 or 2) first, then before workspace I go to Virtual Machines wherein I connect via TOR. The virtual machines mask any host motherboard hardware which can also betray you with an adversary that can ping it with skill. The big factor overlooked in a "sandwich" approach is that TOR cannot automatically change the circuit route every 10 minutes or so. While I am surfing my original two VPN's are constant (although I rotate them when starting every single session so they are rarely the same two) and the TOR exit IP keeps changing automatically. The TOR entry guard is more constant (assuming you know how the guard works in TOR). I would not want to sacrifice that capability when I spend hours surfing around. ALWAYS close the TOR browser when leaving a site and going to another. My approach, you decide if there is merit for your needs.
  11. 2 points
    Hello! Thank you for your article. Just a correction on the quoted part. That's not possible because the Tor exit-node does not know your "real" and/or your "VPN" IP address. In general the exit-node receives all the traffic from middle-relays, which in turn receive the traffic from Tor guards (the entry-nodes). As far as it pertains to your purposes, consider the following setup, especially when high throughput is not a priority: connect the host over "OpenVPN over Tor" run a Virtual Machine attached to the host via NAT Tor-ify everything in the VM use end-to-end encryption, exclusively use only VM traffic for any sensitive task The above setup, we think, should meet all of your requirements. Furthermore, the main fault of "OpenVPN over Tor" (fixed circuit) is completely resolved by Tor in the VM. Kind regards
  12. 2 points
    Flx

    WINTUN replacement for Windows TAP driver

    Not to confuse anyone here: I use Native OpenVPN 2.5_git with wintun not Eddie.
  13. 2 points
    Flx

    WINTUN replacement for Windows TAP driver

    Under "custom OpenVPN directives." section in Eddie. That is where you add your desired choices: ------------------------------- windows-driver wintun rcvbuf 562144 sndbuf 562144 ------------------------------
  14. 2 points
    Flx

    WINTUN replacement for Windows TAP driver

    Add "windows-driver wintun" to .ovpn config, or Add "--windows-driver wintun" to openvpn.exe command line without the "quotes". ----------------- auth sha512 windows-driver wintun ----------------- Change the buffer like this if you want to achieve better speeds: ------------------ rcvbuf 562144 sndbuf 562144 ------------------
  15. 2 points
    Flx

    WINTUN replacement for Windows TAP driver

    This is how: Speed(TAP):https://beta.speedtest.net/result/8861045841
  16. 2 points
    Flx

    WINTUN replacement for Windows TAP driver

    OpenVPN 2.5_git version has been released.-->>https://openvpn.net/community-downloads/ Speedwise(Wintun):https://www.speedtest.net/result/8854742626 Waiting for the "official" OpenVPN 2.5 release in January.
  17. 1 point
    yes, without the quotes
  18. 1 point
    Please see also here for an updated baseline guide : https://nguvu.org/pfsense/pfsense-baseline-setup/ pfSense_fan's Guide How To Set Up pfSense 2.3 for AirVPN Guide is updated to pfSense Version 2.3 This guide will work on 2 or more interfaces. Please inform me of any and all errors found! Feedback is appreciated! Please rate this post or leave a comment to share if this worked for you! Table of Contents: Step 1: Disable IPv6 System Wide Step 2: Entering our AirVPN CA, Certificate and Key General Settings and Preparation Step 3: Setting up the OpenVPN Client Step 4: Assigning the OpenVPN Interface & Setting the AirVPN Gateway Step 5: IP and Port Alias Creation to Aid Interface Setup Step 6: Setting up an AirVPN Routed Interface Step 7: General Settings, Advanced Settings and Other Tweaks Step 8: Setting up the DNS Resolver -----
  19. 1 point
    We updated the Windows build (without changing version number) to identify better the following issues (Windows only): - Unable to find driver path 'C:\WINDOWS' - Fixed - VCRUNTIME140.dll (reported by @rdbrn) - Fixed - Options error: Unrecognized option (reported by @Telos , @kiwi, @blaHbluBB) - Fixed
  20. 1 point
    For me everything is ok except for a little "glitch"...is that normal? Logs: . 2020.03.27 07:53:53 - Eddie version: 2.18.8 / windows_x64, System: Windows, Name: Windows 10 Home, Version: Microsoft Windows NT 10.0.18363.0, Mono/.Net: v4.0.30319 . 2020.03.27 07:53:53 - Command line arguments (0): . 2020.03.27 07:53:55 - Profile path: C:\Users\.....\AppData\Local\Eddie\default.profile . 2020.03.27 07:53:55 - Reading options from C:\Users\......\AppData\Local\Eddie\default.profile E 2020.03.27 07:53:57 - Unable to find driver path 'C:\Windows' . 2020.03.27 07:53:58 - Tun Driver - 0901: 9.24.2; wintun: Not found . 2020.03.27 07:53:58 - OpenVPN - Version: 2.4.8 - OpenSSL 1.1.0l 10 Sep 2019, LZO 2.10 (C:\Program Files\AirVPN\openvpn.exe) . 2020.03.27 07:53:58 - SSH - Version: plink 0.67 (C:\Program Files\AirVPN\plink.exe) . 2020.03.27 07:53:58 - SSL - Version: stunnel 5.40 (C:\Program Files\AirVPN\stunnel.exe) . 2020.03.27 07:53:58 - curl - Version: 7.68.0 (C:\Program Files\AirVPN\curl.exe) ! 2020.03.27 07:53:59 - Activation of Network Lock - Windows Filtering Platform I 2020.03.27 07:53:59 - Ready
  21. 1 point
    Staff

    Network Lock eats my bandwith

    @65tiklak Hello and welcome aboard! Eddie's Network Lock enforces something like 1000 iptables rules and 1000 ip6tables rules, so in theory it might actually slow down a Raspberry. However the screenshots you report show no performance difference between Network Lock on and off, so your conclusions are incorrect according to your very own experimental data set. In the first example of yours, you even have slightly higher performance with Network Lock on. By the way it's not a big deal because the "problem" (if it was a problem) has been completely resolved by Hummingbird, which enforces only few rules, only the strictly necessary ones. It's like 30 rules, and there's no way that 30 iptables rules can measurably slow down Linux throughput in Raspberry. Your comparison with NordVPN is also not very relevant if you don't specify the cipher and the VPN protocol you have used. We allow, like NordVPN, weaker ciphers, but by default our servers propose the strongest available cipher, so you need to explicitly force the weaker cipher. Additionally we do not support insecure protocols like PPTP, which NordVPN still supports as far as we know. On top of that Hummingbird lets you connect with CHACHA20-POLY1305 cipher which will give a non AES-NI supporting system (like a Raspberry) a performance boost. Hummingbird is available both for Raspbian 32 and Ubuntu 19 for ARM 64 bit (and should be also compatible with any other ARM 64 bit Linux distribution). Hummingbird also calls OpenVPN3-AirVPN library, which is remarkably faster than OpenVPN 2 binary. Test it and let us know. Any Network Lock not enforced via firewall rules is garbage. Do not trust such kill switches because they will not prevent leaks when a process binds to the physical network interface and when the "switch killer" process halts unexpectedly. Please see here to download and install Hummingbird: https://airvpn.org/hummingbird/readme/ Kind regards
  22. 1 point
    Staff

    Canada Servers are overloaded

    @arteryshelby Thank you, we will keep your suggestion in serious consideration. Kind regards
  23. 1 point
    Flx

    Canada Servers are overloaded

    They are a bit overloaded. Yup. The time is now. Necessary Yes. @StaffThank you if you can make this happen.
  24. 1 point
    Thank you, working OK now.
  25. 1 point
    Lately I've been thinking about the prospect of using VPN's in conjunction with the Tor proxy and done some research. I know there are both pros and cons to Tor-over-VPN and VPN--Over-Tor connections and played with the idea of using both connection types at once - something I like to call the "Sandwiched Connection" in that you layer your Tor connection between two separate VPN connections. Please correct me if I got any details wrong or missing. First, you have your plain naked internet connection without a VPN or proxy so your ISP and local network can see everything you're doing. Next, you connect to a VPN server. It masks your IP address and location from your ISP as well as encrypts your web traffic so they have no idea what you're doing. However, the company managing the VPN server will have access to your real IP address, location and web traffic that will be decrypted in their servers - making it important it is a trustworthy service provider that doesn't keep logs of your activities and allows you to create your account with a temporary email address, no personal details and paid with cryptocurrency (that is untraceable like Z-Cash and Monero). You connect to your Tor proxy. Ordinarily, the Tor entry node will know your IP address and location. Since you are using a VPN, it will only know the masked address provided by the VPN server. Not only that but the Tor proxy will further encrypt your web traffic so even the VPN provider won't know what you are doing, just like how it, in turn, hides it from your ISP. Even better? Your ISP won't even know you are using Tor in the first place. However, the Tor exit node decrypts your web traffic and has full access to it as if you were never using a VPN to begin with. If the exit node happens to be malicious or operated by any authority that doesn't like what you're doing, they could potentially call whoever is operating the entry node and/or follow the mask IP address to the VPN service provider and contact them for details concerning you. Again, a trustworthy VPN provider with a no-logs policy is important. Then comes the second VPN connection. After you connect to Tor, you connect to that second VPN server which should encrypt your web traffic from the tor exit node. Whatever company is managing that second server (it could be the same service as the first one or a different one) will only know the IP address and location provided by the Tor proxy and first VPN server but it will know your web traffic as it is being fed to their servers and decrypted. Not to mention that this "sandwiched connection" will deliver a big dent to your connection performance so it helps if you have a powerful router connected via ethernet. So at the end of the day, I figured, someone has to know what you're up to online which leaves the question "Who do you trust with your personal information?" Plus this is all just theory, as far I can tell. Has anyone ever tried putting this into practise? Can anyone provide any further insight into the "sandwiched connection"? I look forward to talking about it.
  26. 1 point
    dedo299

    Hummingbird 1.0.2 released

    Eureka! I found the sneaky little bugger that was raising wake-from-sleep havoc with Hummingbird. It was an anti-malware program--appropriately called BlockBlock--I had installed a while back and more or less forgotten about. It's supposed to throw up a notice when any software tries to make a persistent change in the system but didn't do so in this case. After removing it, Hummingbird seems to be humming right along after sleep like it should. A question, though: in my debugging process, another successful method was to run HB with the "--network-lock off" option. IPLeak gave it a clean bill of health, so I'm wondering what network lock actually does and what the ramifications/risks are of running with it off.
  27. 1 point
    I have to say, Wintun is a whole heap more stable then TAP in W10.
  28. 1 point
    @iwih2gk Hello! A few remarks to your last message. 1) MAC address is never included in IPv4 packets. Not even our VPN servers can see your network interface MAC address in IPv4. Similar safeguards are nowadays applied in modern OS for IPv6 too (IPv6 packets do have a specific allocation space for a MAC address). 2) Data passed voluntarily by a browser to a web site can be blocked or altered, either in browser configuration or through dedicated add-ons. Examples include spoofing browser user agent (which includes Operating System etc.) (**), blocking fingerprinting through canvas by generating "noise" and randomizing different fingerprints for each stream (*), and working without any previous tracking cookie by cleaning cookies at each session and working in browser "private" mode. Such safeguards should be applied even when working inside a VM, if your threat model needs them. (*) Example: Canvas Defender for Firefox. "Instead of blocking JS-API, Canvas Defender creates a unique and persistent noise that hides your real canvas fingerprint" (**) Example: User Agent Switcher and Manager for Firefox. Kind regards
  29. 1 point
    Hello. I'm just trying to understand what you're saying here. So let me get it straight. You prefer to use one or two VPNs before connecting to Tor on a virtual machine. No Onion Sandwich (VPN>Tor>VPN)? The virtual machine can mask the host motherboard which can "betray" me? You mean anyone good enough can tell I am using a VM and crack right through to my host machine, is that it? If that's so, what if I used a Xen-based virtual machine? I hear they are more secure. I presume by rotating VPN's you mean switching to different VPN servers every time - that's a good practise. While the Tor Exit IP changes by itself automatically, the entry node IP doesn't which is why you suggest I reset the Tor connection between visiting different websites so I connect through a different route of Tor nodes every time, is that what you're saying? Could you clarify what capability it is you don't want to sacrifice though? I only ever dipped my toes in using the Tor browser a couple of times and never used it for a full blown browsing session so I'm really learning as much as I can before I know how to use it properly. Thanks.
  30. 1 point
    Staff

    problem with openvpn in my router!!!

    Hello! @busolof Actually according to the log OpenVPN connected successfully and remained connected for several hours. Since Asus offered to replace the device, then something wrong that's specific to your own one might be the problem. Even the fact that you say that you can't upgrade to Asus Merlin is unusual. In AsusWRT routers, upgrading to Merlin is a matter of a few clicks, literally. https://blog.usro.net/how-to-install-asus-wrt-merlin-router-firmware/ We're confident that the router replacement will solve any issue. Or maybe the AX56U has some problem that makes its behavior inconsistent with the AC56U and AC68U (which is an AsusWRT router we own and which we based our tests on). @giganerd Reviewed the guide for AsusWRT and it is up to date. Kind regards
  31. 1 point
    Hello! No, we don't throttle/cap anything. Kind regards
  32. 1 point
    @dbuero Hello, no, we don't throttle anything. In most cases throttling is self-inflicted, with or without awareness (strange but true). Second most common cause is traffic shaping by ISP. Kind regards
  33. 1 point
    Hi, this probably has been answered a million times, but I started a couple days ago to have an issue with AirVPN on ones of my computers. Long story short, it started to fail the DNS check. When I try to deactivate this check, the client is connected and I can perform a certain number of non-Browser action such as pinging servers with my CMD, but anything I do with an Internet Browser fails with the DNS_Probe_Bad_Config error. I'm kinda in the lost. I tried to change my Ipv4 DNS, reinstall Eddie-UI and add a bunch of free DNS addresses in the setting, but it doesn't work. So, a little help for a long-term customer, please ? EDIT: Ok ? It seems updating to v2.18 managed to fix the issue. Maybe an update made the v2.17 incompatible in some way ? I'm keeping this open for the record, it might help some. Below, the logs from what happens when the DNS check fails: I 2020.03.08 23:41:58 - Session starting. I 2020.03.08 23:41:59 - Checking authorization ... ! 2020.03.08 23:41:59 - Connecting to Muscida (Netherlands, Alblasserdam) . 2020.03.08 23:41:59 - OpenVPN > OpenVPN 2.4.6 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 27 2018 . 2020.03.08 23:41:59 - OpenVPN > Windows version 6.2 (Windows 8 or greater) 64bit . 2020.03.08 23:41:59 - OpenVPN > library versions: OpenSSL 1.1.0h 27 Mar 2018, LZO 2.10 . 2020.03.08 23:41:59 - Connection to OpenVPN Management Interface . 2020.03.08 23:41:59 - OpenVPN > MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:3100 . 2020.03.08 23:41:59 - OpenVPN > Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key . 2020.03.08 23:41:59 - OpenVPN > Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication . 2020.03.08 23:41:59 - OpenVPN > Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key . 2020.03.08 23:41:59 - OpenVPN > Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication . 2020.03.08 23:41:59 - OpenVPN > TCP/UDP: Preserving recently used remote address: [AF_INET]213.152.162.156:443 . 2020.03.08 23:41:59 - OpenVPN > Socket Buffers: R=[65536->262144] S=[65536->262144] . 2020.03.08 23:41:59 - OpenVPN > UDP link local: (not bound) . 2020.03.08 23:41:59 - OpenVPN > UDP link remote: [AF_INET]213.152.162.156:443 . 2020.03.08 23:41:59 - OpenVPN > TLS: Initial packet from [AF_INET]213.152.162.156:443, sid=1f3a89f9 2ee7c9c7 . 2020.03.08 23:41:59 - OpenVPN > MANAGEMENT: Client connected from [AF_INET]127.0.0.1:3100 . 2020.03.08 23:41:59 - OpenVPN > VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org . 2020.03.08 23:41:59 - OpenVPN > VERIFY KU OK . 2020.03.08 23:41:59 - OpenVPN > Validating certificate extended key usage . 2020.03.08 23:41:59 - OpenVPN > ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication . 2020.03.08 23:41:59 - OpenVPN > VERIFY EKU OK . 2020.03.08 23:41:59 - OpenVPN > VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=Muscida, emailAddress=info@airvpn.org . 2020.03.08 23:42:00 - OpenVPN > Control Channel: TLSv1.2, cipher TLSv1.2 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA . 2020.03.08 23:42:00 - OpenVPN > [Muscida] Peer Connection Initiated with [AF_INET]213.152.162.156:443 . 2020.03.08 23:42:01 - OpenVPN > SENT CONTROL [Muscida]: 'PUSH_REQUEST' (status=1) . 2020.03.08 23:42:01 - OpenVPN > PUSH: Received control message: 'PUSH_REPLY,comp-lzo no,redirect-gateway ipv6 def1 bypass-dhcp,dhcp-option DNS 10.24.130.1,dhcp-option DNS6 fde6:7a:7d20:1482::1,tun-ipv6,route-gateway 10.24.130.1,topology subnet,ping 10,ping-restart 60,ifconfig-ipv6 fde6:7a:7d20:1482::104f/64 fde6:7a:7d20:1482::1,ifconfig 10.24.130.81 255.255.255.0,peer-id 9,cipher AES-256-GCM' . 2020.03.08 23:42:01 - OpenVPN > Pushed option removed by filter: 'redirect-gateway ipv6 def1 bypass-dhcp' . 2020.03.08 23:42:01 - OpenVPN > OPTIONS IMPORT: timers and/or timeouts modified . 2020.03.08 23:42:01 - OpenVPN > OPTIONS IMPORT: compression parms modified . 2020.03.08 23:42:01 - OpenVPN > OPTIONS IMPORT: --ifconfig/up options modified . 2020.03.08 23:42:01 - OpenVPN > OPTIONS IMPORT: route-related options modified . 2020.03.08 23:42:01 - OpenVPN > OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified . 2020.03.08 23:42:01 - OpenVPN > OPTIONS IMPORT: peer-id set . 2020.03.08 23:42:01 - OpenVPN > OPTIONS IMPORT: adjusting link_mtu to 1625 . 2020.03.08 23:42:01 - OpenVPN > OPTIONS IMPORT: data channel crypto options modified . 2020.03.08 23:42:01 - OpenVPN > Data Channel: using negotiated cipher 'AES-256-GCM' . 2020.03.08 23:42:01 - OpenVPN > Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key . 2020.03.08 23:42:01 - OpenVPN > Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key . 2020.03.08 23:42:01 - OpenVPN > interactive service msg_channel=0 . 2020.03.08 23:42:01 - OpenVPN > ROUTE_GATEWAY 192.168.1.254/255.255.255.0 I=13 HWADDR=20:79:18:64:ba:ae . 2020.03.08 23:42:01 - OpenVPN > GDG6: remote_host_ipv6=n/a . 2020.03.08 23:42:01 - OpenVPN > NOTE: GetBestInterfaceEx returned error: �l�ment introuvable. (code=1168) . 2020.03.08 23:42:01 - OpenVPN > ROUTE6: default_gateway=UNDEF . 2020.03.08 23:42:01 - OpenVPN > open_tun . 2020.03.08 23:42:01 - OpenVPN > TAP-WIN32 device [Ethernet 2] opened: \\.\Global\{7FBA13E2-0BA8-403B-BD75-883F67CF455C}.tap . 2020.03.08 23:42:01 - OpenVPN > TAP-Windows Driver Version 9.21 . 2020.03.08 23:42:01 - OpenVPN > Set TAP-Windows TUN subnet mode network/local/netmask = 10.24.130.0/10.24.130.81/255.255.255.0 [SUCCEEDED] . 2020.03.08 23:42:01 - OpenVPN > Notified TAP-Windows driver to set a DHCP IP/netmask of 10.24.130.81/255.255.255.0 on interface {7FBA13E2-0BA8-403B-BD75-883F67CF455C} [DHCP-serv: 10.24.130.254, lease-time: 31536000] . 2020.03.08 23:42:01 - OpenVPN > Successful ARP Flush on interface [18] {7FBA13E2-0BA8-403B-BD75-883F67CF455C} . 2020.03.08 23:42:01 - OpenVPN > do_ifconfig, tt->did_ifconfig_ipv6_setup=1 . 2020.03.08 23:42:02 - OpenVPN > NETSH: C:\WINDOWS\system32\netsh.exe interface ipv6 set address interface=18 fde6:7a:7d20:1482::104f store=active . 2020.03.08 23:42:03 - OpenVPN > NETSH: C:\WINDOWS\system32\netsh.exe interface ipv6 set dns Ethernet 2 static fde6:7a:7d20:1482::1 validate=no . 2020.03.08 23:42:03 - OpenVPN > add_route_ipv6(fde6:7a:7d20:1482::/64 -> fde6:7a:7d20:1482::104f metric 0) dev Ethernet 2 . 2020.03.08 23:42:03 - OpenVPN > C:\WINDOWS\system32\netsh.exe interface ipv6 add route fde6:7a:7d20:1482::/64 interface=18 fe80::8 store=active . 2020.03.08 23:42:03 - OpenVPN > env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem . 2020.03.08 23:42:09 - OpenVPN > TEST ROUTES: 1/1 succeeded len=0 ret=1 a=0 u/d=up . 2020.03.08 23:42:09 - OpenVPN > C:\WINDOWS\system32\route.exe ADD 213.152.162.156 MASK 255.255.255.255 192.168.1.254 . 2020.03.08 23:42:09 - OpenVPN > ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=45 and dwForwardType=4 . 2020.03.08 23:42:09 - OpenVPN > Route addition via IPAPI succeeded [adaptive] . 2020.03.08 23:42:09 - OpenVPN > C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.24.130.1 . 2020.03.08 23:42:09 - OpenVPN > ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=35 and dwForwardType=4 . 2020.03.08 23:42:09 - OpenVPN > Route addition via IPAPI succeeded [adaptive] . 2020.03.08 23:42:09 - OpenVPN > C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.24.130.1 . 2020.03.08 23:42:09 - OpenVPN > ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=35 and dwForwardType=4 . 2020.03.08 23:42:09 - OpenVPN > Route addition via IPAPI succeeded [adaptive] . 2020.03.08 23:42:09 - OpenVPN > add_route_ipv6(::/3 -> fde6:7a:7d20:1482::1 metric -1) dev Ethernet 2 . 2020.03.08 23:42:09 - OpenVPN > C:\WINDOWS\system32\netsh.exe interface ipv6 add route ::/3 interface=18 fe80::8 store=active . 2020.03.08 23:42:09 - OpenVPN > env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem . 2020.03.08 23:42:09 - OpenVPN > add_route_ipv6(2000::/4 -> fde6:7a:7d20:1482::1 metric -1) dev Ethernet 2 . 2020.03.08 23:42:09 - OpenVPN > C:\WINDOWS\system32\netsh.exe interface ipv6 add route 2000::/4 interface=18 fe80::8 store=active . 2020.03.08 23:42:09 - OpenVPN > env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem . 2020.03.08 23:42:09 - OpenVPN > add_route_ipv6(3000::/4 -> fde6:7a:7d20:1482::1 metric -1) dev Ethernet 2 . 2020.03.08 23:42:09 - OpenVPN > C:\WINDOWS\system32\netsh.exe interface ipv6 add route 3000::/4 interface=18 fe80::8 store=active . 2020.03.08 23:42:09 - OpenVPN > env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem . 2020.03.08 23:42:10 - OpenVPN > add_route_ipv6(fc00::/7 -> fde6:7a:7d20:1482::1 metric -1) dev Ethernet 2 . 2020.03.08 23:42:10 - OpenVPN > C:\WINDOWS\system32\netsh.exe interface ipv6 add route fc00::/7 interface=18 fe80::8 store=active . 2020.03.08 23:42:10 - OpenVPN > env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem . 2020.03.08 23:42:10 - Interface Ethernet 2 metric changed from Automatic to 3, layer IPv4 . 2020.03.08 23:42:10 - Interface Ethernet 2 metric changed from Automatic to 3, layer IPv6 . 2020.03.08 23:42:10 - DNS leak protection with packet filtering enabled. . 2020.03.08 23:42:10 - DNS IPv4 of a network adapter forced (Ethernet 2, from manual (10.5.130.1) to 10.24.130.1) . 2020.03.08 23:42:10 - DNS IPv6 of a network adapter forced (Ethernet 2, from automatic to fde6:7a:7d20:1482::1) W 2020.03.08 23:42:10 - Routes, add 213.152.162.154 for gateway 10.24.130.1 failed: 'route' n'est pas reconnu en tant que commande interne W 2020.03.08 23:42:10 - ou externe, un programme ex‚cutable ou un fichier de commandes W 2020.03.08 23:42:10 - Routes, add 2a00:1678:2470:5:3568:e603:2b4d:aeb6 for gateway fde6:7a:7d20:1482::1 failed: 'netsh' n'est pas reconnu en tant que commande interne W 2020.03.08 23:42:10 - ou externe, un programme ex‚cutable ou un fichier de commandes . 2020.03.08 23:42:10 - Flushing DNS I 2020.03.08 23:42:10 - Checking route IPv4 I 2020.03.08 23:42:11 - Checking route IPv6 I 2020.03.08 23:42:11 - Checking DNS . 2020.03.08 23:42:23 - Checking DNS failed: . 2020.03.08 23:42:23 - Checking DNS (2° try) . 2020.03.08 23:42:37 - Checking DNS failed: . 2020.03.08 23:42:37 - Checking DNS (3° try) . 2020.03.08 23:42:51 - Checking DNS failed: E 2020.03.08 23:42:51 - Checking DNS failed. . 2020.03.08 23:42:51 - OpenVPN > Initialization Sequence Completed ! 2020.03.08 23:42:51 - Disconnecting . 2020.03.08 23:42:51 - Sending management termination signal . 2020.03.08 23:42:51 - Management - Send 'signal SIGTERM' . 2020.03.08 23:42:51 - OpenVPN > MANAGEMENT: CMD 'e7596dca56bbadcf74b75c6128267e9392cdf16e6702e795a387f4873676eb28' . 2020.03.08 23:43:00 - Sending management termination signal . 2020.03.08 23:43:00 - Management - Send 'signal SIGTERM' . 2020.03.08 23:43:00 - OpenVPN > MANAGEMENT: CMD 'signal SIGTERM' . 2020.03.08 23:43:00 - OpenVPN > SIGTERM received, sending exit notification to peer . 2020.03.08 23:43:05 - OpenVPN > C:\WINDOWS\system32\route.exe DELETE 213.152.162.156 MASK 255.255.255.255 192.168.1.254 . 2020.03.08 23:43:05 - OpenVPN > Route deletion via IPAPI succeeded [adaptive] . 2020.03.08 23:43:05 - OpenVPN > C:\WINDOWS\system32\route.exe DELETE 0.0.0.0 MASK 128.0.0.0 10.24.130.1 . 2020.03.08 23:43:05 - OpenVPN > Route deletion via IPAPI succeeded [adaptive] . 2020.03.08 23:43:05 - OpenVPN > C:\WINDOWS\system32\route.exe DELETE 128.0.0.0 MASK 128.0.0.0 10.24.130.1 . 2020.03.08 23:43:05 - OpenVPN > Route deletion via IPAPI succeeded [adaptive] . 2020.03.08 23:43:05 - OpenVPN > delete_route_ipv6(::/3) . 2020.03.08 23:43:05 - OpenVPN > C:\WINDOWS\system32\netsh.exe interface ipv6 delete route ::/3 interface=18 fe80::8 store=active . 2020.03.08 23:43:05 - OpenVPN > env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem . 2020.03.08 23:43:05 - OpenVPN > delete_route_ipv6(2000::/4) . 2020.03.08 23:43:05 - OpenVPN > C:\WINDOWS\system32\netsh.exe interface ipv6 delete route 2000::/4 interface=18 fe80::8 store=active . 2020.03.08 23:43:05 - OpenVPN > env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem . 2020.03.08 23:43:05 - OpenVPN > delete_route_ipv6(3000::/4) . 2020.03.08 23:43:05 - OpenVPN > C:\WINDOWS\system32\netsh.exe interface ipv6 delete route 3000::/4 interface=18 fe80::8 store=active . 2020.03.08 23:43:05 - OpenVPN > env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem . 2020.03.08 23:43:05 - OpenVPN > delete_route_ipv6(fc00::/7) . 2020.03.08 23:43:05 - OpenVPN > C:\WINDOWS\system32\netsh.exe interface ipv6 delete route fc00::/7 interface=18 fe80::8 store=active . 2020.03.08 23:43:05 - OpenVPN > env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem . 2020.03.08 23:43:06 - OpenVPN > Closing TUN/TAP interface . 2020.03.08 23:43:06 - OpenVPN > delete_route_ipv6(fde6:7a:7d20:1482::/64) . 2020.03.08 23:43:06 - OpenVPN > C:\WINDOWS\system32\netsh.exe interface ipv6 delete route fde6:7a:7d20:1482::/64 interface=18 fe80::8 store=active . 2020.03.08 23:43:06 - OpenVPN > NETSH: C:\WINDOWS\system32\netsh.exe interface ipv6 delete address Ethernet 2 fde6:7a:7d20:1482::104f store=active . 2020.03.08 23:43:06 - OpenVPN > NETSH: C:\WINDOWS\system32\netsh.exe interface ipv6 delete dns Ethernet 2 all . 2020.03.08 23:43:07 - OpenVPN > TAP: DHCP address released . 2020.03.08 23:43:07 - OpenVPN > SIGTERM[soft,exit-with-notification] received, process exiting . 2020.03.08 23:43:07 - Connection terminated. . 2020.03.08 23:43:07 - DNS IPv4 of a network adapter restored to original settings (Ethernet 2, to 10.5.130.1) . 2020.03.08 23:43:07 - DNS IPv6 of a network adapter restored to original settings (Ethernet 2, to automatic) . 2020.03.08 23:43:07 - DNS leak protection with packet filtering disabled. . 2020.03.08 23:43:07 - Interface Ethernet 2 metric restored from 3 to Automatic, layer IPv4 . 2020.03.08 23:43:07 - Interface Ethernet 2 metric restored from 3 to Automatic, layer IPv6 I 2020.03.08 23:43:09 - Cancel requested. ! 2020.03.08 23:43:09 - Session terminated. . 2020.03.08 23:43:44 - Updating systems & servers data ... . 2020.03.08 23:43:44 - Systems & servers data update completed
  34. 1 point
    I know this question has been raised a lot of times and there is even a topic there is more or less similar to this from 2013 - but I don't understand it. I am trying to download from what a certain irc channel calls "passive" bots, a pastebin with their how-to is here: https://pastebin.com/ubGNYUn9 I have manually entered my hostname and IP + defined ports in range 5000-5020 as it suggests, but I still can't receive by DCC. When I go to https://www.yougetsignal.com/tools/open-ports/ and check the port, i.e. port 5000 it says it is closed. I can download without problems from 90% of other xdcc bots, but 1 in 10 or so give me this same error. Please dumb it down for me - should I do some sort of port forwarding through the airvpn client? EDIT: After I posted I discovered the "Client area" on the airvpn page. There you can forward some port numbers, which I did. Afterwards a entered the range in mIRC under Tools -> Options -> Ports. I didn't follow any of the other instructions in the info from the pastebin and it works now.
  35. 1 point
    The best option for you is to assume any and ALL VPN's are compromised on some way, or that they can be logged in some capacity (for example, tapping the fibre cables themselves, black box etc). > How can users of your service be sure that each of your VPN servers who are operated by random people, are in alignment with your Privacy Policy? You can't. This applies to every VPN on the planet. > What if one of the people for a specific server here on AirVPN, is secretly logging everything about anybody who connects to their server, selling their data, and/or monitoring their users traffic in real time? Not AirVPN specific. Any provider can be 'secretly' logging. AirVPN has a solid, reliable history over many years. I challenge you to search the internet and find examples of where Air's security has been questioned in a meaningful capacity. > How do you make sure none of your services ever have any sensitive logs ever hit the disks of all your servers? By hiring competent sysadmins, reading CVE's and patching systems. No computer on the planet is 100% secure, or can be considered 100% secure (even the hardware itself can be backdoored, like Intel chips). > Has AirVPN invited companies in, like PwC or Cure53, to AUDIT all your VPN servers, your code base, etc etc etc....as well as audit AirVPN's Privacy Policy, to have assurance that AirVPN is being faithful to their privacy policy? You're welcome to hire these companies, pay the money yourself to audit their code. It's all on Github/Gitlab. Please post the results here after you're done, I'm intrigued what you find. > Do you (like ExpressVPN) run all your servers on entirely on RAM only, with just a cryptographically signed read-only image as the hard drives, required for the VPN servers to boot, and NO write permissions for the hard drives of your servers? They're going to not answer that, but even if they said yes, you then need to 'trust' what they say. What if the person responding is compromised? What if the NSA secretly runs every VPN service on the planet, and has plaintext logs of all the weird things you're doing. What if I know your real world identity, your address, your families names and Facebook accounts? > .....You catch my drift, as to what information I'm seeking, to know wether I can trust AirVPN. If being provided unverifiable information is how you "trust" a service then god help us all. A VPN does not and will not do what you think it will, clearly. Thanks for the entertainment, I need to go fire more people now.
  36. 1 point
    bm9vbmUK

    Hummingbird 1.0.2 released

    nftables fails with a "Segmentation fault", but disabling it entirely as you've mentioned allows hummingbird to connect. Thanks for the help! That said, I would imagine I would want some sort of network lock? It may not be necessary with the container setup I have. I'll have to do some testing.
  37. 1 point
    ctri

    Hummingbird 1.0.2 released

    Thanks! deleting everything in /etc/airvpn worked. Cheers
  38. 1 point
    dedo299

    Hummingbird 1.0.2 released

    I did what you suggested and I have to say it's whole new world. Hummingbird seems to be running well. I've had a couple of glitches on waking from sleep but nothing persistent and today after cycling sleep mode a few times Hummingbird seems solid. It seems that Eddie has been the bad actor all along (surprise!). I've gone a step farther, thanks to farquaad and giganerd, in that I've adapted farquaad's bash script for randomizing servers. After some initial misunderstandings about how these scripts work, I now seem to have Hummingbird running smoothly. But one thing I still don't understand is how do I know it's actually running? With Eddie there was a colored menubar icon I could always glance at for reassurance. I know Hummingbird doesn't have icons, and I'm sure I must be missing something obvious, so how can I easily tell if it's up or not? My main concern is torrents, which some ISPs (i.e. mine) frown upon.
  39. 1 point
    @wintermute1912 If traffic passes through the tun interface it's in the tunnel, so even if you want to reach 3rd parties DNS servers, the queries and their replies are tunneled, it's not a DNS leak. Even worse: in this way you will never find DNS leaks, even if they are really occurring. To verify effectively you need to check traffic from the physical network interface. Unencrypted DNS queries from the physical network interface, if not blocked by the firewall, hint to DNS leaks for real. Kind regards
  40. 1 point
    Don't use Deluge. For whatever reason which I have not had time to properly investigate it gives you away and you get replay attacks. The following torrent clients run fine for me: qbittorrent (latest version installed via PPA: https://www.qbittorrent.org/download.php Transmission (native install on Ubuntu 16.04.5) rtorrent (probably the safest but text based interface only) Also change the TCP port you have mapped quite frequently. And check you're not getting DNS leaks: sudo tcpdump -i tun0 -n "port 53" If you see any other IP address than the AirVPN DNS server you have leaks
  41. 1 point
    Ladies and gentlement: Thanks to @Flx i was able to up the speeds a bit more: Using the new wintun beta of openVPN 2.5 I'm now at slightly above 500mbps. -Link to openVPN 2.5: http://staging.openvpn.net/openvpn2/ See here: Basically you just need to install the new 2.5 openvpn version, start openVPN as administrator (!) and add the following line to the conf file: windows-driver wintun - i some how had to put it as one of the last point or it would give me some cryptic errormessage, also it didn't work in combination with "auth sha512" as suggested in the forementioned post. So thank you again @Flx! EDIT: Completely Idle Frankfurt Mirfak delivered >570mbps: https://deutsche-glasfaser.speedtestcustom.com/result/7cea7f20-5c60-11ea-8fed-e3d7efa295ff Neat 😎
  42. 1 point
    LZ1

    Is AirVPN suitable for gaming?

    Hello! Yes, it absolutely is. Just ensure you're connected to a location which is good for your specific situation/location and perhaps even using the UDP protocol.
  43. 1 point
    m1ster

    Eddie not working on Android TV

    Here is logcat. tun.txt
  44. 1 point
    https://restoreprivacy.com/wireguard/ AirVPN has also chimed in over WireGuard’s implications for anonymity, as explained in their forum: Wireguard, in its current state, not only is dangerous because it lacks basic features and is an experimental software, but it also weakens dangerously the anonymity layer. Our service aims to provide some anonymity layer, therefore we can’t take into consideration something that weakens it so deeply. We will gladly take Wireguard into consideration when it reaches a stable release AND offers at least the most basic options which OpenVPN has been able to offer since 15 years ago. The infrastructure can be adapted, our mission can’t. In their forums, AirVPN further explained why WireGuard simply does not meet their requirements: Wireguard lacks dynamic IP address management. The client needs to be assigned in advance a pre-defined VPN IP address uniquely linked to its key on each VPN server. The impact on the anonymity layer is catastrophic; Wireguard client does not verify the server identity (a feature so essential that it will be surely implemented when Wireguard will be no more an experimental sofware); the impact on security caused by this flaw is very high; TCP support is missing (third party or anyway additional code is required to use TCP as the tunneling protocol, as you suggest, and that’s a horrible regression when compared to OpenVPN); there is no support to connect Wireguard to a VPN server over some proxy with a variety of authentication methods. Despite these concerns, many VPN services are already rolling out full WireGuard support. Other VPNs are watching the project and are interested in implementing WireGuard after it has been thoroughly audited and improved. In the meantime, however, as AirVPN stated in their forum: “We will not use our customers as testers.”
  45. 1 point
    No. That's not how airvpn works. And tor either. You could run 5 open airvpn on your home WiFi free to public and it would be same thing. Airvpn has account based speeds.
  46. 1 point
    It's not a Denial of Service per sé, it's just a nuisance for the users.
  47. 1 point
    ucode

    [Tutorial] Split-Tunneling via User

    NOTICE to the Moderator: PLEASE MOVE TO THE RIGHT FORUM Hello, I want to make a thread about split tunneling through a spezific user. I figured out how it works and want to share it. I use Debian 8/9 but it should work with other distros too. Openvpn Split tunnel though user Debian 8 & 9 based Install openvpn from apt or install it via source apt-get update -y && apt-get upgrade -y && apt-get install openvpn htop nload dstat sudo apt-utils iptables curl resolvconf -y nano /etc/systemd/system/openvpn@openvpn.service Config: [Unit] Description=OpenVPN connection to %i Documentation=man:openvpn(8) Documentation=https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO After=network.target [Service] RuntimeDirectory=openvpn PrivateTmp=true KillMode=mixed Type=forking ExecStart=/usr/sbin/openvpn --daemon ovpn-%i --status /run/openvpn/%i.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/%i.conf --writepid /run/openvpn/%i.pid PIDFile=/run/openvpn/%i.pid ExecReload=/bin/kill -HUP $MAINPID WorkingDirectory=/etc/openvpn Restart=on-failure RestartSec=3 ProtectSystem=yes LimitNPROC=10 DeviceAllow=/dev/null rw DeviceAllow=/dev/net/tun rw [Install] WantedBy=multi-user.target Enable Service systemctl enable openvpn@openvpn.service Download Airvpn/Openvpn config and paste it in there: nano /etc/openvpn/openvpn.conf Add this to the config: nobind script-security 2 route-noexec up /etc/openvpn/iptables.sh down /etc/openvpn/update-resolv-conf Change DNS nano /etc/openvpn/update-resolv-conf foreign_option_1='dhcp-option DNS AIRVPN DNS1' foreign_option_2='dhcp-option DNS AIRVPN DNS2' foreign_option_3='dhcp-option DNS 1.1.1.1' Add user and group adduser --disabled-login vpn usermod -aG vpn XXX usermod -aG XXX vpn Iptables Flush & Rules iptables -F iptables -A OUTPUT ! -o lo -m owner --uid-owner vpn -j DROP apt-get install iptables-persistent -y nano /etc/openvpn/iptables.sh Change INTERFACE, VPNUSER, LOCALIP and NETIF Script: #! /bin/bash export INTERFACE="tun0" export VPNUSER="vpn" export LOCALIP="192.168.1.130" export NETIF="eth0" # flushes all the iptables rules, if you have other rules to use then add them into the script iptables -F -t nat iptables -F -t mangle iptables -F -t filter # mark packets from $VPNUSER iptables -t mangle -A OUTPUT -j CONNMARK --restore-mark iptables -t mangle -A OUTPUT ! --dest $LOCALIP -m owner --uid-owner $VPNUSER -j MARK --set-mark 0x1 iptables -t mangle -A OUTPUT --dest $LOCALIP -p udp --dport 53 -m owner --uid-owner $VPNUSER -j MARK --set-mark 0x1 iptables -t mangle -A OUTPUT --dest $LOCALIP -p tcp --dport 53 -m owner --uid-owner $VPNUSER -j MARK --set-mark 0x1 iptables -t mangle -A OUTPUT ! --src $LOCALIP -j MARK --set-mark 0x1 iptables -t mangle -A OUTPUT -j CONNMARK --save-mark # allow responses iptables -A INPUT -i $INTERFACE -m conntrack --ctstate ESTABLISHED -j ACCEPT # block everything incoming on $INTERFACE to prevent accidental exposing of ports iptables -A INPUT -i $INTERFACE -j REJECT # let $VPNUSER access lo and $INTERFACE iptables -A OUTPUT -o lo -m owner --uid-owner $VPNUSER -j ACCEPT iptables -A OUTPUT -o $INTERFACE -m owner --uid-owner $VPNUSER -j ACCEPT # all packets on $INTERFACE needs to be masqueraded iptables -t nat -A POSTROUTING -o $INTERFACE -j MASQUERADE # reject connections from predator IP going over $NETIF iptables -A OUTPUT ! --src $LOCALIP -o $NETIF -j REJECT # Start routing script /etc/openvpn/routing.sh exit 0 chmod +x /etc/openvpn/iptables.sh nano /etc/openvpn/routing.sh Change ifconfig to ip if your OS dont support ifconfig anymore or install it. apt install net-tools Change VPNIG and VPNUSER if needed Script: #! /bin/bash VPNIF="tun0" VPNUSER="vpn" GATEWAYIP=`ifconfig $VPNIF | egrep -o '([0-9]{1,3}\.){3}[0-9]{1,3}' | egrep -v '255|(127\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})' | tail -n1` if [[ `ip rule list | grep -c 0x1` == 0 ]]; then ip rule add from all fwmark 0x1 lookup $VPNUSER fi ip route replace default via $GATEWAYIP table $VPNUSER ip route append default via 127.0.0.1 dev lo table $VPNUSER ip route flush cache # run update-resolv-conf script to set VPN DNS /etc/openvpn/update-resolv-conf exit 0 chmod +x /etc/openvpn/routing.sh nano /etc/iproute2/rt_tables Add 200 vpn Edit vpn filter nano /etc/sysctl.d/9999-vpn.conf Add: Replace XXXXXX with your eth/wireless interface net.ipv4.conf.all.rp_filter = 2 net.ipv4.conf.default.rp_filter = 2 net.ipv4.conf.XXXXXX.rp_filter = 2 net.ipv6.conf.all.rp_filter = 2 net.ipv6.conf.default.rp_filter = 2 net.ipv6.conf.XXXXXX.rp_filter = 2 Apply Rules and show status sysctl --system service openvpn status Test it IP: sudo -u vpn -i -- curl ipinfo.io DNS: sudo -u vpn -i -- cat /etc/resolv.conf Enjoy
  48. 1 point
    For those running Windows 10 and don't want to run the persistent command but still want the IPV6 by default, you can do so via Eddie. Open up Preferences, Go To Events, open the VPN Up (or anything above it, I don't know if it matters) option. For file name navigate to C:/Windows/System32/netsh.exe For argument type: interface ipv6 set prefixpolicy fc00::/7 37 1 store=active I have "Wait end of process" disabled, but I don't know if that matters. Click Save. Reconnect to an AirVPN server. You should now have IPV6 by default any time you connect to a server, and upon reboot, it will reset back to normal. It would probably be idea if the VPN Down option had something resetting the Netsh settings, but I don't know how to do that. Also Microsoft apparently says Netsh might be removed in the future for a powershell option so... ¯\_(ツ)_/¯
  49. 1 point
    Staff

    Netflix

    https://netflix.com Watch Movies & TV Shows Online or Streaming right to your TV via Xbox, Wii, PS3 & many other devices. Only $7.99/mo. Status: NOT ACCESSIBLE Native: none. Routing: All servers Last update: February the 1st, 2020
  50. 1 point
    Install from Google Play Store OpenVPN Connect, the official OpenVPN client for Android developed by OpenVPN Technologies, Inc. Launch your internet browser. NOTE: don't use the default Android browser because it has an unresolved bug. Chrome and Opera have been tested by us and work. Log in the AirVPN website and create the configuration files from our Config Generator. Choose Linux as platform (only direct TCP and UDP connections are supported) and finally click then "Generate" button to download it. Downloaded .ovpn files may be imported directly into the application but the behavior depends on many factors (employed browser, files manager, Android version, etc). For simplicity's sake, we assume in this guide that you saved .ovpn generated files under the Download's directory in the Android filesystem. Launch OpenVPN Connect and click on the top right menu button: Click on the "Import" button: Click on "Import Profile from SD card": Browse your *.ovpn files: Select your configuration of choice: Confirm the import by clicking the "Select" button: Click on the "Connect" button to connect: Confirm Android security prompt dialog: Wait for the connection's bootstrap process: The VPN tunnel is now established: When you need to disconnect from the VPN click on the "Disconnect" button:
×
×
  • Create New...