Leaderboard

I know Air cares a lot about protecting *against* (edit: forgot an important word here) censorship across the world, but is it necessary to turn their company Twitter into a 24/7 ‘Free Assange’ machine? I like to follow it for finding out new info about VPN servers and things of that matter. Up until a few weeks ago, it was relatively dormant and only seemed to tweet when there was new things about the company*. Now it’s almost turning into an echo chamber for the “anti-MSM” crowd. (*yes, you may be run by activists, but you are a business. Don’t forget that). As a business owner who does do a lot of social, one of the most important pieces of advice I can give is to separate the politics from your company unless there’s a 1000% connection between the two. I don’t think Assange was an AirVPN user and whether or not you agree with his treatment as of late, it probably doesn’t impact the AirVPN service in any way. I’m also sure there are many other instances of freedom of speech being trampled upon that don’t involve him yet do involve presumably innocent people being jailed for speaking the truth. Whoever is running that Twitter should make a separate personal account and use that as his soapbox as it could lead to potential new users deciding to use a less political VPN provider. https://twitter.com/airvpn

Hello! The insertion of the new rule didn’t cause a syntax error message. I will test the new configuration in a little while and report back. Thanks a lot!

Hello! We're very glad to inform you that a new 1 Gbit/s server located in Belgrade (RS) is available: Alnitak. The AirVPN client will show automatically the new server. If you use the OpenVPN client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The server accepts connections on ports 53, 80, 443, 1194, 2018 UDP and TCP. Just like every other "second generation" Air server, Alnitak supports OpenVPN over SSL and OpenVPN over SSH, TLS 1.2 and tls-crypt. Full IPv6 support is included as well. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. You can check the server status as usual in our real time servers monitor: https://airvpn.org/servers/Alnitak Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team

Hello! Today we're starting AirVPN ninth birthday celebrations! From a two servers service located in a single country providing a handful of Mbit/s, the baby has grown up to a wide infrastructure in 22 countries in three continents, providing now 230,000+ Mbit/s to tens of thousands of people around the world. Software related development has also been powered up. Eddie Android edition is now a fully mature application which features an exclusive best effort method to prevent traffic leaks and a complete integration with AirVPN. In 2019 AirVPN has also started operating in South America, on top of Asia, Europe and North America, and the infrastructure has grown significantly, counting now on more than 260 bare metal servers, whose traffic is mainly powered by tier1 and tier2 transit providers. AirVPN has also become recently an EFF "Super Major Donor" member. Furthermore, and we're very glad to announce it here publicly for the first time, development for OpenBSD and FreeBSD has started. We are also integrating OpenVPN 3 on new software which will couple Eddie on UNIX-like systems, including Linux, during the second half of 2019. GDPR compliance was already a de facto standard for AirVPN way before the Regulation entered into force, mainly because we don't collect personal data, period. By the way the compliance is now fully formalized (check details in our Privacy Notice and Terms https://airvpn.org/privacy ). AirVPN provides probably the strongest protection to your data, not only personal data but all data, you can find on any service. If you are an AirVPN customer or user, you are probably aware that our service is radically different than any other VPN service you might have met anywhere. No whistles and bells, no marketing fluff, no fake locations, no advertising on mainstream media, a transparent privacy policy, no trackers on the web site or in mobile applications, no bullshit of any kind in our infrastructure to sell your personal data to any personal data merchant, and above all a clear mission which is the very reason which AirVPN operates for. https://airvpn.org/mission Many of you know that when you buy AirVPN service, you not only support yourself and improve your ability to exercise your fundamental rights, but you also support AirVPN mission. However, while AirVPN in itself has flourished, AirVPN mission aims and values related to fundamental rights have experienced, in 2018 and 2019, a grim time. Australia "encryption-busting" monstrous law is fully in force; the European Union has definitively approved the bad Copyright Directive, mandating automated filters, which will unavoidably limit freedom of expression on big boards, and making the first step to undermine the liability exemptions of mere conduits and web publishers alike; new threats to citizens' privacy are becoming real through plans of wide face recognition deployment, indiscriminate DNA databases proposals, more pervasive and efficient profiling (possibly even through AI), and strict cooperation between Internet tech giants and intelligence agencies; the persecution of journalists, publishers and whistleblowers all around the world has reached unprecedented levels, revealing a widespread plan to suppress freedom of the press and freedom of expression even in so called "Western democracies". One of the greatest journalists and publishers of all times, Julian Assange, nominated seven times for the Nobel Peace prize and winner of many journalistic prizes and awards, has been and is prosecuted and persecuted for having merely published the truth about war crimes, corruption, torture and more, with a 100% accuracy, and for having protected his sources as any good investigative journalist does. He has been detained arbitrarily and illegally, as widely ascertained and recognized by the UN. He has been victim of an abominable smear campaign based on ignominious lies and defamation, a campaign aimed to turn the public opinion against him and distract from WikiLeaks publications content exposing war criminals in governments key positions, warmongers, torture maniacs, systematic illegal surveillance, endemic privacy violations and plots to limit and reduce fundamental rights. He is currently detained in solitary confinement 23 hours a day, with no access to books, maximum two visits per month, forbidden in practice to coordinate a defense with his lawyers, in a tiny cell of a maximum security UK prison which has been designed for dangerous murderers and terrorists, while UK will decide whether to extradite him to the USA to face a potential 175 years imprisonment. Whistleblowers like Chelsea Manning, who should be regarded as a hero, as Noam Chomsky, John Pilger, Daniel Ellsberg and other titans of our times pointed out, have been tortured and are still persecuted by the very same criminals whose crimes were exposed. Privacy activists and software developers, like Ola Bini in Ecuador, are imprisoned without charges, simply for having showed friendship to Assange or WikiLeaks, or for having developed software aimed to protect privacy through encryption. And the list can go on and on and on. But make no mistake: the dark times we are living in, the environment of fear and intimidation that various governments are building against the exercise of those fundamental rights which our mission forces us to protect to the best of our abilities, the mounting attacks against "encryption for everyone" and the awareness that enemies of human rights nestle inside government agencies, have not undermined our determination. Quite the opposite: they have convinced us that our service is even more necessary now and we are resolute to do even more. Our mission has been and will be empowered by the ongoing support to projects and NGOs which aim to the protection of privacy, personal data and freedom of expression, now more than ever. We have confirmed our support to Tor and we will progressively add support to champions of freedom of expression and privacy in any way our capacities and abilities will allow us. If you're curious to know something about a series of fortunate events which gave birth to AirVPN, have a look here: https://airvpn.org/aboutus To worthily celebrate AirVPN ninth birthday, we're glad to inform you that starting from now we will offer a 20% discount on all long term plans. Hurry up, this special offer will end on June the 11th, 23:59:59 UTC! Check the new prices here. Kind regards and datalove AirVPN Staff

Hello! We're very glad to inform you that twelve new 1 Gbit/s servers located in Alblasserdam (Netherlands) are available: Aljanah, Alpheratz, Aspidiske, Capella, Eltanin, Larawag, Melnick, Muhlifain, Piscium, Scuti, Suhail, Tiaki. The AirVPN client will show automatically the new servers. If you use the OpenVPN client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The servers accept connections on ports 53, 80, 443, 1194, 2018 UDP and TCP. Just like every other "second generation" Air server, they support OpenVPN over SSL and OpenVPN over SSH, TLS 1.2 and tls-crypt. Full IPv6 support is included as well. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team

Thanks!

su -l root [enter password] eddie-ui

This is default behavior of Eddie but apparently it's bugged on your system. There is the possibility to invoke a command at certain OpenVPN events, for example, after disconnection. --down cmd Run command cmd after TUN/TAP device close (post --user UID change and/or --chroot ). cmd consists of a path to script (or executable program), optionally followed by arguments. The path and arguments may be single- or double-quoted and/or escaped using a backslash, and should be separated by one or more spaces. Called with the same parameters and environmental variables as the --up option above. Note that if you reduce privileges by using --user and/or --group, your --down script will also run at reduced privilege. In Eddie > Preferences > OpenVPN directives, try entering this as a custom directive, then see if it fixes things: down "iptables -F"

Sure. That command didn't work so I just used the standard... inxi -Fxz ...and altered any potentially private info. Anyway, here ya go ...thanks: Eddie System/Environment Report - 5/13/2019 12:34 AM UTC Eddie version: 2.16.3 Eddie OS build: linux_x64 Eddie architecture: x64 OS type: Linux OS name: Linux Mint 19.1 Tessa \n \l OS version: Linux sytem-x 4.15.0-48-generic #51-Ubuntu SMP Wed Apr 3 08:28:49 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux OS architecture: x64 Mono /.Net Framework: 4.6.2 (Debian 4.6.2.7+dfsg-1ubuntu1); Framework: v4.0.30319 OpenVPN driver: Found, /dev/net/tun OpenVPN: 2.4.4 - OpenSSL 1.1.0g 2 Nov 2017, LZO 2.08 (/usr/sbin/openvpn) SSH: OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017 (/usr/bin/ssh) SSL: stunnel 5.44 (/usr/bin/stunnel4) curl: 7.58.0 (/usr/bin/curl) Profile path: /home/betacat/.airvpn/default.xml Data path: /home/betacat/.airvpn Application path: /usr/lib/eddie-ui Executable path: /usr/lib/eddie-ui/Eddie-UI.exe Command line arguments: (5 args) path="/home/betacat/.airvpn" path.resources="/usr/share/eddie-ui" path.exec="/usr/bin/eddie-ui" console.mode="none" linux.dbus="unix:path=/run/user/1000/bus" Network Lock Active: Yes, Linux iptables Connected to VPN: Yes, Telescopium Detected DNS: 10.19.14.1 Test DNS IPv4: Ok Test DNS IPv6: Ok Test Ping IPv4: 58 ms Test Ping IPv6: 22 ms Test HTTP IPv4: Ok Test HTTP IPv6: Error:curl: (28) Connection timed out after 20001 milliseconds Test HTTPS: Ok ---------------------------- Important options not at defaults: login: (omissis) password: (omissis) remember: True network.ipv6.mode: block gui.tray_show: False gui.tray_minimized: False ---------------------------- Logs: . 2019.05.12 17:31:38 - Eddie version: 2.16.3 / linux_x64, System: Linux, Name: Linux Mint 19.1 Tessa \n \l, Version: Linux sytem-x 4.15.0-48-generic #51-Ubuntu SMP Wed Apr 3 08:28:49 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux, Mono/.Net: 4.6.2 (Debian 4.6.2.7+dfsg-1ubuntu1); Framework: v4.0.30319 . 2019.05.12 17:31:39 - Reading options from /home/betacat/.airvpn/default.xml . 2019.05.12 17:31:42 - Command line arguments (5): path="/home/betacat/.airvpn" path.resources="/usr/share/eddie-ui" path.exec="/usr/bin/eddie-ui" console.mode="none" linux.dbus="unix:path=/run/user/1000/bus" . 2019.05.12 17:31:42 - Profile path: /home/betacat/.airvpn/default.xml . 2019.05.12 17:31:44 - OpenVPN Driver - Found, /dev/net/tun . 2019.05.12 17:31:44 - OpenVPN - Version: 2.4.4 - OpenSSL 1.1.0g 2 Nov 2017, LZO 2.08 (/usr/sbin/openvpn) . 2019.05.12 17:31:44 - SSH - Version: OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017 (/usr/bin/ssh) . 2019.05.12 17:31:44 - SSL - Version: stunnel 5.44 (/usr/bin/stunnel4) . 2019.05.12 17:31:44 - curl - Version: 7.58.0 (/usr/bin/curl) . 2019.05.12 17:31:44 - Certification Authorities: /usr/share/eddie-ui/cacert.pem . 2019.05.12 17:31:45 - Updating systems & servers data ... I 2019.05.12 17:31:45 - Ready . 2019.05.12 17:31:46 - Systems & servers data update completed ! 2019.05.12 17:32:04 - Activation of Network Lock - Linux iptables I 2019.05.12 17:32:43 - Session starting. I 2019.05.12 17:32:44 - Checking authorization ... ! 2019.05.12 17:32:44 - Connecting to Telescopium (Canada, Vancouver) . 2019.05.12 17:32:44 - OpenVPN > OpenVPN 2.4.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep 5 2018 . 2019.05.12 17:32:44 - OpenVPN > library versions: OpenSSL 1.1.0g 2 Nov 2017, LZO 2.08 . 2019.05.12 17:32:44 - Connection to OpenVPN Management Interface . 2019.05.12 17:32:44 - OpenVPN > MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:3100 . 2019.05.12 17:32:45 - OpenVPN > Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key . 2019.05.12 17:32:45 - OpenVPN > Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication . 2019.05.12 17:32:45 - OpenVPN > Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key . 2019.05.12 17:32:45 - OpenVPN > Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication . 2019.05.12 17:32:45 - OpenVPN > TCP/UDP: Preserving recently used remote address: [AF_INET]192.30.89.53:443 . 2019.05.12 17:32:45 - OpenVPN > Socket Buffers: R=[212992->212992] S=[212992->212992] . 2019.05.12 17:32:45 - OpenVPN > UDP link local: (not bound) . 2019.05.12 17:32:45 - OpenVPN > UDP link remote: [AF_INET]192.30.89.53:443 . 2019.05.12 17:32:45 - OpenVPN > MANAGEMENT: Client connected from [AF_INET]127.0.0.1:3100 . 2019.05.12 17:32:45 - OpenVPN > TLS: Initial packet from [AF_INET]192.30.89.53:443, sid=6c9b55ab e6bd8843 . 2019.05.12 17:32:45 - OpenVPN > VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org . 2019.05.12 17:32:45 - OpenVPN > VERIFY KU OK . 2019.05.12 17:32:45 - OpenVPN > Validating certificate extended key usage . 2019.05.12 17:32:45 - OpenVPN > ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication . 2019.05.12 17:32:45 - OpenVPN > VERIFY EKU OK . 2019.05.12 17:32:45 - OpenVPN > VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=Telescopium, emailAddress=info@airvpn.org . 2019.05.12 17:32:45 - OpenVPN > Control Channel: TLSv1.2, cipher TLSv1.2 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA . 2019.05.12 17:32:45 - OpenVPN > [Telescopium] Peer Connection Initiated with [AF_INET]192.30.89.53:443 . 2019.05.12 17:32:46 - OpenVPN > SENT CONTROL [Telescopium]: 'PUSH_REQUEST' (status=1) . 2019.05.12 17:32:46 - OpenVPN > PUSH: Received control message: 'PUSH_REPLY,comp-lzo no,redirect-gateway ipv6 def1 bypass-dhcp,dhcp-option DNS 10.19.14.1,dhcp-option DNS6 fde6:7a:7d20:f0e::1,tun-ipv6,route-gateway 10.19.14.1,topology subnet,ping 10,ping-restart 60,ifconfig-ipv6 fde6:7a:7d20:f0e::10bc/64 fde6:7a:7d20:f0e::1,ifconfig 10.19.14.190 255.255.255.0,peer-id 3,cipher AES-256-GCM' . 2019.05.12 17:32:46 - OpenVPN > Pushed option removed by filter: 'redirect-gateway ipv6 def1 bypass-dhcp' . 2019.05.12 17:32:46 - OpenVPN > Pushed option removed by filter: 'dhcp-option DNS6 fde6:7a:7d20:f0e::1' . 2019.05.12 17:32:46 - OpenVPN > Pushed option removed by filter: 'tun-ipv6' . 2019.05.12 17:32:46 - OpenVPN > Pushed option removed by filter: 'ifconfig-ipv6 fde6:7a:7d20:f0e::10bc/64 fde6:7a:7d20:f0e::1' . 2019.05.12 17:32:46 - OpenVPN > OPTIONS IMPORT: timers and/or timeouts modified . 2019.05.12 17:32:46 - OpenVPN > OPTIONS IMPORT: compression parms modified . 2019.05.12 17:32:46 - OpenVPN > OPTIONS IMPORT: --ifconfig/up options modified . 2019.05.12 17:32:46 - OpenVPN > OPTIONS IMPORT: route-related options modified . 2019.05.12 17:32:46 - OpenVPN > OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified . 2019.05.12 17:32:46 - OpenVPN > OPTIONS IMPORT: peer-id set . 2019.05.12 17:32:46 - OpenVPN > OPTIONS IMPORT: adjusting link_mtu to 1625 . 2019.05.12 17:32:46 - OpenVPN > OPTIONS IMPORT: data channel crypto options modified . 2019.05.12 17:32:46 - OpenVPN > Data Channel: using negotiated cipher 'AES-256-GCM' . 2019.05.12 17:32:46 - OpenVPN > Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key . 2019.05.12 17:32:46 - OpenVPN > Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key . 2019.05.12 17:32:46 - OpenVPN > ROUTE_GATEWAY 000.000.0.254/255.255.255.0 IFACE=enp0s10 HWADDR=00:15:f2:82:7c:d4 . 2019.05.12 17:32:46 - OpenVPN > TUN/TAP device tun0 opened . 2019.05.12 17:32:46 - OpenVPN > TUN/TAP TX queue length set to 100 . 2019.05.12 17:32:46 - OpenVPN > do_ifconfig, tt->did_ifconfig_ipv6_setup=0 . 2019.05.12 17:32:46 - OpenVPN > /sbin/ip link set dev tun0 up mtu 1500 . 2019.05.12 17:32:47 - OpenVPN > /sbin/ip addr add dev tun0 10.19.14.190/24 broadcast 10.19.14.255 . 2019.05.12 17:32:51 - OpenVPN > /sbin/ip route add 192.30.89.53/32 via 000.000.0.254 . 2019.05.12 17:32:51 - OpenVPN > /sbin/ip route add 0.0.0.0/1 via 10.19.14.1 . 2019.05.12 17:32:51 - OpenVPN > /sbin/ip route add 128.0.0.0/1 via 10.19.14.1 . 2019.05.12 17:32:51 - /etc/resolv.conf moved to /etc/resolv.conf.eddie as backup . 2019.05.12 17:32:51 - DNS of the system updated to VPN DNS (Rename method: /etc/resolv.conf generated) . 2019.05.12 17:32:52 - Routes, added a new route, 192.30.89.51 for gateway 10.19.14.1 . 2019.05.12 17:32:52 - Unable to compute route for 2606:9580:100:c:8757:8ee:ec9c:991c: IPv6 VPN gateway not available. . 2019.05.12 17:32:52 - Flushing DNS I 2019.05.12 17:33:40 - Checking route IPv4 I 2019.05.12 17:33:41 - Checking DNS ! 2019.05.12 17:33:41 - Connected. . 2019.05.12 17:33:41 - OpenVPN > Initialization Sequence Completed ---------------------------- Network Interfaces and Routes: { "support_ipv4": true, "support_ipv6": true, "routes": [ { "address": "0.0.0.0\/1", "gateway": "10.19.14.1", "interface": "tun0" }, { "address": "0.0.0.0\/0", "gateway": "000.000.0.254", "interface": "enp0s10", "metric": "100" }, { "address": "128.0.0.0\/1", "gateway": "10.19.14.1", "interface": "tun0" }, { "address": "192.30.89.51", "gateway": "10.19.14.1", "interface": "tun0" }, { "address": "192.30.89.53", "gateway": "000.000.0.254", "interface": "enp0s10" }, { "address": "2600:1700:cb80:2600::\/60", "gateway": "fe80::fa18:97ff:fe4b:47ed", "interface": "enp0s10", "metric": "100" }, { "address": "::\/0", "gateway": "fe80::fa18:97ff:fe4b:47ed", "interface": "enp0s10", "metric": "100" } ], "interfaces": [ { "friendly": "lo", "id": "lo", "name": "lo", "description": "lo", "type": "Loopback", "status": "Unknown", "bytes_received": "237445", "bytes_sent": "237445", "support_ipv4": true, "support_ipv6": true, "ips": [ "127.0.0.1", "::1" ], "gateways": [], "bind": true }, { "friendly": "enp0s10", "id": "enp0s10", "name": "enp0s10", "description": "enp0s10", "type": "Ethernet", "status": "Up", "bytes_received": "4533163", "bytes_sent": "476361", "support_ipv4": true, "support_ipv6": true, "ips": [ "000.000.0.00", "2600:1700:cb80:2600:7da5:57ea:9eac:d08a", "2600:1700:cb80:2600:ba96:d3fc:913a:8220", "fe80::b697:ad65:b913:32e4" ], "gateways": [ "000.000.0.254", "fe80::fa18:97ff:fe4b:47ed" ], "bind": true }, { "friendly": "tun0", "id": "tun0", "name": "tun0", "description": "tun0", "type": "0", "status": "Unknown", "bytes_received": "38297", "bytes_sent": "19249", "support_ipv4": true, "support_ipv6": true, "ips": [ "10.19.14.190", "fe80::8d92:f31:2710:2980" ], "gateways": [ "10.19.14.1" ], "bind": true } ], "ipv4-default-gateway": "000.000.0.254", "ipv4-default-interface": "enp0s10", "ipv6-default-gateway": "fe80::fa18:97ff:fe4b:47ed", "ipv6-default-interface": "enp0s10" } ---------------------------- UID: 0 Run as normal user: True; ID:1000; Name:betacat ---------------------------- ip addr show: 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: enp0s10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 00:15:f2:82:7c:d4 brd ff:ff:ff:ff:ff:ff inet 000.000.0.00/24 brd 000.000.0.255 scope global dynamic noprefixroute enp0s10 valid_lft 85578sec preferred_lft 85578sec inet6 2600:1700:cb80:2600:7da5:57ea:9eac:d08a/64 scope global temporary dynamic valid_lft 3579sec preferred_lft 3579sec inet6 2600:1700:cb80:2600:ba96:d3fc:913a:8220/64 scope global dynamic mngtmpaddr noprefixroute valid_lft 3579sec preferred_lft 3579sec inet6 fe80::b697:ad65:b913:32e4/64 scope link noprefixroute valid_lft forever preferred_lft forever 3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 100 link/none inet 10.19.14.190/24 brd 10.19.14.255 scope global tun0 valid_lft forever preferred_lft forever inet6 fe80::8d92:f31:2710:2980/64 scope link stable-privacy valid_lft forever preferred_lft forever ---------------------------- ip link show: 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: enp0s10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000 link/ether 00:15:f2:82:7c:d4 brd ff:ff:ff:ff:ff:ff 3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN mode DEFAULT group default qlen 100 link/none ---------------------------- ip -4 route show: 0.0.0.0/1 via 10.19.14.1 dev tun0 default via 000.000.0.254 dev enp0s10 proto dhcp metric 100 10.19.14.0/24 dev tun0 proto kernel scope link src 10.19.14.190 128.0.0.0/1 via 10.19.14.1 dev tun0 169.254.0.0/16 dev enp0s10 scope link metric 1000 192.30.89.51 via 10.19.14.1 dev tun0 192.30.89.53 via 000.000.0.254 dev enp0s10 000.000.0.0/24 dev enp0s10 proto kernel scope link src 000.000.0.00 metric 100 ---------------------------- ip -6 route show: 2600:1700:cb80:2600::/64 dev enp0s10 proto ra metric 100 pref medium 2600:1700:cb80:2600::/60 via fe80::fa18:97ff:fe4b:47ed dev enp0s10 proto ra metric 100 pref high fe80::/64 dev enp0s10 proto kernel metric 100 pref medium fe80::/64 dev enp0s10 proto kernel metric 256 pref medium fe80::/64 dev tun0 proto kernel metric 256 pref medium default via fe80::fa18:97ff:fe4b:47ed dev enp0s10 proto ra metric 100 pref medium PC System Info from Linux =========================================================================== betacat@sytem-x:~$ inxi -SMCNIz Error 22: Unsupported option: Check -h for correct parameters. -- betacat@sytem-x:~$ inxi -Fxz System: Host: sytem-x Kernel: 4.15.0-48-generic x86_64 bits: 64 compiler: gcc v: 7.3.0 Desktop: Xfce 4.12.3 Distro: Linux Mint 19.1 Tessa base: Ubuntu 18.04 bionic Machine: Type: Desktop Mobo: ASUSTeK model: A8N5X v: 1.XX serial: <filter> BIOS: Phoenix v: ASUS A8N5X Revision 1003 date: 06/01/2006 CPU: Topology: Dual Core model: AMD Athlon 64 X2 4200+ bits: 64 type: MCP arch: K8 rev.E rev: 2 L2 cache: 1024 KiB flags: lm nx pae sse sse2 sse3 bogomips: 4020 Speed: 1000 MHz min/max: 1000/2200 MHz Core speeds (MHz): 1: 1000 2: 1000 Graphics: Device-1: NVIDIA GK208B [GeForce GT 710] vendor: Micro-Star MSI driver: nouveau v: kernel bus ID: 01:00.0 Display: x11 server: X.Org 1.19.6 driver: nouveau unloaded: fbdev,modesetting,vesa resolution: 1280x1024~60Hz OpenGL: renderer: NV106 v: 4.3 Mesa 18.2.8 direct render: Yes Audio: Device-1: NVIDIA CK804 AC97 Audio vendor: ASUSTeK K8N4/A8N Series Mainboard driver: snd_intel8x0 v: kernel bus ID: 00:04.0 Device-2: NVIDIA GK208 HDMI/DP Audio vendor: Micro-Star MSI driver: snd_hda_intel v: kernel bus ID: 01:00.1 Sound Server: ALSA v: k4.15.0-48-generic Network: Device-1: NVIDIA CK804 Ethernet vendor: ASUSTeK K8N4/A8N Series Mainboard type: network bridge driver: forcedeth v: kernel port: b000 bus ID: 00:0a.0 IF: enp0s10 state: up speed: 100 Mbps duplex: full mac: <filter> Drives: Local Storage: total: 335.32 GiB used: 31.24 GiB (9.3%) ID-1: /dev/sda vendor: Seagate model: ST3200826AS size: 186.31 GiB ID-2: /dev/sdb vendor: Seagate model: ST3160023AS size: 149.01 GiB Partition: ID-1: / size: 182.38 GiB used: 31.24 GiB (17.1%) fs: ext4 dev: /dev/sda1 Sensors: System Temperatures: cpu: 40.0 C mobo: N/A gpu: nouveau temp: 39 C Fan Speeds (RPM): N/A Info: Processes: 164 Uptime: 7m Memory: 2.93 GiB used: 804.4 MiB (26.8%) Init: systemd runlevel: 5 Compilers: gcc: 7.4.0 Shell: bash v: 4.4.19 inxi: 3.0.27

Today I finally had time to test the suggestions but I get no connection. Looked for the IP adresses of working servers and I created a config file: # -------------------------------------------------------- # Air VPN | https://airvpn.org | Wednesday 8th of May 2019 06:13:39 PM # OpenVPN Client Configuration # AirVPN_NL-Alblasserdam_Alrai_UDP-443 # -------------------------------------------------------- client dev tun remote 213.152.162.78 443 resolv-retry infinite nobind persist-key persist-tun auth-nocache verb 3 explicit-exit-notify 5 rcvbuf 262144 sndbuf 262144 remote-cert-tls server cipher AES-256-CBC comp-lzo no proto udp key-direction 1 <ca> The I editted this file by trepacing the IP address with the other working address fot a quick test. # -------------------------------------------------------- # Air VPN | https://airvpn.org | Wednesday 8th of May 2019 06:13:39 PM # OpenVPN Client Configuration # AirVPN_NL-Alblasserdam_Alrai_UDP-443 # -------------------------------------------------------- client dev tun remote 109.202.107.15 443 resolv-retry infinite nobind persist-key persist-tun auth-nocache verb 3 explicit-exit-notify 5 rcvbuf 262144 sndbuf 262144 remote-cert-tls server cipher AES-256-CBC comp-lzo no proto udp key-direction 1 <ca> Ater this I get no connection when I use the new file I am affraid that there is some more info in the certificate /keys that are at the end of that file. Where did I go wrong?

@zhang888 I do not want a completely random connection. I want to create a list (10-15) of working AIRVPN servers (That are not blacklisted) and let the system just pick one of this list. They will all me in the Netherlands for me.

Implemented it where?

Hi there. The new laws are not encryption laws. They are ANTI encryption laws. They were passed shortly 19:00 AEST, 06 Dec and were signed into law the next day. As has been noted on other sites, the speecd with which this occurred indicates the authorities had a list of people/services and so forth they wanted to target. The laws provide a basis for mass surveillance and any type of internet cervice is subject to them. Not only encrypted apps such as telegram and signal, but ISPs, VPNs, data centres, and possibly (likely) software makers. The extent of the law is not yet known. But certainly VPNs and ISPs are within its range. Air does hot have a server in Australia, as many have noted. But Airvpn and a couple of others will be prime targets because of their uncompromising approach to security and anonymity. If an internet business has operations in Australia, and say other countries, it is say a data centre - and air has servers in that businesses data centre in another country, the intent of the law is to force that internet business to compromise servers in its data centres elsewhere. So, theoretically, air could be targeted. BUT: Several things may happen. The internet service might withdraw from Australia (and some have indicated privately they will spin off their Australian operations and seem to be doing so); or they will simply tell the Australian government to get stuffed. Protonmail has said as much. Or both will happen. Already a couple of internet startups have begun to move operations offshore. It is also illegal to tell people how to protect themselves against this law - i.e. beef up their cyber security to thwart it. It goes even further: even if you are not specifically telling people how to evade this law but are just telling them how to increase their security and anonymity generally, that is a breach of the law. The law, according to some technical experts, provides a legislative basis for mass surveillance. Two things we know it can do is facilitate MITM attacks and also the injection of malicious code via updates. One result and a clear aim, according to technical experts, is to harvest private keys and do so on an industrial scale, and so decrypt all communications. And it is indiscriminate. There has been a bit of discussion on redit, but also a lot on twitter. People are not happy but that does not really come into it.

https://netflix.com Watch Movies & TV Shows Online or Streaming right to your TV via Xbox, Wii, PS3 & many other devices. Only $7.99/mo. Status: NOT ACCESSIBLE Native: none. Routing: All servers Last update: February the 1st, 2020

First of all: Thanks a lot for your great work, Mikeyy! I followed your instructions to set up a vpn client by using the ovpn file. There's one strange thing: When the DSM is rebooted the client starts automatically, but it does not fully establish the routing table. I have to stop it and start it again to get it work. --> pics left to right. Any ideas what the reason could be? Greets

Website: http://www.marcopolo.tv/ Italian TV Streaming Status: OK Routing: All servers to IT route.

Website: http://lifestyle.alice.tv/ Italian TV Streaming Status: OK Routing: All servers to IT route.

Hello, this is a guide to prevent ANY leak on Windows 7/8 with Windows Firewall published by Omniferum. It is particularly simple to follow and well written, and it provides also a very comfortable "VPN flipper". Thank you Omniferum! Warning: the setup works on Windows 7 and Windows 8 with the default Windows Firewall. It has NOT been tested on any other Windows version. It will NOT work on Windows XP (whose firewall is completely different and very limited, Windows XP users might like to use Comodo Firewall). It is NOT suitable if you have any other firewall running on your system (remember, you must never run two firewalls simultaneously). Important: the VPN flipper script will NOT work if your Windows is not in English language, because the system Firewall rules names change (incredible but true!) according to the language (thanks to Esamu for the information). UPDATE 14-May-14: issue fixed. Original thread updated on May the 14th, 2014: https://airvpn.org/topic/9609-blocking-non-vpn-traffic-with-windows-firewall Kind regards

First of all, thank you for hanging in there - I really appreciate your help . Getting that command to work was tricky. After entering it, I would only see: su: Authentication failure I then tried the following (from a post on the "ask ubuntu" forum): user@user-ubuntu1:~$ sudo passwd [sudo] password for user: # enter your sudo password here Enter new UNIX password: # enter the password you want for your su password here Retype new UNIX password: # reenter your new su password passwd: password updated successfully Entering "su -l root" required a couple of tries after that but it finally worked. Unfortunately, running Eddie from terminal did not affect my issue. If it helps, here's a copy of my terminal session: betacat@system-x:~$ su -l root Password: root@system-x:~# eddie-ui . 2019.05.17 10:06:32 - Eddie version: 2.17.2 / linux_x64, System: Linux, Name: Linux Mint 19.1 Tessa \n \l, Version: Linux system-x 4.15.0-50-generic #54-Ubuntu SMP Mon May 6 18:46:08 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux, Mono/.Net: 4.6.2 (Debian 4.6.2.7+dfsg-1ubuntu1); Framework: v4.0.30319 . 2019.05.17 10:06:32 - Reading options from /root/.airvpn/default.xml . 2019.05.17 10:06:32 - Profile options not found, using defaults. . 2019.05.17 10:06:35 - Command line arguments (3): path="/root/.airvpn" path.resources="/usr/share/eddie-ui" path.exec="/usr/bin/eddie-ui" . 2019.05.17 10:06:35 - Profile path: /root/.airvpn/default.xml . 2019.05.17 10:06:38 - OpenVPN Driver - Found, /dev/net/tun . 2019.05.17 10:06:38 - OpenVPN - Version: 2.4.4 - OpenSSL 1.1.0g 2 Nov 2017, LZO 2.08 (/usr/sbin/openvpn) . 2019.05.17 10:06:38 - SSH - Version: OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017 (/usr/bin/ssh) . 2019.05.17 10:06:38 - SSL - Version: stunnel 5.44 (/usr/bin/stunnel4) . 2019.05.17 10:06:38 - curl - Version: 7.58.0 (/usr/bin/curl) . 2019.05.17 10:06:38 - Certification Authorities: /usr/share/eddie-ui/cacert.pem I 2019.05.17 10:06:38 - Ready . 2019.05.17 10:06:40 - Collect information about AirVPN completed I 2019.05.17 10:07:42 - Checking login ... ! 2019.05.17 10:07:42 - Logged in. ! 2019.05.17 10:07:57 - Activation of Network Lock - Linux iptables I 2019.05.17 10:08:17 - Session starting. I 2019.05.17 10:08:17 - Checking authorization ... ! 2019.05.17 10:08:18 - Connecting to Titawin (Canada, Vancouver) . 2019.05.17 10:08:18 - OpenVPN > OpenVPN 2.4.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep 5 2018 . 2019.05.17 10:08:18 - OpenVPN > library versions: OpenSSL 1.1.0g 2 Nov 2017, LZO 2.08 . 2019.05.17 10:08:18 - Connection to OpenVPN Management Interface . 2019.05.17 10:08:18 - OpenVPN > MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:3100 . 2019.05.17 10:08:18 - OpenVPN > Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key . 2019.05.17 10:08:18 - OpenVPN > Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication . 2019.05.17 10:08:18 - OpenVPN > Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key . 2019.05.17 10:08:18 - OpenVPN > Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication . 2019.05.17 10:08:18 - OpenVPN > TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xx.xx.xx:xxx . 2019.05.17 10:08:18 - OpenVPN > Socket Buffers: R=[212992->212992] S=[212992->212992] . 2019.05.17 10:08:18 - OpenVPN > UDP link local: (not bound) . 2019.05.17 10:08:18 - OpenVPN > UDP link remote: [AF_INET]xxx.xx.xx.xx:xxx . 2019.05.17 10:08:18 - OpenVPN > TLS: Initial packet from [AF_INET]xxx.xx.xx.xx:xxx, sid=d42a9ff5 c405ba44 . 2019.05.17 10:08:18 - OpenVPN > MANAGEMENT: Client connected from [AF_INET]127.0.0.1:3100 . 2019.05.17 10:08:18 - OpenVPN > VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org . 2019.05.17 10:08:18 - OpenVPN > VERIFY KU OK . 2019.05.17 10:08:18 - OpenVPN > Validating certificate extended key usage . 2019.05.17 10:08:18 - OpenVPN > ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication . 2019.05.17 10:08:18 - OpenVPN > VERIFY EKU OK . 2019.05.17 10:08:18 - OpenVPN > VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=Titawin, emailAddress=info@airvpn.org . 2019.05.17 10:08:18 - OpenVPN > Control Channel: TLSv1.2, cipher TLSv1.2 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA . 2019.05.17 10:08:18 - OpenVPN > [Titawin] Peer Connection Initiated with [AF_INET]xxx.xx.xx.xx:xxx . 2019.05.17 10:08:19 - OpenVPN > SENT CONTROL [Titawin]: 'PUSH_REQUEST' (status=1) . 2019.05.17 10:08:20 - OpenVPN > PUSH: Received control message: 'PUSH_REPLY,comp-lzo no,redirect-gateway ipv6 def1 bypass-dhcp,dhcp-option DNS 10.20.78.1,dhcp-option DNS6 fde6:7a:7d20:104e::1,tun-ipv6,route-gateway 10.20.78.1,topology subnet,ping 10,ping-restart 60,ifconfig-ipv6 fde6:7a:7d20:104e::106b/64 fde6:7a:7d20:104e::1,ifconfig x0.x0.xx.xxx xxx.xxx.xxx.0,peer-id 12,cipher AES-256-GCM' . 2019.05.17 10:08:20 - OpenVPN > Pushed option removed by filter: 'redirect-gateway ipv6 def1 bypass-dhcp' . 2019.05.17 10:08:20 - OpenVPN > Note: option tun-ipv6 is ignored because modern operating systems do not need special IPv6 tun handling anymore. . 2019.05.17 10:08:20 - OpenVPN > OPTIONS IMPORT: timers and/or timeouts modified . 2019.05.17 10:08:20 - OpenVPN > OPTIONS IMPORT: compression parms modified . 2019.05.17 10:08:20 - OpenVPN > OPTIONS IMPORT: --ifconfig/up options modified . 2019.05.17 10:08:20 - OpenVPN > OPTIONS IMPORT: route-related options modified . 2019.05.17 10:08:20 - OpenVPN > OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified . 2019.05.17 10:08:20 - OpenVPN > OPTIONS IMPORT: peer-id set . 2019.05.17 10:08:20 - OpenVPN > OPTIONS IMPORT: adjusting link_mtu to 1625 . 2019.05.17 10:08:20 - OpenVPN > OPTIONS IMPORT: data channel crypto options modified . 2019.05.17 10:08:20 - OpenVPN > Data Channel: using negotiated cipher 'AES-256-GCM' . 2019.05.17 10:08:20 - OpenVPN > Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key . 2019.05.17 10:08:20 - OpenVPN > Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key . 2019.05.17 10:08:20 - OpenVPN > ROUTE_GATEWAY xxx.xxx.x.xxx/xxx.xxx.xxx.0 IFACE=enp0s10 HWADDR=00:15:f2:82:7c:d4 . 2019.05.17 10:08:20 - OpenVPN > GDG6: remote_host_ipv6=n/a . 2019.05.17 10:08:20 - OpenVPN > ROUTE6_GATEWAY fe80::fa18:97ff:fe4b:47ed IFACE=enp0s10 . 2019.05.17 10:08:20 - OpenVPN > TUN/TAP device tun0 opened . 2019.05.17 10:08:20 - OpenVPN > TUN/TAP TX queue length set to 100 . 2019.05.17 10:08:20 - OpenVPN > do_ifconfig, tt->did_ifconfig_ipv6_setup=1 . 2019.05.17 10:08:20 - OpenVPN > /sbin/ip link set dev tun0 up mtu 1500 . 2019.05.17 10:08:20 - OpenVPN > /sbin/ip addr add dev tun0 10.20.78.109/24 broadcast 10.20.78.255 . 2019.05.17 10:08:20 - OpenVPN > /sbin/ip -6 addr add fde6:7a:7d20:104e::106b/64 dev tun0 . 2019.05.17 10:08:24 - OpenVPN > /sbin/ip route add xxx.xx.xx.xx/xx via xxx.xxx.x.xxx . 2019.05.17 10:08:24 - OpenVPN > /sbin/ip route add 0.0.0.0/1 via x0.x0.xx.x . 2019.05.17 10:08:24 - OpenVPN > /sbin/ip route add xxx.0.0.0/x via xx.x0.xx.x . 2019.05.17 10:08:24 - OpenVPN > add_route_ipv6(::/3 -> fde6:7a:7d20:104e::1 metric -1) dev tun0 . 2019.05.17 10:08:24 - OpenVPN > /sbin/ip -6 route add ::/3 dev tun0 . 2019.05.17 10:08:24 - OpenVPN > add_route_ipv6(2000::/4 -> fde6:7a:7d20:104e::1 metric -1) dev tun0 . 2019.05.17 10:08:24 - OpenVPN > /sbin/ip -6 route add 2000::/4 dev tun0 . 2019.05.17 10:08:24 - OpenVPN > add_route_ipv6(3000::/4 -> fde6:7a:7d20:104e::1 metric -1) dev tun0 . 2019.05.17 10:08:24 - OpenVPN > /sbin/ip -6 route add 3000::/4 dev tun0 . 2019.05.17 10:08:24 - OpenVPN > add_route_ipv6(fc00::/7 -> fde6:7a:7d20:104e::1 metric -1) dev tun0 . 2019.05.17 10:08:24 - OpenVPN > /sbin/ip -6 route add fc00::/7 dev tun0 . 2019.05.17 10:08:24 - /etc/resolv.conf moved to /etc/resolv.conf.eddie as backup . 2019.05.17 10:08:24 - DNS of the system updated to VPN DNS (Rename method: /etc/resolv.conf generated) . 2019.05.17 10:08:24 - Routes, added a new route, xxx.xx.xx.xx for gateway x0.x0.xx.x . 2019.05.17 10:08:33 - Routes, added a new route, 2606:9580:100:d:2bd7:c37b:24c2:c069 for gateway fde6:7a:7d20:104e::1 . 2019.05.17 10:08:42 - Flushing DNS I 2019.05.17 10:08:47 - Checking route IPv4 I 2019.05.17 10:08:49 - Checking route IPv6 I 2019.05.17 10:08:49 - Checking DNS ! 2019.05.17 10:08:50 - Connected. . 2019.05.17 10:08:50 - OpenVPN > Initialization Sequence Completed ! 2019.05.17 10:22:02 - Disconnecting . 2019.05.17 10:22:03 - Routes, removed a route previously added, xxx.x0.xx.xx for gateway x0.x0.xx.x . 2019.05.17 10:22:03 - Routes, removed a route previously added, 2606:9580:100:d:2bd7:c37b:24c2:c069 for gateway fde6:7a:7d20:104e::1 . 2019.05.17 10:22:03 - Sending management termination signal . 2019.05.17 10:22:03 - Management - Send 'signal SIGTERM' . 2019.05.17 10:22:03 - OpenVPN > MANAGEMENT: CMD 'signal SIGTERM' . 2019.05.17 10:22:03 - OpenVPN > SIGTERM received, sending exit notification to peer . 2019.05.17 10:22:08 - OpenVPN > /sbin/ip route del xxx.x0.xx.xx/xx . 2019.05.17 10:22:08 - OpenVPN > /sbin/ip route del 0.0.0.0/1 . 2019.05.17 10:22:08 - OpenVPN > /sbin/ip route del xxx.0.0.0/x . 2019.05.17 10:22:08 - OpenVPN > delete_route_ipv6(::/3) . 2019.05.17 10:22:08 - OpenVPN > /sbin/ip -6 route del ::/3 dev tun0 . 2019.05.17 10:22:08 - OpenVPN > delete_route_ipv6(2000::/4) . 2019.05.17 10:22:08 - OpenVPN > /sbin/ip -6 route del 2000::/4 dev tun0 . 2019.05.17 10:22:08 - OpenVPN > delete_route_ipv6(3000::/4) . 2019.05.17 10:22:08 - OpenVPN > /sbin/ip -6 route del 3000::/4 dev tun0 . 2019.05.17 10:22:08 - OpenVPN > delete_route_ipv6(fc00::/7) . 2019.05.17 10:22:08 - OpenVPN > /sbin/ip -6 route del fc00::/7 dev tun0 . 2019.05.17 10:22:08 - OpenVPN > Closing TUN/TAP interface . 2019.05.17 10:22:08 - OpenVPN > /sbin/ip addr del dev tun0 10.20.78.109/24 . 2019.05.17 10:22:08 - OpenVPN > /sbin/ip -6 addr del fde6:7a:7d20:104e::106b/64 dev tun0 . 2019.05.17 10:22:08 - OpenVPN > SIGTERM[soft,exit-with-notification] received, process exiting . 2019.05.17 10:22:08 - Connection terminated. . 2019.05.17 10:22:08 - DNS of the system restored to original settings (Rename method) . 2019.05.17 10:22:08 - Flushing DNS ! 2019.05.17 10:22:08 - Session terminated. ! 2019.05.17 10:22:11 - Deactivation of Network Lock . 2019.05.17 10:22:20 - Shutdown in progress . 2019.05.17 10:22:21 - Shutdown complete root@system-x:~#

Do yourself a favor and install OpenWRT on it: https://openwrt.org/toh/mikrotik/mikrotik_rb750gr3 Mikrotik's OpenVPN client support is still horrible in 2019 and requires too many steps.

Hi, I have followed this guide and tried both a specific netherlands server and netherlands in general but the DSM keeps returning error (in screenshot). Can someone please help me? I am not sure where i can find more detailed logs in the synology so please assist with this if this will help getting it resolved. Thank you in advance

hi i've tried this approach, but it didn't work with me, it seems it blocked all traffic. it was a good start, i did some research, it seems tun interface is the one communicating with the VPN server, so I did this: iptables -A OUTPUT -o tun0 -j ACCEPT iptables -A OUTPUT -d a.b.c.d -j ACCEPT iptables -A OUTPUT -j DROP didn't check completely, but it seems to be working

Hello! No, this is not what you want, the firewall will not block anything without that rule. Replace it with: <code>block out from 192.168.0.0/16 to any</code> PF will block any outgoing packet from 192.168.*.*, except those which match the subsequent "pass out" rules. If there are no more syntax errors, test the configuration. Activate pf. Now you should lose your Internet connectivity, except toward Lyra. Connect to Air server Lyra entry-IP (62.212.85.65), any port. The connection should succeed thanks to the relevant pass out rule. Now you should have full connectivity. Launch a bittorrent client, share some redistributable content. Let it work for some minutes. Then, disconnect from the VPN. If everything is ok, you should immediately see a total drop of outgoing packets from any application, including the bittorrent client. Anyway, you should investigate further, because "block out all" is a perfectly legal directive on any pf version. Kind regards Hello! It works! It works! You guys did a fantastic job. Excellent support! I’m a complete vpn-novice and now I even have a firewall. Thanks a lot. As to the error message caused by the insertion of the rule “block out any” in the pf.conf file: Could is be due to a conflict with the standard setting of IceFloor which allows access to LAN? The new rules in the pf.conf file are represented by IceFloor in the frontend “Manage PF rules” panel in this way: anchor "com.apple/*" block drop out inet from 192.168.0.0/16 to any pass out quick inet from 192.168.0.0/16 to 62.212.85.65 flags S/SA keep state pass out quick inet from 192.168.0.0/16 to 192.168.0.0/16 flags S/SA keep state pass out quick inet from 127.0.0.1 to any flags S/SA keep state pass out quick inet from 10.0.0.0/8 to any flags S/SA keep state Again, thanks a lot.