Leaderboard

Thank you, all is well, i just need to figure out a ip/routing conflict but I believe I know the fix. Thank you for you reply, its nice to see people who care.

I ended up switching to use OpenVPN without Eddie and was able to remove the need to allow 63.33.78.166. Perhaps the guide should be updated to let Eddie users know that they need to allow this address. Thank you for the information about the four entry IPs! That ended up being my issue and was something I did not even know about.

What the hell is this? Why? -.- Doesn't matter. Hope everything works now.

IP-API reports it as Amazon. I've known Amazon IPs around here as DNS fallback IPs. Every server has four entry IPs: A normal one (1), an alternative (2) and normal (3) and alternative (4) tls-crypt ones. They are shown in the config generator when you enable the Advanced mode in the top right corner of the page. If you resolve yildun.airvpn.org, you get (1). Now, Eddie has its own preference which of these IPs it takes. Check Preferences > Protocols to see if you didn't accidentally select (2), (3) or (4). This can definitely happen if you let Eddie decide the protocol, so make sure to disable that and keep to (1).

i have just received a nightly from AG. now everything is running perfectly again. the next update from AG should have solved the problem.

I'm an Apple system admin for a living. This is NOT a problem, it's actually a security feature keeping you safe. That username/password prompt is asking you for temporary admin rights so that the Eddie client can do the OS changes it needs to do. Routing table stuff, new network interface creation etc. Any of the workarounds to prevent this is a major security issue as essentially you're force running the client as the root admin user.

The OpenVPN connection has less benefits from TLS 1.3 unlike web. Most improvements are roundtrip and overhead related, so nothing OpenVPN can really benefit from, as well as downgrade attack extra prevention which are mitigated by both the client and the server. This would be supported eventually by all but not such important as web. Competitors should follow this as well better sooner than later

Any change to https://airvpn.org/specs/ with this new capability? LOL, I misread. Nevermind!

Sao Paulo is as cental America as you can get. "Lite South" America would be something like Mexico/Panama in where it would be better getting a server in Miami instead, for both ping and bandwidth related performance. Geographical center: Panama/Mexico/Costa Rica - Most providers are limited to lease a shared 100mbit connection per customer. This is because they have max 5-10Gbit per datacenter or less. Because of that, their main peering happens to be with U.S. providers, so see the sentence above. "Southern South": Rest of the countries are not going to happen - Peru, Chile, Argentina. No sufficient datacenters to offer quality bandwidth for a reasonable price. Wholesale of 1Gbit almost unspoken of. Bolivia, Paraguay, Uruguay - the same reasons as above, + add at least 5 more years for their availability after the countries above. Most providers in those areas offer only shaped 10Mbit traffic (yes, in 2019) with a burstable option to 100Mbit with a very high premium. Those providers mostly offer local data as well as CDN to companies like Akamai, Cloudflare, Google which is their most profitable way of operation. Other Caribbean islands or countries with less than 5M residents - can be totally dismissed. Not a valid option even for large "Big 10" companies to operate. An exotic new location will not give you the privacy/performance you would probably assume from a service like Air. So this is a strategic point which is totally transparent and provable. Don't make other providers who sell fake GeoIP locations (this is possible and actually much cheaper) or sell VPS/Cloud connectivity with limited 100Mbit b/w make your decision here, test your own locations with your maximum speed before you buy a VPN service. And always remember: If AirVPN ever wanted to cross that grey area, there would probably be 50 available countries now. Or maybe 100. This is not an ethical way to do (VPN) business. Not flagging any competitors here since we all know who they are. // Finding even a single provider in South America with apparently enough bandwidth and acceptable prices (probably because they have more than utilized) is not an easy task by it's own. Right now no other country can probably overcome Brazil by price/performance, where even 3 years ago the situation was nearly as same as above. Same things happen is East Asia as well, where I am more native, and is directly linked to the country GDP. (The case has some exceptions in countries like Ukraine, Romania) because they are strategically and historically big EU transit points where AirVPN operates. But largely if it costs more than an average monthly salary to get a 100mbit connectivity, this country cannot be generally considered as a valid location.

I had the same error in the begin but when I select direct udp during making the confige files. and imported it again. Then it will connect well. I just wonder if I have to do more steps before I can use Sonarr for example.

Hi Mikeyy, thanks to your excellent manual I've setup VPN on my DS. The VPN started, but nothing is routed over it. As a test I downloaded something via a newsserver with Downloadstation. But according to the Network Interface the amount of sent and received bytes stays at zero. And in my AirVPN the traffic also stays at 12/13 Kb received/sent. Any idea? p.s. I am on DSM 6.1 beta with active airvpn membership. During install there was no option to compress data on the VPN. I still can connect to the webinterface of my DS without implementing 3.1.

You can add the "block-outside-dns" directive in your OpenVPN config - requires OpenVPN 2.3.9 and above. There is no explanation for the speed difference, but you can verify that the same configs are present both in the configs downloaded from the client area and Eddie. Except the server address they are identical. Besides that there is no difference in the way it should work - both are using the OpenVPN binary.

First of all: Thanks a lot for your great work, Mikeyy! I followed your instructions to set up a vpn client by using the ovpn file. There's one strange thing: When the DSM is rebooted the client starts automatically, but it does not fully establish the routing table. I have to stop it and start it again to get it work. --> pics left to right. Any ideas what the reason could be? Greets

Thanks, Mikeyy

This is just part of old tutorial. It still works same as new tutorial above, I just wanted to simplify it to people so they don't have to use Putty, vi, edit crontab etc. 5. Auto reconnection when VPN is down. Since when you made your VPN connection on your Synology, you checked "Reconnect" option, Syno will try to reconnect automaticly when connection fails. But in some cases, your network will be offline long enough and Syno will stop trying to reconnect, or will hang with VPN connection established, but not working. In those cases you can use this auto reconnect script. This is reconnect script. Save it in file named whatever you want. I'm using file name "synovpn_reconnect". All instructions how to use it are inside script in comments, but I will repeat them in this post also. #VPN Check script modified Sep 11, 2016 #Script checks if VPN is up, and if it is, it checks if it's working or not. It provides details like VPN is up since, data #received/sent, VPN IP & WAN IP. #If VPN is not up it will report it in the log file and start it #Change LogFile path to your own location. #Save this script to file of your choosing (for example "synovpn_reconnect"). Store it in one of your Synology shared folders and chmod it: "chmod +x /volume1/shared_folder_name/your_path/synovpn_reconnect" #Edit "/etc/crontab" and add this line without quotes for starting script every 10 minutes: "*/10 * * * * root /volume1/shared_folder_name/your_path/synovpn_reconnect" #After that restart cron with: "/usr/syno/sbin/synoservicectl --restart crond" #!/bin/sh DATE=$(date +"%F") TIME=$(date +"%T") VPNID=$(grep "\[.*\]" /usr/syno/etc/synovpnclient/openvpn/ovpnclient.conf | cut -f 2 -d "[" | cut -f 1 -d "]") VPNNAME=$(grep conf_name /usr/syno/etc/synovpnclient/openvpn/ovpnclient.conf | cut -f 2 -d "=") LogFile="/volume1/filmovi/Backup/airvpn/check_airvpn_$DATE.log" PUBIP=$(curl -s -m 5 icanhazip.com) #PUBIP=$(curl -s -m 5 ipinfo.io/ip) #PUBIP=$(curl -s -m 5 ifconfig.me) CHECKIP=$(echo $PUBIP | grep -c ".") start_vpn() { echo "VPN is down. Attempting to (re)start now." >> $LogFile # /usr/syno/bin/synovpnc kill_client --protocol=openvpn --name=$VPNNAME /usr/syno/bin/synovpnc kill_client /bin/kill `cat /var/run/ovpn_client.pid` 2>/dev/null sleep 35 echo 1 > /usr/syno/etc/synovpnclient/vpnc_connecting echo conf_id=$VPNID > /usr/syno/etc/synovpnclient/vpnc_connecting echo conf_name=$VPNNAME >> /usr/syno/etc/synovpnclient/vpnc_connecting echo proto=openvpn >> /usr/syno/etc/synovpnclient/vpnc_connecting /usr/syno/bin/synovpnc reconnect --protocol=openvpn --name=$VPNNAME >> $LogFile } sleep 6 echo "======================================" >> $LogFile echo "$DATE $TIME" >> $LogFile if ifconfig tun0 | grep -q "00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00" then if [ "$CHECKIP" == 1 ] then IPADDR=$(/sbin/ifconfig tun0 | grep 'inet addr' | cut -d: -f2 | awk '{print $1}') RXDATA=$(/sbin/ifconfig tun0 | grep "bytes:" | cut -d: -f2 | awk '{print $1,$2,$3}') TXDATA=$(/sbin/ifconfig tun0 | grep "bytes:" | cut -d: -f3 | awk '{print $1,$2,$3}') UPTIME=$(cat /var/log/messages | grep "$IPADDR" | awk '{print $1}' | tail -1) UPTIME=$(date -d"$UPTIME" +"%Y/%m/%d %H:%M:%S") echo "VPN is up since: $UPTIME" >> $LogFile echo "Session Data RX: $RXDATA" >> $LogFile echo "Session Data TX: $TXDATA" >> $LogFile echo "VPN IP is: $IPADDR" >> $LogFile echo "WAN IP is: $PUBIP" >> $LogFile else start_vpn fi else start_vpn fi exit 0 (1) Enable SSH on your Synology if you didn't already. - As admin go to "Control panel" - "Terminal & SNMP" (you need to enable advanced mode in top right corner of control panel for this) - Check "Enable SSH service" - Click "Apply" (2) Save script above in file "synovpn_reconnect". Make sure to save it in UNIX UTF8, not windows. You can do that on windows with Notepad++, just open file with Notepad++, click "Encoding" - "Convert to UTF-8 without BOM" and them save file. (3) Edit script variables so it works for your system. You only need to edit this part: LogFile="/volume1/video/Backup/airvpn/check_airvpn_$DATE.log" Thanks to foobar666, you no longer need to enter VPNID or VPNNAME, it will detect them automatically. Now you only need to change your LogFile variable to match your wishes. After you finish editing script, save it. (4) Move or copy "synovpn_reconnect" to your Synology shared drive. Doesn't matter which, just be sure to know full path to it. If you only have 1 volume/drive, with multiple shared folders, your path should look similar to this: /volume1/shared_folder_name/your_path/ So for example, if you keep your files in default CloudStation folder, your path should look something like this: /volume1/home/your_username/CloudStation/ You can also do all this with VI, check original tutorial for that. (5) Now use Putty if you are on windows, or your terminal on linux, to access your Synology via SSH. I will not tutor you how to do that, learn. admin@192.168.1.100 or username@192.168.1.100 + password, or whatever your Syno LAN IP is. (6) Now type this into Putty/terminal: sudo chmod +x /volume1/shared_folder_name/your_path/synovpn_reconnect You need to chmod it to be executable. You will notice I use "sudo". It's because my admin username isn't default "admin". If you are using default "admin" user, then you probably don't need sudo. (7) Setup cron so it automatically starts your script every X minutes / hours / days. To setup it enter this: vi /etc/crontab And then press "i" to enter editing mode. Go to last line, and start new line with this: */10 * * * * root /volume1/shared_folder_name/your_path/synovpn_reconnect Note that those ARE NOT spaces, those are TABS. This will start your script every 10 minutes. Change to whatever you want. Then press ESC key, and then type: :wq To exit VI and save file. After that type: /usr/syno/sbin/synoservicectl --restart crond To restart cron (or restart your Synology). Tip: If you don't want logfile, you can comment out those lines, or remove ">> $LogFile" code from whole script.