Leaderboard

Hello! We're very glad to inform you that AirVPN has begun to actively contribute to OpenVPN 3 development. Our first goal has been adding support for ChaCha20 cipher with Poly1305 as authenticator on OpenVPN 3 Data Channel. ChaCha20 is a stream cipher developed by Daniel J. Bernstein which combines strength and remarkable performance. https://en.wikipedia.org/wiki/Salsa20#ChaCha20_adoption When compared with AES-GCM, ChaCha20 offers significant computational relief to all AES-NI non supporting processors, such as ARM processors. ARM processors, routinely used on very many tablets, smart phones, media centers, smart TVs and routers, will get great benefits from OpenVPN with ChaCha20. Our tests show that CPU load caused by ChaCha20 on recent ARM 64 bit processors is at least 50% less than AES-256-GCM, on equal terms, which translates into dramatic performance boost and longer battery life (if you have ever tested Wireguard on an ARM based device you know what we mean). OpenVPN 3 is a client library. However, OpenVPN 2.5, which is currently in beta testing and includes all the necessary servers features, supports ChaCha20 on the Data Channel. Therefore, making OpenVPN 3 with ChaCha20 available to our users and allowing a real life test will be a matter of days. We will progressively release beta clients for Android, Linux, OpenBSD and FreeBSD, in this order. We are considering a porting to OpenIndiana as well. Internal alpha testing has concluded successfully. We have already pulled a merge request to OpenVPN 3 main branch, to let the whole community take advantages from our code, and let OpenVPN developers merge the new code into the main branch if they wish so. https://github.com/OpenVPN/openvpn3/pull/78 Implementation has been designed, developed and programmed for AirVPN by ProMIND, who is also Eddie Android edition developer. Stay tuned, more will come! UPDATE: https://airvpn.org/forums/topic/44069-openvpn-3-development-by-airvpn/ The above linked topic is now the central thread to discuss anything related to OpenVPN 3 development and testing. Kind regards and datalove AirVPN Staff

I use AirVPN for many years and super happy about it. On iOS I used the official openvpn app but recently discovered an alternative: passepartout (Edit: since it's a commercial app, not sure it's ok to paste here but here is the link https://apps.apple.com/jp/app/passepartout-openvpn-client/id1433648537?l=en) So far it has great features but I'm not sure if it's really secure or impacting Air's features in any way. Does anyone use it or have some info about it? Thanks!!

We agree, when AES-NI are supported. Note that some processors do support AES-NI but the system doesn't use them (examples: AES-NI disabled at BIOS level; OpenSSL or other SSL library not properly compiled). Also see https://tools.ietf.org/html/rfc8439#appendix-B (however note that the comparison is made between AES-128-GCM and ChaCha20 but a more correct comparison would be with AES-256-GCM because of the 256 bit key size of ChaCha20). Not only the appendix but also important considerations in the introduction and later. Kind regards

That sounds like a bug, then. And I seem to remember a few threads about it in the past but, I believe, concerning older Eddie releases. Nevertheless, as I wrote in another thread already, bugs on Eddie are truly piling up on all platforms except Android, but Eddie v3 is in development. From the looks of it, as there is no prototype yet, or a "pre-alpha developer version", I assume v3 currently does not work, or is very limited in functionality.

Looks like pfsense openvpn directives. They really have nothing to do with being unable to torrent. If the VPN works properly with other activities then there's surely just something wrong with your torrent client setup. Even if port forwarding isn't setup properly you should still be able to download.

I'm not sure, I never tried it but it makes sense I guess (for it not to work anymore). I've been thinking about it and I don't think its possible, at least I don't know how. If you need one domain to be resolved by a specific DNS server, you could simply query that DNS server manually for the domain, and take the IP address and place it in your clients' hosts file.

FINALLY. what a clear guide. thanks a lot!! It works

Assuming you mean Virgin Media UK. How did you determine this? Why would they mess with DNS to the web site rather than routing to the actual OpenVPN servers? Its a nice web site but not even that important to AirVPN users who only actually need it for initial setup. This is a curiosity only question as the solution of using an alternative DNS doesn't seem to have any downsides.

What is a VPN? VPN is an acronym of Virtual Private Network. Our VPN extends the private network across the Internet. It enables your computer (the "client") to send and receive data across the Internet through dedicated nodes ("the VPN servers") as if those data were an integral part of the private network. This is achieved through a point-to-point OpenVPN (in routing mode) connection. The connection is encrypted and each packet is authenticated both by your client and our servers, so that nobody (including your ISP) between your computer and the VPN server can see the data you transmit and receive, the real origin and destinations of such data, and, last but not least, can inject forged packets into your stream of data. The picked encryption cipher meets higher-than-military security requirements. Additionally, when your client has established a point-to-point encrypted connection (often referred to as "the tunnel"), your data will "get to the Internet" without any reference to your real IP address, which is simply no more inside the packets. Anybody on the Internet will therefore see your packets as coming from our VPN servers exit-IP addresses, not from your real IP address, protecting you against privacy intruders and other malignant entities, such as sniffers in public WiFi hot-spots, hi-jackers, profilers and disturbed "copyright trolls". You don't need to configure applications to use "the tunnel", because our servers perform a set of route and default gateway pushes that your client accepts: your applications are "tunneled" transparently. OpenVPN encapsulates your packets inside an UDP or TCP stream, therefore all same or higher layer protocols are supported, making a VPN a profoundly different and highly superior solution to any http or socks proxy.

That's a very good argument. Net Neutrality has to be foremost. There are non-VPN solutions, but they require rooting the device (which I might eventually get around to doing).

You are picking apart a section relating to 'clear net' access, where the author clearly acknowledges that it only affords 'a degree of privacy from my ISP when not using the VPN connection'. If you have no need for this, then do not use it. I use something similar to the way nguvu configures DNS access - with a key difference being that I run OpnSense rather than pfSense - I can assure you there are no leaks when using my VPN connections (even with your tcpdump test). Your method may work just fine, my comments were not critical in that respect... rather, for anyone else reading this now and in the future, I am simply pointing out that your dismissal of nguvu's walk-through may be premature. Open mind and all that... Nice to see different points of view, I like nvguru and it fits me just fine. I remember when opensense was in version 10 how has it matured? Sent from my BND-L34 using Tapatalk

Great stuff Mikeyy. I made a couple of minor tweaks to your script so you no longer have to specify the VPN name or id plus it will start the VPN if it's off. The name/id are parsed from the ovnpclient.conf and if the VPN wasn't established (such as boot time) the UPTIME "grep" would hang since the RXDATA would be empty.

Website: http://play.mediasetpremium.it/ Mediaset Premium Play, an Italian TV Broadcasting: Premium Calcio, Premium Cinema, Premium Series (Crime, Action, Joi) and many other. Status: OK Routing: All servers to IT route.

Website: http://www.leonardo.tv/ Italian TV Streaming Status: OK Routing: All servers to IT route.