Leaderboard

It's been complained about in the forum the instructions on setting up a DD-WRT router with airvpn located at https://airvpn.org/ddwrt/?hl=ddwrt is out of date. For the DD-WRT release I use, the guide is indeed a little outdated, but comprehensible. Still, without warranty and strictly on your own responsibility you could try my guide below. I am unable to provide any support, but this guide hopefully can help someone. For this guide I presume you know what a kill switch is, you know how to set up all other parts of your DD-WRT router such as setting up DHCP for example, and you know how to log into your dd-wrt web interface. In the client area of the airvpn web site, create config files, here. Select any server location and port, it doesn't need to be the one you will use, you only need the certificates & keys. Make sure to tick "Advanced Mode", and tick "Separate certs/keys from .ovpn file", then generate and download the configuration files. Log into your DD-WRT router and ... Step 1. Navigate to the "Services" tab then select the "VPN" tab. Step 2. Select "Enable" under OpenVPN Client. Step 3. Configure the first part of the screen as per screenshot below, noting comments below the screenshot. In the "Server IP/Name" field, indicated by a red arrow, you can either enter a specific server IP ( how to find a specific server IP )substitute the "XX" with the ISO code of the country you wish to connect to (for example DE for Germany, NL for the Netherlands, BE for Belgium, etc.)substitute the "XX" with the continent name (america, asia, earth, europe respectively)leave the field completely empty IF you wish to use random servers from a selection you specify. In this case, make sure to follow step 5.In the "IP Address" field, indicated by a green arrow, you should put the default IP of your router ("gateway"). How to find your router address is beyond this tutorial. Step 4. To configure the second part of the screen we'll need copy-paste from the config files you generated earlier. As per screenshot below, noting comments below the screenshot. Using your favorite text editor Open up "ta.key" and copy all of the contents into the "TLS Auth Key" field. (green arrow)Open up the file "ca.crt" and copy all of the contents into the "CA Cert" field. (blue arrow)Open up the file "user.crt" and copy only and including "----- BEGIN CERTIFICATE----- to the end of ----- END CERTIFICATE----- " into the "Public Client Cert" field. (brown arrow)Open up "user.key" and copy all of the contents into the "Private Client Key" field. (red arrow)Step 5. And the yellow arrow "Additional Config" field ? If in Step 3 you left the "Server IP/Name" field empty because you would like to connect to airvpn servers in a relatively random fashion based on a select preset of countries and/or continents and/or specific servers, this step 5 is for you. Copy-paste and amend: remote-random remote XX.vpn.airdns.org 443 (substitute XX with country or continent as explained earlier) remote XX.vpn.airdns.org 443 (substitute XX with country or continent as explained earlier) remote XX.vpn.airdns.org 443 (substitute XX with country or continent as explained earlier) ... remote XXX.XXX.XXX.XXX 443 (substitute with specific server IP) remote XXX.XXX.XXX.XXX 443 (substitute with specific server IP) remote XXX.XXX.XXX.XXX 443 (substitute with specific server IP) ... resolv-retry infinite As an example, it should look something like: remote-random remote AT.vpn.airdns.org 443 remote BE.vpn.airdns.org 443 remote BG.vpn.airdns.org 443 remote CA.vpn.airdns.org 443 remote asia.vpn.airdns.org 443 remote 185.156.174.114 443 remote 185.189.112.10 443 remote 91.214.169.68 443 resolv-retry infinite Step 6. Click "Save" at the bottom of the page then "Apply Settings". It should work, but a reboot never hurts. NOTE ON KILL SWITCH The Kill Switch in the original instructions may work for you. They did not work for me regardless of correct TUN. I used the below kill switch which I found to be working for me, so I share it here. Go to the "Administration" tab then select the "Commands" tab.Copy the following firewall rules into the command windowWAN_IF="$(ip route | awk '/^default/{print $NF}')" iptables -I FORWARD -i br0 -o $WAN_IF -m state --state NEW -j REJECT --reject-with icmp-host-prohibited iptables -I FORWARD -i br0 -p tcp -o $WAN_IF -m state --state NEW -j REJECT --reject-with tcp-reset Click on "Save Firewall" NOTE ON DNS It's been said in the forums (not finding reference to link, search refuses "DNS") it is better to use the airvpn server IP as DNS server. On a DD-WRT router, this is hard to achieve if you do not connect to a specific pre-defined server (most users). 10.4.0.1, one of airvpn DNS, is the next best IP to use as DNS server. However ... I found through trial and error - so this is only my pitiful experience - that if you do not put 10.4.0.1 as primary DNS, DD-WRT will keep using your primary DNS regardless whether connected to airvpn or not. 10.4.0.1 is not accessible outside the VPN, so you need a secondary VPN from another provider, such as opennic, find them here . You will find this leads to occasional DNS fallback, leaks if you will, to the secondary/other DNS when 10.4.0.1 is slow or disfunctional. But, such a DNS leak is still through the airvpn server IP, your location should still be hidden. So I would recommend in the DD-WRT control panel section "Setup" - "Basic Setup" - "Network Address Server Settings (DHCP)" to set the primary DNS as 10.4.0.1 and the secondary and further DNS as other free DNS servers, such as those from OpenNIC.

Nothing is more frustrating or satisfying simultaneously than answering your own questions. Apologize for another thread clogging up the forums unnecessarily, but I had been at this for a while and saw no mention of the issue. Turns out that pfSense's OpenVPN wizard for creating a server puts the allow inbound traffic firewall rule on the main OpenVPN tab, rather than the actual newly created server's LAN. So it was hijacking all traffic on any interface or LAN using OpenVPN, including my AIr connections. As many times as I had plugged away at this issue, I only just now realized it did that. Moving it over to the actual server's LAN resolved it. FWIW, I appreciate the reply to at least say you had read my question.

@hawkflights Hello! We would like to underline that it's not a matter of "resisting". Wiretapping and correlation between incoming and outgoing traffic is performed freely, no need to ask for provider (VPN service or datacenter) cooperation at all. The real situation is that wiretapping without judicial overview will be transparent: the servers owners and operators will not even realize it is happening as it can be easily performed outside the server. Nothing changes indeed for careful Chinese customers and users, because they already needed to connect to servers outside Hong Kong according to the golden rule suggesting to always use servers located in jurisdictions different than your own. With the current move we are actually protecting those users who are unaware of the issue. Cowardice, if any, may be typical of those VPN services that keep operating in Hong Kong just for those few more bucks brought by unaware or naive customers. Kind regards

Hello! Today we're starting AirVPN tenth birthday celebrations! From a two servers service located in a single country providing a handful of Mbit/s, the baby has grown up to a wide infrastructure in 22 countries in three continents, providing now 240,000+ Mbit/s to tens of thousands of people around the world. In 2019 and 2020, software development enhancement has paid off: now AirVPN develops on its own an OpenVPN3 forked library which resolves various problems from the main branch and adds new features. The library is used in Hummingbird, a free and open source software for Linux and Mac, known for its speed and compactness, in Eddie Android edition and in a new software which will be announced in June. Hummingbird has been released even for ARM based Linux devices, and runs fine for example in Raspberry PI. Eddie Desktop edition has been extensively rewritten to improve performance, reliability and security. Now anything not related to the user interface is written in C++ and a lot of security hardening has been implemented. Total compatibility with macOS Catalina, Windows 10 and latest Linux distributions has been achieved, and specific packages for various, widespread Linux distributions are available for easier installation. Eddie can act as a GUI for Hummingbird in Linux and Mac, while in Windows, Eddie can also be easily configured to run OpenVPN 2.5 with the wintun driver to achieve remarkable OpenVPN performance boost and put Windows on par with other systems OpenVPN throughput ability. Furthermore, the wintun driver resolves various problems which affected TAP-Windows driver. Development for OpenBSD and FreeBSD has been unfortunately re-planned but we're glad to announce here that it will continue, starting from summer 2020. All AirVPN applications and libraries are free and open source software released under GPLv3. We think that it's somehow surprising that AirVPN not only survived, but even flourished for 10 years, in an increasingly competitive market and increasingly privacy hostile environment. No whistles and bells, no marketing fluff, no fake locations, no advertising on mainstream media, a transparent privacy policy, no trackers on the web site or in mobile applications, no bullshit of any kind in our infrastructure to sell your personal data to any personal data merchant, and above all a clear mission that is the very reason which AirVPN operates for https://airvpn.org/mission , are probably, all together, the factors which allowed such a small "miracle" and maybe make AirVPN unique. Thank you all, you users, customers, members of the community, moderators, developers: the small "miracle" happened because of you, because you saw something in AirVPN. Kind regards and datalove AirVPN Staff