Leaderboard

Hello! We're very glad to inform you a new 10 Gbit/s full duplex server located in Bucharest, Romania, is available: Nembus. The AirVPN client will show automatically the new server; if you use any other OpenVPN or WireGuard client you can generate all the files to access them through our configuration/certificates/key generator. The server accepts connections on ports 53, 80, 443, 1194, 2018 UDP and TCP for OpenVPN and ports 1637, 47107 and 51820 UDP for WireGuard. It supports OpenVPN over SSL and OpenVPN over SSH, TLS 1.3, OpenVPN tls-crypt and WireGuard. Full IPv6 support is included as well. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. You can check the status as usual in our real time servers monitor : https://airvpn.org/servers/Nembus  Do not hesitate to contact us for any information or issue. Kind regards & datalove AirVPN Staff

Also: It took me a while to figure out what was keeping port forwarding from the Wireguard interface to work on OPNsense, so hopefully the following helps somebody. It turns out that with the default rules created by NAT port forwards on OPNsense, even if you correctly select your WG interface, OPNsense may correctly route through to your local device, but outbound traffic from that device will be sent via the default gateway. This is not useful. Under Firewall -> NAT -> Port Forward, set up your port forward with your WG interface selected as the "Interface" and disable automatic rule generation and its buggy behavior (pic #1). If you are using a different external port than your internal/local port, this area is where you would add the external port to "Destination port range" and the internal port to "Redirect target port". Under Firewall -> Rules -> [your_WG_interface], create a new rule with WG as your interface. Select the protocol to enable port range. Set your local device, making sure to change the /24 subnet to /32 to refer to a single specific address. If you are using different external/internal ports, only enter the internal port in this screen. Select the "default" gateway, not the WG interface. Click the "Advanced features" "Show/Hide" button to enable fixing the buggy behavior: clicking the "allow options" checkbox and setting the reply-to gateway as your WG gateway. Which, again, is 10.128.0.1 (pic #2). You would think that, obviously, setting the gateway here to the WG interface instead of "default" would mean outbound traffic would be routed through that specific gateway. But you'd be wrong, and I don't know why. You port forward exclusively with the WG interface and do not need to do anything with WAN, as you are using the WG gateway for internet and not WAN. So port forwarding with AirVPN works even if your ISP allots you an internal IP address for your WAN connection.

Seconded. I'm using the pro++ https://raw.githubusercontent.com/hagezi/dns-blocklists/main/domains/pro.plus.txt as it seems a better compromise for my usage.