Leaderboard

Updated to reflect changes on 03-Aug-18 (previously, access was blocked from most servers).

Hello! We inform you that we have started contributions to Chelsea Manning's legal fund. We are proud to contribute to it but not "glad", meaning that in a really democratic and free country Chelsea Manning would not be detained indefinitely for her refusal to testify before a grand-jury (*) in matters that she exhaustively treated before a court martial, and would not need a legal fund at all by now. (*) A grand jury means that the public is not allowed entry: the hearings are held in secret She disclosed nearly 750,000 military and diplomatic documents to WikiLeaks revealing, amongst many other things, war crimes. I will not participate in a secret process that I morally object to, particularly one that has been used to entrap and persecute activists for protected political speech. Chelsea Manning Manning should be regarded as a hero. [...] doing what an honest, decent citizen should be doing: letting your population know what the government, the people who rule you are doing. They want to keep it secret of course. Noam Chomsky Action Network page for Manning's legal fund donations: https://actionnetwork.org/fundraising/chelsea-manning-needs-legal-funds-to-resist-a-grand-jury-subpoena Check our mission page: https://airvpn.org/mission Kind regards and datalove AirVPN Staff

Hello! We proudly announce that today AirVPN has become an Electronic Frontier Foundation "Super Major Donor". The Electronic Frontier Foundation is the leading nonprofit organization defending civil liberties in the digital world. Founded in 1990, EFF champions user privacy, free expression, and innovation through impact litigation, policy analysis, grassroots activism, and technology development. We work to ensure that rights and freedoms are enhanced and protected as our use of technology grows. https://www.eff.org Check our mission page: https://airvpn.org/mission Kind regards and datalove AirVPN Staff

Website: http://www.cbs.com Watch CBS television online. Find CBS primetime, daytime, late night, and classic tv episodes, videos, and information. Status: OK Native: no servers Routing: all servers Updated: 03-Aug-18

Hello! We're very glad to inform you that a new 1 Gbit/s server located in São Paulo, BR, is available: Peony. Peony is our first server in South America and we are very proud to start operating there. Special thanks go to out moderator Zhang who helped us find a datacenter with particularly good connectivity The AirVPN client will show automatically the new server. If you use the OpenVPN client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The server accepts connections on ports 53, 80, 443, 1194, 2018 UDP and TCP. Just like every other "second generation" Air server, Peony supports OpenVPN over SSL and OpenVPN over SSH, TLS 1.2 and tls-crypt. Full IPv6 support is included as well. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. You can check the server status as usual in our real time servers monitor: https://airvpn.org/servers/peony Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team

Hello! We are glad to inform you that we support Mastodon as "Platinum" donors. Mastodon is an online, self-hosted, federated, community owned and ad-free social media and social networking service https://joinmastodon.org Check our mission page: https://airvpn.org/mission Kind regards and datalove AirVPN Staff

I had the same error in the begin but when I select direct udp during making the confige files. and imported it again. Then it will connect well. I just wonder if I have to do more steps before I can use Sonarr for example.

Hello! We're very glad to inform you that five new 1 Gbit/s servers located in Frankfurt (Germany) are available: Alsephina, Dubhe, Menkalinan, Mirfak, Mirzam. The AirVPN client will show automatically the new servers. If you use the OpenVPN client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The servers accept connections on ports 53, 80, 443, 1194, 2018 UDP and TCP. Just like every other "second generation" Air server, they support OpenVPN over SSL and OpenVPN over SSH, TLS 1.2 and tls-crypt. Full IPv6 support is included as well. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team

Hello! We're very glad to inform you that a new 1 Gbit/s server located in Belgrade (RS) is available: Alnitak. The AirVPN client will show automatically the new server. If you use the OpenVPN client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The server accepts connections on ports 53, 80, 443, 1194, 2018 UDP and TCP. Just like every other "second generation" Air server, Alnitak supports OpenVPN over SSL and OpenVPN over SSH, TLS 1.2 and tls-crypt. Full IPv6 support is included as well. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. You can check the server status as usual in our real time servers monitor: https://airvpn.org/servers/Alnitak Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team

Added settings at bottom of Client Area

Thank you.

Hi, I have followed this guide and tried both a specific netherlands server and netherlands in general but the DSM keeps returning error (in screenshot). Can someone please help me? I am not sure where i can find more detailed logs in the synology so please assist with this if this will help getting it resolved. Thank you in advance

Website: http://www.gazzetta.it La Gazzetta dello Sport, an Italian sport website and streaming. Status: OK Routing: All servers to IT route. Note: if you have an advertising blocker active (like Adblock or uBlock) try to disable it. This site detect use of this blocker and prevent to see the video.

@giganerd Hello! It's an interesting consideration. In nowadays world some choices are hard, either because you do not have enough evidence or because astroturfing and other operations are ongoing. At some point you must make a decision. We have carefully evaluated EFF operations especially on legal and law procedural grounds, software releases and informative/educational articles, and we have found an outstanding work. We do not believe that Google huge sponsoring amount might impair EFF operations in the field of privacy (which is in our opinion a threat to Google current model and even more in the growing practical AI applications), at least not in the near future, and we hope that this is not the beginning of a "capture by sponsorship" (something which sinisterly reminds "regulatory capture" by big companies, although the means are different) which happened multiple times, for example with newspapers and publishers: I am a giant company and progressively buy your newspaper spaces for my ads, until you depend on me economically; then one day I tell you "do not publish that, rather publish this, or else I will withdraw all of my ads from one day to another". Take Tor, as an additional example. It's no secret that we have significantly supported Tor and the Tor Project in the last years. However, the Tor Project has been funded almost entirely by the former Broadcasting Board of Governors (BBG, now USAGM), the US Navy and the US Department of State bureau for Human Rights for years. Is this enough reason to drop Tor and not use it anymore? No, because we have total lack of substantial evidence about backdoors to favor any the mentioned agencies or anybody else, and that a person that should be above any suspect under this context (Edward Snowden) recommends Tor usage. Eyes must always remain wide open but at the same time if you get lost in a network of theories and you see conspirators everywhere you risk to get stuck and never act. Kind regards

Sao Paulo is as cental America as you can get. "Lite South" America would be something like Mexico/Panama in where it would be better getting a server in Miami instead, for both ping and bandwidth related performance. Geographical center: Panama/Mexico/Costa Rica - Most providers are limited to lease a shared 100mbit connection per customer. This is because they have max 5-10Gbit per datacenter or less. Because of that, their main peering happens to be with U.S. providers, so see the sentence above. "Southern South": Rest of the countries are not going to happen - Peru, Chile, Argentina. No sufficient datacenters to offer quality bandwidth for a reasonable price. Wholesale of 1Gbit almost unspoken of. Bolivia, Paraguay, Uruguay - the same reasons as above, + add at least 5 more years for their availability after the countries above. Most providers in those areas offer only shaped 10Mbit traffic (yes, in 2019) with a burstable option to 100Mbit with a very high premium. Those providers mostly offer local data as well as CDN to companies like Akamai, Cloudflare, Google which is their most profitable way of operation. Other Caribbean islands or countries with less than 5M residents - can be totally dismissed. Not a valid option even for large "Big 10" companies to operate. An exotic new location will not give you the privacy/performance you would probably assume from a service like Air. So this is a strategic point which is totally transparent and provable. Don't make other providers who sell fake GeoIP locations (this is possible and actually much cheaper) or sell VPS/Cloud connectivity with limited 100Mbit b/w make your decision here, test your own locations with your maximum speed before you buy a VPN service. And always remember: If AirVPN ever wanted to cross that grey area, there would probably be 50 available countries now. Or maybe 100. This is not an ethical way to do (VPN) business. Not flagging any competitors here since we all know who they are. // Finding even a single provider in South America with apparently enough bandwidth and acceptable prices (probably because they have more than utilized) is not an easy task by it's own. Right now no other country can probably overcome Brazil by price/performance, where even 3 years ago the situation was nearly as same as above. Same things happen is East Asia as well, where I am more native, and is directly linked to the country GDP. (The case has some exceptions in countries like Ukraine, Romania) because they are strategically and historically big EU transit points where AirVPN operates. But largely if it costs more than an average monthly salary to get a 100mbit connectivity, this country cannot be generally considered as a valid location.

@zhang888 That's correct, in the European Union cooperating with a private entity in an attempt to disclose and transmit personal data (including an IP address, which is recognized under specific circumstances as "personal data") is a borderline operation which may configure civil and even criminal infringements. The transmission of personal data between private companies without the explicit and informed consent of the data subject is a serious infringement in every EU country. Just for information or curiosity, in Italy the attempt to disclose a person's identity through IP addresses harvesting and request to the provider (ISP in general, proxy, VPN...) has been recognized as an illegal act, which must be rejected, in the so called "Peppermint affair", a long dispute between 2005 and 2010, which ended with a resounding defeat of all copyright trolls. One of central roles defending the interests of the citizens whose identities could have been disclosed according to the improper or illegal requests of copyright trolls was covered by lawyer Carlo Blengino, who has been a source of inspiration to protect privacy and personal data for an AirVPN founder throughout the years, inspiration that is one of the leading AirVPN creation reasons. https://www.altalex.com/documents/news/2010/03/24/caso-peppermint-la-riservatezza-delle-comunicazioni-prevale-sul-diritto-d-autore Kind regards

Maybe decrease to 100mbit/s? The server doesn´t appear to be very popular but I wouldn´t want it to disappear completely.

Updated again on July the 28th 2018 to reflect major changes. Kind regards

Take a look at 3rd point in my tutorial. After you do that, you need to forward ports on your router, but if that worked before, I guess you already forwarded your ports. Then you only need to connect to your REAL IP (IP given by your ISP), not AirVPN IP address and it will work.

Hi Mikeyy, sorry for the delay. Before your answer I did figure out a restart myself. And that got things going. But my forum message was still not approved, so I couldn't alter it. So in the end I managed to download stuff via DS Get via VPN. But all of my webservices were not reachable anymore. I read about that before hand, but thought a bit too optimisticly. After reading up on it, I got scared whether I would be able to have a VPN and run my webservices at the same time. I would need passthrough of: -torrents -IMAP -SMTP -POP3 -webinterface of synology To be honest I am afraid that I am not capable enough to make all those things work.

Hi Mikeyy, thanks to your excellent manual I've setup VPN on my DS. The VPN started, but nothing is routed over it. As a test I downloaded something via a newsserver with Downloadstation. But according to the Network Interface the amount of sent and received bytes stays at zero. And in my AirVPN the traffic also stays at 12/13 Kb received/sent. Any idea? p.s. I am on DSM 6.1 beta with active airvpn membership. During install there was no option to compress data on the VPN. I still can connect to the webinterface of my DS without implementing 3.1.

Thanks, Mikeyy

I don't have a synology but this is a great guide.

Assuming you mean Virgin Media UK. How did you determine this? Why would they mess with DNS to the web site rather than routing to the actual OpenVPN servers? Its a nice web site but not even that important to AirVPN users who only actually need it for initial setup. This is a curiosity only question as the solution of using an alternative DNS doesn't seem to have any downsides.

Website: http://www.france.tv Official site of French public television channels (France2, France 3, France 4 , France 5, France ô) Status: OK Native: FR servers. Routing: All other servers.

Website: http://www.dmax.it Italian streaming TV Status: OK Routing: All servers to IT route.

Website: http://lifestyle.alice.tv/ Italian TV Streaming Status: OK Routing: All servers to IT route.

I've been unable to find something that meets my needs, and I'm not even sure whether such a book even exists. A lot of stuff about internet culture, internet history etc, but I'm more interested in the technical foundation, everything that makes the internet work. The book should include information about · the structure of the internet: nodes, clients, servers, backbones, sea cables... · information about communication standards: ISDN, DSL, 4G, 5G, ... · protocols and systems such as TCP/IP, HTTP, VPN, TLS, DNS, data packages ... Examples of how information gets processed and travels through the internet. Maybe also suggestions on how to try things out for yourself through tools or a command prompt. I'd also love some extras such as information design about the internet, how many visitors sites get, like an atlas about current topics, like the ones by Le Monde Diplomatique, only for the internet. Neither completely academic / dry for master students nor "what is the internet for my grandparents" kind of thing. Any suggestions are welcome, thanks.

That is a very bad advice and an unnecessary security threat. The signatures are there for a reason, and that is to ensure the browser won't install malicious junk addons from various spyware sites, or addons that impersonate others with fake search engine results and other manipulations, that were quite common in the past. The solution is to install Firefox 66.0.4, or if you are on other unofficial branches install the hotfix from: https://storage.googleapis.com/moz-fx-normandy-prod-addons/extensions/hotfix-update-xpi-intermediate%40mozilla.com-1.0.2-signed.xpi

Hello! We're very glad to inform you that a new Eddie Air client version has been released: 2.17beta. It is ready for public beta testing. How to test our experimental release: Go to download page of your OSClick on Other versions Click on Experimental Look at the changelog if you wishDownload and installPlease see the changelog: https://eddie.website/changelog/?software=client&format=html

I'm not sure such a thing exists in one simple book. You don't want an academic or newbie thing but you want academic and newbie topics covered. This will easily fill 2000+ pages. I think you should find multiple books from newbie through intermediate to advanced. I can give recommendations for German-language books, but will have to pass for the ones in English.

Nonono, I meant.. why do you have 67 DNS servers and call it normal when it clearly isn't?

Reporting in with another replication of this error on latest Manjaro (XFCE). Also, due the network lock not working correctly, some of the rules persist after the end of the session, which causes connection issues in the local network.

Because many users are here for Eddie, and I was one of them.

This thread should be soon moved to Off-topic. There are no "class action" or "reverse class action" or any classy actions that can be enforced on you, when you use a VPN correctly. And this is not only limited to AirVPN but to all VPN providers who at least claim not to keep logs. The only action a real VPN provider will respond to such copyright requests is a "reverse cowgirl" statement. Technically, when you use torrent software over a VPN tunnel correctly (i.e. no leaks and no one-offs without VPN) your traffic is being fully encrypted by the VPN tunnel, and there are no known counter measures to determine which user was behind the VPN server. And a log-less VPN provider will forward all the DMCA requests to a special location in Unix systems called /dev/null. Or if to be more polite, a statement that the server behind this IP serves thousands of users. Actually, one of the reasons "good" VPN providers have locations in countries like U.S. is a pre-agreed "quota" of abuse complaints regarding DMCA, where both the data-center and the leasing entity (AirVPN in this case) both know that the servers are going to be offered to the public, where a possible violation of "copyrights" may occur on some specific manners. Of course, if you want to help Air with the mission - please avoid illegal Torrent activity from U.S. servers. This a request, not a demand. The way to do it right is to produce actual, non-logged activity, such as - this month the server ran 500TB of data, out of it was only 1% of copyrighted one - where it is somewhat acceptable. As I mentioned earlier this week - the more abuse (DMCA) complaints some datacenters will receive, the less likelihood the datacenter will want to provide upstream to providers like AirVPN. So the less complaints you, as a community, can generate, the more freedom you and other users can have in the future. Rarely any VPN provider will cooperate with such copyright trolls, because it will basically mean a public statement that they cannot protect their users privacy. Since I'm not a lawyer probably Staff (Paolo) can share the official legal terms.

Hello all, This is collection from different tutorials which I will refer here, but usually changed since some things changed. Setting up VPN on Synology is modified neolefort tutorial from here and reconnect script if from sundi which you can find here, which probably modified this script, plus my iptables for blocking Synology on router level when VPN fails. Other contributions: foobar666 - you no longer need to enter variables manually _sinnerman_ - fixed script for DS 6.1 I'm doing this mostly because I usually forget things I managed to solve after year or two, so this is way to have constant reminder how it was solved and also help others. 1. Get your certificates from AirVPN. Go to the https://airvpn.org/generator/ page to generate the configuration file. (1) SELECT LINUX OS (2) SELECT 1 SERVER (refer to section "by single servers") OR COUNTRY OR ANYTHING ELSE YOU WANT In original tutorial, neolefort said to choose 1 server, because in that case you will get IP instead of xxx.airvpn.org domain. Choosing 1 server is safe because it doesn't need working DNS when you want to connect to VPN. If you choose anything else, you need working DNS on your router when establishing VPN connection. (3) SELECT the Advanced Mode (refer to section "connection modes") -select Direct, -protocol UDP, -port 443 -Separate keys/certs from .ovpn file You can choose any combination of protocol/port, but then also change iptables accordingly if you are using failsafe script. (4) ACCEPT THE RULES OF AIRVPN Tick the two checkboxes : I have read and I accept the Terms of Service I HEREBY EXPLICITLY ACCEPT POINTS 8, 10, 11 Then click on the GENERATE button. (5) Click on the ZIP button in order to download the AIRVPN configuration files and unzip them anywhere on your computer The ZIP archive should contain the following files: -AirVPN_XXXXX_UDP-443.ovpn -ca.crt -user.crt -user.key -ta.key 2. Setup AirVPN on Synology. In new DSM 6 it's much more easier since Synology developers allowed everything in GUI now. - Login as admin or with user from Administrator group. - Open Control panel. - Go "Network" and click on tab "Network Interface" - Click on button "Create" - "Create VPN profile" - Choose "OpenVPN (via importing .ovpn file) - Click "Advanced options" so it shows all options - Profile name: anything you want, but please keep is short and if you can without spaces " ", for example "AirVPN". - User name: Enter your username (anything you want, or you can enter AirVPN username) - Password: Enter your password (anything you want, or you can enter AirVPN password) - Import .ovpn file: click button and import your AirVPN_XXXXX_UDP-443.ovpn - CA certificate: click button and import your ca.crt - Client certificate: click button and import your user.crt - Client key: click button and import your user.key - Certificate revocation: LEAVE EMPTY - TLS-auth key: click button and import your ta.key - Click "Next" - Select all options, EXCEPT "Enable compression on the VPN link" (well, you can select that also if you really want, but don't ) Now you have working OpenVPN link on your Synology DS6+. You just need to start it from "Control panel" - "Network" - "Network Interface". EXTRAS!!! 3. Setting up external access to your Synology. First what you will notice is, "I CAN'T ACCESS MY SYNOLOGY FROM OUTSIDE OF MY LAN!!!!!!! OMG OMG OMG!!!!" I will not explain port fowards on your router here, if you don't know how to make one, learn! (1) You can port forward trough AirVPN webpage and access your Syno via VPN exit IP. This sometimes works, most of times it doesn't since Syno has some ports you cannot change. Anyway, change your default HTTP / HTTPS port on Syno to your forwarded AirVPN port and you should be fine. But forget about Cloudstation and similliar things. (2) If you want to access Syno via you ISP IP (WAN), then problem is, your Syno is receiving your connection, but it's replying trough VPN. That's a security risk and those connections get droped. But there is solution! - Access "Control panel" - "Network" - "General" - Click "Advanced Settings" button - Mark "Enable multiple gateways" and click "OK" and then "Apply" You're done! It's working now (if you forwarded good ports on your router). 4. Prevent leaks when VPN connection on Synology fails. There will be time, when you VPN will fail, drop, disconnect, and your ISP IP will become visible to world. This is one of ways you can prevent it, on router level. For this you need Tomato, Merlin, DD-WRT or OpenWRT firmware on your router. I will tell you steps for Tomato router. If you are using different firmware, then you need to learn alone how to input this code into your router. Since Shibby version 129 for ARM routers, syntax of iptables changed and depending on which version of iptables you are using, apply that code. - Login to your router (usually just by entering 192.168.1.1 into your browser, if your IP is different, find out which is your gateway IP). - Click on "Administration" - Click on "Scripts" - Choose tab "Firewall" For Shibby v129 for ARM and later (iptables 1.4.x) us this: #Use this order of commands because it executes in reverse order. #This command will execute last, it kills all UDP requests. iptables -I FORWARD -p udp -s 192.168.1.100 -j REJECT #This command will execute second and will block all TCP source ports except those needed for web access or services iptables -I FORWARD -p tcp -s 192.168.1.100 -m multiport ! --sports 5000,5001,6690 -j REJECT #This command will execute first and will ACCEPT connection to your VPN on destination port 443 UDP iptables -I FORWARD -p udp -s 192.168.1.100 -m multiport --dports 443 -j ACCEPT For earlier Shibby versions and later for MIPS routers:#Use this order of commands because it executes in reverse order. #This command will execute last, it kills all UDP requests. iptables -I FORWARD -p udp -s 192.168.1.100 -j REJECT #This command will execute second and will block all TCP source ports except those needed for web access or services iptables -I FORWARD -p tcp -s 192.168.1.100 -m multiport --sports ! 5000,5001,6690 -j REJECT #This command will execute first and will ACCEPT connection to your VPN on destination port 443 UDP iptables -I FORWARD -p udp -s 192.168.1.100 -m multiport --dports 443 -j ACCEPT Port TCP 5000 = HTTP for for Synology web access (change to your if it's not default)Port TCP 5001 = HTTPS for for Synology web access (change to your it's not default) Port TCP 6690 = Cloud Station port Port UDP 443 = AirVPN connection port which you defined in step 1 of this tutorial. If you are using TCP port, then you need to change "-p udp" to "-p tcp" in that line. If you need more ports, just add them separated by comma ",". If you want port range, for example 123,124,125,126,127, you can add it like this 123:127. Change IP 192.168.1.100 to your Synology LAN IP. Be careful NOT TO assign those ports to your Download Station on Synology. This isn't perfect, you can still leak your IP through UDP 443, but since torrent uses mostly TCP, those chances are minimal. If you use TCP port for VPN, then those chances increase. If you really want to be sure nothing leaks even on UDP 443 (or your custom port), you need to choose 1 (ONE) AirVPN server. You need to find that server entry IP and change last IPTABLES rule to something like this: iptables -I FORWARD -p udp -s 192.168.1.100 -d 123.456.789.123 -m multiport --dports 443 -j ACCEPT Where 123.456.789.123 is AirVPN server entry IP. This will allow UDP 443 only for that server, rest will be rejected by router. These are all my opinions, from my very limited knowledge, which may be right and may be wrong. 5. Auto reconnection when VPN is down. Since when you made your VPN connection on your Synology, you checked "Reconnect" option, Syno will try to reconnect automaticly when connection fails. But in some cases, your network will be offline long enough and Syno will stop trying to reconnect, or will hang with VPN connection established, but not working. In those cases you can use this auto reconnect script. This is reconnect script. Save it in file named whatever you want. I'm using file name "synovpn_reconnect". All instructions how to use it are inside script in comments, but I will repeat them in this post also. #VPN Check script modified Sep 11, 2016 #Script checks if VPN is up, and if it is, it checks if it's working or not. It provides details like VPN is up since, data #received/sent, VPN IP & WAN IP. #If VPN is not up it will report it in the log file and start it #Change LogFile path to your own location. #Save this script to file of your choosing (for example "synovpn_reconnect"). Store it in one of your Synology shared folders and chmod it: "chmod +x /volume1/shared_folder_name/your_path/synovpn_reconnect" #Edit "/etc/crontab" and add this line without quotes for starting script every 10 minutes: "*/10 * * * * root /volume1/shared_folder_name/your_path/synovpn_reconnect" #After that restart cron with: "/usr/syno/sbin/synoservicectl --restart crond" #!/bin/sh DATE=$(date +"%F") TIME=$(date +"%T") VPNID=$(grep "\[.*\]" /usr/syno/etc/synovpnclient/openvpn/ovpnclient.conf | cut -f 2 -d "[" | cut -f 1 -d "]") VPNNAME=$(grep conf_name /usr/syno/etc/synovpnclient/openvpn/ovpnclient.conf | cut -f 2 -d "=") LogFile="/volume1/video/Backup/airvpn/check_airvpn_$DATE.log" PUBIP=$(curl -s -m 5 icanhazip.com) #PUBIP=$(curl -s -m 5 ipinfo.io/ip) #PUBIP=$(curl -s -m 5 ifconfig.me) CHECKIP=$(echo $PUBIP | grep -c ".") start_vpn() { echo "VPN is down. Attempting to (re)start now." >> $LogFile /usr/syno/bin/synovpnc kill_client --protocol=openvpn --name=$VPNNAME echo 1 > /usr/syno/etc/synovpnclient/vpnc_connecting echo conf_id=$VPNID > /usr/syno/etc/synovpnclient/vpnc_connecting echo conf_name=$VPNNAME >> /usr/syno/etc/synovpnclient/vpnc_connecting echo proto=openvpn >> /usr/syno/etc/synovpnclient/vpnc_connecting /usr/syno/bin/synovpnc reconnect --protocol=openvpn --name=$VPNNAME >> $LogFile } sleep 6 echo "======================================" >> $LogFile echo "$DATE $TIME" >> $LogFile if ifconfig tun0 | grep -q "00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00" then if [ "$CHECKIP" == 1 ] then IPADDR=$(/sbin/ifconfig tun0 | grep 'inet addr' | cut -d: -f2 | awk '{print $1}') RXDATA=$(/sbin/ifconfig tun0 | grep "bytes:" | cut -d: -f2 | awk '{print $1,$2,$3}') TXDATA=$(/sbin/ifconfig tun0 | grep "bytes:" | cut -d: -f3 | awk '{print $1,$2,$3}') UPTIME=$(cat /var/log/messages | grep "$IPADDR" | awk '{print $1}' | tail -1) UPTIME=$(date -d"$UPTIME" +"%Y/%m/%d %H:%M:%S") echo "VPN is up since: $UPTIME" >> $LogFile echo "Session Data RX: $RXDATA" >> $LogFile echo "Session Data TX: $TXDATA" >> $LogFile echo "VPN IP is: $IPADDR" >> $LogFile echo "WAN IP is: $PUBIP" >> $LogFile else start_vpn fi else start_vpn fi exit 0 (1) Enable SSH on your Synology if you didn't already. - As admin go to "Control panel" - "Terminal & SNMP" (you need to enable advanced mode in top right corner of control panel for this) - Check "Enable SSH service" - Click "Apply" (2) Save script above in file "synovpn_reconnect". Make sure to save it in UNIX UTF8, not windows. You can do that on windows with Notepad++, just open file with Notepad++, click "Encoding" - "Convert to UTF-8 without BOM" and them save file. (3) Edit script variables so it works for your system. You only need to edit this part: LogFile="/volume1/video/Backup/airvpn/check_airvpn_$DATE.log" Thanks to foobar666, you no longer need to enter VPNID or VPNNAME, it will detect them automatically. Now you only need to change your LogFile variable to match your wishes. After you finish editing script, save it. (4) Move or copy "synovpn_reconnect" to your Synology shared drive. Doesn't matter which, just be sure to know full path to it. If you only have 1 volume/drive, with multiple shared folders, your path should look similar to this: /volume1/shared_folder_name/your_path/ So for example, if you keep your files in default CloudStation folder, your path should look something like this:/volume1/home/your_username/CloudStation/ You can also do all this with VI, check original tutorial for that. (5) Now use Putty if you are on windows, or your terminal on linux, to access your Synology via SSH. I will not tutor you how to do that, learn. admin@192.168.1.100 or username@192.168.1.100 + password, or whatever your Syno LAN IP is. (6) Now type this into Putty/terminal: sudo chmod +x /volume1/shared_folder_name/your_path/synovpn_reconnect You need to chmod it to be executable. You will notice I use "sudo". It's because my admin username isn't default "admin". If you are using default "admin" user, then you probably don't need sudo. (7) Setup cron so it automatically starts your script every X minutes / hours / days. To setup it enter this: vi /etc/crontab And then press "i" to enter editing mode. Go to last line, and start new line with this:*/10 * * * * root /volume1/shared_folder_name/your_path/synovpn_reconnect Note that those ARE NOT spaces, those are TABS. This will start your script every 10 minutes. Change to whatever you want.Then press ESC key, and then type: :wq To exit VI and save file. After that type: /usr/syno/sbin/synoservicectl --restart crond To restart cron (or restart your Synology). Tip: If you don't want logfile, you can comment out those lines, or remove ">> $LogFile" code from whole script. That's all. If you entered everything correctly, you should be fine and ready to go! Comments are welcome. If you find mistakes, please correct me.

Working great so far over here on MacOS 10.13.6!

Website: https://new.hulu.com Status: OK Native: no servers Routing to EN (USA): All servers Last update: Aug the 1st, 2018

Dozens of reports throughout 2014 and 2015 show that in Virgin network DNS poisoning is (probably intermittently) used against https://airvpn.org Solution: use a publicly accessible, not poisoned DNS, for example OpenNIC https://opennicproject.org or contact us to know alternative domain names to access various https front ends in our infrastructure.

I just started tinkering with VPN on my Synology as well. I have set it up succesfully using the above guide. But I have some connections that need to go around the VPN as well (mainly SSL connections to usenet servers). I have created a passthrough by adding static routes to the routing table in the Synology configuration that explicitly go to the specific usenet server (ranges). This seems to work quite well, but of course is not useful if the IP address of the destination servers do change.

Tried restarting DS? I don't use DSM 6.1, so I wouldn't know if something changed. But sometimes same thing happens to me on 6.0, VPN is up, but you can't reach anything. Not sure if it's DSM problem or AirVPN problem, but DS reboot usually fix it.

I'm afraid you have same problem as kiwi in this post. This is Synology bug and I reported it to them so hopefully they will fix it. Just manualy disconnect and connect again.

I think I saw that error some time ago, when I was using 1 year or more old certificates for AirVPN. Did you upgrade your DSM to latest 6+ version? Did you get new certificates and ovpn file from airvpn? Be sure to imput them at correct place. Is your AirVPN membership active? If you are using DSM <6 (5.2, 5.1, 5.0, 4...) then you need to ssh and copy certificates and keys manually. Just delete VPN from Synology interface, try restart, and do everything from beginning. I see what you mean. That never happened to me. Script always starts VPN if it's not started, but I managed to reproduce it by just using those variables in script, without anything else. Thank you for find, I just moved those variables further down to one of IFs, so they will be called only when VPN is up for sure. Hope that solves it for you also.

Oh maybe there's a better way. When I ran the script the first time, the vpn was disconnected and the script would just hang. Took me a bit of time to debug it to find the UPTIME=... the culprit. At the very least, if IPADDR isn't set the script should log it and exit since otherwise it just hangs (since the grep is waiting for stdin if IPADDR is empty).

Wow, good idea! Will add it. Not sure why you added other part? If VPN is off, current script will start it (when cronjob runs). If VPN is ON, but it's in error state (not letting traffic trough) it will kill VPN and start it again. EDIT: Added your contribution to tutorial. Changed some parts of tutorial. You no longer need to copy script to /usr/ folder. It's better if it stays in shared folder of your choice since there it will survive system upgrades.

Website: http://www.rsi.ch/ Website: http://www.srf.ch/ Swiss public television channels (RSI, SRF). Status: OK Native: CH servers. Routing: All other servers.

Website: http://www.mtv.it Italian website and streaming TV Status: OK Routing: All servers to IT route.

Website: http://www.cbc.ca Official CBC television site for Canada Status: OK Native: CA servers. Routing: All other servers.

Website: http://www.nuvolari.tv/ Italian TV Streaming Status: OK Routing: All servers to IT route.

Hi, I am running Buffalo WZR-600DHP on DD-WRT 20180. I successfully used the config generator to connect to Arrakis. I always *seem* to be connected (speedtests and other geolocations report me in Virginia and the OPENVPN status always says "connected" when I check). But I was sometimes getting erratic behaviour so I checked the logs and found what appears to be an unstable connection (see below for copy/paste of the OpenVPN status tab. The question is: Should I try other Open VPN servers? Downgrade my DD-WRT to the previous buffalo supported build (looks oldish) or install the only build on the DD-WRT web site that is made for my router (BrainSlayer-V24-preSP2/2013/04-01-2013-r21153/) I am looking for a) Confirmation that my VPN is "flapping" (I am not familiar with OpenVPN logging....for all I know this is normal and my issues are elsewhere) Advice on the OpenVPN c) Advice on how to "switch" OpenVPN servers easily...is there an easier way than changing the connection IP in my setup? Is the rest of my config valid across the opther servers? Thanks StateServer: : Local Address: Remote Address: Client: CONNECTED: SUCCESS Local Address: 10.4.25.150 Remote Address: 10.4.25.149 Status LogServerlog Clientlog 20130615 14:20:20 MANAGEMENT: Client connected from 127.0.0.1:5001 20130615 14:20:20 D MANAGEMENT: CMD 'log 500' 20130615 14:20:20 MANAGEMENT: Client disconnected 20130615 14:25:01 MANAGEMENT: Client connected from 127.0.0.1:5001 20130615 14:25:01 D MANAGEMENT: CMD 'state' 20130615 14:25:01 MANAGEMENT: Client disconnected 20130615 14:25:01 MANAGEMENT: Client connected from 127.0.0.1:5001 20130615 14:25:01 D MANAGEMENT: CMD 'state' 20130615 14:25:01 MANAGEMENT: Client disconnected 20130615 14:25:01 MANAGEMENT: Client connected from 127.0.0.1:5001 20130615 14:25:01 D MANAGEMENT: CMD 'state' 20130615 14:25:01 MANAGEMENT: Client disconnected 20130615 14:25:01 MANAGEMENT: Client connected from 127.0.0.1:5001 20130615 14:25:01 D MANAGEMENT: CMD 'log 500' 20130615 14:25:01 MANAGEMENT: Client disconnected 20130615 14:28:02 MANAGEMENT: Client connected from 127.0.0.1:5001 20130615 14:28:02 D MANAGEMENT: CMD 'state' 20130615 14:28:02 MANAGEMENT: Client disconnected 20130615 14:28:02 MANAGEMENT: Client connected from 127.0.0.1:5001 20130615 14:28:02 D MANAGEMENT: CMD 'state' 20130615 14:28:02 MANAGEMENT: Client disconnected 20130615 14:28:02 MANAGEMENT: Client connected from 127.0.0.1:5001 20130615 14:28:02 D MANAGEMENT: CMD 'state' 20130615 14:28:02 MANAGEMENT: Client disconnected 20130615 14:28:02 MANAGEMENT: Client connected from 127.0.0.1:5001 20130615 14:28:02 D MANAGEMENT: CMD 'log 500' 20130615 14:28:02 MANAGEMENT: Client disconnected 20130615 14:28:45 MANAGEMENT: Client connected from 127.0.0.1:5001 20130615 14:28:45 D MANAGEMENT: CMD 'state' 20130615 14:28:45 MANAGEMENT: Client disconnected 20130615 14:28:45 MANAGEMENT: Client connected from 127.0.0.1:5001 20130615 14:28:45 D MANAGEMENT: CMD 'state' 20130615 14:28:45 MANAGEMENT: Client disconnected 20130615 14:28:45 MANAGEMENT: Client connected from 127.0.0.1:5001 20130615 14:28:45 D MANAGEMENT: CMD 'state' 20130615 14:28:45 MANAGEMENT: Client disconnected 20130615 14:28:45 MANAGEMENT: Client connected from 127.0.0.1:5001 20130615 14:28:45 D MANAGEMENT: CMD 'log 500' 20130615 14:28:45 MANAGEMENT: Client disconnected 20130615 14:41:07 MANAGEMENT: Client connected from 127.0.0.1:5001 20130615 14:41:07 D MANAGEMENT: CMD 'state' 20130615 14:41:07 MANAGEMENT: Client disconnected 20130615 14:41:07 MANAGEMENT: Client connected from 127.0.0.1:5001 20130615 14:41:07 D MANAGEMENT: CMD 'state' 20130615 14:41:07 MANAGEMENT: Client disconnected 20130615 14:41:07 MANAGEMENT: Client connected from 127.0.0.1:5001 20130615 14:41:07 D MANAGEMENT: CMD 'state' 20130615 14:41:07 MANAGEMENT: Client disconnected 20130615 14:41:07 MANAGEMENT: Client connected from 127.0.0.1:5001 20130615 14:41:07 D MANAGEMENT: CMD 'log 500' 19700101 00:00:00