Jump to content
Not connected, Your IP:


  • Content Count

  • Joined

  • Last visited

  • Days Won


Posts posted by go558a83nk

  1. What data cipher is being used now?  Which one was being used?

    I mean, look in the system log to see what actually happened.

    It sounds like you have an ac86 or one of the asus routers with AES-NI.  So, you maybe need to make sure to use an AES encryption though chacha20 (available with openvpn 2.5) may be fast too.

    Is it possible that AES-NI acceleration has been disabled?  Have you asked this in Merlin support forum?

  2. You're not artificially being throttled by Air.  That's just the way things are with openvpn with limitations by CPU, network, internet, etc.  A client on the usual 1gbit/s server will see only about 500mbit/s download max because the server throughput limit is 1gbit/s inbound and outbound combined. 

    Air does have at least 1 server that's 10gbit/s.  Try it to see if it's any better for you.

  3. 5 minutes ago, salacronix said:

    Well then that would point to a problem with the AirVPN config generator. In the config it specifically shows the remote as "nl.vpn.airdns.org". Will that return the wrong list of servers?

    No, the problem is with you unable to follow directions.

    In the tutorial, the first directive in the "generate AirVPN certificates" section is to enable advanced mode.  Have you turned on advanced mode in the config generator?

  4. 5 minutes ago, salacronix said:
    I appreciate you chiming in, but I was referencing the guide at https://nguvu.org/pfsense/pfsense-baseline-setup/
    In the setup for the VPN the screen shot shows "TLS Encryption and Authentication". That does not work. Only "TLS Authentication" works.
    Additionally for Auth digest algorithm he shows SHA512 , that does not work. Auth digest algorithm only works with SHA1 (160 bit).

    If you find this not to be the case, then there is something definitely wrong with PFsense 2.5. and I should probably look for another firewall.

    The guide is for a tls-crypt setup where those settings are what work.  What you're missing is that you need to connect to an entry IP 3 or 4.  The guide actually says " please double check you select an appropriate ‘tls-crypt, tls1.2’ end point. This is a common source of problems."

  5. On 1/27/2021 at 2:44 AM, Umpa said:
    On 2/17/2020 at 2:24 PM, go558a83nk said:

    For plex remote access you either need to forward the port through the VPN or you need to setup, in eddie, plex.tv to go outside the VPN tunnel.

    Can you post documentation on how to do this - this sounds like something I need to do.

    in the settings of Eddie there should be a section for adding routes...in the VPN tunnel or outside the VPN tunnel.

  6. 10 minutes ago, rob77 said:
    Would you mind telling me what Data Encryption Algorithms and Auth digest algorithm yours is set at? I have mine on AES-256-GMC but cannot set it to anything above SHA1. It just will not connect.


    sha1 is what you use with entry IP 1 and 2. sha512 (and tls encryption and authorization) is used for entry IP 3 and 4 configs.

  7. There's no need to manually set  Just tell set your VPN client settings to use the pushed DNS exclusively.  It'll change it automatically upon connect.  Use OpenNIC for the DNS settings in the WAN section.  That'll allow you to resolve domains when the VPN isn't connected and for devices that don't go through the VPN if you use the policy routing option.

  8. 3 hours ago, Staff said:


    Also consider that you can have robust load balancing with a pfSense (and in general *BSD) box and AirVPN:

    Kind regards

    Yes, this is what I do for downloading big files.  It's rare that I'm able to hit that 500+ mark from a single connection both because my ISP and intermediate networks just aren't "allowing" it, or because the VPN server isn't up to it.  But when spread out it's much easier.  That said, some endpoint servers won't allow you to multi wan and it won't help with bittorrent either.

  9. 10 hours ago, NLVPN said:
    19 hours ago, go558a83nk said:

    It doesn't take much actually.  An x86 processor with AES-NI in pfsense can do it if the network between you and the vpn server allows.  Most of the time though the network will be the limiting factor, not the CPU.
    I disagree, but I'm open to suggestions, please advice on the configuration I would need to max out my 500 Mbit connection with OpenVPN.

    I built a pfsense box with an AMD A6-7400K CPU back in 2015 for $121.  Later I added an intel dual NIC for another $40 or so since the realtek NICs I was using weren't the best.  It does 600mbit/s openvpn from a single server in a multi threaded download, if the network "allows" it.

  10. 6 hours ago, NLVPN said:

    I use the AC86 with Merlin firmware & OpenVPN, thanks to the processors AES-NI  support my speed is about 150 Mbit on average. I would love to build a box that would max out my 500 Mbit connection but you need some serious hardware, and that's pricey, for now my AC86 is fast enough

    It doesn't take much actually.  An x86 processor with AES-NI in pfsense can do it if the network between you and the vpn server allows.  Most of the time though the network will be the limiting factor, not the CPU.

  11. That network lock is for their own routers with their own software on it.  But likely it's nothing more than a set of iptables rules which are nothing special.

    Use the very nice merlin firmware for asus routers and its policy routing with "kill switch" and you can use it with whatever VPN provider you like and don't have to pay extra for an express vpn branded router.

  12. You're using the wrong entry IP.  You're setting up to use tls-crypt so you need to use entry IP 3 or 4 and make sure you have a tls-crypt config for the proper tls key.  For Triangulum that's  and 

    I'd also leave key direction at default, use AES-256-GCM, set comp-lzo yes though compression will be turned off via the push from the server, turn on UDP fast I/O, turn on explicit exit notify, and increase the send and receive buffers from default.

  13. 42 minutes ago, Flx said:

    Any single-mode app(Firefox browser) running will use one tunnel/session. Speedtest.net multi or utorrent/bittorrent etc. will use all interconnected wintun adapters...thus distributing the load in/out over the 3 servers connected.
    Not sure I explain this very well. Sorry I can't write 20 pages on this or an essay.
    Why do you even ask anyway? Think it cannot be done? 

    ha!  No need to explain.  I do the same thing in pfsense.  I just have never heard of it being done in windows and I didn't know you could run multiple instances of wintun.

  14. 46 minutes ago, Flx said:

    Thank you for the video link. Very entertaining....to say the least :)
    How Mr. Tom Spark only got only 100mbps AirVPN connected?
    Here the latest speed test on speedtest.net(multi) on a TCP-Entry3 side-by-side triple mode Native OpenVPN 2.5 wintun adapters scenario:



    What is "side-by-side triple mode" ?

  15. 3 hours ago, arteryshelby said:

    Can confirm, in the last weeks the BE severs seem very slow, normaly im getting fullspeed from them, now youtube is buffering on 480p lol.

    BTW: Mullvad, which use also m247 on belgium (e.g. same routing) does not have this problem for me.


    I've seen different routes to servers in the same datacenter.  Are you sure they're the same?  When you're comparing mullvad vs Air are you using the same VPN protocol at the same port?
  • Create New...