Jump to content
Not connected, Your IP: 3.219.31.204

go558a83nk

Members2
  • Content Count

    1894
  • Joined

    ...
  • Last visited

    ...
  • Days Won

    24

Posts posted by go558a83nk


  1. There's no need to manually set 10.4.0.1.  Just tell set your VPN client settings to use the pushed DNS exclusively.  It'll change it automatically upon connect.  Use OpenNIC for the DNS settings in the WAN section.  That'll allow you to resolve domains when the VPN isn't connected and for devices that don't go through the VPN if you use the policy routing option.


  2. 3 hours ago, Staff said:
    @NLVPN

    Hello!

    Also consider that you can have robust load balancing with a pfSense (and in general *BSD) box and AirVPN:
    https://nguvu.org/pfsense/pfsense-multi-vpn-wan/

    Kind regards
     

    Yes, this is what I do for downloading big files.  It's rare that I'm able to hit that 500+ mark from a single connection both because my ISP and intermediate networks just aren't "allowing" it, or because the VPN server isn't up to it.  But when spread out it's much easier.  That said, some endpoint servers won't allow you to multi wan and it won't help with bittorrent either.

  3. 10 hours ago, NLVPN said:
    19 hours ago, go558a83nk said:

    It doesn't take much actually.  An x86 processor with AES-NI in pfsense can do it if the network between you and the vpn server allows.  Most of the time though the network will be the limiting factor, not the CPU.
    I disagree, but I'm open to suggestions, please advice on the configuration I would need to max out my 500 Mbit connection with OpenVPN.


    I built a pfsense box with an AMD A6-7400K CPU back in 2015 for $121.  Later I added an intel dual NIC for another $40 or so since the realtek NICs I was using weren't the best.  It does 600mbit/s openvpn from a single server in a multi threaded download, if the network "allows" it.

  4. 6 hours ago, NLVPN said:

    I use the AC86 with Merlin firmware & OpenVPN, thanks to the processors AES-NI  support my speed is about 150 Mbit on average. I would love to build a box that would max out my 500 Mbit connection but you need some serious hardware, and that's pricey, for now my AC86 is fast enough


    It doesn't take much actually.  An x86 processor with AES-NI in pfsense can do it if the network between you and the vpn server allows.  Most of the time though the network will be the limiting factor, not the CPU.

  5. That network lock is for their own routers with their own software on it.  But likely it's nothing more than a set of iptables rules which are nothing special.

    Use the very nice merlin firmware for asus routers and its policy routing with "kill switch" and you can use it with whatever VPN provider you like and don't have to pay extra for an express vpn branded router.


  6. You're using the wrong entry IP.  You're setting up to use tls-crypt so you need to use entry IP 3 or 4 and make sure you have a tls-crypt config for the proper tls key.  For Triangulum that's 185.200.116.133  and 185.200.116.134. 

    I'd also leave key direction at default, use AES-256-GCM, set comp-lzo yes though compression will be turned off via the push from the server, turn on UDP fast I/O, turn on explicit exit notify, and increase the send and receive buffers from default.


  7. 42 minutes ago, Flx said:

    Any single-mode app(Firefox browser) running will use one tunnel/session. Speedtest.net multi or utorrent/bittorrent etc. will use all interconnected wintun adapters...thus distributing the load in/out over the 3 servers connected.
    Not sure I explain this very well. Sorry I can't write 20 pages on this or an essay.
    Why do you even ask anyway? Think it cannot be done? 


    ha!  No need to explain.  I do the same thing in pfsense.  I just have never heard of it being done in windows and I didn't know you could run multiple instances of wintun.

  8. 46 minutes ago, Flx said:

    @Casper31
    Thank you for the video link. Very entertaining....to say the least :)
    How Mr. Tom Spark only got only 100mbps AirVPN connected?
    Here the latest speed test on speedtest.net(multi) on a TCP-Entry3 side-by-side triple mode Native OpenVPN 2.5 wintun adapters scenario:

    https://www.speedtest.net/result/9862679064

     


    What is "side-by-side triple mode" ?

  9. 3 hours ago, arteryshelby said:

    Can confirm, in the last weeks the BE severs seem very slow, normaly im getting fullspeed from them, now youtube is buffering on 480p lol.

    BTW: Mullvad, which use also m247 on belgium (e.g. same routing) does not have this problem for me.

     


    I've seen different routes to servers in the same datacenter.  Are you sure they're the same?  When you're comparing mullvad vs Air are you using the same VPN protocol at the same port?

  10. 20 minutes ago, WxjThf8HJV5ShAQ said:

    Please read up on the facts. TCP-over-TCP introduces a dramatic loss in transmission performance known as TCP meltdown. OpenVPN recommends using UDP also to avoid this overhead. Anyway, yes wireguard is built from scratch with less code to execute and runs in kernel space which also adds to its performance gain. Not liking and criticizing because it doesn't do TCP is asinine since you're using the wrong tool for your use-case. If you need TCP, either run it over a TCP supported method as mentioned before or use something else
     
    
    TCP stands for Transmission Control Protocol. Basically a means of sending traffic over the Internet with some built-in measures to ensure that traffic can get to its destination. If anything goes wrong during transmission, the protocol has some means to try to find a solution (send the packet of information again or try an alternative route or such). TCP Meltdown occurs when you stack one transmission protocol on top of another, like what happens when an OpenVPN TCP tunnel is transporting TCP traffic inside it. The underlying layer may detect a problem and attempt to compensate, and the layer above it then overcompensates because of that, and this overcompensation causes delays and problems with the transfer of data. That's the layman's version of it that is easy to explain and understand. We therefore instead recommend that you use UDP, which has no transmission control, and on top of that send your TCP traffic as usual, so that there's only one layer of transmission control, and the problem can be avoided.
    
    Some people mistakenly believe that TCP is the best protocol to ensure the best reliability and performance for sending traffic over the Internet. This is the exception.
    
    If you want to learn more there's a good article here on an external website: Why TCP Over TCP Is A Bad Idea

    I know this.  What I'm saying is that removing TCP doesn't make UDP faster but that's what you imply.  People who complain about openvpn being slow have already tried UDP as that's the default protocol with AirVPN and every other VPN I've tried.  They're typically only using TCP if their network requires it.

  11. 4 hours ago, WxjThf8HJV5ShAQ said:

    But that is the point. Eliminating TCP gained the added performance most likely (tunneling TCP-over-TCP is a known performance killer). With the 1.0+, in-tree of the linux kernel and a clean external security audit, if it meets your use-cases, what else is the issue? 

    If all else fails for your use-case, you can run wireguard over TCP with TunSafe but you're back again to OVPN lacking performance.

    Saying that wireguard gained performance by eliminating TCP is like saying my car got faster because I removed low gears.  Physically impossible and it's just silly.

    Wireguard is supposedly faster because of its modern protocol and the fast chacha20 data cipher and that's comparing UDP vs UDP.

  12. 2 hours ago, d0gb0y23 said:

    My buffer is set to 512kb... its weird because shortly after I posted that message I did get 120meg speeds... via Chow... it is, however, inconsistent, and I can't tell if its Virgin or AirVPN or both... Because the speeds can deviate over the course of a minute or two, its hard to check [I jump between Wifi networks, one is a clearnet]

    Is it worth me sticking with a single Air server? Currently I use the UK address which I believe dynamically assigns the server.

    I'll try increasing the buffer size when I return home... I've always had problems with Virgin at this address, the speeds fluctuate massively....

    Thank you for your advice folks... much appreciated

    Nick


    If you're connected to a server with plenty of bandwidth left and you get intermittent good speed then any speed fluctuation is your ISP.  I see it too and it's all down to my ISP changing routes or something along the way being congested. 

  13. 42 minutes ago, Lee47 said:

    Worth trying to adjust send/receive buffers on the openvpn config page like mentioned above, I had to put mine to 512k and even try 1 or 2 MiB with my VM connection and it was fine hitting full download speeds.

    Worth also trying the settings found on the original
    pfsense guide from pfsensefan (https://airvpn.org/forums/topic/17444-how-to-set-up-pfsense-23-for-airvpn/)
    :

    Encryption Algorithm = [ AES-256-CBC (256 bit) ▼]

    Auth Digest Algorithm = [ SHA1 (160 bit) ▼]


    Also delete the advanced configuration>custom options box at bottom of openvpn config page and try it without anything in the box and then save and then try it again with the custom settings, see if that makes any difference.

    Also try different UK airvpn servers, some perform better than others so try all of them Manchester, London, generally it's the ones closest to you which are best but not always I found.

    Sometimes speed test sites are not going to show the full speed due to servers, vpn use etc so try downloading 3 Ubuntu iso torrent files with your torrent app or que up several free public torrents from here:

    http://bt.etree.org/

    This should max out your speed within minutes, I found these type of test much more reliable then speed test sites.

    you can also try a file speed test here with large file button:
    https://www.thinkbroadband.com/download

    Really there is no reason why your 2ghz AES cpu can't max out your Virgin Media BB connection I hit over 200meg+ easily with my pfsense with 2.4ghz aes cpu, usually I found it was settings on the openvpn config page or the UK server I was using holding me back. Also to note Virgin media has been having major network issues across the UK this week its still down for many, and during lock down peroid the speeds have been up and down, I live in a high utilization area so can get capped by 50% at random times and usually after 6pm-10pm will auto get 50% capped (not sure if its same for yourself) so best to do heavy downloads in morning or early hours ie after 11.59pm midnight or 1am morning.
     


    those are old settings.  AES-256-GCM is faster. and SHA512 is for tls-crypt configs.

     

  14. 1 hour ago, deguito18090 said:
    I'm noticing that if I use Eddie I obtain one DNS IP, if I use instad openvpn I obtain 69 DNS IP from the same server in ipleak.net.

    I think it's better if my workstation change DNS ip 69 times instead to use the same IP. Correct?

    not at all.  what that's showing, and it's normal when using openvpn GUI on windows, is that when you use openvpn GUI instead of Eddie you have a DNS leak which is ruining some of the privacy you gain by using a VPN.

    you want just the one (or two with ipv6) airvpn servers showing up as DNS servers.
×
×
  • Create New...