go558a83nk

Maybe I misunderstand the problem but I think this is what you are needing and is all you need. Easiest way is to just use an SSH command line session to copy/paste iptables for port forwarding. I've used these in the past on an asus router and this was all I needed. Remember to use ifconfig to see what TUN device your openvpn session is.

This is likely bufferbloat, packets start getting dropped, and it's especially bad with TCP. UDP would work better because packets don't have to arrive in order and no ack is required from the other side.

You can always check server status on this web site.

For the wintun option do I need to install openvpn 2.5 (thus the wintun driver) manually or does this version of eddie install it automatically?

try entry IP 3 and 4 in the protocols section. try different UDP and TCP ports.

Just turn on DHT and PEX in your torrent client.

They haven't worked regularly for me for years. You're lucky that they did for the VPN servers you use. This is just the tracker blocking VPN servers. There may be nothing that Air can do about it. DHT and PEX still work.

I've seen from other VPN that it's qbittorrent that's at fault. Rollback to older qbittorrent and things start to work again.

This post has directions for wintun.

When you use Eddie, AirVPN software, you ARE using openvpn. But if you must use openvpn software that doesn't give you the security of the network lock like Eddie does then generate a config as AirVPN staff said above.

what's listening on port 80 to respond to the queries?

yes. AES is accelerated by AES-NI while chacha20 isn't. chacha20 is for CPU without AES-NI like mobile.

yes, without the quotes

Firefox is showing this web site as tls 1.2 now. Also, SSL Labs scan of airvpn.org shows tls 1.3 isn't supported. https://www.ssllabs.com/ssltest/analyze.html?d=airvpn.org&s=5.196.64.52 Edit: A couple hours later and it looks like you've got it fixed now. Thanks!

If wintun doesn't give you significantly more speed than the old TAP then you have something else limiting your speed. That's my thought. It could be some hardware or software on your PC or in your network somewhere. Or it could be something with your ISP.

but what network cards? Also, any testing of the other options such as mssfix and tun-mtu?

socket-flags TCP_NODELAY; auth-nocache; mlock; key-direction 1; tls-version-min 1.2; key-method 2; tls-timeout 2; remote-cert-tls server; mssfix 0; tun-mtu 20000; explicit-exit-notify 5; That is what's in my custom options. I find mssfix 0 works best for me. And tun-mtu 20000 may seem crazy but it works for me. I've read results of others testing and they find that for high speed openvpn setting a high tun-mtu value helps. Also, test the GUI setting for buffer. A higher buffer may help get you max speed but there's obviously something else going on that's clamping you way down. I'm curious what tls-crypt does but I don't have high hopes. I think something else is going on and I really don't have an answer because we're talking orders of magnitude difference. What network cards are in your pfsense box and what are you network interfaces settings in system_advanced_network.php ?

Many of your custom options are redundant since they are already set automatically or through GUI settings. For example, having sndbuf and rcvbuf in the custom options and the send/receive buffer in the GUI set is setting the same options. I don't know which ends up getting set - you'd have to look at your logs.

Have you tried TCP? Or have you tried UDP with tls-crypt config?

Have you tried to get help in the Merlin Asus forum? There's a thread specifically for the new build that supports your router. https://www.snbforums.com/threads/beta-asuswrt-merlin-384-16-beta-and-384-13_5-are-available.62699/

records show it's in Berlin. the latency difference between Frankfurt and Berlin would be very small. See the link and scroll down to the IP address range Cujam belongs to. It says Berlin infrastructure. https://bgp.he.net/AS9009#_prefixes

The default network lock setting in windows is not firewall rules anymore. It uses the windows filtering platform. I do not know how to get the information you'd need to re-create the WFP rules. https://docs.microsoft.com/en-us/windows/win32/fwp/using-windows-filtering-platform

pfsense doesn't require AES-NI. that requirement was removed.

Change the scoring to be based on latency not speed. Its at the bottom of the Eddie window.

I hate it when that happens. EstNOC, AS206804, can be reached by many networks so it's unfortunate your ISP uses Cogent.