go558a83nk

It's just not resolving your remote address in the openvpn config because your DNS server is a private address in AirVPN's network. Since you're not connected yet, you can't access that private address to resolve the remote host. There are 2 solutions. 1) Resolve the remote host separately, then put in the IP address of the remote server, not the domain. This keeps you to the one server. It won't be some random European server, which is what you may intend. 2) Use a public DNS in your general dd-wrt settings, then make sure that the openvpn client switches the router to VPN DNS upon connection. If your version of dd-wrt can't do that, then I suggest you find a firmware that does.

It's stated in the specifications that outbound port 25 is blocked to prevent spam.

No idea. But I am curious, can this thing really do OpenVPN at 300Mbps with that CPU? Where are you getting 300mbps from? Are you reading the wifi standard speed and confusing that with openvpn speed?

Merlin firmware using the policy routing option gives you the additional option to block VPN routed clients if the tunnel goes down. Is that the "killswitch" you're talking about?

In the past squid proxy and openvpn usage didn't play well together. What was meant to go through openvpn tunnel was in the clear. I don't know if that's still the case.

There are different ways to setup pfsense so this is not an easy thing to help with. And, this isn't an AirVPN topic but a pfsense topic. So, it should be moved to an off topic section. If it were my setup I'd create NAT outgoing and LAN firewall rules that allow a device out the WAN instead of the VPN. But, I don't know how you've set yours up.

If you can use tls-crypt over UDP that will likely give you better speed than TCP. What port you use is up to you. You'll need to use the tls-crypt key from a config for entry IP 3 or 4, be sure to use the correct entry IP address too, change the key usage mode to TLS encryption and authentication, and change the auth digest algorithm to SHA512.

DNS records don't exist yet from what I'm seeing.

I was having some issues with my OpenVPN clients from a pfSense box. Setting the send/receive buffers to 512 more than doubled my speeds from ~10-15Mbps to 30-35Mbps on a 50Mbps internet connection. I have the SG-3100, so there's no aes-ni because it's an ARM a9 processor. Curious if you have any other suggestions? Since its a netgate (pfsense) it has built in aes-ni into the arm chip. At 349 USD for the base it better support crypto since 2.5 will require it https://www.netgate.com/solutions/pfsense/sg-3100.html This says nothing about AES-NI. Unfortunately, I think a lot of people will either be buying new hardware or won't be updating to 2.5.

You've confirmed your openvpn instance is running on interface TUN1?

SSD isn't necessary. What is necessary is two ethernet ports. Yes, I'd certainly recommend pfsense on that laptop over a high end router. As far as wifi AP you just need coverage and speed that you want. You'll want something that can run in AP mode and not router mode, so that pfsense can handle your network.

Could you elaborate on this in detail ? I feel I'm not fully getting your statement... So if I use 1.1.1.1 as DNS they will see that and then in turn could inquire with AirVPN who that user was at that point in time... ? (1) since AirVPN does not store data, there should be no concern, right ? (2) and since there will most likely be multiple users using 1.1.1.1 it would be impossible to identify, right... ? trying to completely understand whether using DNS of 1.1.1.1 is defeating the purpose of using a VPN at all... Thanks for the info. You seem to understand things properly.

Yes, using a VPN adds overhead.

Looks correct. Are the subnets (yours and the VPN's internal) overlapping?

show us your iptables rules for port forwarding.

If you're using the AirVPN (Eddie) app then you certainly do *not* want to enable DMZ on your router. That's a potential security risk. DMZ is not needed in this case. In fact, I can't really think of a case where DMZ is needed in conjunction with openvpn. As to why port forwarding isn't working we'd need more information on your setup.

the easy thing to do is just blacklist (in eddie) the server you don't want to connect to.

You can have multiple connections to the same server if you use different ports (at the server) or if you use different keys https://airvpn.org/devices/ . However, multiple connections to the same server means port forwarding won't work unless Air comes up with the ability for us to direct which key/device the port forward goes to.

All traffic is routed through the tunnel. Problem is that, if not using AirDNS, requests to other DNS servers are unencrypted after the AirVPN server. Sure, they are recursive DNS that Air runs but the requests they make to authoritative DNS are not tied back to you. If you use another DNS like 1.1.1.1 you also still have some anonymity since you're one of dozens of people using the VPN server.

There's a guide for pfsense on this website/forum, or there are others around the web. The hardware build doesn't have to be spectacular. Just an AES-NI CPU, small amount of RAM, small hard drive, dual network card, power supply and motherboard, of course. I was building pfsense box at lowest cost and what was cheapest for me was a regular tower case sort of setup. Putting the parts together wasn't difficult. If you've never done it, you can certainly find help online. Anyway, I'm talking only like $150 was spent but it'll do at least 430mbit/s with AirVPN. I don't know how much higher because that's my ISP max. Some people need the box to be small and pretty and I don't know how to accomplish that except to just buy one.

Asus is making some router(s) with AES-NI CPUs now (e.g. ac86). But, if you really want performance then build your own with an AES-NI capable desktop CPU running pfsense or the like.

No, the listening server is whatever you're trying to forward a port to. If that's not up and running and listening on the port you've assigned in the port forwarding rule the test will fail.

A firewall on my end? Because I don't have one running. What steps should I take to troubleshoot this from here? Are you using Eddie and is the listening server on the same machine running Eddie?

10.4.0.1 if you want to use AirDNS to get stuff like Netflix

this is my experience exactly. i have a pfsense router. i have plugged in static DNS to the TV and in the router to assign to my TV. i still get blocked content. if i boot up a laptop, my mac or other laptop using Eddie client it works just fine. i've tried to look at the configuration within Eddie and matched to my openvpn custom configuration. and it still does not work. i don't think this is Airvpn's issue. i feel that the Android OS is the issue. i also had this issue on a LG tv. WEBOS. and that was why i bought a Sony. but have the same issue... SIGH Air Staff is saying to make a rule like this where for you redirect any DNS query that's not to the DNS server you want to the DNS server you want. See /firewall_nat.php