go558a83nk

I'm sure your lawyers understand this much better than I do but I'm not really understanding why this applies to you anyway considering you don't have servers in Italy and such blocks should be made at the ISP level.  Any blocking you would do to adhere to these edicts would be done on servers *outside* Italy.  Am I misunderstanding something? 

I'm thinking the speed increase is coming from some other change in the OS that's coincident.

That's unfortunate that you can no longer control the buffers for the openvpn connection.

That makes openvpn not add routes to the system table automatically which requires you to do policy routing via firewall rules.  That's great, the way I do it on pfsense.  But just make sure you're actually using the VPN and the speed increase isn't because you're not actually using the VPN

2 hours ago, Nasheayahu said:

It appears to be working, but my ISP IP is showing when I go to iplocation.net to see if the VPN IP is assigned....

UPDATE: after further testing, I'm starting to understand this configuration...., very nice and what I was looking for to help me understand how to control my network, and after I completely do, then I can tailor it to my network...
😂👍

2 minutes ago, Nasheayahu said:

Nice, just as you posted the reply I have read up to section "Create NAT rules" in pfSense multi VPN WAN which is a link from the above document.
 
So hopefully as I keep reading, it will show me how to do this
 
Could you provide me a link that will show me how to do this?

yes, you can have multiple clients and use the firewall rules choose which one gets used or create a gateway group with the 3.

start with entry IP 3 or 4 using openvpn UDP.  if that doesn't work try TCP.  If that doesn't work try using SSL or SSH.

1 hour ago, Staff said:

Hello!

For the purpose of domain name resolutions, VPN server scores are computed on the following variables: average ping (between VPN servers themselves); average load; average users; known issues; ISP reliability. In the case of Xuange, currently it does not achieve the "best" score in Europe or in Switzerland because the amount of connected users is sufficiently high to outweigh the amount of free bandwidth.

Kind regards
 

46 minutes ago, ss11 said:

why do you think it's just the % of bandwidth that matters and not also the latency? I think a combo is used that takes multiple factors into account when deciding `best`.

It seems to me that the "best" server for a location is determined by absolute usage rather than % of total bandwidth.  And this is something more important than just info on the web site.  My understanding is that DNS resolution of location general domains changes to reflect what the system thinks is "best" at that moment.  So if best is determined in a flawed manner people may be connecting to a server that is not best   Anyway, I'm noting that for Zurich the 10gigabit server (Xuange) is the least used by % of total bandwidth, but is not listed as the best server.  My opinion is that it should be.

are you using eddie?  if so, you don't need to do anything on your router.  also, if plex says remote access is up but it's not reachable via the port forwarding test on this web site then plex is using another route to the internet.

9 hours ago, juniormaxx said:

the version works great, i've left it this way cause any time i updated it had a lot of problems.  so i guess i've got no choice but to update.
thanks for your input.

That's an old pfsense (with an old version of openvpn in it) but you may be downloading a config that's made for newer versions of openvpn.

It's not an official subreddit - there isn't one.  But it is moderated by a mod from here.  I haven't seen them active lately so it's possible they're busy or away on holiday so can't moderate things.

Anybody is obliged to cooperate with the proper authorities but if there are no logs then....

All this really tells you is that this VPN service keeps logs.

11 hours ago, ss11 said:

Who goes next time in Egypt should test this, just to be curios. In Turkey I was able to use AirVPN on OpenVPN @ TCP 443 and worked just fine, with own DNS server.

1 hour ago, OpenSourcerer said:

"Fix your stuff" first, Mr. PotatoVeggie. That is a very poor topic headline. Please edit your first post and make it more objective.

Did any of you contact Support regarding this?

I asked kindly about a year ago.  Still not fixed.  Maybe this kind of post will light a fire under somebody?  Or maybe they'll just delete it for being unkind.

4 hours ago, spinmaster said:

Are you also on OpenVPN iOS (Mobile) or are you talking about Eddie Desktop connecting in Egypt? Again, I only have my smart phone O can use and which is refusing to connect via OpenVPN.

There are indeed a few sites reporting that Egyptian Government is actively blocking OpenVPN by using Deep Packet Inspection. However, the same site also mentions:

“Egypt blocks TCP and UDP for OpenVPN. However, the TCP port 443 used for TSL encryption is employed by HTTPS. The government cannot block this port else all online shopping and banking will be restricted. You can direct your OpenVPN through this port and the government won’t be able to find out if it is VPN traffic or regular traffic because deep packet inspections are unusable for TSL/SSL.“

16 hours ago, spinmaster said:

Thanks, where did you get this info from? I thought TCP on Port 443 with tls-crypt would more or less almost be „undetactable“, how can this connection still be detected as an OpenVPN connection? I‘m pretty surprised…

The reason I needed the Air connection here is not so much for „Hotel WiFi security“, but a couple of sites and services in my home country cannot be accessed and are apparently been blocked with access from Egypt

Russia is already doing this.  They're going to try harder?

12 hours ago, spinmaster said:

Just tried a fresh iOS Config: TCP/443/Entry IP 3/Tls crypt… no connection.

Is it the ISP blocking? Is it the Hotel IT blocking? Is it something else maybe?

I noticed this in the log, but I don‘t know if its related:

[Oct 02, 2023, 18:23:08] Creds: UsernameEmpty/PasswordEmpty

Here is the new, full log:
 

[Oct 02, 2023, 18:23:08] START CONNECTION

 

[Oct 02, 2023, 18:23:08] ----- OpenVPN Start -----

OpenVPN core 3.git::081bfebe ios arm64 64-bit

 

[Oct 02, 2023, 18:23:08] OpenVPN core 3.git::081bfebe ios arm64 64-bit

 

[Oct 02, 2023, 18:23:08] Frame=512/2048/512 mssfix-ctrl=1250

 

[Oct 02, 2023, 18:23:08] UNUSED OPTIONS

3 [resolv-retry] [infinite]

4 [nobind]

5 [persist-key]

6 [persist-tun]

7 [auth-nocache]

8 [verb] [3]

13 [data-ciphers] [CHACHA20-POLY1305:AES-256-GCM:AES-256-CBC:AES-192-GCM:AES-192-CB...]

14 [data-ciphers-fallback] [AES-256-CBC]

 

[Oct 02, 2023, 18:23:08] EVENT: RESOLVE

 

[Oct 02, 2023, 18:23:08] Contacting 83.143.245.53:443 via TCPv4

 

[Oct 02, 2023, 18:23:08] EVENT: WAIT

 

[Oct 02, 2023, 18:23:08] Connecting to [de3.vpn.airdns.org]:443 (83.143.245.53) via TCPv4

 

[Oct 02, 2023, 18:23:08] EVENT: CONNECTING

 

[Oct 02, 2023, 18:23:08] Tunnel Options:V4,dev-type tun,link-mtu 1588,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA512,keysize 128,key-method 2,tls-client

 

[Oct 02, 2023, 18:23:08] Creds: UsernameEmpty/PasswordEmpty

 

[Oct 02, 2023, 18:23:08] Peer Info:

IV_VER=3.git::081bfebe

IV_PLAT=ios

IV_NCP=2

IV_TCPNL=1

IV_PROTO=30

IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:BF-CBC

IV_LZO_STUB=1

IV_COMP_STUB=1

IV_COMP_STUBv2=1

IV_AUTO_SESS=1

UV_IPV6=yes

UV_ASCLI_VER=3.3.4-5176

UV_PLAT_REL=17.0.2

UV_UUID=14DA623A-4DD3-4F75-8E4C-8434BA859924

IV_GUI_VER=net.openvpn.connect.ios_3.3.4-5176

IV_SSO=webauth,openurl,crtext

IV_HWADDR=14DA623A-4DD3-4F75-8E4C-8434BA859924

IV_SSL=OpenSSL 1.1.1n  15 Mar 2022

IV_BS64DL=1

 

 

[Oct 02, 2023, 18:23:08] TCP recv error: Connection reset by peer

 

[Oct 02, 2023, 18:23:08] Transport Error: Transport error on 'de3.vpn.airdns.org: NETWORK_RECV_ERROR

 

[Oct 02, 2023, 18:23:08] EVENT: TRANSPORT_ERROR Transport error on 'de3.vpn.airdns.org: NETWORK_RECV_ERROR [ERR]

 

[Oct 02, 2023, 18:23:08] Client terminated, restarting in 5000 ms...

 

[Oct 02, 2023, 18:23:11] RECONNECT TEST: Internet:ReachableViaWiFi/-R -------

 

[Oct 02, 2023, 18:23:11] EARLY RECONNECT

 

[Oct 02, 2023, 18:23:11] Client terminated, reconnecting in 1...

 

[Oct 02, 2023, 18:23:12] EVENT: RECONNECTING

 

[Oct 02, 2023, 18:23:12] EVENT: RESOLVE

 

[Oct 02, 2023, 18:23:12] Contacting 83.143.245.53:443 via TCPv4

 

[Oct 02, 2023, 18:23:12] EVENT: WAIT

 

[Oct 02, 2023, 18:23:12] Connecting to [de3.vpn.airdns.org]:443 (83.143.245.53) via TCPv4

 

[Oct 02, 2023, 18:23:12] EVENT: CONNECTING

 

[Oct 02, 2023, 18:23:12] Tunnel Options:V4,dev-type tun,link-mtu 1588,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA512,keysize 128,key-method 2,tls-client

 

[Oct 02, 2023, 18:23:12] Creds: UsernameEmpty/PasswordEmpty

 

[Oct 02, 2023, 18:23:12] Peer Info:

IV_VER=3.git::081bfebe

IV_PLAT=ios

IV_NCP=2

IV_TCPNL=1

IV_PROTO=30

IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:BF-CBC

IV_LZO_STUB=1

IV_COMP_STUB=1

IV_COMP_STUBv2=1

IV_AUTO_SESS=1

UV_IPV6=yes

UV_ASCLI_VER=3.3.4-5176

UV_PLAT_REL=17.0.2

UV_UUID=14DA623A-4DD3-4F75-8E4C-8434BA859924

IV_GUI_VER=net.openvpn.connect.ios_3.3.4-5176

IV_SSO=webauth,openurl,crtext

IV_HWADDR=14DA623A-4DD3-4F75-8E4C-8434BA859924

IV_SSL=OpenSSL 1.1.1n  15 Mar 2022

IV_BS64DL=1

 

 

[Oct 02, 2023, 18:23:12] TCP recv error: Connection reset by peer

 

[Oct 02, 2023, 18:23:12] Transport Error: Transport error on 'de3.vpn.airdns.org: NETWORK_RECV_ERROR

 

[Oct 02, 2023, 18:23:12] EVENT: TRANSPORT_ERROR Transport error on 'de3.vpn.airdns.org: NETWORK_RECV_ERROR [ERR]

 

[Oct 02, 2023, 18:23:12] Client terminated, restarting in 5000 ms...

TCP using tls-crypt (entry IP 3 or 4) work, I know first hand.

Air doesn't even have an app for iOS for reasons so I think it's nearly impossible that they'll make an app for tvOS.

50 minutes ago, SurprisedItWorks said:

I asked staff essentially the same question a few days ago in a ticket. They replied that wireguard connections would remain available on Entry-1 IPs for some time - few years? - at least, in order to accomodate old configs and software versions.

But please, everyone, do let them know if this matters to your setup, as it does to mine. I need my OpenVPN and wireguard connections to be to different IPs to avoid routing problems.