go558a83nk
-
Content Count
2093 -
Joined
... -
Last visited
... -
Days Won
37
Posts posted by go558a83nk
-
-
I'm thinking the speed increase is coming from some other change in the OS that's coincident.
That's unfortunate that you can no longer control the buffers for the openvpn connection. -
That makes openvpn not add routes to the system table automatically which requires you to do policy routing via firewall rules. That's great, the way I do it on pfsense. But just make sure you're actually using the VPN and the speed increase isn't because you're not actually using the VPN
-
2 hours ago, Nasheayahu said:It appears to be working, but my ISP IP is showing when I go to iplocation.net to see if the VPN IP is assigned....
UPDATE: after further testing, I'm starting to understand this configuration...., very nice and what I was looking for to help me understand how to control my network, and after I completely do, then I can tailor it to my network...
😂👍
Glad it seems to be working for you. Yes, the default gateway should be WAN. -
2 minutes ago, Nasheayahu said:
Nice, just as you posted the reply I have read up to section "Create NAT rules" in pfSense multi VPN WAN which is a link from the above document.
So hopefully as I keep reading, it will show me how to do this
Could you provide me a link that will show me how to do this?
https://nguvu.org/pfsense/pfsense-multi-vpn-wan/Nasheayahu reacted to this -
yes, you can have multiple clients and use the firewall rules choose which one gets used or create a gateway group with the 3.
Nasheayahu reacted to this -
start with entry IP 3 or 4 using openvpn UDP. if that doesn't work try TCP. If that doesn't work try using SSL or SSH.
-
1 hour ago, Staff said:
Hello!
For the purpose of domain name resolutions, VPN server scores are computed on the following variables: average ping (between VPN servers themselves); average load; average users; known issues; ISP reliability. In the case of Xuange, currently it does not achieve the "best" score in Europe or in Switzerland because the amount of connected users is sufficiently high to outweigh the amount of free bandwidth.
Kind regards
ok thank you for the explanation. -
46 minutes ago, ss11 said:why do you think it's just the % of bandwidth that matters and not also the latency? I think a combo is used that takes multiple factors into account when deciding `best`.
Maybe I need to edit my post, but I'm talking about what's "best" as described on this web site, looking at the servers info. There's no way they know anything about latency there. -
It seems to me that the "best" server for a location is determined by absolute usage rather than % of total bandwidth. And this is something more important than just info on the web site. My understanding is that DNS resolution of location general domains changes to reflect what the system thinks is "best" at that moment. So if best is determined in a flawed manner people may be connecting to a server that is not best Anyway, I'm noting that for Zurich the 10gigabit server (Xuange) is the least used by % of total bandwidth, but is not listed as the best server. My opinion is that it should be.
-
are you using eddie? if so, you don't need to do anything on your router. also, if plex says remote access is up but it's not reachable via the port forwarding test on this web site then plex is using another route to the internet.
-
9 hours ago, juniormaxx said:the version works great, i've left it this way cause any time i updated it had a lot of problems. so i guess i've got no choice but to update.
thanks for your input.
first verify what I've said - that the configs are made for a newer version of openvpn than is on the machine. maybe there's a choice of configs or you can make a slight change and it'll work -
That's an old pfsense (with an old version of openvpn in it) but you may be downloading a config that's made for newer versions of openvpn.
-
It's not an official subreddit - there isn't one. But it is moderated by a mod from here. I haven't seen them active lately so it's possible they're busy or away on holiday so can't moderate things.
-
Anybody is obliged to cooperate with the proper authorities but if there are no logs then....
All this really tells you is that this VPN service keeps logs. -
11 hours ago, ss11 said:
Who goes next time in Egypt should test this, just to be curios. In Turkey I was able to use AirVPN on OpenVPN @ TCP 443 and worked just fine, with own DNS server.
I thought I was clear enough in my posts....I'm *in* Egypt and I'm using openvpn no problem. That's why I stressed to the OP that it should be working and there are other problems causing the issue. -
1 hour ago, OpenSourcerer said:"Fix your stuff" first, Mr. PotatoVeggie. That is a very poor topic headline. Please edit your first post and make it more objective.
Did any of you contact Support regarding this?
I did over a year ago. The ticket is still open.OpenSourcerer reacted to this -
I asked kindly about a year ago. Still not fixed. Maybe this kind of post will light a fire under somebody? Or maybe they'll just delete it for being unkind.
-
4 hours ago, spinmaster said:Are you also on OpenVPN iOS (Mobile) or are you talking about Eddie Desktop connecting in Egypt? Again, I only have my smart phone O can use and which is refusing to connect via OpenVPN.
There are indeed a few sites reporting that Egyptian Government is actively blocking OpenVPN by using Deep Packet Inspection. However, the same site also mentions:
“Egypt blocks TCP and UDP for OpenVPN. However, the TCP port 443 used for TSL encryption is employed by HTTPS. The government cannot block this port else all online shopping and banking will be restricted. You can direct your OpenVPN through this port and the government won’t be able to find out if it is VPN traffic or regular traffic because deep packet inspections are unusable for TSL/SSL.“
I'm connected with pfsense right now and just tested a config in openvpn connect on iOS and it worked too. -
16 hours ago, spinmaster said:
Thanks, where did you get this info from? I thought TCP on Port 443 with tls-crypt would more or less almost be „undetactable“, how can this connection still be detected as an OpenVPN connection? I‘m pretty surprised…
The reason I needed the Air connection here is not so much for „Hotel WiFi security“, but a couple of sites and services in my home country cannot be accessed and are apparently been blocked with access from Egypt
it's working for me right now so no idea what's happening for you or with what Flx said. -
Russia is already doing this. They're going to try harder?
-
12 hours ago, spinmaster said:Just tried a fresh iOS Config: TCP/443/Entry IP 3/Tls crypt… no connection.
Is it the ISP blocking? Is it the Hotel IT blocking? Is it something else maybe?
I noticed this in the log, but I don‘t know if its related:[Oct 02, 2023, 18:23:08] Creds: UsernameEmpty/PasswordEmpty
Here is the new, full log:
[Oct 02, 2023, 18:23:08] START CONNECTION
[Oct 02, 2023, 18:23:08] ----- OpenVPN Start -----
OpenVPN core 3.git::081bfebe ios arm64 64-bit
[Oct 02, 2023, 18:23:08] OpenVPN core 3.git::081bfebe ios arm64 64-bit
[Oct 02, 2023, 18:23:08] Frame=512/2048/512 mssfix-ctrl=1250
[Oct 02, 2023, 18:23:08] UNUSED OPTIONS
3 [resolv-retry] [infinite]
4 [nobind]
5 [persist-key]
6 [persist-tun]
7 [auth-nocache]
8 [verb] [3]
13 [data-ciphers] [CHACHA20-POLY1305:AES-256-GCM:AES-256-CBC:AES-192-GCM:AES-192-CB...]
14 [data-ciphers-fallback] [AES-256-CBC]
[Oct 02, 2023, 18:23:08] EVENT: RESOLVE
[Oct 02, 2023, 18:23:08] Contacting 83.143.245.53:443 via TCPv4
[Oct 02, 2023, 18:23:08] EVENT: WAIT
[Oct 02, 2023, 18:23:08] Connecting to [de3.vpn.airdns.org]:443 (83.143.245.53) via TCPv4
[Oct 02, 2023, 18:23:08] EVENT: CONNECTING
[Oct 02, 2023, 18:23:08] Tunnel Options:V4,dev-type tun,link-mtu 1588,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA512,keysize 128,key-method 2,tls-client
[Oct 02, 2023, 18:23:08] Creds: UsernameEmpty/PasswordEmpty
[Oct 02, 2023, 18:23:08] Peer Info:
IV_VER=3.git::081bfebe
IV_PLAT=ios
IV_NCP=2
IV_TCPNL=1
IV_PROTO=30
IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:BF-CBC
IV_LZO_STUB=1
IV_COMP_STUB=1
IV_COMP_STUBv2=1
IV_AUTO_SESS=1
UV_IPV6=yes
UV_ASCLI_VER=3.3.4-5176
UV_PLAT_REL=17.0.2
UV_UUID=14DA623A-4DD3-4F75-8E4C-8434BA859924
IV_GUI_VER=net.openvpn.connect.ios_3.3.4-5176
IV_SSO=webauth,openurl,crtext
IV_HWADDR=14DA623A-4DD3-4F75-8E4C-8434BA859924
IV_SSL=OpenSSL 1.1.1n 15 Mar 2022
IV_BS64DL=1
[Oct 02, 2023, 18:23:08] TCP recv error: Connection reset by peer
[Oct 02, 2023, 18:23:08] Transport Error: Transport error on 'de3.vpn.airdns.org: NETWORK_RECV_ERROR
[Oct 02, 2023, 18:23:08] EVENT: TRANSPORT_ERROR Transport error on 'de3.vpn.airdns.org: NETWORK_RECV_ERROR [ERR]
[Oct 02, 2023, 18:23:08] Client terminated, restarting in 5000 ms...
[Oct 02, 2023, 18:23:11] RECONNECT TEST: Internet:ReachableViaWiFi/-R -------
[Oct 02, 2023, 18:23:11] EARLY RECONNECT
[Oct 02, 2023, 18:23:11] Client terminated, reconnecting in 1...
[Oct 02, 2023, 18:23:12] EVENT: RECONNECTING
[Oct 02, 2023, 18:23:12] EVENT: RESOLVE
[Oct 02, 2023, 18:23:12] Contacting 83.143.245.53:443 via TCPv4
[Oct 02, 2023, 18:23:12] EVENT: WAIT
[Oct 02, 2023, 18:23:12] Connecting to [de3.vpn.airdns.org]:443 (83.143.245.53) via TCPv4
[Oct 02, 2023, 18:23:12] EVENT: CONNECTING
[Oct 02, 2023, 18:23:12] Tunnel Options:V4,dev-type tun,link-mtu 1588,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA512,keysize 128,key-method 2,tls-client
[Oct 02, 2023, 18:23:12] Creds: UsernameEmpty/PasswordEmpty
[Oct 02, 2023, 18:23:12] Peer Info:
IV_VER=3.git::081bfebe
IV_PLAT=ios
IV_NCP=2
IV_TCPNL=1
IV_PROTO=30
IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:BF-CBC
IV_LZO_STUB=1
IV_COMP_STUB=1
IV_COMP_STUBv2=1
IV_AUTO_SESS=1
UV_IPV6=yes
UV_ASCLI_VER=3.3.4-5176
UV_PLAT_REL=17.0.2
UV_UUID=14DA623A-4DD3-4F75-8E4C-8434BA859924
IV_GUI_VER=net.openvpn.connect.ios_3.3.4-5176
IV_SSO=webauth,openurl,crtext
IV_HWADDR=14DA623A-4DD3-4F75-8E4C-8434BA859924
IV_SSL=OpenSSL 1.1.1n 15 Mar 2022
IV_BS64DL=1
[Oct 02, 2023, 18:23:12] TCP recv error: Connection reset by peer
[Oct 02, 2023, 18:23:12] Transport Error: Transport error on 'de3.vpn.airdns.org: NETWORK_RECV_ERROR
[Oct 02, 2023, 18:23:12] EVENT: TRANSPORT_ERROR Transport error on 'de3.vpn.airdns.org: NETWORK_RECV_ERROR [ERR]
[Oct 02, 2023, 18:23:12] Client terminated, restarting in 5000 ms...
I've used configs imported into openvpn connect and used AirVPN no problem.
I'm seeing several problems in the logs if I read them correctly.
1) Air doesn't use username/password so them being empty is normal but the app you're using should use the cert/key instead.
2) what may actually be stopping connection is that it seems to be trying bf-cbc for data channel cipher. Air doesn't support that.
3) I'm also concerned that your app may be trying to use compression and Air doesn't use that either. -
TCP using tls-crypt (entry IP 3 or 4) work, I know first hand.
-
Air doesn't even have an app for iOS for reasons so I think it's nearly impossible that they'll make an app for tvOS.
-
50 minutes ago, SurprisedItWorks said:I asked staff essentially the same question a few days ago in a ticket. They replied that wireguard connections would remain available on Entry-1 IPs for some time - few years? - at least, in order to accomodate old configs and software versions.
But please, everyone, do let them know if this matters to your setup, as it does to mine. I need my OpenVPN and wireguard connections to be to different IPs to avoid routing problems.
For me it's not necessarily a problem like it is for your policy routing. I would have liked a small announcement about it from Staff still. It does force me to use the config generator instead of just resolving a server domain (which defaults to entry IP 1) when I do want to switch the IP of my manual setup.
Termination of service in Italy
in News and Announcement
Posted ...
I'm sure your lawyers understand this much better than I do but I'm not really understanding why this applies to you anyway considering you don't have servers in Italy and such blocks should be made at the ISP level. Any blocking you would do to adhere to these edicts would be done on servers *outside* Italy. Am I misunderstanding something?