go558a83nk

Looks like your network or your ISP is preventing UDP connections. Try TCP.

10.4.0.1 must be ping-able from any subnet, if you experience this issue there's something wrong either in the server or in your connection. For a preliminary check can you please tell us the server(s) you experience this problem on? Kind regards On Volans and Equuleus my LAN clients can use 10.4.0.1 as DNS server but can't ping it. edit: I connect via IPv4. my pfsense setup isn't IPv6.

I use pfsense. My setup is to pass the DNS server I want to use (10.4.0.1) to clients through DHCP and force clients to use only that DNS via firewall rules. 10.4.0.1 can be used by my clients with no additional routing setup.

10.4.0.1 still works for me with Gen 2 servers.

It takes no technical understanding of how tls-crypt works to know how to "use" tls-crypt with the Eddie app. From the first post of this thread, "'tls-crypt' support, TLS 1.2 forced on entry-IP addresses 3 and 4 of Gen 2 servers" (bolded is their formatting). So, tls-crypt on entry IP 3 and 4. See the attachment to see that entry IP 3 and 4 are clearly shown in the Eddie preferences.

Read the first post of this thread again.

Hi, I'm a bit lost on this. As soon as I switch to Encryption and Authentication pfSense refused to connect. I guess I have to use different Keys ? Where do I find the tls-crypt.key ? Ive just downloaded a new config file and all I get is (inline) : ca cert key tls-auth Jun 24 11:26:57 openvpn 39318 UDPv4 link remote: [AF_INET]185.189.112.18:80 Jun 24 11:26:57 openvpn 39318 UDPv4 link local (bound): [AF_INET]89.245.13.38:0 Jun 24 11:26:57 openvpn 39318 TCP/UDP: Preserving recently used remote address: [AF_INET]185.189.112.18:80 Jun 24 11:26:57 openvpn 39318 Initializing OpenSSL support for engine 'rdrand' Jun 24 11:26:57 openvpn 39318 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Jun 24 11:26:57 openvpn 39318 WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead. Jun 24 11:26:57 openvpn 39318 mlockall call succeeded Jun 24 11:26:57 openvpn 39200 library versions: OpenSSL 1.0.2m-freebsd 2 Nov 2017, LZO 2.10 Jun 24 11:26:57 openvpn 39200 OpenVPN 2.4.4 amd64-portbld-freebsd11.1 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Mar 16 2018 Jun 24 11:26:57 openvpn 39200 WARNING: --keysize is DEPRECATED and will be removed in OpenVPN 2.6 That's if, after a timeout it re-tries it. Any help is much appreciated You need to download tls-crypt configs from the config generator.

tls-crypt itself shouldn't give any speed degradation. The reason SSL has a speed degradation is because it necessitates TCP. Try using tls-crypt with on a UDP port to see how it works for you.

@Staff, I saw your tweet about Atik and the huge amount of traffic on it. For testing purposes were you directing all connections to the Netherlands region to that server to put a huge load on it?

Curious. Why a release for linux and OS X if the only change is for Windows?

As I understand it if the app crashes the network lock is still active because the network lock (via WFP) is only removed when the app is shut down properly. But, you'll have to remain vigilant.

you have to disregard what I said about pinging. I don't use the app so I didn't realize that the app by default allowed pings out even with network lock on. prove it to yourself by trying to browse in a web browser with VPN not connected but network lock on.

There's nothing about the servers that can change latency. Latency is a measure of the trip BETWEEN you and the servers and AirVPN doesn't control all that internet.

It's easy to test if the above result using WFP is a bug by just disallowing pings in the settings right?

https://airvpn.org/topic/28326-psa-windows-firewall-network-lock-is-broken-in-2145/ see that thread. make sure your network lock settings are WFP

https://airvpn.org/topic/28327-airvpn-dropping-connection-and-leaving-vulnerable/?do=findComment&comment=74816 another user, most likely using "automatic", reporting network lock not working??

well is the padlock open or closed?

You're sure the network lock is running?

Yeah, Castor really stinks. I used i3d test site in Rotterdam BTW.

yes. but test it by seeing if you can ping something outside your local network when not connected to VPN. you shouldn't be able to do so.

hmmm. I'm guessing it got through testing because people use automatic (WFP) not firewall and you apparently didn't help in testing.

Use the network lock. That's what it's for.

Interesting info here. https://news.ycombinator.com/item?id=17258203

I wouldn't expect an update. The writer of this guide hasn't been around for 1.5 years now.

Also look into the possibility that it's your CPU holding you back.