go558a83nk

It shows the browser default IP is IPv6 and it's IPv6 that's a UK one. Either disable IPv6 in openvpn settings, or generate an openvpn config that enables an IPv6 openvpn tunnel.

So, which servers are connected to 10Gbit/s lines?

It's not that difficult to see. Go to https://airvpn.org/issues/ and look for all the servers that were out for an upgrade.

Yes

I don't use stunnel but had originally set it up just to say I could. Now my first question to you is why do you want stunnel? If you're needing SSL tunnel for something you might get what you want just using the new tls-crypt option.

They shouldn't. Check ipleak.net - I bet you have a DNS problem. If you're still using Sky for DNS resolution they'd forward you to that splash page.

I'd get prepared to use the new tls-crypt that AirVPN offers. If that doens't work fall back to the SSL.

I pulled up www.yelp.com just fine in my browser connected to one of the Dallas servers.

It sounds like you're connecting just fine but the method used to confirm the tunnel is working is failing. There used to be an option to disable checking the route but I think it may be re-named now. I don't use the app so I'm not sure. If that option is disabled then it'll stay connected and the tunnel is probably working.

From what I've seen there's no link between referrer URL and the AirVPN username of the account to which it's referring. You can post your referral link on your web site but people still have no idea what your AirVPN username is. Am I wrong?

Thanks for the reply, I never needed to do that before which is odd. I assume you just mean forward it in the router yeah? are you running VPN on the router? If not then you don't touch your router. You should turn off UPnP on your router as well. no, I mean when you make the port forward on the AirVPN web site you make it with local port 32400.. Then put the external port that's assigned to you into Plex.

You need to create a port forward with local port of 32400. External can be whatever AirVPN assigns you and you then put that external port like you know how to do already.

Connect to entry 3 or 4, that's tls-crypt. I think you need the experimental version but I might be wrong on that.

so they block https? or do they work as MITM?

I agree. airpvn.org is one of the slowest loading web sites I've ever used when I have to login. It's not bad when everything is cached.

Linux, as Untangle is based on Debian.

I can get 400+ mbit/s with my pfsense machine. With servers being 1gbps a single user can't expect much more because the server has limits - inbound + outbound = bandwidth limit.

Well, the first thing to try is TCP instead of UDP to see if that fixes it.

That sort of inactivity is not what causes disconnects. Something is causing the tunnel to not be able to send/receive data at all.

Isn't SSL and SSH still a more effective method of bypassing blocks? As i understand it, a SSL connection is less likely to be blocked than a standard OpenVPN connection with the packet headers scrambled. tls-crypt has so far been good for people who need to bypass state firewalls and since it can use UDP it performs better than SSL or SSH.

Sorry, I meant to reply to your post from a couple days ago and somehow it was marked as read and I forgot to. Yeah, I've noticed that servers will say the settings don't match if I'm asking for GCM. But, it'll connect with a GCM cipher as you've seen. I don't know about your CPU but mine is fastest with GCM so I'm glad to have it.

So, I did a little test. I connected to two different servers but at the same port. So, both had a 10.30.0.x virtual address. Sure enough, in the routing table of the web GUI only "ovpnc 1" showed under the netif column even though two clients were running according to "ifconfig" at the command line. However, when I looked at what my exit IP was according to web sites, machines that were supposed to use server "A" were reported as having server A's exit IP. And machines supposed to use the server "B" were reported as having the exit IP of server B. Could this just a bug in routing table display?

Congratulations!

I'm no expert. There's way too much I don't understand. The OP may be on to something but I also figured if this were an inevitable problem it would be discussed a lot more in pfsense openvpn topics. Here's my routing table with two clients up and running. The subnets aren't the same since one of them is to a tls-crypt server now.

I currently only use "don't pull" but I tested both and each one separately, and also the topology. Nothing changes what the server pushes to the client. Much of my pfsense setup is following the excellent guide that's here on the forums. In that don't pull and don't add/remove are selected and therefore you don't have problems of subnets overlapping. And perhaps there are some other settings that affect this too that I don't recall. Anyway, I've never had problems running multiple clients. What the server pushes doesn't change but it's that pfsense ignores it. The guide is indeed excellent, and I use it for my base config too. Have you read this? The issue I describe here is not new, and Air VPN support is aware of this issue. Couple of years ago they moved from a /30 topology to a /16. I am not making this up. If you are using multiple VPN client connections from the same machine (pfsense or router), please take your time to check your routing table. Go to pfSense, Status, OpenVPN, and record the Virtual Address of each connection. Do any of them share the same 2nd octet, like multiple in the 10.4 or 10.30 range? Look at your routing table, go to pfSense, Diagnostics, Routes. Check that you see all your OpenVPN clients under the "netif" collumn, or just paste both here and let me have a look. To which ports did you setup your connections? I've definitely run multiple openvpn clients where the subnets overlapped. yet, I've never had trouble with getting the traffic I wanted through the tunnel I wanted via NAT and firewall rules.