Jump to content
Not connected, Your IP:


  • Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by go558a83nk

  1. yes. AES is accelerated by AES-NI while chacha20 isn't. chacha20 is for CPU without AES-NI like mobile.
  2. Firefox is showing this web site as tls 1.2 now. Also, SSL Labs scan of airvpn.org shows tls 1.3 isn't supported. https://www.ssllabs.com/ssltest/analyze.html?d=airvpn.org&s= Edit: A couple hours later and it looks like you've got it fixed now. Thanks!
  3. If wintun doesn't give you significantly more speed than the old TAP then you have something else limiting your speed. That's my thought. It could be some hardware or software on your PC or in your network somewhere. Or it could be something with your ISP.
  4. but what network cards? Also, any testing of the other options such as mssfix and tun-mtu?
  5. socket-flags TCP_NODELAY; auth-nocache; mlock; key-direction 1; tls-version-min 1.2; key-method 2; tls-timeout 2; remote-cert-tls server; mssfix 0; tun-mtu 20000; explicit-exit-notify 5; That is what's in my custom options. I find mssfix 0 works best for me. And tun-mtu 20000 may seem crazy but it works for me. I've read results of others testing and they find that for high speed openvpn setting a high tun-mtu value helps. Also, test the GUI setting for buffer. A higher buffer may help get you max speed but there's obviously something else going on that's clamping you way down. I'm curious what tls-crypt does but I don't have high hopes. I think something else is going on and I really don't have an answer because we're talking orders of magnitude difference. What network cards are in your pfsense box and what are you network interfaces settings in system_advanced_network.php ?
  6. Many of your custom options are redundant since they are already set automatically or through GUI settings. For example, having sndbuf and rcvbuf in the custom options and the send/receive buffer in the GUI set is setting the same options. I don't know which ends up getting set - you'd have to look at your logs.
  7. Have you tried TCP? Or have you tried UDP with tls-crypt config?
  8. Have you tried to get help in the Merlin Asus forum? There's a thread specifically for the new build that supports your router. https://www.snbforums.com/threads/beta-asuswrt-merlin-384-16-beta-and-384-13_5-are-available.62699/
  9. records show it's in Berlin. the latency difference between Frankfurt and Berlin would be very small. See the link and scroll down to the IP address range Cujam belongs to. It says Berlin infrastructure. https://bgp.he.net/AS9009#_prefixes
  10. The default network lock setting in windows is not firewall rules anymore. It uses the windows filtering platform. I do not know how to get the information you'd need to re-create the WFP rules. https://docs.microsoft.com/en-us/windows/win32/fwp/using-windows-filtering-platform
  11. pfsense doesn't require AES-NI. that requirement was removed.
  12. Change the scoring to be based on latency not speed. Its at the bottom of the Eddie window.
  13. I hate it when that happens. EstNOC, AS206804, can be reached by many networks so it's unfortunate your ISP uses Cogent.
  14. You probably can't connect directly to the ONT and get any network activity without doing some work The ISP router probably does vlan tagging and has some sort of username/password authentication. If you know what the settings are you may be able to replicate them on your pfsense box. But if you don't know the best you can do is either put the ISP router into bridge mode or do some other trick where you use a dumb switch and clone the MAC address of the ISP router to your pfense box. You let the ISP router get your connection up and running and then unplug it from the dumb switch and plug in your pfsense box with cloned MAC.
  15. It's been better for me since I made a thread complaining about this problem. I think staff have done some fixing. But that's interesting that you note that it happens only when connected by UDP tunnel. That implies that something is failing with packet fragmentation because we have MTU wrong.
  16. It's quite normal that a company like Credit Karma wants to block VPN IPs. They're trying to protect identity so it would behoove you to show them your real location so that if somebody were to try to hack your account from another location they'd more quickly realize it's not you. And really, it makes no sense to hide your IP from them when they know everything else about you necessarily.
  17. That's correct. I don't think it's possible to work with Eddie just yet because the network lock doesn't know how to work with the wintun driver.
  18. That's the wintun stuff. Also, if you're getting virgin internet you might want to research complications with some of their equipment.
  19. how fast depends on a lot of different factors. But, if you're using windows I suggest you learn how to use the new wintun driver not the TAP driver of "old".
  20. For plex remote access you either need to forward the port through the VPN or you need to setup, in eddie, plex.tv to go outside the VPN tunnel.
  21. being slowing on a VPN is normal and doesn't mean the ISP is throttling. It's just technicalities.
  22. Yes Some people find it works in places where only SSL would work previously. Yes. You must connect to entry IP 3 or 4, use SHA512 for auth digest, and of course use the TLS encryption and auth setting for the TLS key
  23. I'm running a game server on a PC through AirVPN. It seems to be creating a little bit of lag, and id rather not have it turned off and expose my public IP. Increased lag is going to happen when you're going through a VPN. It adds "distance" between you and your game server and friends. Decreasing the encryption will only make things easier on your processor but that's not where the lag is I think.
  24. Yes, it's possible. You'll have to read up on what options will have to be inserted in custom directives. https://airvpn.org/specs/
  • Create New...