go558a83nk

run stunnel without using screen just to see it in the shell then.

I don't see this anywhere in my instructions.

How much longer is the planned experimental phase? When should we expect all this to roll out to all servers?

AES-256-GCM is also supported if your client has openvpn 2.4.x.

I guess all those people getting great speeds as seen on the status page don't matter. You're the proof that AirVPN is slow.

Doesn't answer my question... there are already two servers in Chicago which serves the entire Midwest... and 10+ in Dallas Texas that no one ever hardly uses... you telling me you can't move a couple of the ones not being used in Texas to Chicago to help the overflow traffic there? Nonsense. But suit yourself, I have other options once my subscription to AIR ends. Add up all the users on all the 11 servers in Dallas and tell me nobody hardly uses them. If there were only 2 or 3 servers in Dallas they'd be overloaded. I do agree that there are some locations in USA that seem regularly overloaded while there is "room" for use on Dallas servers. It makes more sense for people to just use the Dallas servers rather than ask for Air to add more bandwidth.

1) It's just best to pick a server that works well for you and stick to it, using IP address, not a name. 2) What you're using for DNS servers are not DNS servers. That's why your name resolution isn't working. 3) If you're not using merlin asus (https://asuswrt.lostrealm.ca/) already I strongly recommend that you do. You'll have much more control over your openvpn client on the router, including the ability to do policy routing. It also gives you a choice on how to handle DNS - you can force the use of AirVPN DNS resolver when the tunnel is up or you can disable DNS switching and continue to use the DNS resolver of your choice when the tunnel is up. The best mix of security, privacy, and ease is to just force the use of AirVPN DNS resolver.

What's so great about Nord and Express compared to what Air offers?

I've done theoretical testing on my pfsense box with AES-NI enabled at the system level, and not. It makes a huge difference - an order of magnitude perhaps. I've always used fast-io and larger buffers.

That Why would you turn AES-NI off? This is my CPU AMD A6-7400K Radeon R5, 6 Compute Cores 2C+4G Current: 1400 MHz, Max: 3500 MHz2 CPUs: 1 package(s) x 2 core(s)AES-NI CPU Crypto: Yes (active) For my setup I have cryptographic hardware in system_advanced_misc.php set to AES-NI and BSD Crypto device. Then in the OpenVPN client I have BSD Cryptodev engine selected (it's my only option besides no hardware crypto). I can max my ISP connection of 430mbit/s even through the openvpn tunnel with this. https://www.cpubenchmark.net/compare.php?cmp[]=2392&cmp[]=767 Comparing my CPU with the OP's CPU, mine has slightly higher single thread rating. Still, I see no reason why, with AES-NI, higher speeds can't be achieved.

never been down in my memory. but, you don't need the config generator if you're using the AirVPN client (Eddie) on a computer.

nslookup almach.airvpn.org nslookup kraz.airvpn.org and so on

If it were me I'd download Eddie and see what iptables it puts in place with the network lock. Then I'd imitate that. If I wasn't going to use Eddie, that is.

They're probably doing some updates on it.

I'm using pfsense 2.4.2 and port forwarding is working just fine.

you do not have to use a different key for each device. you can use the same key for all of them.

That doesn't work for me in pfsense. Only TLS Authentication works I'm guessing you weren't using a tls-crypt config.

why not install pfsense on it? there's a great guide for pfsense 2.3 in the forums. you'd still have no problem setting up 2.4 following that guide.

Post logs. Otherwise how can anybody help?

Where's everybody who's been begging for IPv6? Not testing or just not posting here?

Are you using pfSense? Do you know what version of OpenVPN use?What score you obtain here: http://ipv6-test.com/ ? This logs are related to cipher negotiation, common in any protocols/mode.If you are using 3' or 4' entry-IP, it's under tls-crypt. If you have <tls-crypt> in your .ovpn, it's under tls-crypt. pfsense 2.4.2 with openvpn 2.4.4. However, I have all IPv6 turned off. My testing was simply for tls-crypt. Sorry I'm not more help with regard to IPv6 testing.

Officially removed some time ago.

I can't comment much more than my guess above. I know next to nothing about how mac and viscosity work. If you posted a log of a connection attempt we might be able to better help you.

Sounds like a DNS resolution problem.

If logs say Jan 31 10:26:02 openvpn 29617 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key Jan 31 10:26:02 openvpn 29617 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication an 31 10:26:02 openvpn 29617 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key Jan 31 10:26:02 openvpn 29617 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication Then tls-crypt is working properly?