go558a83nk

I've used configs imported into openvpn connect and used AirVPN no problem. I'm seeing several problems in the logs if I read them correctly. 1) Air doesn't use username/password so them being empty is normal but the app you're using should use the cert/key instead. 2) what may actually be stopping connection is that it seems to be trying bf-cbc for data channel cipher. Air doesn't support that. 3) I'm also concerned that your app may be trying to use compression and Air doesn't use that either.

TCP using tls-crypt (entry IP 3 or 4) work, I know first hand.

Air doesn't even have an app for iOS for reasons so I think it's nearly impossible that they'll make an app for tvOS.

For me it's not necessarily a problem like it is for your policy routing. I would have liked a small announcement about it from Staff still. It does force me to use the config generator instead of just resolving a server domain (which defaults to entry IP 1) when I do want to switch the IP of my manual setup.

I noticed just now as I used the config generator that wireguard now uses entry IP 3. Will we need to change all configs or will entry IP 1 still work? Also, why the change? Thanks.

one trick I learned when testing max speed with torrents is to start the torrent throttling download speed to something very low, give it time to gather up a lot of peers, then unlimit the download speed.

mullvad doesn't use a TLS key?

I've found that tls-crypt TCP 443 allows me to connect when tls-auth openvpn requires me to use stunnel. Are you sure that this UDP in TCP is required for your location?

The main reason to have your VPN client on your router is so that your whole house can go through the VPN if you wish - devices that can't run a VPN client themselves can be routed through the VPN tunnel. But for your situation it sounds like just running Eddie when you need to torrent is the best option. The main reasons being the simplicity of the setup and the speed. Routers are known for being slow for openvpn unless they have specific chipsets that can accelerate AES. Wireguard is fast(er) on routers, yes, but still since you don't use VPN much and only for your windows PC it's not worth getting VPN client running on router IMO.

Is PolarBear Tunnel the name of an adapter Eddie makes or is that from some other VPN software? I'm thinking the latter.

I don't know what you're seeing but the only link to Mullvad I see is firefox vpn.

I think this can also be caused by MTU problems?

https://airvpn.org/ports/

last I looked there's somebody that's been connected since last Christmas to the same server. I think the servers are reliable enough to use them ;)

You seem to be implying that the peering for 1 of the 4 servers in the same datacenter is different from the other 3 servers. Was that your intention? Being blacklisted from services is par for the course for VPN IPs.

Yeah, in the last few months (since other VPN providers stopped providing port forwarding) the usage of the Dallas servers has gone from negligible to huge. They certainly could use some attention. P.S. if you look at Dallas server usage don't trust the "bar" of bandwidth used. Go into the server page and look at the daily usage charts. For some reason the Dallas servers often report incorrect instantaneous usage.

Seems like there's a bug then because I was using pfsense+ some time ago and it was working normally. DCO would connect to Marsic and non-DCO would connect to other servers.

If you could only get a pattern like superba3.airservers.org or superba3.vpn.airdns.org working. But it seems requesting an alternate entry IP only works with regions or nations.

I always get resolved hosts configs anyway so that DNS isn't required for connection.

been this way for years that some Air servers didn't resolve with that domain pattern but that's the one I always try to use so I forget the "proper" way. apparently it's superba.airservers.org

No, I'm asking about the things on the linked page. Have you tried to enable QAT and/or IPSec-MB. QAT is supposed to be the best option if your device supports it, IPsec-MB next. https://docs.netgate.com/pfsense/en/latest/hardware/cryptographic-accelerators.html

I've had issues for years with various VPN providers with some public trackers blocking various VPN servers. However, I could sometimes find a VPN server that wasn't blocked by the public trackers. But I've never had problems with private trackers blocking VPN servers. So, not sure what to say but to try different server locations since if the tracker is blocking the VPN servers they've likely blocked the whole IP range.

IPsec-MB is what I was wondering about for you.

That's a huge improvement but still not as fast as openvpn? If so, really weird. What hardware accelerations do you have enabled?

yes, likely an MTU thing. Be sure to go into the interface settings for the wireguard interface and set MTU and MSS to 1420 or some other lower, matching number.