Jump to content
Not connected, Your IP: 13.58.103.70

go558a83nk

Members2
  • Content Count

    2136
  • Joined

    ...
  • Last visited

    ...
  • Days Won

    39

Everything posted by go558a83nk

  1. Yep, sometimes I have to go restart remote access on my plex server for it to register a new VPN server I'm using, etc. I can't think of any other reason why it only works part of the time for you.
  2. Glad it works but 10.30.0.1 and 10.4.0.1 really point to the same DNS - the server to which you're connected. Not sure why the change. Were you always using Kitalpha?
  3. google thinks Tonatiuh is in Brasil. and it's on the project honeypot list too, probably from previous usage in Brasil.
  4. probably a DNS issue. download new config files using advanced mode in the config generator, and clicking resolved hosts in .ovpn file.
  5. I'm telling you it's cogent. tonatiuh is the only dallas server that's not reached from comcast via cogent. I'm guessing other providers (if you're not using comcast) are using the same routing...because cogent is known to be cheap.
  6. running pfsense 10.3 on a AMD A6-7400K Radeon R5 With advanced settings>miscellaneous>cryptographic hardware>amd geode LX security block openssl speed -evp aes-256-cbc Doing aes-256-cbc for 3s on 16 size blocks: 69228564 aes-256-cbc's in 3.00s Doing aes-256-cbc for 3s on 64 size blocks: 20139141 aes-256-cbc's in 3.00s Doing aes-256-cbc for 3s on 256 size blocks: 5465575 aes-256-cbc's in 3.00s Doing aes-256-cbc for 3s on 1024 size blocks: 1404702 aes-256-cbc's in 3.00s Doing aes-256-cbc for 3s on 8192 size blocks: 176969 aes-256-cbc's in 3.00s OpenSSL 1.0.1s-freebsd 1 Mar 2016 built on: date not available options:bn(64,64) rc4(8x,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(idx) compiler: clang The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-256-cbc 369219.01k 429635.01k 466395.73k 479471.62k 483243.35k With advanced settings>miscellaneous>cryptographic hardware>aes-ni cpu-based acceleration openssl speed -evp aes-256-cbc Doing aes-256-cbc for 3s on 16 size blocks: 1524514 aes-256-cbc's in 0.30s Doing aes-256-cbc for 3s on 64 size blocks: 1549608 aes-256-cbc's in 0.22s Doing aes-256-cbc for 3s on 256 size blocks: 1268941 aes-256-cbc's in 0.23s Doing aes-256-cbc for 3s on 1024 size blocks: 739837 aes-256-cbc's in 0.13s Doing aes-256-cbc for 3s on 8192 size blocks: 151301 aes-256-cbc's in 0.02s OpenSSL 1.0.1s-freebsd 1 Mar 2016 built on: date not available options:bn(64,64) rc4(8x,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(idx) compiler: clang The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-256-cbc 82163.28k 453371.03k 1386021.96k 6060744.70k 52883532.46k With advanced settings>miscellaneous>cryptographic hardware>aes-ni cpu-based acceleration openssl speed -evp aes-256-cbc -engine cryptodev engine "cryptodev" set. Doing aes-256-cbc for 3s on 16 size blocks: 1526421 aes-256-cbc's in 0.31s Doing aes-256-cbc for 3s on 64 size blocks: 1522099 aes-256-cbc's in 0.27s Doing aes-256-cbc for 3s on 256 size blocks: 1261088 aes-256-cbc's in 0.29s Doing aes-256-cbc for 3s on 1024 size blocks: 739709 aes-256-cbc's in 0.13s Doing aes-256-cbc for 3s on 8192 size blocks: 151291 aes-256-cbc's in 0.02s OpenSSL 1.0.1s-freebsd 1 Mar 2016 built on: date not available options:bn(64,64) rc4(8x,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(idx) compiler: clang The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-256-cbc 78152.76k 366736.32k 1116846.80k 5703243.41k 79320055.81k With advanced settings>miscellaneous>cryptographic hardware>none openssl speed -evp aes-256-cbc Doing aes-256-cbc for 3s on 16 size blocks: 72793174 aes-256-cbc's in 3.00s Doing aes-256-cbc for 3s on 64 size blocks: 20266245 aes-256-cbc's in 3.02s Doing aes-256-cbc for 3s on 256 size blocks: 5436363 aes-256-cbc's in 2.98s Doing aes-256-cbc for 3s on 1024 size blocks: 1404736 aes-256-cbc's in 3.00s Doing aes-256-cbc for 3s on 8192 size blocks: 175041 aes-256-cbc's in 2.97s OpenSSL 1.0.1s-freebsd 1 Mar 2016 built on: date not available options:bn(64,64) rc4(8x,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(idx) compiler: clang The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-256-cbc 388230.26k 428995.04k 467555.76k 479483.22k 483009.98k It seems enabling for the OS AES-NI, in this test, makes smaller block sizes slower but the larger block size(s) much faster. The question is, what block size is the best representation of internet traffic?
  7. I would also like to know. you'd like to know what?
  8. https://airvpn.org/topic/16730-why-airvpn-not-using-sha2-instead-of-sha1/?hl=%2Bsha1+%2Bsecurity
  9. https://addons.mozilla.org/en-US/firefox/addon/canvasblocker/ this seems to get much better reviews than the one you posted.
  10. Online Members: 14911 - BW: 50435 Mbit/s over 50000 mbit/s!!
  11. looks like ipleak is now giving ipv6 addresses of domain name servers. for me it is just the same server, ipv6 address.
  12. there's no reason Eddie would be slower. this could just be a coincidence....that something else has changed with routing to the server, etc.
  13. https://airvpn.org/topic/19348-what-does-airvpn-has-to-do-with-amazon/?hl=amazon
  14. I'm not so sure. if my old asus AC68 could do 50mbit then a late generation CPU at 1.7ghz may be able to do it. but, I admit I had the same thought as you at first.
  15. oh sweet. and those two dallas servers are at two different datacenters, both different from the other we already had. very nice.
  16. it should work just the same. make sure you're using AirVPN DNS on the router as that is required for what you're wanting to do.
  17. another user, posts on page 10 of this thread, found that the squid proxy was causing "leaks". so, you might begin there.
  18. yeah, I had to laugh when I read that. I hope the free, horrible quality, tv is worth it to them.
  19. then you should be more worried about your ISP than AirVPN.
  20. They can't anyway assuming all those sites use TLS (https).
  21. I think this is the 2nd or 3rd time somebody has asked this. I'm no expert by any means and I figured it out myself by just looking around and posting on the pfsense forums. I'll write up something here for using an SSL tunnel. SSH doesn't require stunnel but may require installing something like bash. The other steps and actions are very similar. You must install stunnel from the freebsd repo with a small workaround It's recommended to install nano and screen from the pfsense repo Start by browsing to https://pkg.freebsd.org/FreeBSD:10:amd64/latest/All/ This is for 64bit systems, which I assume all are these days. Find stunnel, and copy the link to it. Open an SSH session to your pfsense machine, select 8 for the shell command line. I use putty for this. https://the.earth.li/~sgtatham/putty/latest/x86/putty.exe run it and put in the ip address of your pfsense machine e.g. 192.168.1.1 with connection type SSH. Via your SSH session find or create a directory on the pfsense machine to which to download stunnel use fetch to download stunnel from the SSH prompt, like this - fetch https://pkg.freebsd.org/FreeBSD:10:amd64/latest/All/stunnel-5.40,1.txz use pkg to install stunnel - pkg install stunnel-5.40,1.txz use pkg to install nano - pkg install nano use pkg to install screen - pkg install screen exit out of the shell session by typing exit at the command prompt re-enter the shell session by selection option 8 download the config files you need from the AirVPN config generator page with your web browser. Then we will upload them to the pfsense machine via the web GUI interface. In the pfsense web GUI go to diagnostics>command prompt In the upload file section upload the *.ssl files you need, for each server you may want to use. And upload a stunnel.crt file. If you've downloaded configs for several servers you may have many stunnel.crt files but you only need to upload one. They're all the same. Via the SSH session command line move those files you've uploaded to the pfsense machine to a permanent location. Right now they're in the temp folder as the web GUI told you. This step is not necessary but should help with performance. I edit the .ssl files to use the least CPU intensive TLS 1.2 cipher. By default it'll use a stronger cipher but this isn't the real security later, openvpn is. This is just meant to defeat DPI. Since your machine will be crunching SSL for stunnel and openvpn, choosing a weaker cipher here will save you some clock cycles. In the permanent directory to which you've moved the .ssl and stunnel.crt files use nano to edit... e.g. nano AirVPN_the_server_you_chose.ssl under the line "options = NO_SSLv2" paste another line (no quotes) "ciphers = DHE-RSA-AES128-SHA256" type ctrl+o to save the changes. type ctrl+x to exit out of nano run stunnel using screen so that it runs in the background. like this - screen -dmS tunnel stunnel AirVPN_the_server_you_chose.ssl the options -dmS are important, and so is the letter case. "tunnel" is the name of the screen session, you can call that whatever you want. Look via your web GUI of the pfense machine at Status>system logs to see that stunnel is running properly. If it is, then proceed to editing your openvpn client by going to vpn>openvpn>clients and editing your AirVPN client so that it goes through stunnel. The edits you must make to the openvpn client are: protocol must be TCP, interface must be localhost, server must be 127.0.0.1, server port must be 1413, and you must add to custom options from the corresponding .ovpn file (same server as the .ssl file you started with stunnel) the line "route server_IP_address 255.255.255.255 net_gateway" (without quotes). Just open the .ovpn file for the server you chose with wordpad to copy and paste the line. If "explicit-exit-notify x" is in your custom options remove it as that option won't work with a TCP tunnel. click save to save the changes to the openvpn client and it should connect. Again you can look in system logs to see more stunnel actions, and look at your openvpn status and logs, all via the web GUI.
  22. I get the same speed via any TCP (that includes SSL) tunnel to the dallas servers - only about 10mbit/s. It's either my ISP or the cogent routers that are traversed.
  23. when sorting by speed it seems that USA residents will always be shown Canadian servers as "fastest". Just test several cities and see which works best for you.
×
×
  • Create New...