go558a83nk

easiest fix is to resolve nl.vpn.airdns.org and put that in the config.

at the time of reconnection your DNS is still AirVPN but the tunnel is down.  Therefore, Air's DNS resolver is unreachable. 

Really wish people would stop pinning the issue to the Routers CPU and ability to processing the encrypted data. It generally has nothing to do with that, unless your using a router built 10 years ago. All modern routers are capable of running a VPN connection properly.

 

I found the issue to actually be the QoS settings on my router. The router applies the max UPLOAD speed to the VPN connection in both directions. So if you have QoS switched on and you have say a upload speed of 5Mbps then the VPN connection is automatically restricted to a max of 5Mbps - and yo would get a DL speed of about 4.5Mbps (taking into account the end to end overhead).

 

Here is video demonstrating the issue. Maybe it is a similar issue for you, so maybe check your settings and see if it helps.

 

Cheers

I don't see a video.  What speed are you getting?

pardon if this has been addressed before but i didnt see it anywhere. i want to set up a dedicated vpn router behind my main router is this possible, or does the dedicated vpn router have to be the  the WAN connected router behind the modem?

yep, it can be done.  I think many people have such a setup.

Good morning to all, was wondering if anyone else is experiencing "port closed" on the transmission client? below are pics of how i have my asus ac68u set up as well as my macbook running osx sierra. am i missing something?? any help is greatly appreciated and thank you in advance.

Screen Shot 2016-10-07 at 3.56.30 AM.pngScreen Shot 2016-10-07 at 4.01.29 AM.pngScreen Shot 2016-10-07 at 4.08.12 AM.png

You're doing it all wrong.

First, what device is running the openvpn client?  That'll determine what step is next.

However, either way, you need to disable automatic port mapping in your torrent client (nat-pmp, upnp) and disable the port forwards you created via your router GUI.

OK i will try, normal it get shutdown from windows if I reboot / quit

that's the problem.  you must disconnect then close the app properly.

did you shut down the Eddie app properly?  Mine remembers blacklists and whitelists.

I don't think there's a directive for automatic reconnection on the hour.  But, the default settings will renegotiate the data channel key every hour.  You can edit this with the directive reneg-sec n where n is the number of seconds between renegotiation. 

if you can't connect via UDP 53 you probably have a router redirecting UDP53 traffic to internal DNS resolution to prevent the use of "rogue" DNS.

so in case of logging me in to amazon my exit ip will be associated with the amazon account and i loose my anonymity?

Amazon will obviously know you logged in from whatever IP.  Whether or not they share that information with your "enemy" is unknown.

First I suggest you identify who you're trying to hide from, decide whether or not it's possible to hide from them, and, if so, the procedures and policy you must form to hide and stay hidden.  As LZ1 says, simply using a VPN (any VPN) isn't enough to hide from a significantly formidable "enemy". 

Hi!

 

Thanks for your reply.

 

So I set up a port in the client area and forwarded it under the incoming connections in Deluge.  I tested the port in the client, and it shows as forwarded properly (or a little green icon that I assume means it's all good).

 

Unfortunately I've still no incoming connections, which I take to assume means my firewall is blocking them - (funny though it didn't do that with Private Internet Access?)

 

Here's the info I can manipulate with Bitdefender - sorry for the newb question, but what do you suggest I use as IP address here?  Thanks!

 

http://imgur.com/8sOv4PG

if Air gives you the green light you're all good.  if you have no incoming connections maybe there is nobody trying to connect.

I read above you're using the test torrent from ipleak.net.  there will be no connections with  that torrent.  it's meant only to confirm the IP address your torrent client (deluge) is announcing to peers.

if you're using the beta app I believe it has a bug with policy routing right now.  but I may have misunderstood.

I am on the latest firmware now, 380.62_1. My NAT Loopback (in the firewall section) is set to Merlin. System Log-Port Forwarding are as follows:

 

Destination Proto Port range Redirect to Local Port Chain

ALL UDP 60311 192.168.1.132 60311 PREROUTING

ALL TCP 60311 192.168.1.132 60311 PREROUTING

ALL UDP 43968 192.168.1.130 43968 PREROUTING

ALL TCP 43968 192.168.1.130 43968 PREROUTING

 

When I port checked on AirVPN site again, there is still no green light. There must be some router settings, perhaps in Administration, System, Web Interface or in Firewall-General tab that need specific settings. What are the correct settings...?

nope there are no settings that need changed.  put in the correct iptables and it works.  if you're still putting in the extraneous rules that's probably the problem.

All you need is this pattern, changing things like the TUN device, the port, the LAN device IP to suit your setup.

iptables -I FORWARD -i tun11 -p udp -d 192.168.1.130 --dport 18378 -j ACCEPT

iptables -I FORWARD -i tun11 -p tcp -d 192.168.1.130 --dport 18378 -j ACCEPT

iptables -t nat -I PREROUTING -i tun11 -p tcp --dport 18378 -j DNAT --to-destination 192.168.1.130

iptables -t nat -I PREROUTING -i tun11 -p udp --dport 18378 -j DNAT --to-destination 192.168.1.130

iptables -I FORWARD -i tun11 -p udp -d 192.168.1.132 --dport 37649 -j ACCEPT

iptables -I FORWARD -i tun11 -p tcp -d 192.168.1.132 --dport 37649 -j ACCEPT

iptables -t nat -I PREROUTING -i tun11 -p tcp --dport 37649 -j DNAT --to-destination 192.168.1.32

iptables -t nat -I PREROUTING -i tun11 -p udp --dport 37649 -j DNAT --to-destination 192.168.1.32

 

Well I was assuming you were using Airs client, since it's an excellent client. NL is only available if you use Airs client, yes. I don't see a good reason to use the OpenVPN client much - Airs client is FOSS software, has been around for a while, is constantly being updated, has a huge amount of features and customizeability and really offers a lot which most other VPNs struggle to compete with. The experimental version of the client also offers more ways of dealing with IPv6 and features more ways to manage Windows related firewall issues. With NL on, you avoid many kinds of leaks, if the client doesn't already do so when it's disabled. I'm surprised that you're surprised that the tests passed actually - it could sound like you didn't think Airs software could manage that. I think your DNS issues are due to how Windows 10 handles DNS, which is/was said to be quite poor.

Yea, I was a little hesitant with using Air's client because of security concerns and because of other customer reviews. After downloading and seeing that it is much more functional after initial install with no configuration, I am impressed.

 

Though it is working better than OpenVPN I would like to see what I can do to resolve the DNSleak as an 'experiment'. I will have to test setups on different OS systems I have to see what changes.

Eddie is open source.  What security concerns could you have?

 

Hello!

 

Turn on Network Lock (NL) .

Alright, I will try to search around on how to enable Network Lock while using OpenVPN/Win10. If you have a link handy, that would be appreciated. I'll have to search around in a few hours if not.

are you not using the software that AirVPN makes called Eddie?

Great news, thank you!

Just an update.  Same user now connected for 7 months!  102 terabytes traffic! 

So I get the point. VPN through router is limited by router's CPU, so I can't achieve the speeds that Eddie (through PC's stronger CPU) is able to get.

 

I managed to overclock the router to 1400/800 mhz and got 32Mbit/s, getting connection drops every few minutes. So it's time to leave the stock firmware and return the router to Amazon. Pity.

it's still a good wifi router but won't get you the speeds you're looking for.

look to build your own pfsense box with a CPU that supports AES-NI, follow the guide in this forum for setting up pfsense with openvpn, and use the AC68 for a wifi access point.

have you searched the merlin forums for help?  I think you're more likely to find help for your questions there.

http://www.snbforums.com/forums/asuswrt-merlin.42/

What speeds are you getting with the AC68?  50 mbit/s is the max you can expect, even if you overclock it to 1200mhz. 

Hello, 

 

I have forwarded a port in the Client Area, as well as set it in qBittorrent and everything works fine for about 1-2 hours and then it stops working. If I delete this port in the Client area and select a new one, as well as change the qBittorrent port to the new one, everything works well for another 1-2 hours until it has the same error.

 

Any ideas what could be causing this? Maybe I am not configuring something properly as I am somewhat new to this. 

 

Thanks for your help.

Sounds like some 3rd program is closing the port for "security". 

just resolve ch.vpn.airdns.org and put that IP address in the server host or address field. 

 

...

 

Yes the ip looks like that, so I'm assuming its ipv6 i am using windows 10, i have not disabled ipv6 on my computer, this is the first time I'm seeing a webrtc leak in the few years I've used airvpn. As for the toredo address I'm not sure. how should i fix this?

 

The usual recommendation is to disable IPv6 (something I no longer want to do):

 

https://airvpn.org/topic/18108-ipv6-leak/?p=43030

 

Microsoft has a page to help you do this:

 

https://support.microsoft.com/en-ca/kb/929852

 

I doubt that any streaming site is likely to use this leak to block you. But if you are worried about the NSA, ...

why do you not want to block ipv6?

I'm thinking it's because you can't run an openvpn client while the device is in access point mode.  Usually routers have to be in gateway/router mode to run an openvpn client as they must be able to NAT.

I never want to use ipv6 anyway.

Having the same problem with this, I use satellite internet, and have seen AirVPN uploading at 30mbps, rendering my connection inactive. Not happy as it is one thing after another with this VPN. Known connectivity issues with Win10 which I use, and the fix as advised in the forums is reset this and reset that only for the bug to resurface and perpetuate.  Not good, I pay to use this VPN.  How long will this bug remain unfixed, especially if it refers to conflicts with widely used Operating systems ? I will not be renewing my subscription until a fix is found and implemented. Not all PC users are technically minded, what about these poor souls ?

thread hijack here. ^^^  anyway, these high uploads are not real.  there's no way AirVPN is magically going way over your ISP upload cap.  If Eddie's measurement is real then it's something happening within your computer.  Or, it's possible Eddie makes an error in the speed calculation and it shows up as a very fast upload speed.

Using a VPN has never been intended for technical novices.  If you feel the need to use a VPN then you must be doing something more than playing facebook.   There are other openvpn GUI apps out there that you can use on windows 10 if you want to try them out.

Anon, I don't have an answer for you.  It sounds like you understand everything and have tried it.  I don't think the pi-hole thing is the problem at all.

Maybe with an update it'll start working.  Are there dd-wrt forums that can help you?