go558a83nk

Hi I am a new AirVPN user and started getting proxy server errors when trying to watch Netflix. Any workaround I can try? I appreciate any help. Thanks 

just try what's already been discussed in this thread.

could be that wifi network is blocking traffic to the German server IP range or if your config file didn't have resolved hosts they could be blocking DNS resolution of the server name.

I can't see any difference between HE and radb.

There cannot be different since they are both BGP participants.

You can ignore the /24s - I made sure they will be covered by the larger allocation in the example.

The /18 allocation in the first example covers 23.246.0.0 - 23.246.63.255 and so with others.

 

Seems like this still needs more testing from people with various Geo's. Maybe for some regions

it will be required to include AS55095 to the routing table as well.

 

In any case a single person from each side is still not enough feedback, please report more tests!

thanks for looking.

it shouldn't make a difference but I'm using pfsense and not Eddie.  Yes, hopefully others can help work this out.

when it's "not working" can you still ping 8.8.8.8 ?

torrents have been working just fine for me no matter the port on USA servers.  In a linux VM with qbittorrent.  I don't use uTP.

I'm using a linux VM and qbittorrent and torrents are working just fine in the USA.  doesn't matter what port I use.  I don't use uTP.

just manually change the DNS back to automatic if you are not connected to VPN at the time.  it should revert back to automatic (from 10.4.0.1) when Eddie disconnects but sometimes there's a hiccup.

I see what the problem is.  I got my data for AS2906 from http://bgp.he.net/AS2906#_prefixes
 
It seems to have a lot more prefixes than the whois method zhang presented.  So, it could be that you just haven't routed all the ranges yet.

From HE

From radb

 

Yeah I did that, rebooted my PC as well, tried a few more US/CAN servers, no luck.

I tried both with Network Lock Active (which is how I normally connect) and disabled.  Same results for both.

 

Is there any other setting that can interfere with this?

Any logs I can post/review?

 

 read on another thread that if WITCH detects OpenVPN Netflix will as well, not sure if it's relevant here or not:

http://witch.valdikss.org.ru/

 

When I go to the site it does detect OpenVPN:

First seen    = 2016/06/13 17:55:58
Last update   = 2016/06/13 17:55:58
Total flows   = 1
Detected OS   = Windows 7 or 8
HTTP software = Chrome 51.x or newer (ID seems legit)
MTU           = 1392
Network link  = OpenVPN UDP bs128 SHA1 lzo
Language      = English
Distance      = 9
PTR           = 83.154.21.46.in-addr.arpa

PTR test      = Probably home user
Fingerprint and OS match. No proxy detected (this test does not include headers detection).
OpenVPN detected. Block size is 128 bytes long (probably AES), MAC is SHA1, LZO compression enabled.

whatever witch says doesn't matter if the routes to netflix are going outside the VPN tunnel.  what netflix would see is your regular ISP connection.

do a route trace to an IP address in the ranges meant to go outside the VPN tunnel to make sure they are indeed...

I would love to confirm this worked for me but it did not.   Hopefully I'm just doing something wrong.

 

I added the list above to:

AirVPN Client -> Preferences -> Routes -> [x.x.x.x/xx] Outside the VPN tunnel

Is that the correct way to add them?)

 

However I'm getting the "proxy detected" error in Netflix.

Tried on Zosmas, Gorgonea, Agena & Rasalas.

when you add the routes to go outside the tunnel be sure to disconnect, exit out of Eddie properly.  then restart it and use like normal.  it should work assuming zhang was correct about the overlapping ranges (he probably was).

There are no official sources for it but it seems that the blocks occur based on the number of users that share the same IP.

So rerouting won't help much and will be only a short temporary solution for a few days. This is impossible to have unique IPs

per each Air user (in case of rerouting).

 

As long as you route only netblocks from the AS there is little to no risk, imho.

This is a service that is tied to your identity in any case (for payment, etc).

if that's how they are determining who to block then it is useless for Air to do anything.  too bad.  of course the netflix account is tied to identity but my main reason for having a VPN is keep my ISP from knowing everything I do.

That's good news, if more people can confirm this working maybe there will be reason to write a mini how-to.

I hate having to allow so much outside the VPN.  I guess this has gotten too complicated for Air to re-route?

 

if anybody has insight on what hosts should be routed outside the VPN tunnel so that netflix works I could use the help.  they seem to do a real good job of being decentralized.

 

AS2906, AS55095, should be good candidates to start with.

allowing AS2906 outside the VPN tunnel got netflix to work.  I didn't need to allow AS55095.

if anybody has insight on what hosts should be routed outside the VPN tunnel so that netflix works I could use the help.  they seem to do a real good job of being decentralized.

connected to Auva I did some tests.  Previously netflix was working on both roku and apple tv.  not sure when it quit working but it has on both devices.

my setup is pfsense and I am redirecting all DNS requests to Air DNS so netflix's DNS requests to google DNS will be blocked.  I even changed mssfix until the witch web site said "no openvpn detected", which took an mssfix value of 1340 with TCP tunnel.  still not working.

the check button is still there for me.

All websites. Youtube takes like 20 seconds to load with the vpn, and only a couple of seconds without. 

you might want to use the route checking feature in the status section to see latency to youtube from all the servers.  It's possible the VPN server you're using is connecting to a youtube server that's far away instead of close.  I've seen it before.

which web sites?

 

I told you even the most powerful consumer routers could only do about 60mbit/s.   The N16 is weak.  It only has a single core MIPS CPU.

 

Stick with Asus, use merlin firmware for other options like policy based routing.

 

The AC56 and AC68 have good CPU and are older and prices for those have dropped.

 

Otherwise I've heard good things about the AC88.

OK. The AC56 won't work for me because I require removable antennas. The AC68 is going for about $150 new (Amazon) and $100 used (ebay). The AC88 is over $200.

 

For now, I'll stay with the AirVPN Windows client software on my workstation (which gets internet via the RT-N16 or RT-N12). Eventually, I want to start working with the Ubiquiti business-grade products but I'll first have to research how well AirVPN works with those.

you can build a box that will run pfsense and do openvpn very well for relatively little money.  No more than one of those expensive routers.  You can still get use out of your current wireless router as an access point for wifi devices.

I built one with an AMD APU that does AES-NI for $127.  the only thing that I didn't need to buy was an extra network card as I already had one. 

Can you please explain where do I find this routing server?

I always used AirVPN desktop application to use this service.

 

Thanks 

you don't choose to use it.  AirVPN automatically routes your traffic to that server when necessary to deliver some content that's blocked outside Italy.

The Italian server that exists is a routing server not a VPN server.  You won't see it in the server list in Eddie. 

https://airvpn.org/topic/11359-withdrawal-announcement-crucis/?p=16829

You should read that announcement regarding the past VPN server in Italy.

Interesting reading - Why am I not hearing the endless rumble of jaws dropping to the floor?! (UPDATED!)

thesaker.is/why-am-i-not-hearing-the-endless-rumble-of-jaws-dropping-to-the-floor-updated/

 

snapz

 when I read "stop the empire's war on russia" under the top banner I stopped reading.

well, I guess my fault for not walking through all the steps.  Entware is what you want, Entware-arm to be more specific since that router has ARM CPU.

Just to be sure, in the shell type

cat /proc/cpuinfo

If it's an ARM processor then follow these directions.

https://www.hqt.ro/how-to-install-entware-arm/

sorry you spent time with the other stuff.

edit: truth is, it looks like that optware you have installed should work.  It's a new version compared to the old optware.

paste the system log of the router from the time you start stunnel on.  stunnel activity should be in there as well as openvpn.  system log can be seen in the web GUI

webRTC?

It makes sense that something like this forbids VPN usage.