go558a83nk

 

 

Also, do you recommend a compiled version for Merlin? I don't have access to a Linux machine to compile it...I just need to find a steady solution to this.

 

entware has its own repository with stunnel available, if that's what you're asking.  install merlin firmware, install entware (directions on merlin wiki if I recall correctly), then from SSH command line install stunnel.  something like  opkg install stunnel

 

you'll probably also want to install screen to run stunnel in the background.

 

screen -dmS choose-a-name-for-the-process stunnel sslconfigfromAir.ssl

Thanks for the reply.

 

I have an R7000, and installed Merlin, set it up, used a thumdrive and installed optware, and uploaded the files into the USB, ran stunnel, but when I upload the openvpn file for SSL, it still points to 127.0.0.1 tcp-client:1413!

 

Not sure what I'm doing wrong, and a lack of proper guide from AirVPN is very disappointing, since where I'm at right now has closed all paths to VPN, aside from SSL. Any help would be much appreciated.

by the way, that's interesting that you have merlin asus firmware successfully working on a netgear router.

 

 

Also, do you recommend a compiled version for Merlin? I don't have access to a Linux machine to compile it...I just need to find a steady solution to this.

 

entware has its own repository with stunnel available, if that's what you're asking.  install merlin firmware, install entware (directions on merlin wiki if I recall correctly), then from SSH command line install stunnel.  something like  opkg install stunnel

 

you'll probably also want to install screen to run stunnel in the background.

 

screen -dmS choose-a-name-for-the-process stunnel sslconfigfromAir.ssl

Thanks for the reply.

 

I have an R7000, and installed Merlin, set it up, used a thumdrive and installed optware, and uploaded the files into the USB, ran stunnel, but when I upload the openvpn file for SSL, it still points to 127.0.0.1 tcp-client:1413!

 

Not sure what I'm doing wrong, and a lack of proper guide from AirVPN is very disappointing, since where I'm at right now has closed all paths to VPN, aside from SSL. Any help would be much appreciated.

yep, that's exactly correct.  stunnel has created a server and is listening on the local device (127.0.0.1) port 1413.  Then you must load the corresponding ovpn file in the openvpn client config which will not point to a remote server but will instead connect to that local stunnel server.  You'll see that in the custom config it's setup to then connect to whatever Air server you chose.

L2TP/IPsec connections still need username and password.  Is anybody really using L2TP and thinking about maximum security anyway?

Also, do you recommend a compiled version for Merlin? I don't have access to a Linux machine to compile it...I just need to find a steady solution to this.

entware has its own repository with stunnel available, if that's what you're asking.  install merlin firmware, install entware (directions on merlin wiki if I recall correctly), then from SSH command line install stunnel.  something like  opkg install stunnel

you'll probably also want to install screen to run stunnel in the background.

screen -dmS choose-a-name-for-the-process stunnel sslconfigfromAir.ssl

 

I think the issue is that netflix apps on set top boxes are using an alternate DNS.  So, unless you filter DNS and redirect it so that only AirDNS is used netflix will block you.

 

I'm using Netflix through Chrome and Firefox and it's not working for me.

I've verified that AirVPN is changing my DNS to 10.4.0.1 and I'm using Network Lock (not sure if that helps).

there has been plenty written about netflix.  I don't know all the answers so I can't only suggest to read everything about it in this forum.

I think the issue is that netflix apps on set top boxes are using an alternate DNS.  So, unless you filter DNS and redirect it so that only AirDNS is used netflix will block you.

anybody using Fruho?  I had it working on Mint, somewhat.  It's buggy with importing ovpn configs.  Something happened and now it won't start anymore.  I've uninstalled, rebooted, reinstalled.  Still, won't even start up.  Some kind of error during install but it doesn't say what it is.  I've searched the web but find nothing.

 

you must configure your router to filter DNS so that only AirVPN DNS is used.  Otherwise, Netflix will use google DNS.

This is no longer required to be set menaully using the Eddie client in windows OS go558a83nk

Eddie will do its job of changing the DNS to 10.4.0.1 but that doesn't stop an app or the user from specifying another DNS.  I don't think Eddie does anything with windows to redirect DNS requests to 10.4.0.1 if they're specified to go elsewhere (e.g. 8.8.8.8). 

I don't think watching at the netflix web site uses alternate DNS.  So, anybody with problems is probably using a router.

If running openvpn on a router so that a set top box (apple tv, roku) netflix will work through VPN, DNS requests will need to be filtered and redirected to 10.4.0.1 (or to the router itself which is using 10.4.0.1).

just to test it for yourself when connected with Eddie, try

nslookup www.google.com

and

nslookup www.google.com 8.8.8.8

and

nslookup www.google.com 4.2.2.5

just to see if they give the same result.  if they don't then it proves those other DNS are being used.

you must configure your router to filter DNS so that only AirVPN DNS is used.  Otherwise, Netflix will use google DNS.

bad luck.  hope the new one works out well.

@go558a83nk.

 

I chose a couple of servers/methods of which I know they can fill my bandwith to the max (if they couldn't, I would have chosen different ones), you can't however chose a server on the web based Air VPN speedtest

I made this OP to tell there was a great difference between the web based test and real world performance, take a peek at Hassaleh's usage today, specifically after 08:00.

 

@Staff.

That kind of test senario (only comparison between with and without tunnel) did cross my mind, thanks for confirming this

I have to say, I expected a much much bigger difference between with and without tunnel, so I am most pleasantly surprised

oh, I understand now. I didn't read carefully enough the first time.  I didn't see MB/s.

have you opened a ticket with support since it seems nobody can help you here?

First thing, have you tested several different servers?  Getting only 30mbit/s out of the tunnel when your ISP line is 250mbit/s is losing a lot.  Maybe some other servers will have a better route to you.

After that, be sure to try different ports and protocols and also try SSL tunnel.  I regularly see people around 200mbit/s in the status->top users page, so I know it's possible.

For anyone else still having issues loading ipleak or running dnsleaks standard or extended test can you try switching off:

 

Experimental Bit 0x20 Support

 

https://192.168.1.1/services_unbound_advanced.php

 

un-tick it and save and give ipleak or dnsleak a shot, let me know if it fixes the issue it did for me and I have dnssec and dnssec hardened options left on as per the new 2.3 guide.

when you test at GRC the 0x20 support adds additional randomness in the alphabetic case, mixing up lower and upper case.  without 0x20 turned on GRC reports things are all lower case.

Since https://www.grc.com/dns/dns.htm and https://www.dns-oarc.net/oarc/services/dnsentropy both work with all the options turned ON, I'll just use them.  They work fine at showing any leaks and much more.

I would assume that if it's been changed Air would remove the line about knowing it.  No need to have it there if our real IP address isn't showing.

I'm wondering if the lack of it is residual from the attack or something.

Is Tania still expected to return or is this new server a replacement for Tania?

 

Now that airvpn.org is hosted by OVH is DANE possible?

 

Godaddy still doesn't support TLSA records.

OVH is just a frontend of the web server, the records are set at the DNS level, of the registrar in this case.

ahh.. there's a lot I don't understand about that stuff.

Now that airvpn.org is hosted by OVH is DANE possible?

 

 

Nice!  Could you map Canadian servers as well?

 

you're joking right?  there would be two dots - Toronto and Vancouver. 

I don't know what speeds you are hoping for but the AC66 won't be very fast with openvpn.  I suggest you put merlin asus firmware on it rather than tomato.  It has nice additions to openvpn client (policy routing) and you can install entware on a usb drive, and probably do whatever else you're wanting to do.

.Map of AirVPN United States Servers 1 June 2016.jpg

what do the numbers mean?

Nice!  Could you map Canadian servers as well?

you're joking right?  there would be two dots - Toronto and Vancouver. 

Yeah, if you look in the status section of this web site no servers are listed.  Something is broken.

you'll have to post logs.  

I told you even the most powerful consumer routers could only do about 60mbit/s.   The N16 is weak.  It only has a single core MIPS CPU.

Stick with Asus, use merlin firmware for other options like policy based routing.

The AC56 and AC68 have good CPU and are older and prices for those have dropped.

Otherwise I've heard good things about the AC88.