go558a83nk

oh great.  :-/

Pretty sure Dschubba needs to be put into a category of having problems.  Yesterday while connected I noticed things weren't working.  I subsequently saw a large drop in the load which indicated to me that traffic wasn't incoming/outgoing due to problems.  Today it still has quite a low load (only 1% as I write this), and I was unable to connect to it with a checking route error.

Checking route, 5° try failed (Error: NameResolutionFailure)
 

this happens to me with no other server and has never happened to me before.

Any official word on this server?

there are already plenty of threads on this problem.

Can some1 post a detailed step-by-step guide for solving this netflix problem on pfsense and iphones?

read the guide that I've already mentioned  https://airvpn.org/topic/17444-how-to-set-up-pfsense-23-for-airvpn/

Hello,

 

querying VPN DNS is essential for the micro-routing system, while Netflix native applications versions >=3.7.2 will try to bypass your system DNS. That's the reason of the issue. See for example http://forums.whirlpool.net.au/archive/2342149 for some suggestions.

 

Kind regards

yes, definitely need to use DNS filtering/redirect.  I know in Asus firmware it's easy.  Also easy in pfsense and is enabled in the 2.3 setup guide.

Thank you zhang, I read about ssl is not safe now tls is better,does it mean the same for stunnel or it is different application of ssl?Ssh putty version i dont know, does it mean plink is putty and eddie automatically bump plink to 0.67?Its hard to know for simple user,Thanks

SSL is a generic term.  If you do use stunnel it will likely use a TLS1.2 cipher.

This doesn't really makes any difference who was behind it, these attention seeking miscreants appear

every once in a while, this doesn't worth the time of anyone on this community.

There are many solutions to protect from such low skilled attackers.

All those solutions are way cheaper than paying random opportunists

paying?  I'm suggesting working with authorities to have the perpetrators arrested.  seeing who they are on twitter should help.

 

I assume you saw the user who took credit for this on twitter?

 

I'm not a Twitter user, care to provide links?

https://twitter.com/TrapsFed/status/737085253039296512

I assume you saw the user who took credit for this on twitter?

Hello!

If I may chime in, I've already had this problem and I fixed it using openvpn custum directive "persist-remote-ip".

If you can add it, it'll tell openvpn to reconnect to the same server without dns queries.

either this is the answer, or instead of putting the host "europe.vpn.airdns.org" in the server field put the resolved IP.

Ok I'm back at square 1. just reset openwrt for the millionths time. so somebody got a step-by-step guide? apparently the ones here in the forum don't work for me.

I just looked up the specifications of that router.  I'd say don't bother trying to run openvpn on it.  It'll be too slow.  It has a 560MHz MIPS single core CPU.  That's just not enough CPU.

no, I meant access point mode as opposed to router mode.  Here is what my Asus AC68 says about Access point mode (bold is my emphasis).

"In Access Point (AP) mode, RT-AC68U connects to a wireless router through an Ethernet cable to extend the wireless signal coverage to other network clients. In this mode, the firewall, IP sharing, and NAT functions are disabled by default."

I would imagine access point mode in openwrt behaves the same.

The OP said access point because it's not the main router/gateway of his LAN.  Still, it will need NAT for openvpn to work.

I don't know of a router modem combo by Asus, since you asked which router specifically.

Why would you want to disable NAT in the first place? This will disable iptables rules that are in charge of routing.

OP says he's running the router as an access point.  Usually access point mode in routers disables NAT.  Probably why he/she is here asking why it's not working.  Disabled NAT is an unintended consequence of access point mode.

if the router can't translate your LAN to the subnet of the VPN then traffic over the VPN won't work.

I don't think openvpn will work on a router functioning as an access point (ie NAT is disabled)

the kind of multi-hop other VPN companies offer isn't tunnel within tunnel but a true hop from one datacenter to another that they've pre-programmed.  You access the program based on the port to which you connect.  Not the usual ports of 443 or 53 but things like 52465 and such.  There are thousands to choose from so plenty to have a program for every possible multi-hop within their system.

questions like this need to be asked in a forum dedicated to merlin firmware.

http://www.snbforums.com/forums/asuswrt-merlin.42/

please explain why you need to run more than 1 openvpn client with the policy routing that Merlin has created.  Just route the LAN clients you want through VPN, route LAN clients you don't want through the VPN  through WAN (not VPN). 

read the documentation that comes with the firmware for information on how to use policy routing, e.g. CIDR formatting of IP ranges.

you can do a range that covers your whole LAN, then create exceptions to that rule for a few clients.

you're running two openvpn clients on the same router?

necro bump.  :-/

main disadvantage for TCP is that heavy usage will result in "buffer bloat", seen as an increase in latency.  If your system is using the a TCP tunnel VPN heavily other activities will be delayed more than if it were a UDP tunnel.

However, TCP is often faster for top end speed and TCP is often the only tunnel type that can be created on public wifi systems.

It's really just trial and error to find which works best for your ISP connection to the server you'd like to use.

are you using a firewall other than the one that's built into windows 10?

use the policy routing mode.  read merlin firmware documentation

Hello, sorry for late reply. I still have not made this works... So, calling Eddie, You mean classic AirVPN client? Or is it standalone firewall?

I will try to explain detailed, so I have network lock on:

When disconnected, it turn inet down. But when I exit AirVPN, it is not blocking inet connection, so revealing my IP. Should I then configure firewall separately? Thanks

when you shut down the AirVPN client (Eddie) the network lock is also disabled.  It has to be or else people would be complaining that their internet "doesn't work" when the AirVPN client is shut down.

what you do with a firewall is up to you.  if you want the network lock always on then keep the AirVPN client running.

There is a way to achieve VPN for browsing only, even on Windows.

You will need to use VPN over SSH, then point the browser to use the SOCKS5 port of the SSH

tunnel, in that way the browser will be using the VPN tunnel while the rest of the OS will use the

default gateway.

Is this correct?   Everything will be routed through the VPN tunnel by default.  So, you'd have to route everything outside the VPN tunnel if you indeed wanted VPN only for browsing.  And, if you pointed the browser to the SOCKS5 port it wouldn't be going through the VPN tunnel but through the SSH tunnel.