Jump to content
Not connected, Your IP: 3.230.143.40

go558a83nk

Members2
  • Content Count

    1903
  • Joined

    ...
  • Last visited

    ...
  • Days Won

    26

Posts posted by go558a83nk


  1. Yes, I think you can make this work quite well though it takes a little configuration and trial and error.

     

    I do think you will need to spend more money than you project to buy a router with powerful enough CPU to suit your needs.  Did you have one in mind?

     

    Also, when you are forwarding ports you'll need to follow the below instructions no matter what router firmware you actually end up using.  It's all just a linux box in the end.

     

    https://airvpn.org/topic/9270-how-to-forward-ports-in-dd-wrt-tomato-with-iptables/


  2. Does anyone know if there's an OpenVPN command in Linux to display information about the current connection? I'd like to check what ciphers are being used. I'm using network-manager-openvpn-gnome.

     

    If possible I'd like to enforce use of DHE-RSA-AES256-GCM-SHA384 with TLS 1.2 on all of my connections.

     

    My 2 cents on the issue of whether the encryption is being cracked: on single hop personal VPNs with OpenVPN neither the crypto nor the implentation is the real weak point. For someone like the NSA or GCHQ, the best route is traffic analysis. No need to find a zero day or use valuable, highly secret crypto vulnerabilities when you can just match up what's going into the server with what's coming out.

     

    But a VPN is still good to make discovering which Tor guard node you're using a bit more difficult.

     

    just look at the openvpn log, it says what cipher is used.


  3. Hello!

     

    Ok, anyway, if you prefer so, probably you have noticed that since some weeks ago you can use (provided that your OpenVPN and OpenSSL or PolarSSL supports it) the following TLS cipher:

     

    DHE-RSA-AES256-GCM-SHA384

     

    with TLS 1.2.

     

    The RSA keys are of course the same (4096 bit) as well as DH keys (4096 bit).

     

    If you feel that HMAC SHA1 is not adequate for the Control Channel (but we see no reasons for that) you can use the above cipher.

     

    Kind regards

     

    thanks.  had to upgrade my openvpn version (Linux Mint 17.2).


  4. it's difficult to get a pre-paid visa that's anonymous.  obviously pay with cash, but some still require personal information to activate.

     

    Eddie is AirVPN's openvpn GUI that's quite powerful.  If setup properly it will prevent DNS leaks and has a kill switch.


  5. Hi,

     

    After reading this document from EFF I have some questions:

     

    • I see in my openvpn logs about control channel: DHE-RSA-AES256-GCM-SHA384 --> so you use DHE, but how many bits ? (>1024 ?). If I understand well, EFF prefer ECDHE (I don't know a lot about elliptic curve...)
    • You use DHE, so I suppose you had generated your primes to avoid pre-calculation. Right ?
    •  
    • And now a technical question about DHE-RSA-AES256-GCM-SHA384 to see if I understand well: 
    • DHE it's for the key exchange which will be used when encrypting in AES-GCM
    • RSA: pub key algorithm for authentication (see if I'm connecting with you and not a third party)
    • AES256-GCM: AES 256 bit in galois counter mode
    • SHA384: a digest algo but don't know what is its purpose...

     

    Thanks !

     

    Air uses 4096 bit.

     

    Elliptical curve may be better for the current hot topic vulnerability but only if you use ellipses that were not tampered with by the NSA to allow them a back door. 


  6.  

    I use an Asus AC68 with merlin firmware as VPN client and I've never had your experience.  If it's slow or throttled it is with either the router or Eddie.

     

    one thing to look at on the router is the status page with the CPU usage graph.  make sure that both cores are being used when you're downloading something and openvpn is having to work hard.  what that shows is that kernel work is done on one core while openvpn is running on the other core.

     

    if only one core is being used then try switching to another openvpn client in the web GUI as programming sometimes has different clients mapped to different cores.  or you can just change core affinity using taskset via an SSH session.

     

    You are right, it uses only one CPU instead of two!!!

    What do you mean with OpenVPN client switching? There is only one in the router? 

     

    Can you provide me with more info about taskset?

     

    I hope you don't mean PPTP or L2TP as I don't want to use these protocols for security reasons!

     

    no, I do not mean PPTP or L2TP. 

     

    not sure what the stock firmware looks like but firmware 378.55 Merlin firmware has two openvpn clients.  just select which client you use in the GUI.

     

    you can search the web for how to use taskset.


  7. 1) Mint 17.x is easy to use for Linux beginners

    2) Yes.  I suggest you use VirtualBox as your VM type.  Creating shared folders (shared between the host and guest OS) is easy in the VirtualBox settings for the VM.  In the guest OS you'll find the shared folders in /media

    3) In VirtualBox you can create snapshots of your VM in a healthy state and use that snapshot if you have problems later.

    4) To bypass the VPN running on your host OS you'll need to setup the network type for the linux guest as bridged adapter in the "attached to" setting.  NAT is default.


  8. I use an Asus AC68 with merlin firmware as VPN client and I've never had your experience.  If it's slow or throttled it is with either the router or Eddie.

     

    one thing to look at on the router is the status page with the CPU usage graph.  make sure that both cores are being used when you're downloading something and openvpn is having to work hard.  what that shows is that kernel work is done on one core while openvpn is running on the other core.

     

    if only one core is being used then try switching to another openvpn client in the web GUI as programming sometimes has different clients mapped to different cores.  or you can just change core affinity using taskset via an SSH session.


  9. Any update on a replacement for Etamin in Dallas? I really miss that server =(

     

    I wouldn't be surprised if staff feel that USA already has enough bandwidth.  And they seem to play tricks with the ranking of USA servers in Eddie client.  I'm in USA.  If the scoring rule is speed, Canadian servers get more stars (5 versus 0) than USA servers. There's no reason for that as the USA servers usually have less load and bandwidth is the same.  Seems a little trick to get unsuspecting users to NOT use USA servers.


  10. Totally agree.

     

    Best password manager is:

     

    To encrypt:

    openssl enc -aes-256-cbc -salt -in mysecretlist.txt -out mysecretlist.enc -pass pass:YOURPASS

    To decrypt:

    openssl enc -d -aes-256-cbc -in mysecretlist.enc -out mysecretlist.txt

     

    All that can be done on an already encrypted USB drive or partition.

     

    so I assume it will ask for password to decrypt?


  11. is the router running as openvpn client as well?  if so, you'll need to forward from TUN device to LAN device not WAN to LAN.

     

    if router is NOT running openvpn then no need to open ports at all on router and it can actually be a security hazard.  in this case make sure your server is actually listening on the port AirVPN assigned for the forward and that there is no software firewall blocking.


  12. My 2 cents after some testing today.

     

    My connection is 200 Mb/s down and 20 Mb/s up. I have a Asus RT-AC66U running the most recent Merlin build firmware. Using the Eddie client on my Mbp I'm able to get to 130-150 Mb/s and 19 Mb/s, using OpenVPN client on the router I'm barely touching the 12 Mb/s down and 9 Mb/s up (with WiFi bandwidth to spare).

     

    The AC66U isn't on par with more recent top of the line Asus routers but I'm a bit unimpressed by the performance and don't expect wonders from a slightly more powerful CPU and more RAM.

     

    overclock an AC68 to 1200mhz and it can do 50mbit/s+ with AirVPN.

×
×
  • Create New...