go558a83nk

I assume you saw the user who took credit for this on twitter?

either this is the answer, or instead of putting the host "europe.vpn.airdns.org" in the server field put the resolved IP.

I just looked up the specifications of that router. I'd say don't bother trying to run openvpn on it. It'll be too slow. It has a 560MHz MIPS single core CPU. That's just not enough CPU.

no, I meant access point mode as opposed to router mode. Here is what my Asus AC68 says about Access point mode (bold is my emphasis). "In Access Point (AP) mode, RT-AC68U connects to a wireless router through an Ethernet cable to extend the wireless signal coverage to other network clients. In this mode, the firewall, IP sharing, and NAT functions are disabled by default." I would imagine access point mode in openwrt behaves the same. The OP said access point because it's not the main router/gateway of his LAN. Still, it will need NAT for openvpn to work.

I don't know of a router modem combo by Asus, since you asked which router specifically.

OP says he's running the router as an access point. Usually access point mode in routers disables NAT. Probably why he/she is here asking why it's not working. Disabled NAT is an unintended consequence of access point mode.

if the router can't translate your LAN to the subnet of the VPN then traffic over the VPN won't work.

I don't think openvpn will work on a router functioning as an access point (ie NAT is disabled)

the kind of multi-hop other VPN companies offer isn't tunnel within tunnel but a true hop from one datacenter to another that they've pre-programmed. You access the program based on the port to which you connect. Not the usual ports of 443 or 53 but things like 52465 and such. There are thousands to choose from so plenty to have a program for every possible multi-hop within their system.

questions like this need to be asked in a forum dedicated to merlin firmware. http://www.snbforums.com/forums/asuswrt-merlin.42/

please explain why you need to run more than 1 openvpn client with the policy routing that Merlin has created. Just route the LAN clients you want through VPN, route LAN clients you don't want through the VPN through WAN (not VPN). read the documentation that comes with the firmware for information on how to use policy routing, e.g. CIDR formatting of IP ranges. you can do a range that covers your whole LAN, then create exceptions to that rule for a few clients.

you're running two openvpn clients on the same router?

necro bump. :-/ main disadvantage for TCP is that heavy usage will result in "buffer bloat", seen as an increase in latency. If your system is using the a TCP tunnel VPN heavily other activities will be delayed more than if it were a UDP tunnel. However, TCP is often faster for top end speed and TCP is often the only tunnel type that can be created on public wifi systems. It's really just trial and error to find which works best for your ISP connection to the server you'd like to use.

are you using a firewall other than the one that's built into windows 10?

use the policy routing mode. read merlin firmware documentation

when you shut down the AirVPN client (Eddie) the network lock is also disabled. It has to be or else people would be complaining that their internet "doesn't work" when the AirVPN client is shut down. what you do with a firewall is up to you. if you want the network lock always on then keep the AirVPN client running.

Is this correct? Everything will be routed through the VPN tunnel by default. So, you'd have to route everything outside the VPN tunnel if you indeed wanted VPN only for browsing. And, if you pointed the browser to the SOCKS5 port it wouldn't be going through the VPN tunnel but through the SSH tunnel.

the AirVPN client is supposed to be able to do policy routing based on destination IP address. But, not based on application. Look in advanced settings.

they are talking about even DHT not working. that's "trackerless".

the bottleneck is your router CPU. router CPUs just can't process openvpn fast enough to make it fun. Even the most powerful consumer routers can do maybe 60mbit/s.

Try explaining that to my parents, or my aunt, or the lawyer around the corner who use their computer to get work done and nothing more. They haven't a clue what DNS is, let-alone how to configure it. It would not, because you can allow DHCP (UDP 67,68) for interfaces that require it without requiring all broadcast or local traffic to be allowed on the interface. "Essential" DNS is exactly what I'm complaining about, because it turns out it's not all that essential to the functioning of Eddie - you can include lists of IP addresses and update them through the API when a successful VPN connection is established. Please read the documentation in full The section below describes your previous setup, and reminds you that there are other things that you can configure: You can also decide whether to allow LAN and/or ping or not by ticking or un-ticking "Allow lan/private" and "Allow ping". The "feature" you proposed will result in broken connectivity from the moment you activate it, unless static IPs are used. This is not an expected (default) behavior in any case, since the problem you describe is much easier to solve from your side. This would also be a more complete and elegant solution. I have read the documentation. It glosses over that allowing traffic to the local network could result in leaks, even if the local network is trusted. I disagree with the defaults. The defaults are dangerous and unexpected and will cause harm for non-technical users who don't understand what's going on. Expected and secure: block everything and punch through the bare minimum to get what you need working (i.e. UDP 67/68 to the broadcast address for DHCP on interfaces that require it). Configuration option to allow more than that for users who know what they are doing. Surprising and insecure: block most things but punch through huge blocks of IP addresses just in case users are confused by local resources becoming non-functional. Configuration option to become secure. You obviously haven't read the number of posts here of people complaining that local resources were unavailable...because of network lock. The prudent thing to do is get things working and as safe as possible for the average person and let the power user make tweaks if they want. If network lock was as you desire Air would have many people leaving for another VPN provider because in their mind it "didn't work".

weird, I'm running qbittorrent and Eddie in Mint (virtual machine guest) with no problem. you'll need to post logs from Eddie here

USA netflix still works for me on USA servers

Do you have some antivirus or firewall software running that could cause problems?

Intelligence agencies in nations worldwide are in the same business as the NSA. Also, the USA has no laws invading the privacy of VPN providers such as mandatory logging. However, some nations will be more stringent against copyright infringement than others. But, AirVPN seems to have a good understanding of law and aims to handle copyright complaints the same no matter the location. So, IMO, there is no reason to avoid USA servers anymore than other nations. But, it MIGHT make it easier on AirVPN if copyright infringing activities were done using servers in nations that don't cooperate with copyright complaints.