go558a83nk

 

...

wait, "topology subnet" is not in the configs last I looked.  are you sure about that?

 

Look for "PUSH_REPLY" in the log. The server sends it.

if the server pushes it then I suppose it's not important to specify it in my settings - pfsense.

 

looking forward to the upcoming announcement of servers to replace kaus.

It seems that AirVPN is in the process of adding 3 new Atlanta servers!

 

See, if you go to https://airvpn.org/routes/ and scroll down to "United States", you will see three new Atlanta servers: Albireo, Azha, and Dschubba.

 

For some reason, these three servers only show up in the route checking section, and not the Eddie client or the status page.

This suggests that AirVPN has not finished setting up the three new servers.

Hopefully we will be able to use these new servers sometime this week.

that's what I saw but didn't want to spoil the surprise.  I figure they're still testing them prior to announcement.

 

Hello.

 

Is it possible to configure OpenVPN to have multiple (2-3) connections to different AirVPN servers from a single client machine (Linux Ubuntu)? 

 

...

 

So, when I try to configure 2 openvpn connections, the 1st one works fine, while the second one tries to add the same routes to 10.4.0.0/16. It seems that different openvpn servers have the same server-side IP network, and the same server IP gateway address (10.4.0.1). 

 

...

 

I do this. Though not for the reasons you want to.

 

With some effort, you can use the NAT capability of the OpenVPN client to make each connection appear to be on a different subnet.

 

I used to use the rather complex approach involving just OpenVPN configuration that I described here:

 

https://airvpn.org/topic/9518-faking-static-local-vpn-addess-using-client-nat-and-ifconfig/?p=10449

 

As I explained there, I had to change the approach a bit when AirVPN switched from topology "net30" to "subnet".

 

Now I use a modified version of the OpenVPN client that I patched myself. If you are comfortable with patching and building software from source (fairly easy on Linux), you may be interested in this:

 

https://airvpn.org/topic/17235-linux-partial-airvpn-usage/?p=39485

 

I have hinted a few times that AirVPN could probably offer a modified version of the client with something similar to my patch, but they have not bitten.

wait, "topology subnet" is not in the configs last I looked.  are you sure about that?

looking forward to the upcoming announcement of servers to replace kaus.

 

Okay, this makes me very unhappy. It seems every server that works well for me gets withdrawn. Another Texas server has long been requested, but hasn't happened. And then a semi-close server that worked well for me (Kaus) is being withdrawn. I'm seriously considering switching to another VPN at the end of my subscription at this point. The lack of a good server in the southern US is frustrating, especially when they keep getting withdrawn.

 

If you actually read it, they are doing it because the Southern US isn't providing a good connection maybe ask your government to fix their end before asking the VPN who is using your governments network to provide the server.

it has nothing to do with location but everything to do with a datacenter who doesn't keep their word.  Zosma was also mentioned and that's in New York!

crap, my favorite servers always get withdrawn.

Went to a local store and purchased the parts.  With manufacturer rebate bundles the price was cheap.

Got an AMD A6-7400K with an MSI A68HM-E33 V2 motherboard.  Unfortunately this comes with a realtek NIC (gigabit) but it was basically free after rebates.  my other NIC is a D-Link DGE-560T that I've had for a while.  Since this is my first try I didn't want to go all out and get Intel.  so far I haven't noticed a problem.

got a cheap used hdd for only $4 also, and a cheap 2GB stick of RAM.

It's not small form factor so if space is important to you this isn't the way to go.

Regarding temperatures and powerd.  Somewhere in the all the builds released leading up to 2.3 thermal sensors started to work.  However, it seems pfsense reads temperatures wrong.  I'm wondering if some part thinks the readout is in Fahrenheit and is converting to Celsius.  Most of the time it reads temps 6-8C, which is impossible. 

Powerd definitely works.  I can see the frequency change (in dashboard info) if in adaptive mode and also watch the temperature rise so I'm pretty sure the frequency readout is true.  One thing to note is that for this hardware it seems that "cool n quiet" has to be turned on in the BIOS for powerd to work.

just want to thank you again and say that more people should take advantage of your guide here and begin using a pfsense machine with decent CPU.  I can now run my AMD APU at 1400MHz (minimum state in powerd) and still max out my ISP line through openvpn tunnel to Air (120mbit/s).  that's only 200MHz faster than my router which struggled to do 50mbit/s and it runs nice and cool.  and my build was only $127, cheaper than a nice router.

I'm already on 2.3 Release via upgrade from 2.2.6.  I'm just hesitant to do a clean install because everything seems to be working.  That's why I asked how you're testing DNS and if the tunables problem was important.

Air had a server in Ukraine some time ago but the datacenter was raided and servers stolen, so the story goes.  I doubt Air will try anything there again.  And Russia is a no-go zone.

pfBlockerNG worked for me on all of my VM's while testing 2.3.

 

I had some oddities with system tunables when going the upgrade route, but when I did a clean install everything worked well, beyond well. I did not restore all settings. I restored my aliases, but manually programmed everything else. I feel it was worth it.

 

There were some buggy issues on 2.2.6 with the DNS Resolver not taking the settings that were input all of the time, this seems to be fixed in 2.3. That bug carried over on upgrades, but is non existent with the clean install.

 

 

I cannot stress how much I recommend upgrading for all of the security and performance upgrades this offers.

how are you testing for the DNS bugs?  problems with system tunables that are important?  at this point I'm hesitant to do a clean install. 

Hello again.

 

I think I've found the solution. The "Not connected" message on the website refers to my IPv6 address. I am connected to an AirVPN server via IPv4. I take this as not being a security problem, since no data is using IPv6, as eddie blocks its use.

 

If this not so, please let me know.

in the eddie client preferences -> advanced, disable ipv6.  if ipv6 is the culprit that should fix the problem.  also, using the network lock, if you can, will solve a lot of problems.

I know nothing about such a law but seems like that would be a stretch.  after all, you're not tampering with the network.  you're only using it for an encrypted tunnel. 

why not use the client that AirVPN makes?

zhang888

 Turning jumbo frames off did make it stable, sacrificing some speed though.

 

go558a83nk

Turns out that was the case most of the time with slower speeds, during the times of 2-6PM the download speed would go as low as 3MB/s compared to the 15MB/s I was supposed to be receiving. When it was midnight 1-5AM, the speeds were running at the advertised speeds. Mentioning it was reliable was a mistake since it's not accurate as of now, it was reliable when comcast didn't upgrade everyones connection speeds and my speeds were at 7-8MB/s, it was fine throughout the entire day. I have friends that live in the same zip code as I do, asked them about the speeds and they all mentioned it was 'slower than usual' expect for the one that used AT&T.

yep, I have comcast too.  during low usage times I get 120mbit/s but other times I can only get about 80mbit/s.

 

were those two tests done within minutes of each other?

No.

My ISP speed is consistent so this doesn't matter too much.

perhaps a common mistake being made here to think your ISP speed is consistent.  how do you test your speed?  from what server? ISPs have a sneaky way of always making your speed look great.  In your ISP network the speed may be blazing but your ISP may actually be overselling their bandwidth capacity in peerage and transit agreements.  That's where bottlenecks will be. Therefore the routing to different VPN servers will significantly affect your potential speed as some routes are less congested than others.  And, of course, time of day matters a great deal if they (ISP) are indeed hitting bandwidth limits along certain routes at busy times of day.

were those two tests done within minutes of each other?

and try different servers.  routing makes all the difference.

if the speed varies by time of day it's most certainly a bottleneck in the route to/from the server, not the fault of the router.  900kB/s is slow.  the route to the PIA server may be "better" and that's why you see consistently better speeds.

It's also easy to see the load on an AirVPN server but it's most likely not the reason for slow speeds.

A sentence with 10 words would lead to a 10 character password?  How is that stronger than any other 10 character password?

that won't be on my box

please feel free to share the reasons for your conclusion.  I'm just curious.

gigglenerd - must be April 1st

trace the route.  most likely your ISP lost some connectivity forcing the route to take a long path.

yes, merlin asus firmware has pretty easy to use policy based routing in the openvpn client GUI.  that's all I've used for my asus routers.

what operating system are you running openvpn on?  If linux you might try "mtu-disc yes" or "mtu-disc maybe".  don't forget to try "mssfix 0" in combination with mtu-discovery.

Also, have you tried different send and receive buffers since changing ISP?