go558a83nk
-
Content Count
2093 -
Joined
... -
Last visited
... -
Days Won
37
Posts posted by go558a83nk
-
-
-
1 hour ago, mazurka7 said:
Thanks. That explains and confirms my findings. Your prior reply to a similar problem has been hugely helpful in my search as well.
That said, I am still puzzled by the reasoning behind AirVPN's advice to put 10.4.0.1 for WAN DNS as it seems that while it works partially (using IP instead of domain for AirVPN server), it breaks the router's Network monitoring function. Is there any justification for this?
*if* you're using IP address in the VPN server field instead of a domain then putting 10.4.0.1 in the WAN DNS setting might be OK. Because there's no domain to resolve the router doesn't need to reach 10.4.0.1 prior to connection. -
for Asus merlin set WAN DNS to something other than the VPN DNS (10.4.0.1) and in the openvpn configuration set the DNS setting to exclusive. Then it'll switch to VPN DNS when the VPN connects.
10.4.0.1 won't work unless you're connected to VPN because 10.4.0.1 is only accessible through the VPN not from public.mazurka7 and Social_House reacted to this -
See threads like this one for help.
-
The one (?) valid problem I've seen with m247 is evidence (in this forum) that some of their servers aren't actually where they say they are.
-
-
Really thrilled with the wireguard speed. That's me on Mensa. https://i.gyazo.com/277f20acfb21cea8c41a8db164713063.png
-
No, that's not being hostile. That's a gentle reprimand for believing *torguards marketing* because it seemed to me you were saying that you didn't get the speed torguard advertised. Now I see that you do get better speeds with them.
By the way, I run pfsense too and have run wireguard on it since it became publicly available a couple weeks ago. Somewhere on the forum here you'll also see some posts of mine with a speedtest using wireguard. At the time I was told it was a new record. So, that's why I encouraged you to try it.
With openvpn Air found that the 10gbit/s servers weren't as efficient as several 1gbit/s servers. I've seen a post detailing their findings. But wireguard may change that paradigm. Since wireguard is more efficient with CPU usage, and many people will have systems that can saturate 1gbit/s home internet using wireguard, VPN providers may have to trend towards 10gbit/s servers to meet the demand for speed. But I'm no network engineer so what do I know.... And even if VPN servers do get more speed capability it still depends on what ISP/transit/peerage actually allows.
edit: your brother getting gig VPN to your homemade server is a great example of what I mean by ISP/transit/peerage allowance. Since you're both on the same ISP there's no bottleneck. But transiting outside your ISP likely leads to bottlenecks more or less depending on which networks are traversed.
edit2: why aren't you running VPN on the pfsense box itself? and, with wireguard in eddie can you manipulate mtu and mss? if so, try 1420 for both or tune them for your network. sometimes that's a problem with wireguard. -
why on earth do you think you'll magically get better speed with any VPN because they flip a switch for you or say the right words in marketing (torguard)? speed is heavily dependent upon protocol and what the network route allows. try wireguard in that case. Here with air there are a couple servers that are 10gbit/s. have you tested those to prove to yourself that it's not a server load issue that won't be fixed by a dedicated server?
-
1 hour ago, monstrocity said:6 hours ago, Staff said:@monstrocity
Hello!
Watch out, the fact that WireGuard's transport layer is UDP does not prevent (as it happens with OpenVPN, on the other hand) both TCP and UDP wrapping, of course. TCP and UDP packet forwarding must work both with WireGuard and OpenVPN in the same way Please feel free to open a ticket if they don't.
Kind regards
It sounds like your ISP or something on your network is harsh to UDP traffic if TCP VPN tunnels are faster. -
6 hours ago, monstrocity said:11 hours ago, autone said:Anyone managed to get port forwarding to work with wireguard? I am getting connection refused errors. It works fine on openVPN.
don't open a port on your router for eddie. it's not needed for anything if everything's going through the VPN tunnel.Oblivion 2013 reacted to this -
you might want to just use wireguard on pfsense. No doubt it'll be faster for you. This is the video I used to help me setup wireguard.
https://www.youtube.com/watch?v=wYe7FzZ_0X8Air4141841 reacted to this -
1 hour ago, Jacker@ said:
Thanks man 😎
you're welcome. did you get it working? -
20 hours ago, Jacker@ said:Hi,
@go558a83nk
Can you explain how/what you changed address and CIDR?
I want to run multiple WG servers in pfsense, but cannot, all server configs have the same Address = 10.153.187.114/10
Thanks in advance 😁
You need to create another "device" which will allow you to generate configs with a different tunnel IP address. https://airvpn.org/devices/
As far as changing the /10 to /32 I do that in the interface settings of the wireguard tunnel. First I setup tunnel and peer for wireguard handshake, then setup interface and gateway for that wireguard tunnel. -
re my above post. I changed the tunnel addresses from /10 to /32 and it works.
however, I was pulling my hair out trying to figure out why my second tunnel wasn't working even after the tunnel addresses didn't overlap. server was Chameleon.
turns out when I tried to use Leo instead it works. So perhaps something is wrong with Chameleon wireguard? -
I want to add a second wireguard tunnel/peer setup on my pfsense box, using a different device as setup in my AirVPN account. The different device gives me a different, unique interface address for wireguard configs. However, it still overlaps in network address space with the other address for my other "device" so pfsense doesn't allow me to add it. (The /10 address is a very large address range!)
Is there any solution to this so that I can have multiple wireguard tunnels running? -
7 hours ago, ventilaar said:.
I see in my email that you asked about port forwarding. It should work but you'll have to mess with iptables or something on your router. Can't use the router GUI. Or if you had iptables working for openvpn you'll have to change the rules for wireguard. -
-
I got this on my pfsense box just now . Very nice. . May have even been a little limited by my traffic shaper
https://www.speedtest.net/result/12249912075.png -
That CPU does have AES-NI which is important for good speeds with openvpn. But running it in a VM may keep AES-NI from getting used? I don't know.
You could try to use the chacha20 data cipher option that AirVPN supports if your client supports it. It's usually faster on weaker devices.bbqsquirrel reacted to this -
It's probably a bottleneck on your CPU but without knowing what the CPU is in the device I can't say for sure.
bbqsquirrel reacted to this -
does check.airservers.org only resolve if we're using AirDNS?
-
-
Still having problems with packet loss on these servers. I'd like to see them more reliable. I use them for everything everyday so when they go down I notice and it is disruptive to whatever I'm doing.
My ISP's QoS policy strictly limits the rate of UDP transmission to no more than 5mbps
in Troubleshooting and Problems
Posted ...
Using something like TCP 443 is slower than 5mbps? Do you have another choice of ISP?