go558a83nk

I have never seen this with my asus routers.  but nevermind that.  an AC52 is a ranger extender.  are you sure you're using VPN on an AC52?

you can try turning off mssfix altogether in the custom openvpn config section "mssfix 0" (that's zero).  but, most likely you'll have to do what staff said and use the SSL tunnel.

 

no, you're not invisible to your ISP.  They just can't decode the encrypted connection between you and the VPN server.

 

only danger I can think of are governments that deem them illegal

 

no, your connection is encrypted.  just make sure your DNS isn't leaking or they might have some idea what you are doing because they'd know the urls you've resolved.  if you're using Eddie you're probably not leaking, especially if you use the network lock

 

is your last question a repeat or do you mean regular usage not on a VPN?

I think you answered it pretty well. I was just worried about what all can be seen.

I guess it would be best to explain more fully. My father works for comcast (supervisor) and I suspect that he has been informing my mother of all the things that I look up. Whether it be simple things like checking my email or bank account to more private things like the things I watch and personal conversations on the internet with people in forums. I don't want him to have even the NOTION that he knows what I'm doing. I am an adult. I shouldn't be monitored by them at this point in my life.

 

Does AirVPN have built-in DNS leak protection or do I need to research a program for that?

go to ipleak.net to check if DNS is leaking.

no, you're not invisible to your ISP.  They just can't decode the encrypted connection between you and the VPN server.

only danger I can think of are governments that deem them illegal

no, your connection is encrypted.  just make sure your DNS isn't leaking or they might have some idea what you are doing because they'd know the urls you've resolved.  if you're using Eddie you're probably not leaking, especially if you use the network lock

is your last question a repeat or do you mean regular usage not on a VPN?

Yes on DNS and NTP options/fixes.

another thing

how can I access my cable modem when the VPN is up?  my LAN subnet is 192.168.1.0/24  For some reason I can ping my cable modem (192.168.100.1) but it's going out the VPN tunnel.  Because of that I can't actually pull up the cable modem web GUI.  I've tried to put in rules to allow 192.168.100.1 to be accessed through the WAN but I guess I'm doing something wrong because it didn't change anything.

Edit: Got this figured out too.

Just built a box for pfsense and used your guide on the first page of this thread to get things more or less working.

My setup is just cheap "desktop" parts but it's fast.  I'm using just 2 NICs.

I'd love some help/ideas on how to do the following

1) easiest setup for switching between various VPN providers.  This is a problem if I intend to use VPN provider DNS.

2) I actually would rather use public DNS as long as I can verify DNS requests from VPN tunneled clients are actually going through the tunnel.  Prior to this new pfsense box my router, unless I created policy rules, would send DNS requests out the WAN even for clients routed through the VPN.

3) Finally, how do I route certain LAN clients through through WAN and not VPN?

BTW, got a cheap AMD A6 7400K CPU, turned on AES-NI, and selected the engine in the openvpn client setup.  I was able to max out my line, 120mbit/s.  Nice!

Edit: I think I've figured out a couple of the questions above.  Still tinkering with the idea of using different DNS.  The reason is that often AirDNS points me to a server far away, not the nearest in a given network.

Hi

I just wanted to say something about this , I use since few weeks a new router from asus , ac88u with Merlin and I have a vdsl 50.000 and I download with 5,9 mb/s without vpn (airvpn) I get the same .....

is the server you're connecting to very near to you?

Khariz, openvpn is not multi threaded.  There's no such thing as mapping different connections to different cores.

re-read my post above re speeds and nearby servers.  If the CPU isn't maxing then there is some other reason for the slower speeds.  Only real networking experts may know the answer.

not sure why it's lower than with Eddie in your case.  That router should be able to do openvpn at 50mbit/s. 

that said, this is relatively common and I believe it depends on the routing to the server.

I have an Asus AC68, overclocked, and can hit 50mbit/s with AES-256-CBC encryption.  57mbits with AES-128-CBC.  It's heavily dependent on route and route conditions I guess.  I can connect to the same server that Eddie (in Linux Mint) gets 115mbit/s download with and my router can do only 30mbit/s.  I examine the openvpn settings and logs to make sure they're the same.  The only difference I can see is that the buffer in Mint is 512kB while in the router the max is 256kB.  Perhaps that's enough for the difference.  I can connect to another VPN provider with servers closer to home and max out the CPU of the router.  so....all I can say is play around with different servers, ports, and protocols.

You also might want to install Merlin Asus firmware.  He's got some nice extras in there for the openvpn client.

 

 

 

Thanks for the guide. I'll try it.

In case of a problem I'll ask in the forum you mentioned.

 

Hi Anna & Go

 

Can you please advise on how that worked out for you? I need VPN over SSH/SSL to bypass DPI blocking.

 

If it worked for you, I'll go buy one of those ASUS routers.

lso, does it need any special features in the router, or any ASUS (supported by ASUS-WRT) would do?

Does it need special RAM or flash size?

 

E.g. would it work for the ASUS RT-N66U?

 

Thanks a lot for your help.

 

you should get a version of the AC68, in my opinion.  the N66 has too slow a processor.  the AC68 versions (there are several versions, U, P, etc.) have a dual core processor that can run openvpn at acceptable speeds.  Of course, that depends on what you call acceptable.  Anyway, the AC68 is old enough that most kinks are worked out of firmware.  Remember you'll need to use Merlin Asus firmware for this.

Thanks, Go. What about the AC56? It seems to have the same processor as the AC68, at almost half the price.

yes, the AC56 has the same processor.  as I posted previously in this thread, visit the merlin asus forum to get some questions answered.  e.g. you'll want to learn how to overclock slightly to increase openvpn speed.

there is no tutorial on getting the SSL tunnel running.  I just did it myself.  Again, as mentioned previously, install entware after merlin asus firmware is installed.  Entware has to be installed on a USB drive connected to the router.

Once entware is installed you can then install stunnel. 

then download the linux configs for the Air server you want, selecting SSL setup.  you'll also want to select resolved hosts in ovpn.

put the files stunnel.cert and *.ssl into a directory on the USB drive (this should be easy to do if you enable samba server in the USB options).  Then just run stunnel, "stunnel servername.ssl".

When you upload the ovpn config into the openvpn client it'll configure the proper IP address (it'll point to the router itself) and port.

 

Thanks for the guide. I'll try it.

In case of a problem I'll ask in the forum you mentioned.

 

Hi Anna & Go

 

Can you please advise on how that worked out for you? I need VPN over SSH/SSL to bypass DPI blocking.

 

If it worked for you, I'll go buy one of those ASUS routers.

lso, does it need any special features in the router, or any ASUS (supported by ASUS-WRT) would do?

Does it need special RAM or flash size?

 

E.g. would it work for the ASUS RT-N66U?

 

Thanks a lot for your help.

you should get a version of the AC68, in my opinion.  the N66 has too slow a processor.  the AC68 versions (there are several versions, U, P, etc.) have a dual core processor that can run openvpn at acceptable speeds.  Of course, that depends on what you call acceptable.  Anyway, the AC68 is old enough that most kinks are worked out of firmware.  Remember you'll need to use Merlin Asus firmware for this.

seems like it was the favorite server of a lot of us.

could this be from WebRTC?

crap, that was my favorite overseas (for me) server.

edit: I'm curious what abuse is happening.  I know for a fact that at least 1 bittorrent seedbox company uses i3d datacenter.  So, surely they aren't complaining to you, Air, about that sort of thing.

https://airvpn.org/topic/7181-clarification-of-your-monitoring-policies/?p=29972

this is the particular post I was recalling when I wrote the above.

https://airvpn.org/topic/7181-clarification-of-your-monitoring-policies/?p=29972

zhang888, perhaps you should read that post by Air Staff. 

 

I'm 99% sure Air takes the same position when it comes to certain crimes.  In the case of Air and probably ovpn.se the ban would be retroactive (edit: or is the word reactive?), not proactive, and most likely only after having been alerted by the proper authorities. 

 

This is not something Air would be 99% sure about, they would be 100%, so why are you saying anything assuming what Air's stance might be?

because of things I've read in forums.  I'm not speaking for them.  I'm recalling memory of previous posts.  thus, only 99% because my memory may fail me.

In a way i see both as equally good but i find that OVPN's transparency so far has been great. They are honest about how much they are investing in each datacentre, how they prepare and configure their servers et cetera.

As an example - it is one thing to just disable the logs in the configuration but another to actually run the servers diskless, limit write rights with AppArmor and of course - make sure you have full control of the server yourself and not only rent a dedicated one.

I don't buy that, look at the ToS:

>Illegal activities

Customers may not use our services to commit crimes. In the case of a crime being comitted, OVPN.se retains full rights to suspend the account in question without a refund.

If they have the ability to terminate accounts for "crimes", they do log and should be avoided. You are either a VPN provider or a court judge, but you can't be both.

These guys made it clear on which side they are.

I'm 99% sure Air takes the same position when it comes to certain crimes.  In the case of Air and probably ovpn.se the ban would be retroactive (edit: or is the word reactive?), not proactive, and most likely only after having been alerted by the proper authorities. 

it means Air's openvpn server sees your connection coming from Air's ssl daemon. 

Well I guess this is the airvpn client sub forum so I'm probably wrong. . I was thinking possibly a router was being used

why do people assume the OP is using Eddie?

Hi

 

One more comment on this topic. Today, by accident I just discovered that I mighgh be wrong saying I have no slowdown problems with AC87U. Indeed it may have some performance problems with VPN Client AND 2,4 radio. I have no idea why this is it, but while I test 2,4Ghz speed is significantly degraded up to at most 20/28Mbps. While connecting to 5Ghz radio everything seems to work fine. No problem with 40Gbps whatsoever. This is indeed strange behaviour. As for now workaround is to use 5Ghz WI-FI.

 

As a note. If somebody need stable speed through VPN on router level better choice is to invest into something what actually has support for AES acceleration, than even best home router out there. Just building pfSense appliance for this sole purpose based on excellent Intel Atom D2500ccd motherboard (or mitac PD12TI, which is essentially rebranded Intel board). Exactly the same as shown here: https://www.youtube.com/watch?v=f7aIaUhBUIM. If anybody is interested in performance I would show some results. 

 

regards

Artur

I am interested in the openvpn performance of this.  I'm not handy with building "computers" so I've been interested in the hardware pfsense sells, specifically the sg-2220 which has the intel atom 2338 cpu. 

I seem to be able to clock 65Mbps out of my ISP and 63Mbps out of PIA.

 

I'm using an ASUS RT-AC5300 with Merlin FW (which should have no problem with AES, and the CPU cores aren't really burdened from the graph on the router).

 

I can take a client and feed it through PIA and get a very slight speed drop, about 2-3Mbps.

 

AirVPN however can't get me above 20Mbps, and is currently under 5Mbps.

 

I got a month subscription to test AirVPN vs PIA, and although you seem to unblock Netflix unlike PIA, that speed is unacceptable, and I don't think it's an overburdened exit node if your load graphs are accurate.

it's all about the routes to the server, not the servers (usually).  compare the route to the PIA server you use vs routes to Air servers. 

Hi anyone.

​

​I did some more testing and now think it's save to say that disabling hardware nat acceleration did the trick. Not sure about raising the buffersizes.

​But i now leave it this way.

​Thanks for all the tips.

​

​Can someone answer this question, please:

​comprehension question: if the router connects to country level entrypoint will it be connected to the fastest server at that moment or to the server with the least number of  users or what? And will there be some kind of loadbalancing i.e. switching to another server when under heavy load?

​

​Kind regards,

​

​Justin

you'll be connected to the least used server as far as I know. as I tried to tell you, "speed" will be about the same unless a server is really loaded.  speed is much more affected by your route to the datacenter, not the server itself.