Jump to content
Not connected, Your IP: 3.235.236.13

go558a83nk

Members2
  • Content Count

    1904
  • Joined

    ...
  • Last visited

    ...
  • Days Won

    26

Posts posted by go558a83nk


  1. The air client already uses iptables if the option is chosen. It also rewrites or rename/replaces the resolv.conf - dns option depending.

     

    There's a rule set posted here that's similar.

    https://airvpn.org/topic/9139-prevent-leaks-with-linux-iptables/

    Its not stateful but by simply adding the if not '!' eth+ ! -d it really doesn't need to be. -Unless someone try's to spoof the ip.

     

    right, iptable usage to block whatever is certainly not novel.  but, looks like zorro is trying to make it easier for people to manage automatically with their script.


  2. The only linux I've used for VPN is that on my router and it has its own coding to manage policy routing and block clients if the VPN tunnel is down...

     

    I don't know if the following is a real problem, especially for those who use the Eddie client.  However, I thought I'd share.

     

    https://zorrovpn.com/articles/linux-iptables-vpn-only

     

    which leads into the manpage for the script they've made

     

    The script is free to share and edit under GNU GPL.

     

    There is a section dealing with allowing access (of course) to VPN server IP.  By default that section is geared towards zorrovpn since they are the maker.  However, I'm sure it can be edited by somebody who knows what they are doing to work for Air.


  3. freedom and liberty do not mean anarchy, yet people these days tend to think they do.

     

    freedom can only go so far until it infringes on the rights of others.  here, for example, think of the personal drone of today.  more and more we hear of people flying their drones in ways that infringe on the rights of others.  a story out of the USA talks about a woman living in high-rise building seeing a drone outside her window.  this is too far.

     

    no, freedom and liberty only work for the good of everybody if people are civil and ethical, if they do unto others what they would have done unto them.

     

    that said, lack of freedom and liberty, because of an overbearing government, is no better.  the government are no doubt strongly lacking civlity and ethics and think of the common man as nothing more than bugs to be squashed or votes to be bought.


  4.  

     

    Please re-read my post.  I'm using stunnel on my router.

     

    edit: anyway, I got it.  I just added a line to the ssl file "ciphers = DHE-RSA-AES128-SHA256" and it works.  noticibly less CPU usage and still a TLS1.2 cipher.

     

    Ok, great! What is your firmware? Did you compile stunnel by yourself for your router or is it an already available version?

     

    Kind regards

     

    merlin asus 378.51 on AC68 with entware-arm installed.  stunnel is available in the entware-arm repository.


  5. Hello!

     

    Since our servers will accept a variety of ciphers for SSL this is possible by configuring stunnel. However, configuring parameters for stunnel is currently not implemented in Eddie. Please see for example:

    https://www.stunnel.org/pipermail/stunnel-users/2013-February/004112.html

     

    Anyway, you probably don't need to bother about that. Nowadays computer CPUs are so powerful that they are not loaded at capacity by the current stunnel and OpenVPN ciphers you're using (well, it also depends on how much load they have from other tasks...).

     

    Kind regards

     

    Please re-read my post.  I'm using stunnel on my router.

     

    edit: anyway, I got it.  I just added a line to the ssl file "ciphers = DHE-RSA-AES128-SHA256" and it works.  noticibly less CPU usage and still a TLS1.2 cipher.


  6. I'm running stunnel 5.14 with openssl 1.0.2a on my router.  It seems the cipher that's negotiated is probably a little stronger than it needs to be (ECDHE-RSA-AES256-GCM-SHA384).  The config, AirVPN*.ssl, only has a NO_SSLv2 option which is fine, of course.  But, are there any other options I can input that will get stunnel to negotiate a cipher suite that's less CPU intensive?

     

    thanks for the help


  7. I'm also interested because this happens to me with every VPN service using OpenVPN UDP. It recovers after a few seconds but log doesn't show any interruption

     

    one VPN service I've used has some servers that drop out like this with UDP connections.  But others of their servers work just fine.  It happens to me just using downthemall! extension for firefox with several segments enabled.

     

    really weird.  Other VPN providers (including Air) along very similar routing have no problems at all.


  8. I'm not sure how much this issue can be pushed onto Air staff.  They can't control what routing a datacenter has but they can set standards for what datacenters they use so that routing is most likely good for everybody.

     

    Examples of datacenters that VPN companies use in Singapore

     

    Leaseweb Singapore  - http://bgp.he.net/AS59253#_peers

    Softlayer Singapore - http://bgp.he.net/AS36351#_peers

    Digital Ocean Singapore - http://bgp.he.net/AS133165#_peers

    8 to Infinity Singapore - http://bgp.he.net/AS45470#_peers

    (only two real peers, but iptransit and Telin are enough)


  9. Buy AFAIK you should import user.cer certificate and select it on that window together with user and pass.

    There is also a HMA videotutorial that explains how to set OpenVPN on mikrotik

     

    If user and password are used isn't ca.crt the certificate that's needed?  Is that type of connection even possible with Air?


  10. I agree we need more asian servers. Very slow at the moment and 2 isn't enough.

     

    I just checked out Antares (Singapore) and Hadar (HK) 5 minute average charts for today.  Earlier today Antares reached a peak of about 240mbit/s inbound and outbound (480mbit/s total) while Hadar is barely used.  They are 1000mbit/s servers.  I don't know if that's 1000mbit/s total or in each direction.  Staff will have to answer that.  If total, then that would mean that the 240mbit/s peak on Antares was still only half capacity (240 inbound + 240 outbound).  If 1000 each way then it's only 1/4 capacity.  So, I don't think any slowness can be blamed on Air.


  11.  

    I get 150Mbps down on NL servers using the same ISP, so it shouldn't be hard for you to resolve. Are you connecting using Eddie (Air's software)? What version? What's your OS? How is your network set up? Are you using a superhub, superhub 2 or superhub 2 AC? Are you wired or wireless? How are you testing the speeds you quoted?

     

    As a test try turning connecting to the superhub via ethernet (wire) if you aren't already, put the SH into modem only mode and restart the PC. Then connect to an NL server using port 443 UDP. Then download an Ubuntu torrent or download the Ubuntu ISO from Ubuntu.com and see what speeds you get.

     

    Im on windows 7 

    Virgin Media SuperHub (100Mb Connection) 

    Connected using the Airvpn Eddie 2.8.8 

    Connected Via Wireless as i never use the Ethernet wire. 

    SSH Tunnel Port 22 using Eddie 2.88 

     

     

    Any help guys? 

     

    is your superhub in modem only mode as suggested to try?


  12.  admit that my ISP routing to leaseweb singapore is off and on.  just in the last couple days I'm back to going through NTT router direct to Antares.  However, I went several months with routing going through USA before this.

     

    I'm still not convinced it's the fault of anybody but my ISP.  Leaseweb probably feels they are covered by the peerage they have.  The peerage of Pacnet and NTT is impressive.


  13. The current SG server is slow through Leasweb, the previous ones were very fast and they were Softlayer servers.

     

    The HK is even worse it's got the third worst latency for Asia.

     

    I'm thinking about cancelling with Air we can't use the net as this slow speed and what is the point of using USA servers.

     

    can you show an MTR to Antares and Hadar?

×
×
  • Create New...