
go558a83nk
-
Content Count
1899 -
Joined
... -
Last visited
... -
Days Won
25
Posts posted by go558a83nk
-
-
Hello!
Since our servers will accept a variety of ciphers for SSL this is possible by configuring stunnel. However, configuring parameters for stunnel is currently not implemented in Eddie. Please see for example:
https://www.stunnel.org/pipermail/stunnel-users/2013-February/004112.html
Anyway, you probably don't need to bother about that. Nowadays computer CPUs are so powerful that they are not loaded at capacity by the current stunnel and OpenVPN ciphers you're using (well, it also depends on how much load they have from other tasks...).
Kind regards
Please re-read my post. I'm using stunnel on my router.
edit: anyway, I got it. I just added a line to the ssl file "ciphers = DHE-RSA-AES128-SHA256" and it works. noticibly less CPU usage and still a TLS1.2 cipher.
-
Thanks. I'd love to hear from staff an answer to my actual question. I can pull 50mbit/s with my setup but just trying to get every bit I can.
-
I'm running stunnel 5.14 with openssl 1.0.2a on my router. It seems the cipher that's negotiated is probably a little stronger than it needs to be (ECDHE-RSA-AES256-GCM-SHA384). The config, AirVPN*.ssl, only has a NO_SSLv2 option which is fine, of course. But, are there any other options I can input that will get stunnel to negotiate a cipher suite that's less CPU intensive?
thanks for the help
-
just enable DHT and peer exchage and go. you don't need the public trackers.
that said, get a grip man. port forwarding and public trackers access are no where near related.
-
I'm also interested because this happens to me with every VPN service using OpenVPN UDP. It recovers after a few seconds but log doesn't show any interruption
one VPN service I've used has some servers that drop out like this with UDP connections. But others of their servers work just fine. It happens to me just using downthemall! extension for firefox with several segments enabled.
really weird. Other VPN providers (including Air) along very similar routing have no problems at all.
-
I just tested it on my iOS8 iphone. openvpn connect with TCP 443 profile. connected right up, no problem, on both home internet (wifi) and cellular data.
I also tried same profile in guizmovpn and it worked as well.
-
-
I'm not sure how much this issue can be pushed onto Air staff. They can't control what routing a datacenter has but they can set standards for what datacenters they use so that routing is most likely good for everybody.
Examples of datacenters that VPN companies use in Singapore
Leaseweb Singapore - http://bgp.he.net/AS59253#_peers
Softlayer Singapore - http://bgp.he.net/AS36351#_peers
Digital Ocean Singapore - http://bgp.he.net/AS133165#_peers
8 to Infinity Singapore - http://bgp.he.net/AS45470#_peers
(only two real peers, but iptransit and Telin are enough)
-
Buy AFAIK you should import user.cer certificate and select it on that window together with user and pass.
There is also a HMA videotutorial that explains how to set OpenVPN on mikrotik
If user and password are used isn't ca.crt the certificate that's needed? Is that type of connection even possible with Air?
-
will there be another Dallas server eventually? Your post in the USA servers cancellation thread said "a couple" Dallas servers were on the way.
-
I agree we need more asian servers. Very slow at the moment and 2 isn't enough.
I just checked out Antares (Singapore) and Hadar (HK) 5 minute average charts for today. Earlier today Antares reached a peak of about 240mbit/s inbound and outbound (480mbit/s total) while Hadar is barely used. They are 1000mbit/s servers. I don't know if that's 1000mbit/s total or in each direction. Staff will have to answer that. If total, then that would mean that the 240mbit/s peak on Antares was still only half capacity (240 inbound + 240 outbound). If 1000 each way then it's only 1/4 capacity. So, I don't think any slowness can be blamed on Air.
-
-
-
those are just basic iptables. if those don't work in the latest tomato then the whole router shouldn't work
-
I get 150Mbps down on NL servers using the same ISP, so it shouldn't be hard for you to resolve. Are you connecting using Eddie (Air's software)? What version? What's your OS? How is your network set up? Are you using a superhub, superhub 2 or superhub 2 AC? Are you wired or wireless? How are you testing the speeds you quoted?
As a test try turning connecting to the superhub via ethernet (wire) if you aren't already, put the SH into modem only mode and restart the PC. Then connect to an NL server using port 443 UDP. Then download an Ubuntu torrent or download the Ubuntu ISO from Ubuntu.com and see what speeds you get.
Im on windows 7
Virgin Media SuperHub (100Mb Connection)
Connected using the Airvpn Eddie 2.8.8
Connected Via Wireless as i never use the Ethernet wire.
SSH Tunnel Port 22 using Eddie 2.88
Any help guys?
is your superhub in modem only mode as suggested to try?
-
admit that my ISP routing to leaseweb singapore is off and on. just in the last couple days I'm back to going through NTT router direct to Antares. However, I went several months with routing going through USA before this.
I'm still not convinced it's the fault of anybody but my ISP. Leaseweb probably feels they are covered by the peerage they have. The peerage of Pacnet and NTT is impressive.
-
You could also try forcing the kernel (not openvpn) to adjust the packet size by disabling mssfix with "mssfix 0" in case the other options don't work.
what operating system does the OP use?
-
the quote is wrong. I didn't say that.
but anyway, routing to a server is a complicated matter. there is a very good chance your ISP is who's really at fault for bad routing.
-
The current SG server is slow through Leasweb, the previous ones were very fast and they were Softlayer servers.
The HK is even worse it's got the third worst latency for Asia.
I'm thinking about cancelling with Air we can't use the net as this slow speed and what is the point of using USA servers.
can you show an MTR to Antares and Hadar?
-
This server has the third worst latency for the Asian region.
When are you going to add more asian servers for the Asian region ?
I'm sure there are customers in this region frustrated like me.
latency is a description of the path to the server, not an indicator of the health of the server itself. please keep in mind that AirVPN and the datacenters they use can NOT affect internet peerage, IP transit agreements and overall routing though I'm sure they wish they could so that all customers were happy.
-
If I recall correctly the 4 servers were 100 mbit/s each. The 1 now is 1gbit/s.
Latency is a descriptor of the path to the server, not of the server itself. In other words, if you are seeing latency problems, blame your ISP peerage/routing/IPtransit agreements or perhaps a fault in a line somewhere.
I use 4 different 4G LTE and a number of ADSL and fibre connections. They all have problems with the SG server. I conclude the server has poor routing for the Asian region. In fact the usa servers have better latency.
Ever heard of load balancing ?
The previous 100 mbits servers were much better and were balanced across 4 servers.
1 gbits server isn't as good as the previous 4.
I agree - routing to Leaseweb Singapore seems to be lacking.
-
if you are seeing latency problems, blame your ISP peerage/routing/IPtransit agreements or perhaps a fault in a line somewhere.
I think there were five. They also had a quite bad reputation, mostly because of their latency. I think it's Singapore's lines' fault.
4 or 5, 100mbit/s. they actually worked quite well for me. my ISP routing to that datacenter was nice. most of the time routing to Leaseweb Singapore takes me to USA first, then back to Singapore. LOL
-
If I recall correctly the 4 servers were 100 mbit/s each. The 1 now is 1gbit/s.
Latency is a descriptor of the path to the server, not of the server itself. In other words, if you are seeing latency problems, blame your ISP peerage/routing/IPtransit agreements or perhaps a fault in a line somewhere.
-
when running VPN on the router you do NOT use the port forwarding built into router firmware GUI.
you must do a DNAT as the IP tables linked to by Staff do.
SSH into the router and paste those lines into the command line, editing them to suit your setup.
to get a forwarded port, just go into your client area of this web page, forwarded ports section, and click the add button. You will be assigned a port. That port is what goes into the IP tables.
stunnel cipher options for CPU conservation
in General & Suggestions
Posted ...
merlin asus 378.51 on AC68 with entware-arm installed. stunnel is available in the entware-arm repository.