Jump to content
Not connected, Your IP: 54.236.58.220

go558a83nk

Members2
  • Content Count

    1899
  • Joined

    ...
  • Last visited

    ...
  • Days Won

    25

Posts posted by go558a83nk


  1.  

     

    Please re-read my post.  I'm using stunnel on my router.

     

    edit: anyway, I got it.  I just added a line to the ssl file "ciphers = DHE-RSA-AES128-SHA256" and it works.  noticibly less CPU usage and still a TLS1.2 cipher.

     

    Ok, great! What is your firmware? Did you compile stunnel by yourself for your router or is it an already available version?

     

    Kind regards

     

    merlin asus 378.51 on AC68 with entware-arm installed.  stunnel is available in the entware-arm repository.


  2. Hello!

     

    Since our servers will accept a variety of ciphers for SSL this is possible by configuring stunnel. However, configuring parameters for stunnel is currently not implemented in Eddie. Please see for example:

    https://www.stunnel.org/pipermail/stunnel-users/2013-February/004112.html

     

    Anyway, you probably don't need to bother about that. Nowadays computer CPUs are so powerful that they are not loaded at capacity by the current stunnel and OpenVPN ciphers you're using (well, it also depends on how much load they have from other tasks...).

     

    Kind regards

     

    Please re-read my post.  I'm using stunnel on my router.

     

    edit: anyway, I got it.  I just added a line to the ssl file "ciphers = DHE-RSA-AES128-SHA256" and it works.  noticibly less CPU usage and still a TLS1.2 cipher.


  3. I'm running stunnel 5.14 with openssl 1.0.2a on my router.  It seems the cipher that's negotiated is probably a little stronger than it needs to be (ECDHE-RSA-AES256-GCM-SHA384).  The config, AirVPN*.ssl, only has a NO_SSLv2 option which is fine, of course.  But, are there any other options I can input that will get stunnel to negotiate a cipher suite that's less CPU intensive?

     

    thanks for the help


  4. I'm also interested because this happens to me with every VPN service using OpenVPN UDP. It recovers after a few seconds but log doesn't show any interruption

     

    one VPN service I've used has some servers that drop out like this with UDP connections.  But others of their servers work just fine.  It happens to me just using downthemall! extension for firefox with several segments enabled.

     

    really weird.  Other VPN providers (including Air) along very similar routing have no problems at all.


  5. I'm not sure how much this issue can be pushed onto Air staff.  They can't control what routing a datacenter has but they can set standards for what datacenters they use so that routing is most likely good for everybody.

     

    Examples of datacenters that VPN companies use in Singapore

     

    Leaseweb Singapore  - http://bgp.he.net/AS59253#_peers

    Softlayer Singapore - http://bgp.he.net/AS36351#_peers

    Digital Ocean Singapore - http://bgp.he.net/AS133165#_peers

    8 to Infinity Singapore - http://bgp.he.net/AS45470#_peers

    (only two real peers, but iptransit and Telin are enough)


  6. Buy AFAIK you should import user.cer certificate and select it on that window together with user and pass.

    There is also a HMA videotutorial that explains how to set OpenVPN on mikrotik

     

    If user and password are used isn't ca.crt the certificate that's needed?  Is that type of connection even possible with Air?


  7. I agree we need more asian servers. Very slow at the moment and 2 isn't enough.

     

    I just checked out Antares (Singapore) and Hadar (HK) 5 minute average charts for today.  Earlier today Antares reached a peak of about 240mbit/s inbound and outbound (480mbit/s total) while Hadar is barely used.  They are 1000mbit/s servers.  I don't know if that's 1000mbit/s total or in each direction.  Staff will have to answer that.  If total, then that would mean that the 240mbit/s peak on Antares was still only half capacity (240 inbound + 240 outbound).  If 1000 each way then it's only 1/4 capacity.  So, I don't think any slowness can be blamed on Air.


  8.  

    I get 150Mbps down on NL servers using the same ISP, so it shouldn't be hard for you to resolve. Are you connecting using Eddie (Air's software)? What version? What's your OS? How is your network set up? Are you using a superhub, superhub 2 or superhub 2 AC? Are you wired or wireless? How are you testing the speeds you quoted?

     

    As a test try turning connecting to the superhub via ethernet (wire) if you aren't already, put the SH into modem only mode and restart the PC. Then connect to an NL server using port 443 UDP. Then download an Ubuntu torrent or download the Ubuntu ISO from Ubuntu.com and see what speeds you get.

     

    Im on windows 7 

    Virgin Media SuperHub (100Mb Connection) 

    Connected using the Airvpn Eddie 2.8.8 

    Connected Via Wireless as i never use the Ethernet wire. 

    SSH Tunnel Port 22 using Eddie 2.88 

     

     

    Any help guys? 

     

    is your superhub in modem only mode as suggested to try?


  9.  admit that my ISP routing to leaseweb singapore is off and on.  just in the last couple days I'm back to going through NTT router direct to Antares.  However, I went several months with routing going through USA before this.

     

    I'm still not convinced it's the fault of anybody but my ISP.  Leaseweb probably feels they are covered by the peerage they have.  The peerage of Pacnet and NTT is impressive.


  10. The current SG server is slow through Leasweb, the previous ones were very fast and they were Softlayer servers.

     

    The HK is even worse it's got the third worst latency for Asia.

     

    I'm thinking about cancelling with Air we can't use the net as this slow speed and what is the point of using USA servers.

     

    can you show an MTR to Antares and Hadar?


  11. This server has the third worst latency for the Asian region.

     

    When are you going to add more asian servers for the Asian region ?

     

    I'm sure there are customers in this region frustrated like me.

     

    latency is a description of the path to the server, not an indicator of the health of the server itself.  please keep in mind that AirVPN and the datacenters they use can NOT affect internet peerage, IP transit agreements and overall routing though I'm sure they wish they could so that all customers were happy.


  12.  

    If I recall correctly the 4 servers were 100 mbit/s each.  The 1 now is 1gbit/s. 

     

    Latency is a descriptor of the path to the server, not of the server itself.  In other words, if you are seeing latency problems, blame your ISP peerage/routing/IPtransit agreements or perhaps a fault in a line somewhere. 

     

    I use 4 different 4G LTE and a number of ADSL and fibre connections. They all have problems with the SG server. I conclude the server has poor routing for the Asian region. In fact the usa servers have better latency.

     

    Ever heard of load balancing ?

     

    The previous 100 mbits servers were much better and were balanced across 4 servers.

     

    1 gbits server isn't as good as the previous 4.

     

    I agree - routing to Leaseweb Singapore seems to be lacking.


  13.  

    if you are seeing latency problems, blame your ISP peerage/routing/IPtransit agreements or perhaps a fault in a line somewhere.

     

    I think there were five. They also had a quite bad reputation, mostly because of their latency. I think it's Singapore's lines' fault.

     

    4 or 5, 100mbit/s.  they actually worked quite well for me.  my ISP routing to that datacenter was nice.  most of the time routing to Leaseweb Singapore takes me to USA first, then back to Singapore. LOL


  14. If I recall correctly the 4 servers were 100 mbit/s each.  The 1 now is 1gbit/s. 

     

    Latency is a descriptor of the path to the server, not of the server itself.  In other words, if you are seeing latency problems, blame your ISP peerage/routing/IPtransit agreements or perhaps a fault in a line somewhere. 


  15. when running VPN on the router you do NOT use the port forwarding built into router firmware GUI.

     

    you must do a DNAT as the IP tables linked to by Staff do.

     

    SSH into the router and paste those lines into the command line, editing them to suit your setup.

     

    to get a forwarded port, just go into your client area of this web page, forwarded ports section, and click the add button.  You will be assigned a port.  That port is what goes into the IP tables.

×
×
  • Create New...