Jump to content
Not connected, Your IP: 3.145.186.6
AirVPN

go558a83nk

Members2
 View Profile  See their activity

  • Content Count

    2093

  • Joined

    ...

  • Last visited

    ...

  • Days Won

    37

Posts posted by go558a83nk

  1. Posted ...

    Justin, sounds like you've worked out a lot of the trouble spots.  How much have you tried different locations to find the route that gives you the best performance?  Keep in mind that most of the NL servers are in the same datacenter.  So, they'll all give you about the same performance if the route to the datacenter is indeed the bottleneck.  My suggestion is to test each unique route (not each server).  Also, make sure you try different ports and protocols.

  3. Posted ...

    Justin is using openvpn client 2, which on merlin firmware has affinity for the core that also does kernel work.  you see, merlin changes the code so that openvpn client 1 uses less used core because most people automatically use openvpn client 1.

     

    Justin, if you have entware installed on a USB disk you can install htop and get a good view of tasks and CPU usage.  Or just look in the GUI at the CPU usage graph.  Both cores should be heavily used.  If not, switch which openvpn client you're using.

     

    Also, I didn't hear from you about hardware acceleration.  There was some chatter on merlin forums about that actually slowing openvpn down.

  4. Posted ...

     

    all of you are wrong and need to do some research on what routers are capable of.  the AC87 should be able to do more than 50mbit/s.  my AC68 can do 50 and the AC87 has a faster processor.

     

     

    @karaznie as well

     

    Hello,

     

    what does this have to do with the issue? Your measurements do not imply that the original poster router has not reached the maximum processing power on the core running OpenVPN.

     

    Look at the load of the CPU of the original poster in a dual core processor.

     

    Kind regards

     

    the default GUI of asus routers shows the usage of each core as a separate plot.  if the core running openvpn was only reaching 50% then it would make sense only 20mbit/s is achieved.

     

    The OP using merlin firmware will help with some quirks.  if the OP doesn't want to change firmware, I suggest turning off hardware acceleration (in the LAN section) and using openvpn client 2 as client 1 may use the same core as the other kernel processes run on.

  6. Posted ...

    Background: I have setup the AirVPN Client (Open VPN setup) on my ASUS Router using the ASUSWRT VPN feature.  Now all the devices (laptop, apple tv, phones, FireStick, etc.) are tunneling thru this VPN.

     

    Question: Is there a way to somehow direct which traffic should go thru the VPN and which should not?  For example: My Laptop connection (LAN & wifi) should go thru VPN, Apple TV connected via wifi should VPN, however FireStick connected thru wifi should not go thru VPN?

     

    Any help/guidance will be appreciated.

     

    Thanks

     

    yes, you need to use merlin's asus firmware.  he's coded in policy based routing via GUI of the openvpn client page.

    Sevenz reacted to this

  7. Posted ...

    It's upon law enforcement officers (LEOs) to prove guilt or gain access to private property.  That's liberty for the citizen.  How silly to think the property owner should be expected to open his/her "doors" to LEOs.  The constitution of the USA protects the citizens in this way, though it's certainly not being followed by government.  For example, a person is allowed to NOT speak.  It behooves the home owner to *not* open his/her "door" to LEOs.  That is his right.  However, if the LEOs have sufficient reason to search private property then they should seek justice in what lawful way they can.  Still, it is not upon the property owner to provide means.  Again, if gaining access to a domicile authorities with probable cause don't wait for the door to be opened for them.  They bust the door down.  So why should we now be expected to provide access to a locked device?  No, it should be upon the FBI to bust the door down of the iphone.

    Khariz and OmniNegro reacted to this

  8. Posted ...

     

    I'd imagine this is talking about the same thing?

     

    No, they're not, because the Client Presence Verification is about something else:

     

    >In CPV, when a client asserts its presence in a geographic location, delays are measured between the client and three verifiers encompassing the asserted location. These delays are then processed to provide  assurance that the client is truly present (geographically) inside the triangle determined by the three verifiers.

     

    It's more like an attempt to find out whether you lie about your device's location. TTL values are something different.

     

     

    when you talk about lying about location are you saying that the owner of the VPN server tries to get the location databases to report the wrong location?

  10. Posted ...

     

    adding the setting "mssfix 0"  to obfuscate openvpn usage may not matter since you aren't changing it on the server as well.

     

    Actually, it did seem to make a difference for OpenVPN detection as well as the displayed MTU according to http://witch.valdikss.org.ru/

     

    all my testing has shown that "mssfix 0" makes no difference for AirVPN connections on the witch detection.  but that is with linux OS.  maybe windows 10 is different.

  11. Posted ...

     

    I have an Asus Router running Merlin.  I have OpenVPN configured on the router and set to use Air DNS server.  When connected to a US Air server I can play US Netflix from within Chrome on a Windows 10 machine.  However, when trying to play Netflix content on the same Windows 10 machine using the Windows Store App I get the proxy/VPN blocked message.  All clients are using wifi.

     

    A test with a Roku player and an older LG TV showed that both of those also give the blocked message when connected to the same network.

     

    So, it seems that the Netflix apps are doing some additional checks that the browser is not doing (probably because they can't do those checks in the "sandboxed" browser environment).

     

    I then tried to explicitly block google DNS (8.8.8.8 and 8.8.8.4) as well as changing the OpenVPN mssfix value to avoid OpenVPN detection (https://medium.com/@ValdikSS/detecting-vpn-and-its-configuration-and-proxy-users-on-the-server-side-1bcc59742413) but I still received the blocked message.

     

    adding the setting "mssfix 0"  to obfuscate openvpn usage may not matter since you aren't changing it on the server as well.

  14. Posted ...

     

    I think for openwrt you must install entware.  Then you'll be able to install many common linux packages at the command line.  this is the same as I have to do for merlin asus.

    Thanks so once this is installed can I use AirVPN stunnel guide for Linux? I will have a read up on entware.

     

    I don't know.  I never read the guide.

  16. Posted ...

    openvpn connect on iOS uses polarSSL instead of openSSL like many other openvpn setups.  polarSSL hasn't had the security vulnerabilities that openssl has had.  that is one reason why there's been no need to update it.

     

    on iOS what features are you missing that you would ask for an update?

    S.O.A. reacted to this

  18. Posted ...

     

     

    no one that can help with my 2 problems........

     

    this is an AirVPN forum, not Asus router forum.  don't be surprised to get no answer.

    Sorry but these are NOT Asus specific problems, they are clearly related to airvpn and missing information in the setup tutorial for ASUS routers. Was before at nordvpn and there this was all clearly described in the tutorial but at airvpn this works differently...only experiencing this problems with airvpn. Will issue a support ticket now for this...

     

    wrong.  there is a user comprehension problem and an asus router question.  neither have anything to do with AirVPN.  any VPN provider could be substituted into the above questions.

  20. Posted ...

    since you're using merlin firmware use different policy routing rules for each openvpn client to do what you want.  that's a choice in the redirect internet traffic setting down towards the bottom.

     

    however, if all clients are active then it'll tax the router heavily.  the router can handle 1 openvpn client easily if it's on the core that the kernel work isn't using.

     

    also, this is a question better asked or searched on the merlin forums

     

    http://www.snbforums.com/forums/asuswrt-merlin.42/

  23. Posted ...

    Would this box be fast enough to build my own router with Linux?

     

    https://www.zotac.com/nl/product/mini_pcs/zbox-ci323-nano#spec

     

    It's got an Intel N3150 quad-core 1.6GHz, up to 2.08GHz, max 8GB DDR3L, M2 SSD & 2.5" SATA slot. Dual Gigabit, 5Ghz wifi. And it's pretty cheap too. Looks like the ideal box to me, but is it fast enough for up to a 100mbit vpn connection?

     

    that processor has AES-NI so it can definitely do 100mbit/s openvpn, as long as the cipher is AES.

  25. Posted ...

    They can't do much, not anything (referring to unknown knowns).

    I personally think it has to do with some detail, something the providers differ in. Since you have access to two different "setups", can you just collect all the info about both providers and do a comparison? It's better than arguing, I believe, AND can generate a post to which we all can link because it might become a faq.

     

    The other provider claims to have done something to prevent detection of VPN usage via TTL analysis.  That's the only thing I can think of that would differentiate it from Air.  The openvpn ciphers are the same.

×
×
  • Create New...