go558a83nk

gigglenerd - must be April 1st

trace the route. most likely your ISP lost some connectivity forcing the route to take a long path.

yes, merlin asus firmware has pretty easy to use policy based routing in the openvpn client GUI. that's all I've used for my asus routers.

what operating system are you running openvpn on? If linux you might try "mtu-disc yes" or "mtu-disc maybe". don't forget to try "mssfix 0" in combination with mtu-discovery. Also, have you tried different send and receive buffers since changing ISP?

I have never seen this with my asus routers. but nevermind that. an AC52 is a ranger extender. are you sure you're using VPN on an AC52?

you can try turning off mssfix altogether in the custom openvpn config section "mssfix 0" (that's zero). but, most likely you'll have to do what staff said and use the SSL tunnel.

I think you answered it pretty well. I was just worried about what all can be seen. I guess it would be best to explain more fully. My father works for comcast (supervisor) and I suspect that he has been informing my mother of all the things that I look up. Whether it be simple things like checking my email or bank account to more private things like the things I watch and personal conversations on the internet with people in forums. I don't want him to have even the NOTION that he knows what I'm doing. I am an adult. I shouldn't be monitored by them at this point in my life. Does AirVPN have built-in DNS leak protection or do I need to research a program for that? go to ipleak.net to check if DNS is leaking.

no, you're not invisible to your ISP. They just can't decode the encrypted connection between you and the VPN server. only danger I can think of are governments that deem them illegal no, your connection is encrypted. just make sure your DNS isn't leaking or they might have some idea what you are doing because they'd know the urls you've resolved. if you're using Eddie you're probably not leaking, especially if you use the network lock is your last question a repeat or do you mean regular usage not on a VPN?

Yes on DNS and NTP options/fixes.

another thing how can I access my cable modem when the VPN is up? my LAN subnet is 192.168.1.0/24 For some reason I can ping my cable modem (192.168.100.1) but it's going out the VPN tunnel. Because of that I can't actually pull up the cable modem web GUI. I've tried to put in rules to allow 192.168.100.1 to be accessed through the WAN but I guess I'm doing something wrong because it didn't change anything. Edit: Got this figured out too.

Just built a box for pfsense and used your guide on the first page of this thread to get things more or less working. My setup is just cheap "desktop" parts but it's fast. I'm using just 2 NICs. I'd love some help/ideas on how to do the following 1) easiest setup for switching between various VPN providers. This is a problem if I intend to use VPN provider DNS. 2) I actually would rather use public DNS as long as I can verify DNS requests from VPN tunneled clients are actually going through the tunnel. Prior to this new pfsense box my router, unless I created policy rules, would send DNS requests out the WAN even for clients routed through the VPN. 3) Finally, how do I route certain LAN clients through through WAN and not VPN? BTW, got a cheap AMD A6 7400K CPU, turned on AES-NI, and selected the engine in the openvpn client setup. I was able to max out my line, 120mbit/s. Nice! Edit: I think I've figured out a couple of the questions above. Still tinkering with the idea of using different DNS. The reason is that often AirDNS points me to a server far away, not the nearest in a given network.

is the server you're connecting to very near to you?

Khariz, openvpn is not multi threaded. There's no such thing as mapping different connections to different cores. re-read my post above re speeds and nearby servers. If the CPU isn't maxing then there is some other reason for the slower speeds. Only real networking experts may know the answer.

not sure why it's lower than with Eddie in your case. That router should be able to do openvpn at 50mbit/s. that said, this is relatively common and I believe it depends on the routing to the server. I have an Asus AC68, overclocked, and can hit 50mbit/s with AES-256-CBC encryption. 57mbits with AES-128-CBC. It's heavily dependent on route and route conditions I guess. I can connect to the same server that Eddie (in Linux Mint) gets 115mbit/s download with and my router can do only 30mbit/s. I examine the openvpn settings and logs to make sure they're the same. The only difference I can see is that the buffer in Mint is 512kB while in the router the max is 256kB. Perhaps that's enough for the difference. I can connect to another VPN provider with servers closer to home and max out the CPU of the router. so....all I can say is play around with different servers, ports, and protocols. You also might want to install Merlin Asus firmware. He's got some nice extras in there for the openvpn client.

Hi Anna & Go Can you please advise on how that worked out for you? I need VPN over SSH/SSL to bypass DPI blocking. If it worked for you, I'll go buy one of those ASUS routers. lso, does it need any special features in the router, or any ASUS (supported by ASUS-WRT) would do? Does it need special RAM or flash size? E.g. would it work for the ASUS RT-N66U? Thanks a lot for your help. you should get a version of the AC68, in my opinion. the N66 has too slow a processor. the AC68 versions (there are several versions, U, P, etc.) have a dual core processor that can run openvpn at acceptable speeds. Of course, that depends on what you call acceptable. Anyway, the AC68 is old enough that most kinks are worked out of firmware. Remember you'll need to use Merlin Asus firmware for this. Thanks, Go. What about the AC56? It seems to have the same processor as the AC68, at almost half the price. yes, the AC56 has the same processor. as I posted previously in this thread, visit the merlin asus forum to get some questions answered. e.g. you'll want to learn how to overclock slightly to increase openvpn speed. there is no tutorial on getting the SSL tunnel running. I just did it myself. Again, as mentioned previously, install entware after merlin asus firmware is installed. Entware has to be installed on a USB drive connected to the router. Once entware is installed you can then install stunnel. then download the linux configs for the Air server you want, selecting SSL setup. you'll also want to select resolved hosts in ovpn. put the files stunnel.cert and *.ssl into a directory on the USB drive (this should be easy to do if you enable samba server in the USB options). Then just run stunnel, "stunnel servername.ssl". When you upload the ovpn config into the openvpn client it'll configure the proper IP address (it'll point to the router itself) and port.

Hi Anna & Go Can you please advise on how that worked out for you? I need VPN over SSH/SSL to bypass DPI blocking. If it worked for you, I'll go buy one of those ASUS routers. lso, does it need any special features in the router, or any ASUS (supported by ASUS-WRT) would do? Does it need special RAM or flash size? E.g. would it work for the ASUS RT-N66U? Thanks a lot for your help. you should get a version of the AC68, in my opinion. the N66 has too slow a processor. the AC68 versions (there are several versions, U, P, etc.) have a dual core processor that can run openvpn at acceptable speeds. Of course, that depends on what you call acceptable. Anyway, the AC68 is old enough that most kinks are worked out of firmware. Remember you'll need to use Merlin Asus firmware for this.

seems like it was the favorite server of a lot of us.

could this be from WebRTC?

crap, that was my favorite overseas (for me) server. edit: I'm curious what abuse is happening. I know for a fact that at least 1 bittorrent seedbox company uses i3d datacenter. So, surely they aren't complaining to you, Air, about that sort of thing.

https://airvpn.org/topic/7181-clarification-of-your-monitoring-policies/?p=29972 this is the particular post I was recalling when I wrote the above.

https://airvpn.org/topic/7181-clarification-of-your-monitoring-policies/?p=29972 zhang888, perhaps you should read that post by Air Staff.

This is not something Air would be 99% sure about, they would be 100%, so why are you saying anything assuming what Air's stance might be? because of things I've read in forums. I'm not speaking for them. I'm recalling memory of previous posts. thus, only 99% because my memory may fail me.

In a way i see both as equally good but i find that OVPN's transparency so far has been great. They are honest about how much they are investing in each datacentre, how they prepare and configure their servers et cetera. As an example - it is one thing to just disable the logs in the configuration but another to actually run the servers diskless, limit write rights with AppArmor and of course - make sure you have full control of the server yourself and not only rent a dedicated one. I don't buy that, look at the ToS: >Illegal activities Customers may not use our services to commit crimes. In the case of a crime being comitted, OVPN.se retains full rights to suspend the account in question without a refund. If they have the ability to terminate accounts for "crimes", they do log and should be avoided. You are either a VPN provider or a court judge, but you can't be both. These guys made it clear on which side they are. I'm 99% sure Air takes the same position when it comes to certain crimes. In the case of Air and probably ovpn.se the ban would be retroactive (edit: or is the word reactive?), not proactive, and most likely only after having been alerted by the proper authorities.

it means Air's openvpn server sees your connection coming from Air's ssl daemon.

Well I guess this is the airvpn client sub forum so I'm probably wrong. . I was thinking possibly a router was being used