go558a83nk
-
Content Count
2076 -
Joined
... -
Last visited
... -
Days Won
37
Posts posted by go558a83nk
-
-
You want staff to confirm?? Then read the link I posted in my reply above.
I get the feeling you don't know what it means to run openVPN on the router.
-
Do the ovpn configs have resolved hosts in them? if not, the DNS request is probably being blocked.
-
you should try asking the makers of the openvpn connect app maybe?
-
Staff, any update on a replacement for Etamin?
-
Yes, I'm running the VPN on the router itself.
then this is the way you do it.
This doesn't apply to me as I am using the Merlin Firmware and not Tomato. It has a graphical section for port forwarding, which I have set up correctly as far as I can see, and no access to an iptables config.
no, that is what you do. SSH into the router and input the proper IPtables as that guide shows.
the router GUI forwards ports from the WAN to LAN. When connected to VPN you must forward ports from TUN to LAN.
-
Yes, I'm running the VPN on the router itself.
then this is the way you do it.
-
Has anyone got port forwarding to work successfully with this router and AirVPN? I'm trying to set plex up, but it can't connect. When I turn off the VPN, the ports are forwarded fine on my router and then in AirVPN I have the local port pointing to 32400 and I'm using the other port as what I'm specifyinng in Plex. However, more importantly no matterwhat i try to set upi, plex or not, nothing seems to be connecting. I always get error 111 when trying to check it.
just need to make sure....you are running VPN on the router? the answer depends on that.
-
are you using the eddie client?
do you have your server listening on the port that AirVPN assigns you when you test?
-
Another reason there is no server in Australia is the outrageous cost of bandwidth there.
https://blog.cloudflare.com/the-relative-cost-of-bandwidth-around-the-world/
-
no, they can. it's that the openvpn server sees that the IP is internal to Air's servers (coming from the SSL daemon or SSH daemon).
-
performance depends on how fast your ISP line is. There are several routers that have dual core CPU running 1000mhz or so. They can do openvpn at 50mbit/s+
if you want 200mbit/s speed then you'll need a pro router. but, chances are you'll struggle to get that anyway from any VPN provider. (downloading at 200bit/s is 2/5 of a 1gbit/s server's bandwidth because your download is inbound and outbound for the server)
-
at a loss for words here.
TFTP window? Are you not using the web GUI of the router? Are you checking the hash of the downloaded firmware to confirm it's correct?
-
https://github.com/RMerl/asuswrt-merlin/wiki
for openvpn the main improvement merlin has is policy routing. this is what you are asking about in the previous post.
-
found something interesting today. With another VPN provider I use I can use the "mssfix 0" setting and no openvpn is detected. Witch reports an MTU of 1500.
But, with AirVPN the mssfix 0 setting does not disguise openvpn use and MTU is reported to be 1392.
here is the VPN config of the other provider:
proto udp
mssfix 0
dev tun
tls-client
ns-cert-type server
key-direction 1
comp-lzo
auth SHA1
cipher AES-256-CBC
keysize 256
verb 3
nobind
persist-tun
persist-key
mute-replay-warnings
script-security 2
ping 6
hand-window 20
socket-flags TCP_NODELAY
topology subnet
pull
route-metric 2
That provider also claims to normalize IP packet TTL to prevent VPN detection by TTL analysis.
What could be the difference between the two VPN providers to cause this difference in result by witch?
jean claud reacted to this -
back to the topic....
Pavonis (Chicago) had maintenance earlier today and now is using TLSv1.2 control channel cipher. Prior to the maintenance it was TLSv1.0.
-
bothersome? all you have to do is download a firmware file, upload it to your router, and wait about 3 minutes for the firmware to install.
-
my suggestion is to use merlin asus firmware, policy routing therein, and DNSFiltering to control which DNS is used for which client.
-
you seem to know what you are doing so I hesitate to ask if you made sure the tun device really is tun1.
and your personal LAN has subnet 10.1.x.x?
-
merlin firmware is going to best support the AC68 as it's based on asus stock firmware with optimizations and additions.
for openvpn clients merlin firmware has policy based routing and can block VPN routed clients if the tunnel goes down.
it's also extremely easy to install entware which allows you to install (on USB storage) many more linux packages. you can even install stunnel so that you can use Air's openvpn through SSL tunnel option. (openvpn through SSH requires no additional package install.)
-
That warning about opening ports on your router is for if you are using the Eddie client on a computer. Since you are using your router to run openvpn you do need to forward ports using the iptables you know of.
Since it's not working something isn't yet correct. Did you change the TUN device specified in the iptables to match that which your system uses for openvpn? If not, use ifconfig at the SSH prompt to see (while openvpn is running).
-
I'm not sure where you've read from Air about not using the same port. What they said was that you shouldn't open ports on your router from the WAN interface to your LAN. That's what the router GUI does. The rules I've given you forward from TUN to LAN.
Make sure your torrent client is listening on the port that Air assigns you and that that port is forwarded to the proper IP address with the IP tables. The port checker will show the port as closed if there is no server listening on that port.
Finally, it's best to SSH into the router and paste in the correct IP tables at the prompt. I don't know if your other method works.
-
Forwarding ports in router GUI doesn't work for VPN connections. Search this forum some more - staff even have a post in the how to section I think.
-
Study up on advanced ddwrt usage and read ddwrt forums. If you can install and run stunnel you're 90% done.
If you have an Asus router I know it can be done by using Merlin firmware and installing entware. Entware then allows you to install many other packages common to Linux, including stunnel.
-
I probed all servers a few weeks ago: All servers added to AirVPN since 19 Jun 2015 use TLSv1.2. All other servers use TLSv1.
I don't think it makes much of a difference but it'd still be interesting to hear from staff what they changed in their infrastructure and whether they plan to upgrade the older servers as well.
Interesting. I do know that Etamin was using TLS1.2 though it was added in May. Perhaps the change to TLS1.2 occurred during one of the maintenance sessions it had recently?
Find the fastest server?
in General & Suggestions
Posted ...
If you don't understand things just rank the servers by stars (more stars are better) and connect to those servers.