Jump to content
Not connected, Your IP: 3.236.219.157

go558a83nk

Members2
  • Content Count

    2076
  • Joined

    ...
  • Last visited

    ...
  • Days Won

    37

Posts posted by go558a83nk


  1.  

     

    Yes, I'm running the VPN on the router itself. 

     

    then this is the way you do it.

     

    https://airvpn.org/topic/9270-how-to-forward-ports-in-dd-wrt-tomato-with-iptables/?hl=%2Biptables+%2Btomato+%2Bport

     

    This doesn't apply to me as I am using the Merlin Firmware and not Tomato.  It has a graphical section for port forwarding, which I have set up correctly as far as I can see, and no access to an iptables config.

     

    no, that is what you do.  SSH into the router and input the proper IPtables as that guide shows.

     

    the router GUI forwards ports from the WAN to LAN.  When connected to VPN you must forward ports from TUN to LAN.


  2. Has anyone got port forwarding to work successfully with this router and AirVPN?  I'm trying to set plex up, but it can't connect.  When I turn off the VPN, the ports are forwarded fine on my router and then in AirVPN I have the local port pointing to 32400 and I'm using the other port as what I'm specifyinng in Plex.  However, more importantly no matterwhat i try to set upi, plex or not, nothing seems to be connecting.  I always get error 111 when trying to check it. 

     

    just need to make sure....you are running VPN on the router?  the answer depends on that.


  3. performance depends on how fast your ISP line is.  There are several routers that have dual core CPU running 1000mhz or so.  They can do openvpn at 50mbit/s+

     

    if you want 200mbit/s speed then you'll need a pro router. but, chances are you'll struggle to get that anyway from any VPN provider.  (downloading at 200bit/s is 2/5 of a 1gbit/s server's bandwidth because your download is inbound and outbound for the server)


  4. found something interesting today.  With another VPN provider I use I can use the "mssfix 0" setting and no openvpn is detected.  Witch reports an MTU of 1500.

     

    But, with AirVPN the mssfix 0 setting does not disguise openvpn use and MTU is reported to be 1392.

     

    here is the VPN config of the other provider:

    proto udp
    mssfix 0
    dev tun
    tls-client
    ns-cert-type server
    key-direction 1
    comp-lzo
    auth SHA1
    cipher AES-256-CBC
    keysize 256
    verb 3
    nobind
    persist-tun
    persist-key
    mute-replay-warnings
    script-security 2
    ping 6
    hand-window 20
    socket-flags TCP_NODELAY
    topology subnet
    pull
    route-metric 2
     

    That provider also claims to normalize IP packet TTL to prevent VPN detection by TTL analysis. 

     

    What could be the difference between the two VPN providers to cause this difference in result by witch?


  5. merlin firmware is going to best support the AC68 as it's based on asus stock firmware with optimizations and additions.

     

    for openvpn clients merlin firmware has policy based routing and can block VPN routed clients if the tunnel goes down.

     

    it's also extremely easy to install entware which allows you to install (on USB storage) many more linux packages.  you can even install stunnel so that you can use Air's openvpn through SSL tunnel option.  (openvpn through SSH requires no additional package install.)


  6. That warning about opening ports on your router is for if you are using the Eddie client on a computer.  Since you are using your router to run openvpn you do need to forward ports using the iptables you know of.

     

    Since it's not working something isn't yet correct.  Did you change the TUN device specified in the iptables to match that which your system uses for openvpn?  If not, use ifconfig at the SSH prompt to see (while openvpn is running).


  7. I'm not sure where you've read from Air about not using the same port.  What they said was that you shouldn't open ports on your router from the WAN interface to your LAN.  That's what the router GUI does.  The rules I've given you forward from TUN to LAN.

     

    Make sure your torrent client is listening on the port that Air assigns you and that that port is forwarded to the proper IP address with the IP tables.  The port checker will show the port as closed if there is no server listening on that port.

     

    Finally, it's best to SSH into the router and paste in the correct IP tables at the prompt.  I don't know if your other method works.


  8. Study up on advanced ddwrt usage and read ddwrt forums. If you can install and run stunnel you're 90% done.

     

    If you have an Asus router I know it can be done by using Merlin firmware and installing entware. Entware then allows you to install many other packages common to Linux, including stunnel.


  9. I probed all servers a few weeks ago: All servers added to AirVPN since 19 Jun 2015 use TLSv1.2. All other servers use TLSv1.

     

    I don't think it makes much of a difference but it'd still be interesting to hear from staff what they changed in their infrastructure and whether they plan to upgrade the older servers as well.

     

    Interesting.  I do know that Etamin was using TLS1.2 though it was added in May.  Perhaps the change to TLS1.2 occurred during one of the maintenance sessions it had recently?

×
×
  • Create New...