go558a83nk

sorry, @eyes878, the OP is running openvpn on the router, not using Air's client on a LAN machine. therefore, ports must be opened/forwarded on the router.

the port forwarding the router does is from the WAN to LAN. but, you need to go from TUN to LAN. You'll have to SSH into the router and input other iptable rules to accomplish this. this is such a common question that there is a how-to for it. https://airvpn.org/topic/9270-how-to-forward-ports-in-dd-wrt-tomato-with-iptables/

what OS? have you tried creating the forwarded port with inserting the local ports you need - 30007 and 30008 - in the GUI Air provides?

if you need more capability you should look into installing Merlin's version of the asus firmware. he adds a few bells and whistles including openvpn client improvements. more manual control is available as is policy routing.

I've read the article before. Air's client now has IPv6 leak protection. Regarding the DNS hijacking, it seems that it requires the attacker to have control of your machine anyway. So, what's the point of DNS hijack at that time? Much worse has already happened. Do I misunderstand?

did you have a proxy setup in your browsers?

you connect by openvpn to workplace and that's speedy enough? odd indeed.

several things could have gone wrong - ISP lost peerage/transit rights, maintenance or broken line somewhere, etc.

well, then it would be important to see the logs from the eddie application.

are you using your router as the openvpn client?

I don't use dd-wrt but it looks as though it has policy routing built into the openvpn client GUI.

yeah, I was going to ask how they plan to get MAC addresses.

for the stability of the connection perhaps try other ports/protocols. regarding the policy routing, I see the problem. if your subnet is 192.168.25.xx, then to catch all LAN clients you need to use 192.168.25.0/24 as a policy routing rule.

are ISPs there using only IPv6?

sorry for the late reply. my internet was out yesterday after a storm. 1) you say you installed merlin after a factory reset. The factory reset needs to happen *after* you do the firmware upgrade. 2) if you added your computer's LAN IP for all destinations through VPN then I would say your VPN isn't connecting. please check out the system log. first things first - do a factory reset *after* firmware upgrade.

does it have an openvpn client?

Merlin firmware modifies the stock asus firmware. So, benefit to that is that you're getting a firmware that's made specifically for your hardware. I'm not sure but I think the NAT acceleration capability is only available with asus or merlin asus firmware. You'll also get other asus firmware things like the trendmicro protections. The late versions of merlin firmware have policy routing mode for the openvpn client so you can control which LAN clients go through the VPN tunnel.

just to make sure, try this speedtest or some others besides just Air's http://www.dslreports.com/speedtest

I would encourage you to switch to the latest Merlin firmware. However, when you do it you MUST do a factory reset of the router coming from the stock firmware. http://www.snbforums.com/forums/asuswrt-merlin.42/ latest is 378.54_2

looks like your internet connection is dying at those times. do you really mean "I can no longer connect to the internet" or do you mean you can no longer connect to AirVPN? when you're getting the problems with openvpn does internet work fine outside the VPN?

need to wait to hear back from him/her after the router switch. it does sound like a router was being used for VPN. in that case there are some questions re how DNS resolution was implemented. I've seen some policy routing setups where LAN clients were routed through the VPN tunnel created by the openvpn client on the router but DNS queries were sent to the router which was in turn querying DNS outside the tunnel. It's better to push to LAN clients via DHCP the actual DNS to use. That way you can be sure their DNS queries are going through the tunnel.

valuable tool there. I use the addon for firefox called SSleuth. https://github.com/sibiantony/ssleuth/ I am wondering how SSL Labs is getting their data for gmail. When I visit gmail site SSleuth reports Cipher suite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 Key exchange: Elliptic curve Diffie-Hellman. Authentication: ECDSA. Bulk cipher: AES GCM 128 bits. HMAC: SHA-256. Perfect Forward Secrecy: Yes SSL/TLS Version: TLSv1.2 Connection status: Secure Certificate Extended validation: No Signature: SHA-256/RSA Key: 256 bits ECDSA Common name: mail.google.com Issued to: Google Inc Issued by: Google Inc Validity: 5/6/2015 12:05:46 PM -- 8/4/2015 0:00:00 AM Fingerprint: 57:53:78:A6:01:EF:98:DF:6A:56: 35:4F:94:9E:C9:77:FA: :E0:1B which seems to contradict. I wonder why the discrepancy? Posteo.de info from SSleuth for comparison Cipher suite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 Key exchange: Elliptic curve Diffie-Hellman. Authentication: RSA. Bulk cipher: AES GCM 128 bits. HMAC: SHA-256. Perfect Forward Secrecy: Yes SSL/TLS Version: TLSv1.2 Connection status: Secure Certificate Extended validation: Yes Signature: SHA-256/RSA Key: 2048 bits RSA Common name: www.posteo.de Issued to: Posteo e.K. Issued by: StartCom Ltd. StartCom Certification Authority Validity: 4/16/2014 13:03:06 PM -- 4/16/2016 16:23:04 PM Fingerprint: 3A:89:D8:AD:DC:A7:23:5C:8F:44: E9:DD:2E:85:6A:31:D2:D3:C9:70

are you using the browser extension noscript?

where I'm at 35mbit/s is no problem. but, I'd be lying if I said everybody had no problems. that said, I think a high percentage of problems are out of Air's hands. our devices and all the internet between us and them are the problem makers.

OK, maybe I misunderstood what you were trying to say.