go558a83nk
-
Content Count
2093 -
Joined
... -
Last visited
... -
Days Won
37
Posts posted by go558a83nk
-
-
if you need more capability you should look into installing Merlin's version of the asus firmware. he adds a few bells and whistles including openvpn client improvements. more manual control is available as is policy routing.
-
I've read the article before. Air's client now has IPv6 leak protection. Regarding the DNS hijacking, it seems that it requires the attacker to have control of your machine anyway. So, what's the point of DNS hijack at that time? Much worse has already happened. Do I misunderstand?
-
did you have a proxy setup in your browsers?
-
you connect by openvpn to workplace and that's speedy enough? odd indeed.
-
several things could have gone wrong - ISP lost peerage/transit rights, maintenance or broken line somewhere, etc.
-
hem, I use the Windows 8.1 airvpn software on my 2 machines to connect to the vpn servers.
Not sure if that answers your question ^^
well, then it would be important to see the logs from the eddie application.
-
are you using your router as the openvpn client?
-
I don't use dd-wrt but it looks as though it has policy routing built into the openvpn client GUI.
-
yeah, I was going to ask how they plan to get MAC addresses.
-
for the stability of the connection perhaps try other ports/protocols.
regarding the policy routing, I see the problem. if your subnet is 192.168.25.xx, then to catch all LAN clients you need to use 192.168.25.0/24 as a policy routing rule.
-
are ISPs there using only IPv6?
-
Hello all,
Installed Merlin after doing a factory reset and till now it runs smoothly. Obviously I now have a lot more options to tweak the VPN connection. I like that. It's like the candy store of router options...
Anything special I should turn on to increase security?
I also tried to use policy routing for VPN but that did not work. I wanted to route everything through VPN except a couple of connections to some websites. So I first added
192.168.0.0/24 0.0.0.0/0 VPN
to redirect everything through VPN but after that airvpn shows me as not connected and my WAN IP, as well as whatismyipaddress.com/
Tried it the other way round and only added 192.168.0.0/24 or my computer's LAN IP and the IP of airvpn but for the same effect: Not connected. Weird.
sorry for the late reply. my internet was out yesterday after a storm.
1) you say you installed merlin after a factory reset. The factory reset needs to happen *after* you do the firmware upgrade.
2) if you added your computer's LAN IP for all destinations through VPN then I would say your VPN isn't connecting. please check out the system log.
first things first - do a factory reset *after* firmware upgrade.
-
does it have an openvpn client?
-
Merlin firmware modifies the stock asus firmware. So, benefit to that is that you're getting a firmware that's made specifically for your hardware. I'm not sure but I think the NAT acceleration capability is only available with asus or merlin asus firmware. You'll also get other asus firmware things like the trendmicro protections. The late versions of merlin firmware have policy routing mode for the openvpn client so you can control which LAN clients go through the VPN tunnel.
-
just to make sure, try this speedtest or some others besides just Air's
-
I would encourage you to switch to the latest Merlin firmware. However, when you do it you MUST do a factory reset of the router coming from the stock firmware.
http://www.snbforums.com/forums/asuswrt-merlin.42/
latest is 378.54_2
-
looks like your internet connection is dying at those times. do you really mean "I can no longer connect to the internet" or do you mean you can no longer connect to AirVPN? when you're getting the problems with openvpn does internet work fine outside the VPN?
-
I'm thinking you're second router is hijacking any dns requests and forcing them.
Sent from my LG-D850 using Tapatalk
need to wait to hear back from him/her after the router switch. it does sound like a router was being used for VPN. in that case there are some questions re how DNS resolution was implemented. I've seen some policy routing setups where LAN clients were routed through the VPN tunnel created by the openvpn client on the router but DNS queries were sent to the router which was in turn querying DNS outside the tunnel. It's better to push to LAN clients via DHCP the actual DNS to use. That way you can be sure their DNS queries are going through the tunnel.
-
valuable tool there. I use the addon for firefox called SSleuth. https://github.com/sibiantony/ssleuth/
I am wondering how SSL Labs is getting their data for gmail. When I visit gmail site SSleuth reports
Cipher suite
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
Key exchange: Elliptic curve Diffie-Hellman.
Authentication: ECDSA.
Bulk cipher: AES GCM 128 bits.
HMAC: SHA-256.
Perfect Forward Secrecy: Yes
SSL/TLS Version: TLSv1.2
Connection status: Secure
Certificate
Extended validation: No
Signature: SHA-256/RSA
Key: 256 bits ECDSA
Common name: mail.google.com
Issued to: Google Inc
Issued by: Google Inc
Validity: 5/6/2015 12:05:46 PM -- 8/4/2015 0:00:00 AM
Fingerprint: 57:53:78:A6:01:EF:98:DF:6A:56: 35:4F:94:9E:C9:77:FA: :E0:1Bwhich seems to contradict. I wonder why the discrepancy?
Posteo.de info from SSleuth for comparison
Cipher suite
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Key exchange: Elliptic curve Diffie-Hellman.
Authentication: RSA.
Bulk cipher: AES GCM 128 bits.
HMAC: SHA-256.
Perfect Forward Secrecy: Yes
SSL/TLS Version: TLSv1.2
Connection status: Secure
Certificate
Extended validation: Yes
Signature: SHA-256/RSA
Key: 2048 bits RSA
Common name: www.posteo.de
Issued to: Posteo e.K.
Issued by: StartCom Ltd. StartCom Certification Authority
Validity: 4/16/2014 13:03:06 PM -- 4/16/2016 16:23:04 PM
Fingerprint: 3A:89:D8:AD:DC:A7:23:5C:8F:44: E9:DD:2E:85:6A:31:D2:D3:C9:70Kepler_452b reacted to this -
Somehow in my case this test is showing only Out-Tunnel speeds, while it shows "0 - error -" for both In-Tunnel Up and Down speeds:
Down: 12.958 Mbit/s Out, 0.000 Mbit/s In (0%), 20MB - Up: 44.215 Mbit/s Out, 0.000 Mbit/s In (0%), 20MB - Date: Fri, 05 Jun 2015 23:53:44 GMT - Buffers: 20MB/20MB - Laps: 3, Time: 30.77 secs
...I tried several times.
At the same time speedtest.net shows: 47,68 Mbits down, and 47,54 Mbits up.
P.S> these are the results I got in Linux with Eddie 2.8
are you using the browser extension noscript?
-
where I'm at 35mbit/s is no problem. but, I'd be lying if I said everybody had no problems.
that said, I think a high percentage of problems are out of Air's hands. our devices and all the internet between us and them are the problem makers.
-
Hm, did you actually read my answer? Where do I write that you need to open a port on the router/ firewall in order to get port forwarding working through AirVPN? In fact what I explain in my text is the difference between port forwarding on AirVPN and port forwarding on a router
OK, maybe I misunderstood what you were trying to say.
-
My suggestion is that in the route checking page there be an option to actually see the route trace from a server we select to the IP address we've asked to be tested.
Sometimes I have problems where latency is low but the actual route used is through routers that are not optimal. However, I don't see what route is used until I connect to the VPN server then trace the route back to my IP.
I know many will say I can trace the route to the server from my computer. The problem is that routes are often NOT symmetric. Since download speed would be affected by the route from server to me, I'd like to see that route easier.
Thanks
-
if running a client on
Well I think as much as I had to laugh about your answer it does not really hit the nail on it's head. According to my understanding soup123 and TACD fell for something different. On routers and with software firewalls it works like this:
1. You need to open a port
2. You need to forward that port to a certain IP/ MAC address
Only after that the corresponding pc will be reachable over the internet. What's more if you run a port scan that port is always open, it does not matter if an application is actually listening on that port or not. There is only open or closed.
With AirVPN on the other hand it works differently. Correct me if I'm wrong but the way I understand it a port is not always open and forwarded, even if you forward it correctly. It stays closed/ not forwarded unless an application listening on that port triggers it. That would also be the reason why port scanners recognize ports as closed even if they are actually forwarded.
One last word on ports and forwarding them. I know that with some routers opening ports and forwarding them unfortunately is the same (best and most common example are the FritzBoxes). But that's incomplete or you could even say it's simply wrong. Actually opening the port is nothing more than telling the firewall to allow incoming traffic on that port (which otherwise would be blocked). But that alone does not help since even if the port is open you cannot reach any pc behind the router since you don't know it's network internal IP. In order to being able to reach a certain pc (web server for example) behind a router you need to forward the corresponding port to that pc. By doing this you tell the router to direct any incoming traffic on port x to pc y. Only then you will be able to reach the server.
NO. If you're running *any openvpn client* on a machine in your LAN do NOT open ports on your router. All the router sees is a tunnel (whatever port and protocol you chose for the tunnel) and cannot at all affect any changes on that tunnel as it's encrypted. Trying to open ports within that tunnel would be impossible. With this kind of setup if you do open ports you're opening them to "clear" internet and that's not what you want.
If running VPN on the router then you have to create some DNAT iptables to forward from the TUN device to the IP of the machine on your LAN.
Soup123 was not detailed enough in his/her post for us to say much. TACD simply didn't have the daemon listening when testing if the port was open.
specific port needed for software buta already in use
in Troubleshooting and Problems
Posted ...
what OS? have you tried creating the forwarded port with inserting the local ports you need - 30007 and 30008 - in the GUI Air provides?