Jump to content
Not connected, Your IP:


  • Content Count

  • Joined

  • Last visited

  • Days Won


Posts posted by go558a83nk

  1. I believe the 2 way ping thing is something like this.  Your web browser pings the test site and the test site pings the IP you appear to be at (VPN server).

    Your browser ping goes from your PC to the VPN server to the test site.  The test site ping is just to the VPN server.  So, there's a good chance the latency of the ping from the browser will be higher.  I'm sure there's some fudge factor that they consider "normal" difference because routes are not always symmetric anyway.  But, a difference beyond the fudge factor is a good indication that a "proxy" is being used.

  2. Please look into your Netflix situation.  I just attempted to watch a video but the speed that could be sustained was so slow the video was unwatchable.  Playback on other video streaming services that worked through the VPN were quite speedy.  Vudu, for example, burst to 300mbit/s to buffer.  Curiousity Stream buffered at 100mbit/s.  Your netflix setup could only manage 5mbit/s.  Not near enough for a 4k stream.


  3. 1 hour ago, mrbert said:

    I have the openVPN client on the router working but oly when I add a 2nd DNS server to the setings.
    I have primary onnect to dns server
    And the 2nd now to
    If I use as the 2nd DSN server as suggested on other topics the clien neven connects again.
    I alway need the other  server or similar other DNS servers form  
    But I can never connect without the 2nd set to a valid dns server.
    How do I make sure my DNS request are also private?


    The reason is likely because you're using a domain for the AirVPN server which means you need DNS to resolve it.  But you can't access AirVPN DNS servers until  you're connected to the VPN.

    Instead use the IP address for the VPN server and you won't need to use public DNS to connect to the VPN.

  4. 3 hours ago, Mad_Max said:

    Thank you @go558a83nk for your reply.
    So, The i5-5200u is enough to run full time vpn with 100mbps speed?



    Yes, even the i3 should be plenty.  Just be sure to enable cryptographic hardware here /system_advanced_misc.php and then select that hardware in your openvpn config you create.  Then AES-NI plus whatever else is on the CPU is in use.

  5. You don't need that much ram or storage for pfsense.  You need a good CPU and good network card(s). The celeron j1900 is out due to lacking AES-NI which is very important for running openvpn.  Both have intel network cards so you're good there.

  6. Air has port forwarding which is what you probably need. (I do know some security systems don't require port fowarding for you to be able to monitor them remotely)


    However, you'll need to run VPN on a router so that the devices (blue iris) behind the router go through the VPN.  That means buying another router to sit behind your ISP router.


    Further steps can be discussed after you decide what to do.

  7. It's just not resolving your remote address in the openvpn config because your DNS server is a private address in AirVPN's network.  Since you're not connected yet, you can't access that private address to resolve the remote host.


    There are 2 solutions.


    1) Resolve the remote host separately, then put in the IP address of the remote server, not the domain.  This keeps you to the one server.  It won't be some random European server, which is what you may intend.


    2) Use a public DNS in your general dd-wrt settings, then make sure that the openvpn client switches the router to VPN DNS upon connection.  If your version of dd-wrt can't do that, then I suggest you find a firmware that does.


    I got to ask, cause I'm lazy to search, can pfsense be installed on this puppy


    Sent from my SM-N960U using Tapatalk

    No idea.


    But I am curious, can this thing really do OpenVPN at 300Mbps with that CPU?



    Where are you getting 300mbps from?  Are you reading the wifi standard speed and confusing that with openvpn speed?

  9. If you can use tls-crypt over UDP that will likely give you better speed than TCP.  What port you use is up to you.


    You'll need to use the tls-crypt key from a config for entry IP 3 or 4, be sure to use the correct entry IP address too, change the key usage mode to TLS encryption and authentication, and change the auth digest algorithm to SHA512.



    While I agree with zhang888 that your CPU is old (8 years). It does not mean that your CPU isn't good enough for your pfSense build.


    refer to these threads.




    It seems that the AES-NI can be turned off since v2.4 In the OpenVPN client section; setting the Fast I/O and Send/Receive buffers set to 512 seems to speed things up (bottom of the page)



    I was having some issues with my OpenVPN clients from a pfSense box. Setting the send/receive buffers to 512 more than doubled my speeds from ~10-15Mbps to 30-35Mbps on a 50Mbps internet connection. I have the SG-3100, so there's no aes-ni because it's an ARM a9 processor. Curious if you have any other suggestions?



    Since its a netgate (pfsense) it has built in aes-ni into the arm chip. At 349 USD for the base it better support crypto since 2.5 will require it



    https://www.netgate.com/solutions/pfsense/sg-3100.html  This says nothing about AES-NI.  Unfortunately, I think a lot of people will either be buying new hardware or won't be updating to 2.5.

  • Create New...