Jump to content
Not connected, Your IP: 54.236.58.220

go558a83nk

Members2
  • Content Count

    1899
  • Joined

    ...
  • Last visited

    ...
  • Days Won

    25

Posts posted by go558a83nk


  1. SSD isn't necessary.  What is necessary is two ethernet ports.  Yes, I'd certainly recommend pfsense on that laptop over a high end router.

     

    As far as wifi AP you just need coverage and speed that you want.  You'll want something that can run in AP mode and not router mode, so that pfsense can handle your network.


  2.  

    If you use another DNS like 1.1.1.1 you also still have some anonymity since you're one of dozens of people using the VPN server.

     

    Could you elaborate on this in detail ? I feel I'm not fully getting your statement...

     

    So if I use 1.1.1.1 as DNS they will see that and then in turn could inquire with AirVPN who that user was at that point in time... ? 

     

    (1) since AirVPN does not store data, there should be no concern, right ?

    (2) and since there will most likely be multiple users using 1.1.1.1 it would be impossible to identify, right... ?

     

    trying to completely understand whether using DNS of 1.1.1.1 is defeating the purpose of using a VPN at all...

     

    Thanks for the info.

     

     

    You seem to understand things properly.


  3. If you're using the AirVPN (Eddie) app then you certainly do *not* want to enable DMZ on your router.  That's a potential security risk.  DMZ is not needed in this case.  In fact, I can't really think of a case where DMZ is needed in conjunction with openvpn.

     

    As to why port forwarding isn't working we'd need more information on your setup.


  4. Thanks for the replies but i'm a little confused now.

     

    Does this mean if i have a permanent connection to a server, via a pfsense box, with say port 1234 forwarded to it and then use the eddie client on a windows machine to make another connection there is a chance the eddie client will pick the same server to connect to as the pfsense box and thus screw up the port forwarding for it or will the eddie client realize I'm already connected to that server and pick any other server but that one?

     

    The reason i ask is because i DONT wont the eddie client to connect to the same server. I want my pfsense box to connect to server A and the eddie client to connect to any other server but server A automatically to avoid any problems. Is this how the system is set up or is there a chance I'll end up with 2 connections being made to the same server?

     

    the easy thing to do is just blacklist (in eddie) the server you don't want to connect to.


  5.  

    Thats pretty much the same using airvpn dns servers?

    They need to resolve as well, which is probabbly unencrypted anyway. Thats fine when you use dnscrypt or DoH for auth.

     

    I am using eddie and have added DNS servers to the DNS tab in settings.  Is this routing DNS requests inside the VPN tunnel?

     

    All traffic is routed through the tunnel. Problem is that, if not using AirDNS, requests to other DNS servers are unencrypted after the AirVPN server.

     

     

    Sure, they are recursive DNS that Air runs but the requests they make to authoritative DNS are not tied back to you.

     

    If you use another DNS like 1.1.1.1 you also still have some anonymity since you're one of dozens of people using the VPN server.


  6. @go558a83nk

     

    Thank you for your reply. Do you have any recommendation on how to bulid "best practice" ?

     

     

    There's a guide for pfsense on this website/forum, or there are others around the web.

     

    The hardware build doesn't have to be spectacular.  Just an AES-NI CPU, small amount of RAM, small hard drive, dual network card, power supply and motherboard, of course.  I was building pfsense box at lowest cost and what was cheapest for me was a regular tower case sort of setup.  Putting the parts together wasn't difficult.  If you've never done it, you can certainly find help online.  Anyway, I'm talking only like $150 was spent but it'll do at least 430mbit/s with AirVPN.  I don't know how much higher because that's my ISP max.

     

    Some people need the box to be small and pretty and I don't know how to accomplish that except to just buy one.


  7. Asus is making some router(s) with AES-NI CPUs now (e.g. ac86).

     

    But, if you really want performance then build your own with an AES-NI capable desktop CPU running pfsense or the like.


  8. I am using Eddie, yes.

     

    The listening server is whatever server that AirVPN uses to test open ports on the Portforwarding page, but I also used canyouseeme.org.

     

    The weird thing is that this problem is replicated across two of my systems (Linux and Mac), but on a third system (Linux), three ports are currently open and green.

     

    So I am able to port-forward on one system, but not on the other two?

     

    What is the common factor that would cause this to occur...

     

     

    No, the listening server is whatever you're trying to forward a port to.    If that's not up and running and listening on the port you've assigned in the port forwarding rule the test will fail.


  9.  

    Hello!

     

    Error 111 means "connection refused" and you get that error when packets from the Internet through our VPN server reach your node properly and are actively refused. The most common cause is a firewall dropping packets.

     

    Kind regards

     

    A firewall on my end? Because I don't have one running. What steps should I take to troubleshoot this from here?

     

     

    Are you using Eddie and is the listening server on the same machine running Eddie?


  10. go558a83nk - Thanks. What do you have set for NAT IP (streamers_DNS)?

     

     

    d0fbe07b5fcac10a2067526bce817e1f.png

     

    Air Staff is saying to make a rule like this where for you redirect any DNS query that's not to the DNS server you want to the DNS server you want.  See /firewall_nat.php

     

     

    10.4.0.1 if you want to use AirDNS to get stuff like Netflix


  11.  

    RE: lordlukan "I can browse netflix sites but I'm unable to play any content on any server I try. DNS is set to 10.4.0.1. Proxy detected every time. Using chrome on Linux / OS X."

     

    That's interesting. It works fine for me on Windows 10 with Chrome, and on my Android tablets with the Netflix app, but now we know that it doesn't work with some versions of Android (ie: on TV boxes) or on Linux / OS X.  Hopefully a solution can be found. Until then I will continue to hook my laptop up to the TV with an HDMI cable if I want to watch something that is not available on Canadian Netflix.

    this is my experience exactly.

     

    i have a pfsense router.   i have plugged in static DNS to the TV and in the router to assign to my TV.

     

    i still get blocked content.     

     

    if i boot up a laptop, my mac or other laptop using Eddie client it works just fine.   i've tried to look at the configuration within Eddie and matched to my openvpn custom configuration.  and it still does not work.

     

    i don't think this is Airvpn's issue.     i feel that the Android OS is the issue.   i also had this issue on a LG tv. WEBOS.    and that was why i bought a Sony.  but have the same issue... SIGH

     

     

    d0fbe07b5fcac10a2067526bce817e1f.png

     

    Air Staff is saying to make a rule like this where for you redirect any DNS query that's not to the DNS server you want to the DNS server you want.  See /firewall_nat.php


  12.  

    Hello!

     

    Just enter your required port into the "Local Port" field and then, unless you need a specific protocol or wish to "name" the port in the DDNS field, click generate.

     

    Then the number at the top will be the port number automatically generated for you, based on what was available. Thus not requiring you to guess.

     

    That should work. Otherwise yes, ports for each user are reserved across the service .

     

    Thanks but it doesn't work as soon as i turn on the VPN PlanePlotter stops uploading and downloading Is there a way to test if the port forwarding is actually working?

     

     

    My guess is that planeplotter need to announce to peers what the external (public) port is since it's different from the usual due to having to share the VPN with other users.  Peers try to connect to the default and that's not what's setup.  Do you have such a setting in the server?  Apps that rely on port forwarding for remote access (e.g. Plex) have an option to use an alternate external (public) port.


  13. 1 is the default

    2 is the same server setup as 1 but a different entry IP in case the default IP is blocked by your ISP

    3 is tls-crypt

    4 is the same server setup as 3 but a different entry IP in case the 3 IP is blocked by your ISP


  14. 42045778.png

    Thats why i love AIRVPN on a 200/20 line, with a RT-AC86U 

     

     

    Did you do anything "special" with your router to get that speed?  I've seen others with that router struggle to get high speed even though it has the AES-NI CPU.


  15.  

    Explain it for those of us who aren't bitcoin experts.  Sure somebody can see that Air received some bitcoin but how do they know who sent it?

     

    Think of it like this.

     

    You've got a huge map of Bitcoin addresses on a whiteboard. You know who sent some transaction, but not all. If you can get any clues as to who's who, it helps you to deduce the rest by process of elimination. Using vanity addresses (1myNaMEisBoBhfsfdfdhjfhdfdjfh) is a clue, and hurts everyone's privacy a little.

     

    For instance, anyone looking at the 1Air... addresses can assume these are all AirVPN addresses. That means any change that gets sent back to AirVPN customers is identified (although before, the Bitcoin payments service AirVPN required the customer email from AirVPN, so this is better)

     

    One thing: if anyone else uses 1Air... addresses, by random chance or deliberately as AirVPN do, then that will screw with doing analysis like this. But it's better if there's no extras info to use at all, I really hope this is changed

     

     

    OK, I'm looking at it from the perspective of having purchased my bitcoin anonymously using cash and hold it in an electrum wallet...and the receiving address is different from the sending addresses I use.  So, even that it's seen that Air receives from "me" they don't know who "me" is.  Then to link that transaction with my account on Air is a whole other big leap.

×
×
  • Create New...