go558a83nk

Hello!

We're very glad to inform you that five new 1 Gbit/s servers located in the United States are available: Antlia, Octans, Pavo, Sagittarius and Scorpius. They are all in Atlanta, Georgia.
 
The AirVPN client will show automatically the new servers, while if you use the OpenVPN client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator").

The servers accept connections on ports 53, 80, 443, 1194, 2018 UDP and TCP.

Just like every other Air server, these new servers support OpenVPN over SSL and OpenVPN over SSH.

As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses.

Do not hesitate to contact us for any information or issue.

Kind regards and datalove
AirVPN Team

I have no idea how I didn't find this before: https://airvpn.org/faq/p2p/
 
The important points / What solved it:
 
- "Disable UPnP, NAT-PMP and any possible automatic port mapping feature..."
- Disable bandwidth managements like uTP on uTorrent and other BitTorrent based clients.
 
I did both modifications on uTorrent and qBittorrent. uTorrent kept giving the same issues, but, on the other hand, qBittorrent gave the perfect results I was looking for.

Absolutely not.  That would defeat the purpose of using the VPN.

Some ports and protocols are faster because the ISP and transit/peers allow it to be.
 
But, your problem is the router running VPN.  That's a very weak CPU for trying to run openvpn.  That speeds you're getting are the most you'll get so long as that router is your openvpn client.

Using Eddie - what a huge difference:
 

 
Using the .ovpn file in the openvpn pc client:
 

 
and the bad news for me - when running the same param from the .ovpn config file on openvpn router (ASUS RT-N66U) client:

 
Thanks for the help.  Not sure why it was so bad at my post #8 above when running the PC openvpn client, maybe missing the rcvbuf and sendbuf params.

when you start creating NAT rules and firewall rules for the LAN to force everything out the VPN tunnel you'll have to disable those rules or they will disrupt your wife's usage.   That is until you've got it all ready and the VPN tunnel is up.
 
I have an AMD processor that has AES-NI.  If the main pfsense settings (advanced>miscellaneous>cryptographic hardware) are set to use AES-NI then openssl AES is greatly accelerated.  There's no need to select BSD cryptodev in the openvpn client.  In fact, I read some places that say selecting that option in the openvpn client actually makes things slower.  So, it looks like the info you've found is "correct".
 
https://airvpn.org/topic/18322-how-to-quicly-test-theoretical-openvpn-throughput/?hl=%2Bopenvpn+%2Btheoretical+%2Bspeed
 
use the test method from that thread to see what your theoretical max openvpn speed is.
 
AirVPN doesn't support compression.
 
pfsense right now doesn't have openvpn 2.4.  So, currently only AES-256-CBC is supported in conjunction with Air.  I assume that when pfsense updates with openvpn 2.4 then we will be able to use AES-256-GCM with Air servers that have openvpn 2.4.  (for me GCM is much faster)
 
Using Air DNS ensures that all DNS requests go through the tunnel and it's the most private.  But, it's not required for the VPN to work.

The tick box for the negate rules should not be skipped. It literally makes your ip leak if a vpn goes down by redirecting rules/gateways
 
  We want it to only use our manually created rules, causing the connection to drop if the vpn goes down.
 
I wish more people would ask questions and discuss this in the main post. The whole community would benefit from the open discussion.

it's fairly simple to control the route to IP address or IP address range (Eddie has this built in) but it's not trivial to control route based on application.  That's just the way networking works, not a weakness of AirVPN.

Hello!

We're very glad to inform you that a new 1 Gbit/s server located in Bulgaria is available: Fornax.

The AirVPN client will show automatically the new server, while if you use the OpenVPN client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator").

The server accepts connections on ports 53, 80, 443, 1194 and 2018 UDP and TCP.

Just like every other Air server, Fornax supports OpenVPN over SSL and OpenVPN over SSH.

As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses.
 
Do not hesitate to contact us for any information or issue.

Kind regards and datalove
AirVPN Team

Starting this topic as a way for me to vent and perhaps see that I'm not the only one to see crazy routing by my ISP.
 
The topic has come up in other threads, with knowledgeable people confirming my belief that ISPs relegate VPN traffic to very low priority.
 
Route testing shows that this low priority isn't based on packet inspection but simply the destination of the traffic (and, I assume, the source).  In other words, traffic both directions between us and the server is affected.
 
 
Trace to Draco, primary IP address
2  [7922] [COMCAST-22] xe-3-1-3-sur02.east.tx.houston.comcast.net (68.85.252.81) 8.8ms
 3  [7922] [COMCAST-22] ae-9-ar01.bisbee.tx.houston.comcast.net (68.85.246.65) 7.9ms
 4  [7922] [COMCAST-16] be-33662-cr02.56marietta.ga.ibone.comcast.net (68.86.92.89) 30.7ms
 5  [7922] [COMCAST-16] hu-0-12-0-6-pe01.56marietta.ga.ibone.comcast.net (68.86.89.18) 24.4ms
 6  [7922] [iBONE-CCCS-2] 50.242.148.190 30.9ms
 7  [174] [NET-154-54-0-0] be2847.ccr41.atl01.atlas.cogentco.com (154.54.6.101) 42.4ms
 8  [174] [NET-154-54-0-0] be2687.ccr41.iah01.atlas.cogentco.com (154.54.28.70) 28.8ms
 9  [174] [NET-154-54-0-0] be2441.ccr21.dfw01.atlas.cogentco.com (154.54.41.66) 30.1ms
10  [174] [NET-154-54-0-0] te0-0-0-0.agr12.dfw01.atlas.cogentco.com (154.54.31.114) 41.1ms
11  [174] [NET-154-24-0-0] te0-0-2-3.nr11.b000821-1.dfw01.atlas.cogentco.com (154.24.19.222) 37.1ms
12  [174] [COGENT-A] 38.88.50.34 35.6ms
13  [15003] [NETBLK-NOBIS-TECHNOLOGY-GROUP-06] [target] 64.120.63.90 32.1ms
 
Note it goes all the way to Atlanta, then back to Dallas through Houston on Cogent.  Why on earth do they send it to Atlanta to get on Cogent's network?  Dallas is only 4 hours drive from Houston and as you'll see from the next trace, Comcast has a connection to Cogent right in Houston.
 
Trace to Draco, alternate IP address
2  [7922] [COMCAST-22] xe-3-1-2-sur03.east.tx.houston.comcast.net (68.85.251.245) 7.7ms
 3  [7922] [COMCAST-22] ae-18-ar01.bearcreek.tx.houston.comcast.net (68.85.246.69) 8.6ms
 4  [7922] [COMCAST-16] be-33662-cr02.dallas.tx.ibone.comcast.net (68.86.92.61) 15.6ms
 5  [7922] [COMCAST-16] be-12493-pe01.houston.tx.ibone.comcast.net (68.86.84.158) 20.4ms
 6  [7922] [CBC-COMCAST-1] 173.167.59.42 20.5ms
 7  [174] [NET-154-24-0-0] te0-0-1-0.rcr12.iah02.atlas.cogentco.com (154.24.26.89) 21.0ms
 8  [174] [NET-154-54-0-0] be2145.ccr41.iah01.atlas.cogentco.com (154.54.1.85) 24.1ms
 9  [174] [NET-154-54-0-0] be2441.ccr21.dfw01.atlas.cogentco.com (154.54.41.66) 20.1ms
10  [174] [COGENT-NB-0000] te0-0-0-0.agr11.dfw01.atlas.cogentco.com (66.28.4.50) 21.0ms
11  [174] [NET-154-24-0-0] te0-0-2-0.nr11.b000821-1.dfw01.atlas.cogentco.com (154.24.15.50) 21.7ms
12  [174] [COGENT-A] 38.88.50.34 24.2ms
13  [15003] [NETBLK-NOBIS-TECHNOLOGY-GROUP-06] [target] 64.120.63.92 20.4ms
 
Amazingly, the trace gets to Dallas in the 4th hop, but then heads right back to Houston to get on Cogent's network.  It makes zero sense unless you realize that Comcast are doing this crap on purpose.  I have rarely seen a route that heads directly to the VPN server upon reaching Dallas, finding Cogent's network there instead of having to get back to Houston.
 
Understand that this is normal, everyday behavior.  I have another VPN provider with servers in Dallas and Atlanta.  Amazingly, all the Atlanta servers route through Dallas, and all the Dallas servers route through Atlanta.  So, the routes are available, but purposely screwed up.
 
Finally, check this out.
 
Instead of tracing the route to Draco, I instead trace the route to Cogent's router at 38.88.50.34, seen in hop 12 above.  Check out the premium routing I get now.
 
 2  [7922] [COMCAST-22] xe-3-1-3-sur03.east.tx.houston.comcast.net (68.85.251.249) 10.2ms
 3  [7922] [COMCAST-22] ae-18-ar01.bearcreek.tx.houston.comcast.net (68.85.246.69) 9.1ms
 4  [7922] [COMCAST-16] be-33662-cr02.dallas.tx.ibone.comcast.net (68.86.92.61) 14.1ms
 5  [7922] [COMCAST-16] be-12495-pe03.1950stemmons.tx.ibone.comcast.net (68.86.85.194) 13.7ms
 6  [7922] [iBONE-CCCS-3] 50.248.118.246 13.0ms
 7  [174] [NET-154-54-0-0] be2763.ccr21.dfw01.atlas.cogentco.com (154.54.28.73) 14.1ms
 8  [174] [NET-154-54-0-0] te0-0-0-0.agr12.dfw01.atlas.cogentco.com (154.54.31.114) 13.8ms
 9  [174] [NET-154-24-0-0] te0-0-2-3.nr11.b000821-1.dfw01.atlas.cogentco.com (154.24.19.222) 15.2ms
10  [174] [COGENT-A] [target] 38.88.50.34 13.6ms
 

That is Air's DNS server for that VPN server.  It has nothing to do with your personal settings.

OK.  My setup is different from the guide so I'm not familiar with what rules are suggested.
 
The rule allowing destination "private networks" and "LAN service ports" is what is allowing access to the modem already.

That is Air's DNS server for that VPN server.  It has nothing to do with your personal settings.

It's working much better right now with Eddie.
 
120Mbps-160Mbps, that's good enough but only a fraction of my 800Mbps fiber but I can live with that. LOL
 
Also, this speed was only possible by piping the vpn through DNS (53). It's quite likely most ISP's only monitor 53 at the very basic level, and I highly doubt they do quantum injection, packet interception or MiTM through port 53 as that would require a lot of work.. I even bypass 53 layer 7 scanning on my network to keep DNS snappy and network loads lower.
 
As of right now, AirVPN is the fastest, most consistent VPN I have tested. This surpasses the previous VPN speed record in my testing which was held by Freedome.

you know, the crazy thing is...I live in the USA and I have fewer hops to these NL servers than to the closest USA server. 

you know, the crazy thing is...I live in the USA and I have fewer hops to these NL servers than to the closest USA server. 

you know, the crazy thing is...I live in the USA and I have fewer hops to these NL servers than to the closest USA server. 

Hello!

We're very glad to inform you that ten new 1 Gbit/s servers located in the Netherlands are available: Andromeda, Canis, Crater, Cygnus, Edasich, Horologium, Hydrus, Musica, Orion and Pyxis..

The AirVPN client will show automatically the new servers, while if you use the OpenVPN client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator").

The servers accept connections on ports 53, 80, 443, 1194, 2018 UDP and TCP.

Just like every other Air server, they support OpenVPN over SSL and OpenVPN over SSH.

As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses.
 
Do not hesitate to contact us for any information or issue.

Kind regards and datalove
AirVPN Team

Hello!

We're very glad to inform you that two new 1 Gbit/s servers located in Singapore are available: Aries and Reticulum.

The AirVPN client will show automatically the new servers, while if you use the OpenVPN client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator").

The servers accept connections on ports 53, 80, 443, 1194 and 2018 UDP and TCP.

Just like every other Air server, Aries and Reticulum support OpenVPN over SSL and OpenVPN over SSH.

As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses.
 
Do not hesitate to contact us for any information or issue.

Kind regards and datalove
AirVPN Team

oh sweet.    and those two dallas servers are at two different datacenters, both different from the other we already had.  very nice.

Bursting and then leveling out at a slower speed is a common trick of ISPs.
 
I propose that many ISPs actually do what they can to make speed tests look quite speedy: Prioritizing that traffic, allowing full speed always (not bursting and then slowing down).  It would be a trivial matter for them.
 
But, since you are using openvpn they can't see what you're doing.  Therefore, they'll treat it like other traffic and allow a short burst at your "up to" speed (or max speed allowed by hardware), then slow it down to what they consider acceptable speeds.
 
Keep in mind that openvpn runs on 1 core only.  If you've got a dual core CPU, with hyperthreading 4 cores, then it makes sense that you'll see 20% overall CPU usage with 1 core pretty much maxed.  Is that what you see?

1. Create bitcoin wallets (here You store Your bitcoins). You don't need account to do so, You very well may create local wallet - best way is create two separate wallets (non anonymous, and anonymous one). I strongly advice to use open source wallets: electrum (windows, linux) and mycelium (ios, android). For example on Your computer create public one, on Your mobile (mycelium) 'anonymous'.
2. Buy some bitcoins via for example virwox: https://99bitcoins.com/buying-bitcoins-with-paypal-a-practical-guide/ However there is a lot services wehre You can but BTC paying locally (credit cards, express bank transfers etc.). Deposit those BTC in Your non-anonymous wallet. You may also try to find Bitcoin ATMs near You: http://www.coindesk.com/bitcoin-atm-map/
3. Transfer to the second wallet via some bitcoin mixer (basically makes bitcoins very hard to track). I wholeheartedly recommend bitmixer.io Here You break link between Your PayPal account, credit card and Your BitCoins.
4. Pay AIR.
5. Profit!
 
best!

Every time news like this comes out, I'm happy to hear that there is more recognition and use of VPNs because of stuff like this, but really it bothers me because once it becomes mainstream, it will become a bigger target for blocks, laws restricting them, etc.

It's for the user's comfort (for example for those users who want to connect OpenVPN over a proxy and want to check whether they have proxy-fied properly or they connect directly).
 
Kind regards

You're not totally right in this point, and not only because a VPS shares the uplink port with an unknown amount of other VPS running in the same host (see below for another important factor).
 
What a VPN service provider based on OpenVPN can do to optimize the throughput once the strongest ciphers for Data and Control channels have been picked consist of many things. Probably the most important ones are:
picking datacenters with redundant bandwidth as well as good transit providers to increase likelihood of good peering with consumers' ISPs avoiding overselling. AirVPN is the only consumers' VPN service in the world that has a transparent policy about the "worst case scenario" of bandwidth allocation, with precisely defined guarantees on minimum allocated bandwidth, and a tool, open to everybody, to verify such commitment configuring correctly the VPN server. Please see here to see how big this challenge is when we start talking about 1 Gbit/s dedicated ports: https://community.openvpn.net/openvpn/wiki/Gigabit_Networks_Linux providing software which tries to optimize parameters on the client side that are not handled automatically by OpenVPN, for example the socket buffers sizes in Windows like Eddie (our free and open source software) does providing software that makes switching protocols and double-tunneling (to circumvent some traffic management or throttling techniques that are nowadays not unusual in most "residential" networks) easy (like Eddie does)  
So the @larky wall of text is funny and informative, but misses (and for this reason reaches some dangerously wrong conclusion when he/she writes "[Quality VPN] they vary some in "features" and client and software used but they are all basically the same.") the most important activities that a good "VPN provider" must perform with due diligence and competence and whose effects are immediately visible, especially when you see the huge difference between a "good VPN" and a "bad VPN" in performance with identical servers in the same datacenters from the very same testing nodes and same ciphers.
 
And this is only about performance optimization. We will save you from the horrors of security settings of some commonly defined "quality VPNs". These settings are another huge field which is key in the competition between different services like ours. Here we wish and we are proud to underline that, contrarily to most (if not all) so called "quality VPNs", we provide free and open source software client for a variety of systems.
 
Kind regards