Jump to content
Not connected, Your IP: 18.233.223.189

go558a83nk

Members2
  • Content Count

    2076
  • Joined

    ...
  • Last visited

    ...
  • Days Won

    37

Reputation Activity

  1. Like
    go558a83nk reacted to SumRndmDude in pfSense/OpenVPN   ...
    Nothing is more frustrating or satisfying simultaneously than answering your own questions. Apologize for another thread clogging up the forums unnecessarily, but I had been at this for a while and saw no mention of the issue. Turns out that pfSense's OpenVPN wizard for creating a server puts the allow inbound traffic firewall rule on the main OpenVPN tab, rather than the actual newly created server's LAN. So it was hijacking all traffic on any interface or LAN using OpenVPN, including my AIr connections. As many times as I had plugged away at this issue, I only just now realized it did that. Moving it over to the actual server's LAN resolved it.

    FWIW, I appreciate the reply to at least say you had read my question.
  2. Thanks
    go558a83nk got a reaction from rkid in Router recommendations   ...
    Solid wifi performance does not equal solid openvpn performance.

    If you want good openvpn performance get the asus AC86 (eighty six) and install Merlin firmware.  It's got an AES-NI CPU so it'll rock openvpn.
  3. Confused
    go558a83nk reacted to Hoox in How To Set Up pfSense 2.3 for AirVPN   ...
    I did a new install in pfsense 2.4.5 following this guide. Everything looks good, but I cant seem to get ip from DHCP server on VLAN20 (VPN).
    This is from the log:
    Jul 4 14:22:09 dhcpd   DHCPOFFER on 10.0.20.100 to 94:de:80:f8:59:d4 (VPN-PC) via igb2.20 Jul 4 14:22:09 dhcpd   DHCPDISCOVER from 94:de:80:f8:59:d4 (VPN-PC) via igb2.20 So it seems like the DHCP server sees the client and offer an IP in the correct subnet, but there is no DHCPACK from the client afterwards. I tried with different machines also. 
    Other VLANs works fine. Clients gets IPs.
    Something I forgot for VLAN20? Some firewall rule?
  4. Like
    go558a83nk reacted to MrFricken in Guide - Configure pfSense VLAN with IPv6   ...
    I just added in IPv6 support on my pfSense box, using AirVPN and a VLAN. Note that I already had the VPN VLAN setup and working correctly with IPv4, so this guide is only about what needed to be changed to add in IPv6 support.
     
    Recently, AirVPN has implemented IPv6 across their servers. Provided you are running a recent version of OpenVPN (>= 2.4), and you adjust your client configuration properly, you will be assigned an IPv6 address along with the typical IPv4 address.
     
    In my setup, I’m using pfSense as my firewall / router, and have several VLANs configured for various purposes. One of these VLANs is specifically for VPN usage.
     
    So the question becomes, how to take the single IPv6 address assigned from AirVPN and make it usable on a VLAN, for multiple hosts. This setup is severely sub-optimal, as IPv6 was designed to avoid NAT (there are what, 3.4x10^38 available addresses?). Given that the design of the protocol and AirVPN’s implementation are at odds, there are some problems that you will encounter. The most annoying being that browsers don’t want to use your IPv6 address, and you will continue to use IPv4, despite having everything setup “correctly.” It may be possible to overcome this with some per-host modifications (on Linux, look to /etc/gai.conf), but that is perhaps not maintainable in the long run.
     
    This problem stems from the fact that the address Air is providing is a Unique Local Address (ULA), which, by definition, is not globally routable. This address gets translated at Air’s servers into a normal, globally routable, address. But what the software on your machine sees is a ULA, and since that isn’t a globally routable IP address, the software will prefer the IPv4 address, where it is understood that NAT will probably be used.
     
    Given this implementation, I am not convinced it is worth it to setup IPv6 in this type of configuration.

    Having said all that, here is how I configured things to get IPv6 “working” with AirVPN on a pfSense VLAN:
     
    1: Get an IPv6 address from AirVPN
    Assuming you are running a recent release of pfSense, you should have the necessary OpenVPN version for this to work (I’m on pfSense 2.4.4, which is using OpenVPN 2.4.6).
    Go into your OpenVPN client configuration and
    set “Protocol” to “UDP IPv4 and IPv6 on all interfaces (multihome)”
    scroll down to “Custom options” and make sure you have these 2 lines:
    push-peer-info;
    setenv UV_IPV6 yes;
    Save, and possibly restart the service. You should now have both IPv4 and IPv6 addresses assigned to your VPN connection
     
    2: Create a new Gateway
    I can’t remember if the gateway was automatically created at this point. If not, Add a new gateway. If one was auto created, edit it. Then
    Make sure Interface is set to the VPN
    Address family is IPv6
    Give it a name (VPN1_WAN_IPv6 in my case)
    I’ve left everything else at default settings, then set a description, and
    Save and reload
     
    3: Modify your VPN VLAN
    From the “Interfaces” menu, select your VPN VLAN entry, then
    Set “IPv6 Configuration Type” to “Static IPv6”
    Scroll down to the “Static IPv6 Configuration” section and set an address and prefix.
    I chose a “random” ULA (FDxx:xxxx:xxxx:10::1). Obviously, choose hex characters in place of the “x”s and the “10” matches my vlan number. Set the prefix to /64
    Leave the “use IPv4 connectivity” unchecked and the gateway set to “None”
    Save and reload
     
    4: Configure Router Advertisements and/or DHCPv6
    From the “Services” menu, select “DHCPv6 Server & RA” - then choose your VLAN. In my setup, I’m not bothering with DHCP, just using SLACC, so I go directly to the “Router Advertisements” tab.
    Set Router Mode to unmanaged
    Priority to Normal
    You may choose to put your IPv6 DNS server into the DNS configuration section (I believe Air’s server is fde6:7a:7d20:4::1
    Leave everything else as is (blank)
    Save and reload
     
    5: Set NAT Rules
    From the “Firewall” menu, select “NAT”, then go to the “Outbound” tab
    Click the second “Add” button
    Set “Interface” to your VPN gateway
    “Address Family” is “IPv6”
    Source type is “network”
    Source network is the ULA you setup earlier (“Fdxx:xxxx:xxxx:10::/64”) I did this using an alias.
    Note that the subnet drop down doesn’t list anything above a /32 (it’s meant for IPv4), so I left it at /32. Seems to work anyway.
    The Translation Address should be set to “Interface Address”
    Add in a description, if you wish, and
    Save and reload
     
    6: Set Firewall Rules
    From the “Firewall” menu, select “Rules” and then the appropriate VLAN tab
    Click the second “Add” button
    “Action” is “Pass”
    “Interface” is your VLAN
    “Address Family” is “IPv6”
    Set the rules appropriately for your situation. In my case, just to get things working, I set
    “Protocol” to “Any”
    “Source” to “[VLAN] net”
    Click the “Display Advanced” button
    Scroll down to “Gateway” and select your previously configured VPN IPv6 gateway
    Save and reload
    NOTE: Be sure to move the rule you just created into the correct spot in your rules list! Remember, the rules are checked in order, so if you have a deny rule above your new pass rule in the list, it won’t work.
     
    At this point I rebooted pfSense and my VPN client machine. I now have an IPv6 address, assigned from the ULA block I setup. Visiting https://ipleak.net shows I have both IPv4 and IPv6 connectivity. Going to https://test-ipv6.com gives me a 10/10, but with the note that the browser is avoiding using the IPv6 address. See the note from AirVPN Staff about this: https://airvpn.org/topic/25140-the-issue-your-browser-is-avoiding-ipv6/
     
    Hopefully this is helpful to someone out there.
     
    MrFricken
     
     
     
     
     
     
  5. Like
    go558a83nk reacted to Thrace in AsusWRT - OpenVPN Port Forwarding   ...
    Thanks for your time.
    I have added iptables rules and all good now

    I had entware at my stock asus router system for deluge torrent.
    I guess i can run a script at router boot with entware to add those iptables.

    Cheers

    Edit: I accomplished to add those iptables rules automatically after boot at stock AsusWRT.
    So now my router forwards my AirVPN opened ports to my PC.

    I had a 2 day trial to test it out.
    And few mins ago i purchased for 3 years

    Thanks again.
  6. Like
    go558a83nk reacted to NoiselessOwl in Wireguard response from Mullvad   ...
    This is, again, subjective. WireGuard don't have TCP protocol support, it only use UDP protocol to transmit (according to WireGuard's website). The problem with it is that UDP tend to be blocked often than TCP. K-12 and Higher Education Institutions usually have their network to block UDP and some ISPs put a block on UDP as well. It is worthless to use WireGuard if the network have UDP blocked. WireGuard will not be a new king on platforms if it doesn't support plethora of protocol. On the other hand, OpenVPN have ranges of protocol it can use to transmit which make it versatile to use. 
  7. Like
    go558a83nk reacted to Staff in AirVPN 10th birthday celebrations   ...
    Hello!

    Today we're starting AirVPN tenth birthday celebrations!
     
    From a two servers service located in a single country providing a handful of Mbit/s, the baby has grown up to a wide infrastructure in 22 countries in three continents, providing now 240,000+ Mbit/s to tens of thousands of people around the world.

    In 2019 and 2020, software development enhancement has paid off: now AirVPN develops on its own an OpenVPN3 forked library which resolves various problems from the main branch and adds new features. The library is used in Hummingbird, a free and open source software for Linux and Mac, known for its speed and compactness, in Eddie Android edition and in a new software which will be announced in June. Hummingbird has been released even for ARM based Linux devices, and runs fine for example in Raspberry PI.

    Eddie Desktop edition has been extensively rewritten to improve performance, reliability and security. Now anything not related to the user interface is written in C++ and a lot of security hardening has been implemented. Total compatibility with macOS Catalina, Windows 10 and latest Linux distributions has been achieved, and specific packages for various, widespread Linux distributions are available for easier installation.

    Eddie can act as a GUI for Hummingbird in Linux and Mac, while in Windows, Eddie can also be easily configured to run OpenVPN 2.5 with the wintun driver to achieve remarkable OpenVPN performance boost and put Windows on par with other systems OpenVPN throughput ability. Furthermore, the wintun driver resolves various problems which affected TAP-Windows driver.

    Development for OpenBSD and FreeBSD has been unfortunately re-planned but we're glad to announce here that it will continue, starting from summer 2020.

    All AirVPN applications and libraries are free and open source software released under GPLv3.

    We think that it's somehow surprising that AirVPN not only survived, but even flourished for 10 years, in an increasingly competitive market and increasingly privacy hostile environment.

    No whistles and bells, no marketing fluff, no fake locations, no advertising on mainstream media, a transparent privacy policy, no trackers on the web site or in mobile applications, no bullshit of any kind in our infrastructure to sell your personal data to any personal data merchant, and above all a clear mission that is the very reason which AirVPN operates for https://airvpn.org/mission , are probably, all together, the factors which allowed such a small "miracle" and maybe make AirVPN unique.

    Thank you all, you users, customers, members of the community, moderators, developers: the small "miracle" happened because of you, because you saw something in AirVPN.

    Kind regards and datalove
    AirVPN Staff
     
  8. Like
    go558a83nk got a reaction from Lee47 in pfsense 2.4.5 on qotom Q375G4 with AirVPN and Virgin Media   ...
    those are old settings.  AES-256-GCM is faster. and SHA512 is for tls-crypt configs.

     
  9. Like
    go558a83nk reacted to sudoopenvpn in Wireguard response from Mullvad   ...
    Quite perplexed by the use of the wg protocol, to be honest. I can say that I saw good speeds with a debian iso but that was something out of the ordinary. IVPN, a provider praised for their speeds, has been nothing but a bummer for me. Torrents are around 7MB/s and with another I am at 20 MB/s. On IVPN I used wg and on the other it was ovpn.

    But I cannot say that I don't understand the hype that wg goes through. But for me it is ovpn all the way. If you look at all the security issues and how providers are supposedly "fixing" them, I can only walk around with a huge question mark over my head. Why's wg needed anyway? What can it do that ovpn cannot do for us privacy minded folks? Why "fix" it when ovpn is still working as intended and always has? Surely, you wouldn't try to apply the use-case of an Volkswagen to an F1 car. With that said, I always liked AirVPN's approach to wg and that AirVPN kept prioritizing ovpn over wg.

    Anyway, everybody can do as he likes, I for one will stick to ovpn in the meantime.
     
  10. Thanks
    go558a83nk got a reaction from deguito18090 in IPLeak show only one DNS   ...
    not at all.  what that's showing, and it's normal when using openvpn GUI on windows, is that when you use openvpn GUI instead of Eddie you have a DNS leak which is ruining some of the privacy you gain by using a VPN.

    you want just the one (or two with ipv6) airvpn servers showing up as DNS servers.
  11. Thanks
    go558a83nk got a reaction from bluesjunior in WINTUN replacement for Windows TAP driver   ...
    yes, without the quotes
  12. Like
    go558a83nk reacted to Clodo in WINTUN replacement for Windows TAP driver   ...
    Hi to all, the latest Eddie 2.18.8 experimental released today, works with wintun, please test if interested.

    Go to https://openvpn.net/community-downloads/, at bottom "OpenVPN 2.5_git wintun technology preview", click the "here" link and install.
    If you already have the right "openvpn.exe", use it directly: Eddie will install the wintun driver when needed, and also create the adapter.

    Eddie -> Settings -> Advanced -> OpenVPN Custom Path -> choose your "openvpn.exe" from 2.5, if already installed probably it is "C:\Program Files\OpenVPN\bin\openvpn.exe".

    At this point, Eddie will use OpenVPN 2.5 (but still with standard TUN driver).

    Eddie -> Settings -> OVPN directives -> Custom directives, add "windows-driver wintun".

    At this point, Eddie will use the OpenVPN 2.5 with the newest Wintun driver.
  13. Like
    go558a83nk reacted to arteryshelby in SARS-CoV-2: precautionary measures taken by AirVPN   ...
    Please stay healthy everyone!
  14. Thanks
    go558a83nk reacted to Staff in SARS-CoV-2: precautionary measures taken by AirVPN   ...
    Hello!

    We would like to inform you that we have made every effort to ensure AirVPN full and efficient operation during the pandemic caused by SARS-CoV-2.
     
    In order to reduce hazard and safeguard health, AirVPN staff and personnel work exclusively from home and worked from home well before the current situation appeared clearly as a pandemic Each member has a landline and one or more mobile lines, when possible in different infrastructures, to maximize likelihood to stay connected to the Internet 24/7 AirVPN system is more efficiently automated and basic functioning requires no manual interventions, even for several months (if kernel upgrades hadn't been necessary, we would have had servers uptime of 4 years or more) AirVPN inner staff members have now overlapping competences. Therefore if a key member, including a founder, is forced to stop working, the other ones can carry out his/her functions Emergency funds already secured in the past in different facilities as well as banks remain unaltered and ensure AirVPN financial health for a very long time even in very harsh scenarios. However, we would like to assure you that they are not needed at all currently, quite the contrary. In the last 10 days we have experienced a substantial increase in the growth of our customer base We have been informed by our most important partners and providers of housing and hosting in Europe, America and Asia they they are, and expect to, remain fully operational
    Kind regards
    AirVPN Staff

     
  15. Like
    go558a83nk got a reaction from Lee47 in WINTUN replacement for Windows TAP driver   ...
    Interesting thing I came across.  Surprised to see no talk of this in the forum yet.

    https://lists.zx2c4.com/pipermail/wireguard/2019-September/004580.html
  16. Like
    go558a83nk got a reaction from Stan464 in Which is better for Pfsense setup?   ...
    Yes, even the i3 should be plenty.  Just be sure to enable cryptographic hardware here /system_advanced_misc.php and then select that hardware in your openvpn config you create.  Then AES-NI plus whatever else is on the CPU is in use.
  17. Haha
    go558a83nk got a reaction from Stan464 in pfsense support   ...
    this has to be a joke.
  18. Like
    go558a83nk reacted to Staff in New country: Estonia - New 1 Gbit/s server available   ...
    Hello!

    We're very glad to inform you that a new 1 Gbit/s server located in Tallinn (EE) is available: Alruba.

    The AirVPN client will show automatically the new server; if you use any other OpenVPN client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator").

    The server accepts connections on ports 53, 80, 443, 1194, 2018 UDP and TCP.

    Just like every other "second generation" Air server, Alruba supports OpenVPN over SSL and OpenVPN over SSH, TLS 1.2 and tls-crypt.

    Full IPv6 support is included as well.

    As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses.

    You can check the server status as usual in our real time servers monitor:
    https://airvpn.org/servers/alruba

    Do not hesitate to contact us for any information or issue.

    Kind regards and datalove
    AirVPN Team
  19. Like
    go558a83nk reacted to Air4141841 in pfsense support   ...
    more bandwidth for me on my pfsense box
  20. Like
    go558a83nk got a reaction from Survival in PFsense + STunnel Setup?   ...
    Yes
    Some people find it works in places where only SSL would work previously.
    Yes.  You must connect to entry IP 3 or 4, use SHA512 for auth digest, and of course use the TLS encryption and auth setting for the TLS key
  21. Like
    go558a83nk got a reaction from OpenSourcerer in Please Fix this Website   ...
    At least once a day I get the "our tubes are clogged" message.  No other website I visit is as unreliable as this one.  When it is down I can't get to my client area to configure my VPN.  So, it is important that the website is working.

    What's more, no other web site I frequent is as slow to respond as this one as I browse through the forum.  I can literally check on other forums in the time I'm waiting for this site to respond.

    All this is while using AirVPN VPN servers.

    Thanks for your attention.
  22. Like
    go558a83nk reacted to LevS in WINTUN replacement for Windows TAP driver   ...
    Please be aware that wintun support functionality has been reviewed and merged into openvpn master. You can get latest snapshots from https://build.openvpn.net/downloads/snapshots/. 
    For example, this is the current latest build.

     
  23. Thanks
    go558a83nk reacted to Staff in Please Fix this Website   ...
    Hello!

    Our web site is very frequently and heavily flooded and we have reached, we think, a good balance between flood protection and web site usability. We will keep trying to improve it in order to make things better and keep the web site accessible even in those cases it is still not, without adding annoying barriers and permanent blocks. It must be said that usually you don't even see when a flood is ongoing, except for some sluggishness in loading pages, but at the same time of course anything can be made better in general. It is also true that flood events have become more frequent in the last month.

    Furthermore, we will also verify whether some of the interruptions you mention are really caused by floods or by something else.

    Kind regards
     
  24. Like
    go558a83nk reacted to OpenSourcerer in Please Fix this Website   ...
    I can confirm this. The website has some flow-breaking bugs which affect reliability. Sometimes this message appears after writing long post texts, rarely quite suddenly when moving to first unread posts. The funny part is: If I remove the comment thing in the URL, it loads normally.
    One user also experienced it when he/she wanted to download a generated profile but Safari instead downloaded the error HTML page. Then that user asked in the forums why he/she couldn't import the profile.
  25. Like
    go558a83nk got a reaction from OpenSourcerer in Please Fix this Website   ...
    At least once a day I get the "our tubes are clogged" message.  No other website I visit is as unreliable as this one.  When it is down I can't get to my client area to configure my VPN.  So, it is important that the website is working.

    What's more, no other web site I frequent is as slow to respond as this one as I browse through the forum.  I can literally check on other forums in the time I'm waiting for this site to respond.

    All this is while using AirVPN VPN servers.

    Thanks for your attention.
×
×
  • Create New...