-
Content Count
10594 -
Joined
... -
Last visited
... -
Days Won
1760
Posts posted by Staff
-
-
@JackParsons
Hello!
Eddie 2.13.6 should run on your system. To download it, on the Linux download page please select "Other versions", click "2.13.6" and the download page will point to that version. Before installing Eddie 2.13.6 please make sure to delete the configuration file (default.xml in older Eddie versions, default.profile in newer version) to avoid incompatibilities of the configuration file due to a downgrade.
If even Eddie 2.13.6 can't run on your system, then you could prepare a configuration file compatible with your OpenVPN 2.3.2:- in the Configuration Generator turn the "Advanced" switch on
- set the "OpenVPN profile" combo box to "2.4"
- select a connection with OpenVPN to entry-IP address ONE (this is essential to avoid tls-crypt, unsupported by 2.3)
- download and use the configuration file as usual
Kind regards
JackParsons reacted to this -
4 minutes ago, John2 said:The issue I'm still unclear with is, why is the 2014 ca.crt still a problem? Using the OpenVPN Utility, I 'Remove all downloaded VPN provider files' and 'Delete user key, password and cert files'. I then create new config files (using your Generator), then run the OPenVPN 'wizard'. Is the 2014 ca.crt not deleted and OpenVPN re-uses it. Or is it embedded in the Config Generator ovpn files?
Hello!
The Configuration Generator is (and was) able to generate either separate files or configuration files embedded with certificates and keys, according to your selection. Therefore it is possible that you have a configuration file embedded with the certificate causing the problem. However, from your previous message, it is also visible that you had an expired ca.crt in ~/Downloads/AirVPN
Kind regards
-
On 12/16/2023 at 9:17 AM, HankSupa said:Any update on this topic?
Hello,
it seems there are no news since March 2023.Latest Action: Senate - 03/07/2023 Read twice and referred to the Committee on Commerce, Science, and Transportation. Source: web site of the Congress of the USA https://www.congress.gov/bill/118th-congress/senate-bill/686/text
Kind regards
-
2 hours ago, John2 said:1. OpenVPN wants a ta.key (presumably to go with the ca.crt?) at service.vpn.manager/Downloads/AirVPN
But 'Advanced' Config Generator doesn't seem to generate that file, instead it generates tls-crypt.key (not sure here??)
Hello!
Please enable "Advanced" mode in the Configuration Generator, pick a connection mode with entry-IP address 1 (one) and check "Split certs/keys from ovpn file". When you generate the configuration you will obtain a ta.key.
The reason is that the obsolete TLS Auth mode and the new TLS Crypt mode are mutually incompatible. In order to keep compatibility with old OpenVPN versions we need to differentiate OpenVPN daemons working on TLS Crypt from those working on TLS Auth. In general, OpenVPN responding on VPN servers entry IP addresses 1 and 2 support TLS Auth, while OpenVPN on entry IP addresses 3 and 4 support TLS Crypt.
More details on the technical specifications page https://airvpn.org/specs2 hours ago, John2 said:2. Switching to WireGuard looks to be a better solution long term, but (unless anyone can point to easy install on Raspberry Pi OSMC??) that also looks like a rabbit hole!
OSMC is a Linux distribution based on Debian and Kodi so installing WireGuard should be a matter of seconds, if it is available in the repos. Since OSMC moved to Bullseye in 2022, you could have WireGuard ready. Try to install it and check.sudo apt install wireguard-tools sudo apt install openresolv
If the installation is successful you can follow the instructions for Linux to set up WireGuard in a minute or so, let us know.
2 hours ago, John2 said:While v much respecting AirVPN staff, the problem looks to be that regular Config Gen is including a now out-of-date ca.crt fil
Of course not! ca.crt was renewed in 2021 with expiration date 2121. Your ca.crt, emitted in 2014 with expiration date 2024, was downloaded before the 2021 renewal. The Configuration Generator has never served an expired certificate.
Kind regards
-
Hello!
It looks like the problem has been solved, we already have a couple of servers approaching 1.5 Gbit/s, can you please confirm?
Kind regards
-
@alanm
Hello!
The problem seems related to TLS Crypt authentication (you connect to an entry-IP address three). You should re-check that you have the correct TLS Crypt key and configuration:- TLS Configuration = Use a TLS Key (checked)
- Automatically generate a TLS Key (unchecked)
- TLS Key = Paste contents of the tls-crypt.key downloaded here
- TLS Key Usage Mode = TLS Encryption and Authentication
- TLS keydir = use default direction
More in general, you're running an indeed obsolete OpenVPN version, please consider to upgrade, or even switch to WireGuard if you like.
@juniormaxxQuoteare there any updated instructions on to set up pfsense with airvpn?
This great guide is very good for pfSense versions running OpenVPN 2.5 and OpenVPN 2.6 with DCO disabled. https://nguvu.org/pfsense/pfsense-baseline-setup/
Kind regards
-
@eltznth
Hello!
Yes, TLS Crypt seems fully supported.- Set the "TLS Control Channel security" combo box to "Encrypt channel"
- Set the "Compression" combo box to "LZO Adaptive"
- Check "Verify certificate"
- Do not enable server certificate verification by name, leave the "Verify server certificate" combo box to "No".
outer ordeals reacted to this -
1 hour ago, John2 said:Does that mean that you are providing an out of date cert?
Hello!
No. ca.crt emitted in 2021 expires in 2121. You have installed a ca.crt downloaded before 2021: up to the renewal in 2021, ca.crt emitted in 2014 expired in 2024, as you have seen.
1 hour ago, John2 said:Can provide more data as needed - thought the problem looks obvious now?? But how to rectify??
Two options:- Please generate a new configuration file in the Configuration Generator with the "Advanced" mode enabled and the "Split certs/keys from ovpn files" checked. Download the generated ca.crt certificate and replace, with it, the old one.
- Alternatively, switch to WireGuard.
-
Hello!
We're not 100% sure, but the "Compression" combo box set to "LZO" could create a problem with "comp-lzo no" directive. Which options do you have available in the "Compression" combo box? If available, please try with "Adaptive" and do not touch "comp-lzo no".
Also check "Verify server certificate".
198.54.134.254 is an entry-IP address #3 where OpenVPN accepts TLS Crypt only. Please double-check that you have (in the proper static key field) pasted the TLS Crypt key (tls-crypt.key). Last but not least, which options do you have in "TLS Control channel security" combo box?
Kind regards
-
Hello!
No maintenance is ongoing on the CZ servers but the anomalous throughput you noticed is real. Sudden bandwidth choking is recorded ever since 1 PM UTC (Apr 10 2024). No flood and no packet loss is ongoing. If the problem does not get solved within 6 hours we will contact the datacenter technicians for support. Please connect to servers outside CZ in the meantime, when you need maximum performance.
Kind regards
-
50 minutes ago, John2 said:user.key and user.crt at service.vpn.manager/AirVPN are new files (i.e. re date/time).
Hello!
Please check ca.crt. From the couple of log lines you sent us we may speculate that you still have an old ca.crt. It's strange because in February 2022 ca.crt was already the new one with expiration on 2121, so we might be missing something here. Is everything fine with Eddie (do not run OpenVPN at all)? Can we see the complete OpenVPN log and can you tell us your exact Operating System name and version?
Kind regards
-
26 minutes ago, eltznth said:4 hours ago, sdjh4dfgez7 said:Hello,
thanks. Now it works again.But the How-to post "Using AirVPN with Tomato" does not work anymore with the settings shown there. Can you please update it?
Thanks and br
You can see it in the initial post. The corrections required are listed in our reply (the message set as "best answer" by the OP). If you still experience problems please post your configuration, similarly to what OP did.
Kind regards
-
1 hour ago, clevoir said:I found that no NTP server had been set up in DD-WRT, once this had been set I was able to gain access OK
Hello!
Excellent, we're glad to know that the cause of the problem was found and that the problem is solved.
1 hour ago, clevoir said:For the bug where the client is showing connected / disconnected, would you recommend updating DD-WRT to the latest version?
In the past, that bug was not critical. Anyway your OpenVPN version is becoming obsolete therefore an upgrade in the near future, with no time pressure now that everything works, is recommended. Newest versions also support WireGuard, which could give you a remarkable performance boost.
The DD-WRT settings you posted in another message could be improved to slightly enhance performance with this router that does not support AES-NI. Try to change the "Encryption cipher" and the first "Data cipher" to CHACHA20-POLY1305 (if available) and check whether performance increases or not.
Kind regards
-
Hello!
You need to re-generate your configuration files through the Configuration Generator available in your AirVPN account "Client Area".
Explanation: https://airvpn.org/forums/topic/58289-openvpn-certificate-has-expired/?do=findComment&comment=231319
Kind regards -
Hello!
Please see here for a possible explanation and easy solution: https://airvpn.org/forums/topic/58289-openvpn-certificate-has-expired/?tab=comments#comment-231319
Kind regards -
@sdjh4dfgez7
Hello!
We see at least one critical error at the moment, "Compression" combo box must be set to "Adaptive", otherwise your "comp-lzo no" directive (which is correct and must not be deleted) will cause a fatal conflict with the "Disabled" setting. Let us know what happens when "Compression" is set to "Adaptive". Note: if "Adaptive" is not available, set it to "Enabled" (then comp-lzo no will disable it during the negotiation).
Also, please check "Verify certificate" and change data-ciphers to AES-256-GCM or CHACHA20-POLY1305.
Kind regards
-
@clevoir
Hello!
We see a date/time problem, when OpenVPN starts the date of the router is still 1970 and it could cause a fatal TLS failure. When the initial packet is received the date seems to be set correctly, but it's unclear whether the previous past date may have already caused a problem, because:
Quote19700101 00:00:32 W WARNING: Your certificate is not yet valid!
Assuming that the problem is not related to date and time, UDP seems blocked, or maybe it's a block against OpenVPN. You're using TLS Auth (correctly to entry-IP address 1) with OpenVPN 2.5. You may change to TLS Crypt and test again (remember to switch to entry-IP address 3 as well). Also switch to TCP if the block persists.
In the last part of the log a notorious bug is visible (the cycle between disconnections and connections according to management). Usually this is not relevant but if you have the option to upgrade please do it. As you can see the date and time is again reset to UNIX 0 after the Client management disconnect/connect cycle, and this could be critical. In any case, the fact that the date is suddenly reset makes a firmware upgrade recommended.
Before upgrading, anyway, please test again but this time make sure to start the connection when the date and time are already set correctly. Please send also a screenshot of all the various settings of the OpenVPN DD-WRT panel.
Kind regards
-
1 hour ago, clevoir said:I am seeing similar issues using DD-WRT too
Hello!
Please post OpenVPN log taken after a connection attempt has failed.
Kind regards
-
1 hour ago, alanm said:Confirmed I am using tls-crypt.key, still no luck.
Hello!
Please post complete log, don't cut it.
Kind regards -
19 minutes ago, juniormaxx said:i've added the new cert information and i still can't connect to the internet.
Log?
Kind regards
-
23 hours ago, korgen said:Laws banning illegal content are NOT censorship
According to this definition there is no censorship at all anywhere enforced by governments, not in North Korea, not in France, not in China...
Please note that your definition is pure fantasy, if not insulting. Censorship is exactly suppression of speech, public communication, or other information subversive of the "common good", or against a given narrative, by law or other means of enforcement. The fact that censorship is enforced by law or by a government body does not make it less censorship. Furthermore, historically censorship was an exclusive matter of some central authority (the first well documented case is maybe the censorship rules to preserve the Athenian youth, infringed by Socrates, for which he was put to death, although the etymology comes from the Roman Office of Censor which had the duty to regulate on citizens' moral practices) and today censorship by governments is predominant. Even In modern times censorship through laws has been and is predominant and pervasive according to Britannica and many academic researches.
Then you can discuss ad nauseam whether censorship by law is "right" or "wrong", whether France's censorship is "better" than China's censorship, but you can't change the definition of censorship, otherwise this discussion will become delirious.
Kind regards
Devante Weary and adrift33 reacted to this -
@alanm
Hello!
The router tries to connect to entry-IP address three, so you'll need tls-crypt.key (if you use ta.key, i.e. the TLS Auth key, the server on entry-IP address three will not respond at all, it will immediately drop the connection). Please verify that you're using the correct key. If it is correct, then you can't reach the server at all. It might be a block against OpenVPN or UDP but please try different servers first.
Kind regards
-
Hello!
Please see here:
https://airvpn.org/forums/topic/58289-openvpn-certificate-has-expired/?do=findComment&comment=231319
Kind regards
-
ANSWERED Checking IPv4 route stuck...
in Troubleshooting and Problems
Posted ...
Hello!
To verify whether it's some block against UDP or not, could you please test a connection over WireGuard and check whether it goes through successfully? To switch to WireGuard:
Kind regards