Staff

Hi, actually there's a guide: https://airvpn.org/topic/9549-guide-to-setting-up-vpn-just-for-torrenting-on-windows-thanks-to-nadre/ see section "Routing Table Change to Block Outgoing Native Traffic" It does not depend on firewall. Kind regards

Hello, you need to edit your hosts file because the Air client needs airvpn.org resolution (when your system is disconnected from the VPN, it can't resolve names via DNS, because 10.4.0.1 and 10.5.0.1 are private IP addresses). Add the lines: 95.211.138.143 airvpn.org 212.117.180.25 airvpn.org Kind regards

@NaDre Hello, it was explained here: Kind regards

@stefeman You're typing the wrong file name, please type the correct file name. If in doubt issue command "ls" to see the list of the files in the current directory. Press TAB for auto-completion help while typing the filename. Kind regards

Hello, it's difficult to say something useful without logs, anyway try to install configuration files by keeping one and only one configuration per folder. Make sure to rename the folder with a ".tblk" extension only AFTER you have pasted the .ovpn configuration file inside it. Kind regards

@johndough Yes. Just to explain more to the readers, the client, without any server co-operation, can either disable TLS renegotiation (NOT recommended at all) or set any TLS re-keying period NOT HIGHER than the server setting. It's not possible that the client set a TLS re-negotiation (if active) to more than the time value set on the server. Our servers are set to 60 minutes, so you can't have TLS re-negotiations higher than 60 minutes. Kind regards

Hello, there is a GMail option to disable that warning and allow any IP address, and even an option to authorize certain IP addresses (so you could put there the exit-IP addresses of the VPN servers you connect to). Please consult the GMail guides at your convenience. Once you have authorized an IP address, it will be authorized regardless of the device you use to access the mail server. Kind regards

Hello, the unsolvable problem for NSA in this case is that our customers client keys for OpenVPN Data Channel encryption are re-negotiated at each new connection AND every 60 minutes (essentially the core of Perfect Forward Secrecy). Customers can also lower the TLS re-keying interval on the client side. Kind regards

Hello, these log entries: show that there was no communication between your node and the VPN server: no routing to the server was possible. Kind regards

Hello, please run the PortListener and report the server names where you experience the problem at your convenience. Kind regards

@tangomega Ok, it was wrongly understood that OpenVPN was running in a DD-WRT router. Our fault, you were very clear in your description. Your idea on how to fix the issue is just fine, please see also here: http://wandin.net/dotclear/index.php?post/2009/01/08/OpenVPN-MTU-Size http://openvpn.net/archive/openvpn-users/2004-11/msg00044.html Alternatively, just connect over TCP, but this might not be the ideal solution due to performance hit. Kind regards

Hello, if the client does not notify the server about a disconnection on UDP, the server has absolutely no way to know that the client disconnected. In this case, you will need to wait for the inactivity timeout (normally 60 seconds) to be authorized to re-connect or click the button "Disconnect Now" from your control panel. Kind regards

Hello, CPU load is normal. Routers CPU do not have built-in AES commands and their processing power is low, if compared to nowadays desktop and laptop computers. The limit for a typical consumer's router CPU to encrypt and decrypt on the fly AES-256-CBC is 7-10 Mbit/s total throughput (AES-256-CBC is the cipher of our OpenVPN Data Channel). Some fragmentation may be perfectly normal, as long as it does not impact performance. Since you already reach the maximum theoretical throughput peak allowed by your router processor, you probably have nothing to worry about. Kind regards

Hello, are you using network-manager? It might have problems in resolving host names. If it's the case, re-generate the configuration in the following way: - click "Advanced Mode" - in the "Advanced" table, tick "Resolved hosts in .ovpn file" and "All servers for area region" Re-generate and re-download. it should fix the problem. Kind regards

Hello, thank you very much for the information. We'll check it out and update the thread. Kind regards

Hello, can you please try again now? Kind regards

Hello, the only problem in the infrastructure is that Bootis is down. Can you please send us your client logs at your convenience? Kind regards

Hello, you can do it through policy routing, supported by DD-WRT. In DD-WRT, once it is connected to an OpenVPN server, you can decide which devices must be tunneled and which not. Kind regards

Hello! IPv6 will be fully supported in the future. Kind regards Any update on ipv6 support? Thanks Hello, no update at the moment. Kind regards

Hello, if you have resolvconf installed please see here: https://airvpn.org/topic/9747-dns-problem-can-only-connect-to-airvpnorg/?do=findComment&comment=11334 If you don't and you wish to install it: sudo aptitude install resolvconf If you don't want resolvconf package, just edit (as root) /etc/resolv.conf and add as first nameservers 10.4.0.1 and 10.50.0.1: nameserver 10.4.0.1 nameserver 10.50.0.1 Kind regards

Hello, just run OpenVPN as a Windows service. See here for details: http://openvpn.net/index.php/open-source/documentation/install.html (look for "Running OpenVPN as Windows service"). Use the configuration file(s) generated by our Configuration Generator, as usual. Kind regards

Hello, apart a couple of disconnections, the logs do not show any problem related to connection itself or DNS push. Try to force 10.4.0.1 as primary DNS of your physical (WiFi and/or Ethernet) network interface, it might fix the issue. Kind regards

@StudentStumps So your system is not handling correctly DNS. Assuming it's some Linux distribution, do you have resolvconf or openresolv installed or not? Kind regards

Hello, it seems that the TOR proxy is either not running or not listening to port 9050, can you please check? Latest TOR proxy bundled in the TBB listens to SocksPort 9150 by default. Kind regards

Hello, more probably it's just a DNS problem. uTorrent does not need DNS resolution to work properly, so (if you have a DNS problem) the programs that need DNS resolution will not work properly, while those that do not need it will. Anyway all of them would be tunneled, if the VPN connection has been established properly. In order to check, verify and fix all of the above, can you please send us your client logs and tell us your computer OS? Kind regards