Jump to content
Not connected, Your IP: 3.238.71.80

Staff

Staff
  • Content Count

    8910
  • Joined

    ...
  • Last visited

    ...
  • Days Won

    1287

Everything posted by Staff

  1. @privado Hello! Now there are no visible errors on the log. During the 4 minutes the E2000 was connected to a VPN server, could you manage to do anything (like pinging some servers...)? Kind regards
  2. whodinni570 wrote: Hello! We're glad to know that the issue has been resolved. We apologize for the inconvenience. About ports significance and TCP - UDP connection difference, please refer to the FAQ available here: https://airvpn.org/index.php?option=com_content&view=article&id=71&Itemid=137 (see "What is the difference between TCP and UDP ports? Which port should I choose?"). According to the Tunneblick wiki, "private configurations are stored in '~/Library/Application Support/Tunnelblick Configurations'. Since these files are all located in the user's Library folder, they must be set up separately for each user. (Note that the "~" in the path indicates the user's home folder; thus the folder is actually located somewhere such as /Users/username/Library/Application Support/Tunnelblick/Configurations. Do not confuse this Library folder with the /Library folder located at the root of the filesystem.) Shared configurations, which can only be Tunnelblick VPN Connection files, are stored in /Library/Application Support/Tunnelblick/Shared. Shared configurations do not need to be set up for each user. (In fact, that's the whole point of sharing them!)" See also http://code.google.com/p/tunnelblick/wiki/cFileLocations You're welcome! Please do not hesitate to contact us for any further information. Kind regards
  3. Hello! The USA server "Sigma" is currently not publicly available. If you need to use an american server, please pick Sirius or Vega. They both can give better performance than Sigma (they have faster hardware and they are on a 1 Gbit/s port instead of Sigma's 100 Mbit/s). Kind regards AirVPN admins
  4. Hello! Ok, problem detected from the logs. You are trying to connect to Sigma server, which is currently not publicly available. We apologize for the inconvenience and we are going to put a warning in the forum right now. For the USA servers, try the connection to Sirius (1 Gbit/s dedicated port server, Virginia) or Vega (1 Gbit/s, Oregon), you should have better performance (Sigma is on a 100 Mbit/s switch). Go to the "Member"->"Access without our client" and generate a new configuration for Sirius or Vega. Let us know if everything is all right. Kind regards
  5. privado wrote: Hello! Several E2000 users claim that the E2000 with DD-WRT is unable to connect to UDP ports via OpenVPN, see thread: http://www.dd-wrt.com/phpBB2/viewtopic.php?p=498189 Might it be that with the other provider you're testing you have connections only on TCP ports? We offer both UDP and TCP connections. It can be worth a try to revert back to your previous semi-working configuration, and try a connection on any of our servers available TCP ports (53, 80 or 443). To do that, change "proto udp" directive in the configuration file, and therefore on the startup script, to "proto tcp" Also, are you able to connect to a VPN server with your PC and E2000, that is not using OpenVPN on DD-WRT, but directly from one of your computers? Kind regards
  6. whodinni570 wrote: Hello! We can confirm you that your account is on premium status, authorized to access all the servers. There was no change of certificates or configurations recently from our side. Did you change anything in your system Tunnelblick configuration? Could you please send us the connection logs? Kind regards
  7. alcrom23 wrote: Hello! Checking your account, it appears that payment from PayPal was first delivered and then frozen after a few hours for a non-explained suspect of unauthorized transfer. From past experience the only thing we can do is to tell PayPal to give you back the money, in order to speed up the process. Kind regards
  8. privado wrote: Hello! Which command line you refer to? If you refer to the startup script, try this basic startup script (when the DSL modem/router is not in the network) and please post again the logs: cd /tmp ln -s /usr/sbin/openvpn /tmp/openvpn echo " [[PASTE air.ovpn HERE]] keepalive 15 60 daemon log /tmp/openvpn.log " > airvpn.conf echo " -----BEGIN CERTIFICATE----- [[PASTE ca.crt CONTENT HERE]] -----END CERTIFICATE----- " > ca.crt echo " -----BEGIN CERTIFICATE----- [[PASTE user.crt CONTENT HERE]] -----END CERTIFICATE----- " > user.crt echo " -----BEGIN RSA PRIVATE KEY----- [[PASTE user.key CONTENT HERE]] -----END RSA PRIVATE KEY----- " > user.key # Start openvpn sleep 5 /tmp/openvpn --config airvpn.conf --fragment <insert here the best value you found> --mssfix Kind regards
  9. scipio wrote: Hello! Can you please make sure that you copied the user.key too? In total there are 4 files that must be copied from within air.zip: the configuration (air.ovpn), 2 certificates (ca.crt, user.crt) and the private key (user.key). We're looking forward to hearing from you. Kind regards
  10. privado wrote: Hello! It's good that the MTU problem has been fixed by --fragment and --mssfix. We gave you a script which configures tun0, not tun1, in promisc mode, because of the previous bridged configuration with the DSL router, which now is not there anymore. Please delete or comment out the following line from the startup script: ifconfig tun0 10.x.x.x netmask 255.255.0.0 promisc up then delete or comment out the following lines from the "Firewall" script: iptables -I FORWARD -i br0 -o tun0 -j ACCEPT iptables -I FORWARD -i tun0 -o br0 -j ACCEPT and check the logs to see what happens. We're looking forward to hearing from you. Kind regards
  11. anonimus1105 wrote: Hello! See, the message with the screenshot and the quoted message just above come both from INSIDE our private network. This necessarily means that your account was normally connected to some VPN server. Check you connection simply browsing https://airvpn.org. Look at the central box at the bottom of the page. If it is green and displays "Connected" then you are connected to some VPN server and you appear on the Internet with exit-IP of that server. Kind regards AirVPN admins
  12. privado wrote: Hello! Your guess about 192.168.1.1 seems correct from the logs. 192.168.1.1 is the default IP address of a DD-WRT router. To be sure, browse the web interface, go to "Setup"-->"Basic setup" and see the IP reported in the "Local IP address" field. About the errors, they are probably related to MTU size. First of all, go to "Basic Setup" again and set the following values (probably they are already set so): TUN MTU Setting 1500 TUN MTU Extra 32 TCP MSS 1450 If they showed different settings, try the connection again after the modification. On the contrary, if those values were already 1500, 32 and 1450 and/or the log still shows errors of that kind, then launch OpenVPN with the --fragment 1000 and --mssfix parameters, i.e. modify the line in the "startup" script which launches OpenVPN in the following way: # Start openvpn sleep 5 /tmp/openvpn --config airvpn.conf --fragment 1000 --mssfix If this fixes the problem, progressively increase those values to 1100, 1200, 1300, ..., 1450 (that is, increase them until the logs show again an error code 91) to determine the optimal maximum segment size (the lower the max segment size is, the worse can be the performance, so this would be fine tuning). Unfortunately, it is in general impossible to conclude in a network what MTU will be at any moment. We're looking forward to hearing from you. Kind regards
  13. anonimus1105 wrote: Hello! You can have one connection per account at a given time. You can use your account on as many computers or devices as you like, but you can't use your account on multiple devices simultaneously. The message you have written comes from inside our private network, therefore you were connected to some AirVPN server when you wrote it. Make sure you have not given to anyone your account name and password. We're looking forward to hearing from you. Kind regards AirVPN admins
  14. privado wrote: Hello! In the bottom of this message we report the settings for web interface configuration, just in case you wish to try with that again. If you insert the 1st script in the "Startup" section the router will execute it when it boots and will write the openvpn logs in /tmp/openvpn.log. If everything is fine it will also connect automatically to the VPN server of your choice (the one specified in the air.ovpn that you have pasted there). YOUR CLIENT NETWORK SUBNET depends on the configuration of your DSL modem+router. Since it is in full bridge mode but DHCP is enabled, it will provide an IP address to the DD-WRT router. You are in a situation where you have two DHCP servers, one in the DSL m+r, the other in the E2000, and this makes things a little bit more complicated: you must pick IP subnets which do not overlap with each other. You should check that. It might be an address of the type 192.168.1.*, but it is also not uncommon that it might be 192.168.2.*. It all depends on the customization your ISP made to your DSL modem+router, just browse to the web configuration interface of the DSL router and check internal IP and subnet. When you're there, take also note of the internal gateway IP address, you will need it later. So, if the DSL router has internal IP 192.168.1.1 subnet 255.255.255.0 pick 192.168.2.1 for the local IP address of the DD-WRT router. If it is 192.168.2.1, pick 192.168.1.1. etc. The local IP address must also be set in the "Setup" page, tab "Basic setup" of the E2000. Example: local IP 192.168.2.1 Subnet Mask 255.255.255.0 Gateway . In this tab, also make sure that "DHCP Mode" is set to "Server" and that the "Enable" option is active. a.b.c.d is the IP address of the DSL router gateway. PARAMETERS FOR THE DD-WRT ROUTER WEB INTERFACE Start OpenVPN: Yes Server IP / Name: your favourite VPN server IP address (see the line "remote" in air.ovpn) Port: your favourite port (53, 80 or 443) [this is useful in case your ISP slows down connections on port 443 or 80 UDP] Use LZO Compression: Yes Tunnel Protocol: UDP or TCP [uDP is more efficient, but TCP with its full error-correction is precious when there are connection issues or your ISP throttles UDP connections] nsCertType: Server Public Server Cert: Paste the contents of ca.crt from "------BEGIN CERTIFICATE" to "END CERTIFICATE-----" included Public Client Cert: Paste the contents of user.crt like above Private Client Key: Paste the contents of user.key Save settings. Now, enable ssh connections in the E2000 so that you will be later able to access via ssh to the router for deeper troubleshooting. To enable SSH: - Using the Web Interface, go to the Administration tab. (in v24 use Services tab) - Under the Services sub-tab, Enable SSHd in the Secure Shell section. If new options don't appear, Save Settings - Enable Password Login to enable the password login - Save and Apply Settings Finally, please reboot the router, wait a couple of minutes, check the connection and verify your exit-IP to the Internet (you can see it by connecting to https://airvpn.org and looking at the central box in the bottom of the page). To access the openvpn logs for troubleshooting, login to your E2000 via telnet or ssh port 22. For telnet, default login: root default psw: admin. For ssh, default login: root. telnet ssh > If you use Windows Vista/7, you will need to install telnet from "Programs and features". Or you can download PuTTY which supports both ssh and telnet http://www.putty.org Once you log in the E2000, go to the /tmp dir and print the log. Copy it and please paste it to us, it may be really helpful for troubleshooting: cd /tmp cat openvpn.log Note: if you don't use PuTTY and you have Windows 7/Vista, use the Powershell to have improved screening and copy & paste functionalities. To copy a text inside the powershell, select it with the left mouse button pressed. When you have selected it all, release the left button and click once the right button. The text will be put in the clipboard, ready for pasting. We're looking forward to hearing from you. Kind regards
  15. privado wrote: Hello! Thank you for your feedback. The troubleshooting with DD-WRT routers with any s&t OpenVPN-based VPN provider requires exactly the same information we asked (network configuration, logs). They are necessary to give proper assistance. We will keep on our involvement to make life easier for non-techies, however there are certain minimal technical requirements which are mandatory if someone wants to be serious about privacy and anonymity layers. It's a small price to pay for a greater benefit. Please do not hesitate to contact us for any further information. Kind regards
  16. privado wrote: Hello! Sorry, it was assumed that you were already monitoring the logs. Here are two scripts that may help troubleshoot. They require minimal adjustment to fit your needs and according to your network configuration. If you startup with the 1st script, you'll find the logs in the file /tmp/openvpn.log Also, check that you have enough free memory in the router (8 kB free are enough). You might want to look here for further details: http://www.dd-wrt.com/wiki/index.php/OpenVPN_-_Site-to-Site_routed_VPN_between_two_routers#Client1_Configuration There you'll find how to enable syslog on your router as well. The first script is for the "Startup" section of your router. =========== cd /tmp ln -s /usr/sbin/openvpn /tmp/openvpn echo " [[PASTE air.ovpn HERE]] keepalive 15 60 daemon log /tmp/openvpn.log " > airvpn.conf echo " -----BEGIN CERTIFICATE----- [[PASTE ca.crt CONTENT HERE]] -----END CERTIFICATE----- " > ca.crt echo " -----BEGIN CERTIFICATE----- [[PASTE user.crt CONTENT HERE]] -----END CERTIFICATE----- " > user.crt echo " -----BEGIN RSA PRIVATE KEY----- [[PASTE user.key CONTENT HERE]] -----END RSA PRIVATE KEY----- " > user.key # Create tun0 interface /tmp/openvpn --mktun --dev tun0 ifconfig tun0 10.x.x.x netmask 255.255.0.0 promisc up [MODIFY 'x' - SEE https://airvpn.org/index.php?option=com_content&view=article&id=74&Itemid=141) # Create routes route add -net [[YOUR CLIENT NETWORK SUBNET HERE]] netmask 255.255.255.0 gw a.b.c.d [[FIND ADDRESS ACCORDING TO SERVER YOU CONNECT TO]] # Start openvpn sleep 5 /tmp/openvpn --config airvpn.conf ======================== Script for the "Firewall" section: # Open firewall holes - you might want to modify according to your connection iptables -I INPUT 2 -p udp --dport 53 -j ACCEPT iptables -I INPUT 2 -p tcp --dport 53 -j ACCEPT iptables -I INPUT 2 -p udp --dport 80 -j ACCEPT iptables -I INPUT 2 -p tcp --dport 80 -j ACCEPT iptables -I INPUT 2 -p udp --dport 443 -j ACCEPT iptables -I INPUT 2 -p tcp --dport 443 -j ACCEPT iptables -I FORWARD -i br0 -o tun0 -j ACCEPT iptables -I FORWARD -i tun0 -o br0 -j ACCEPT Looking forward to hearing from you. Kind regards AirVPN
  17. privado wrote: Hello! The optimal solution would be to configure the DSL router in full bridge mode. Currently, does your DSL router use DHCP? And the E2000? Can you please send us the DD-WRT router OpenVPN connection logs to check (you may need to turn on logging)? Kind regards
  18. privado wrote: Hello! To clarify, is the connection of this kind: Your PCs/devices ((())) DD-WRT router----DSL router----ISP ? Does your DSL router use DHCP for LAN? Does it support IP forwarding? When you don't use OpenVPN, is the connection ok? Looking forward to hearing from you Kind regards
  19. privado wrote: Hello! You can find a good tutorial is in the DD-WRT wiki (see the "Client Mode"): '>http://www.dd-wrt.com/wiki/index.php/OpenVPN#Enable_OpenVPN_in_the_Router> If you have any doubt on any parameter to insert, please do not hesitate to contact us or write in the forum. Kind regards AirVPN admins
  20. blakvoid wrote: Hello! We realize it's not uncommon to find DNS leaks under various Windows OS, including Windows 7. DNS leakage means that a DNS query is sent unencrypted outside the tunnel. It is not OpenVPN responsability, it is due to the OS. A DNS leak may happen when the system falls back to the standard DNS for the main interface adapter and does not use the DNS pushed to the TUN/TAP adapter. Therefore your ISP or any "Man In The Middle" could intercept and read the query. "Fallback" may be caused for example by inability of AirVPN to resolve an address (for example if a non-existent url is typed into a browser). In this case there is no particular risk to compromise anonymity, since the ISP or the MITM can see requests to non-existing domain names. Unfortunately, DNS leaks may happen even when a valid name is resolved. Under Windows, DNS queries are sent out by svchost.exe. When you connect to AirVPN, your TUN/TAP adapter will have an address of the type 10.x.*.*, where 4https://airvpn.org/index.php?option=com_content&view=article&id=74&Itemid=141 for more details). With the above information, it's easy to prevent DNS leaks. Use a firewall to block, when connected to an AirVPN server, any outgoing connection by svchost.exe not originating from the TUN/TAP address. The same method may be use to secure any other application (to make sure, for example, that they don't send out data if the connection drops) or to secure all your network so that no data get out when you are not connected to the VPN. According to the firewall you use details may vary, but the principle is the same. In the screenshot you can see an example of DNS leak fix under Windows with the Comodo Firewall using "Network Security Policy" for svchost.exe. Just remember that if you set this firewall rule as general, you will need to drop it when you are not connected to the VPN, otherwise you will not be able to resolve domain names anymore. Please do not hesitate to contact us for any further information. Kind regards
  21. stevevarney wrote: Hello! Probably it's just DNS caching. Try to flush the cache and see if you can get rid of that RoadRunner webpage. There is another chance, though, i.e. when you type in an url which can't be resolved by Air, your system falls back to your default DNS server (check them and change them if it's the case) and sends a DNS query which is unencrypted outside the tunnel. This should be investigated deeply because can weaken significantly the "anonymity layer". Just monitor your connections to discover if it's the case (it can be fixed, it's called "DNS leakage"). Only the TUN interface (there are no privacy compromising info there) to see if the DNS server is correctly pushed in the connection (check yourself, it must be in the IP range of AirVPN net, for example 10.4.0.1 for connections on the 443 UDP). The logs are just fine. Kind regards
  22. stevevarney wrote: Hello! If you are using the AirVPN client you don't need to download any file. Configuration, certificates and private key files are necessary and must be stored in your OpenVPN config directory if you connect directly with OpenVPN. You can obtain all those files (after you log in the website) through the menu "Member"->"Access without our client", choosing server and port and downloading the air.zip package that our system prepares for you. The following information might help us give you proper support: - configuration of your TUN adapter when you are connected to an AirVPN server (you can obtain it by opening a shell and typing "ipconfig /all") - connection log (right-click on the Air dock icon, select "Logs"; a window will pop-up, click on "Copy to clibpboard" then paste on the forum) - result of the test with http://rojadirecta.com (do you see the ICE domain seizure page, or the real RojaDirecta website?) About the host file, please check that there are no anomalous entries. Kind regards AirVPN admins
  23. stevevarney wrote: Hello! This is not normal. Please check your network, DNS (does your system accept DNS push from our server?) and host file settings. Perform a small test too, please: when connected to a VPN server, browse to http://rojadirecta.com. Do you see the ICE domain seizure page, or the real RojaDirecta website? Can you also please send us an OpenVPN connection log? Which OS are you using? Kind regards AirVPN
  24. blakvoid wrote: Hello! Yes, they are shared. Each server has an "entry" and an "exit" IP address. The exit IP address is shared among all those connected to that server. We do offer custom plans which include dedicated, static IP addresses (anyone interested can contact us). However, as you wrote, a shared IP address offers a better protection. Kind regards AirVPN admins
  25. coomandoo wrote: Hello! As you have already stated there can't be any correlation with our service. Kind regards AirVPN admins
×
×
  • Create New...