Jump to content
Not connected, Your IP:


  • Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by Staff

  1. privado wrote: Hello! In the bottom of this message we report the settings for web interface configuration, just in case you wish to try with that again. If you insert the 1st script in the "Startup" section the router will execute it when it boots and will write the openvpn logs in /tmp/openvpn.log. If everything is fine it will also connect automatically to the VPN server of your choice (the one specified in the air.ovpn that you have pasted there). YOUR CLIENT NETWORK SUBNET depends on the configuration of your DSL modem+router. Since it is in full bridge mode but DHCP is enabled, it will provide an IP address to the DD-WRT router. You are in a situation where you have two DHCP servers, one in the DSL m+r, the other in the E2000, and this makes things a little bit more complicated: you must pick IP subnets which do not overlap with each other. You should check that. It might be an address of the type 192.168.1.*, but it is also not uncommon that it might be 192.168.2.*. It all depends on the customization your ISP made to your DSL modem+router, just browse to the web configuration interface of the DSL router and check internal IP and subnet. When you're there, take also note of the internal gateway IP address, you will need it later. So, if the DSL router has internal IP subnet pick for the local IP address of the DD-WRT router. If it is, pick etc. The local IP address must also be set in the "Setup" page, tab "Basic setup" of the E2000. Example: local IP Subnet Mask Gateway . In this tab, also make sure that "DHCP Mode" is set to "Server" and that the "Enable" option is active. a.b.c.d is the IP address of the DSL router gateway. PARAMETERS FOR THE DD-WRT ROUTER WEB INTERFACE Start OpenVPN: Yes Server IP / Name: your favourite VPN server IP address (see the line "remote" in air.ovpn) Port: your favourite port (53, 80 or 443) [this is useful in case your ISP slows down connections on port 443 or 80 UDP] Use LZO Compression: Yes Tunnel Protocol: UDP or TCP [uDP is more efficient, but TCP with its full error-correction is precious when there are connection issues or your ISP throttles UDP connections] nsCertType: Server Public Server Cert: Paste the contents of ca.crt from "------BEGIN CERTIFICATE" to "END CERTIFICATE-----" included Public Client Cert: Paste the contents of user.crt like above Private Client Key: Paste the contents of user.key Save settings. Now, enable ssh connections in the E2000 so that you will be later able to access via ssh to the router for deeper troubleshooting. To enable SSH: - Using the Web Interface, go to the Administration tab. (in v24 use Services tab) - Under the Services sub-tab, Enable SSHd in the Secure Shell section. If new options don't appear, Save Settings - Enable Password Login to enable the password login - Save and Apply Settings Finally, please reboot the router, wait a couple of minutes, check the connection and verify your exit-IP to the Internet (you can see it by connecting to https://airvpn.org and looking at the central box in the bottom of the page). To access the openvpn logs for troubleshooting, login to your E2000 via telnet or ssh port 22. For telnet, default login: root default psw: admin. For ssh, default login: root. telnet ssh > If you use Windows Vista/7, you will need to install telnet from "Programs and features". Or you can download PuTTY which supports both ssh and telnet http://www.putty.org Once you log in the E2000, go to the /tmp dir and print the log. Copy it and please paste it to us, it may be really helpful for troubleshooting: cd /tmp cat openvpn.log Note: if you don't use PuTTY and you have Windows 7/Vista, use the Powershell to have improved screening and copy & paste functionalities. To copy a text inside the powershell, select it with the left mouse button pressed. When you have selected it all, release the left button and click once the right button. The text will be put in the clipboard, ready for pasting. We're looking forward to hearing from you. Kind regards
  2. privado wrote: Hello! Thank you for your feedback. The troubleshooting with DD-WRT routers with any s&t OpenVPN-based VPN provider requires exactly the same information we asked (network configuration, logs). They are necessary to give proper assistance. We will keep on our involvement to make life easier for non-techies, however there are certain minimal technical requirements which are mandatory if someone wants to be serious about privacy and anonymity layers. It's a small price to pay for a greater benefit. Please do not hesitate to contact us for any further information. Kind regards
  3. privado wrote: Hello! Sorry, it was assumed that you were already monitoring the logs. Here are two scripts that may help troubleshoot. They require minimal adjustment to fit your needs and according to your network configuration. If you startup with the 1st script, you'll find the logs in the file /tmp/openvpn.log Also, check that you have enough free memory in the router (8 kB free are enough). You might want to look here for further details: http://www.dd-wrt.com/wiki/index.php/OpenVPN_-_Site-to-Site_routed_VPN_between_two_routers#Client1_Configuration There you'll find how to enable syslog on your router as well. The first script is for the "Startup" section of your router. =========== cd /tmp ln -s /usr/sbin/openvpn /tmp/openvpn echo " [[PASTE air.ovpn HERE]] keepalive 15 60 daemon log /tmp/openvpn.log " > airvpn.conf echo " -----BEGIN CERTIFICATE----- [[PASTE ca.crt CONTENT HERE]] -----END CERTIFICATE----- " > ca.crt echo " -----BEGIN CERTIFICATE----- [[PASTE user.crt CONTENT HERE]] -----END CERTIFICATE----- " > user.crt echo " -----BEGIN RSA PRIVATE KEY----- [[PASTE user.key CONTENT HERE]] -----END RSA PRIVATE KEY----- " > user.key # Create tun0 interface /tmp/openvpn --mktun --dev tun0 ifconfig tun0 10.x.x.x netmask promisc up [MODIFY 'x' - SEE https://airvpn.org/index.php?option=com_content&view=article&id=74&Itemid=141) # Create routes route add -net [[YOUR CLIENT NETWORK SUBNET HERE]] netmask gw a.b.c.d [[FIND ADDRESS ACCORDING TO SERVER YOU CONNECT TO]] # Start openvpn sleep 5 /tmp/openvpn --config airvpn.conf ======================== Script for the "Firewall" section: # Open firewall holes - you might want to modify according to your connection iptables -I INPUT 2 -p udp --dport 53 -j ACCEPT iptables -I INPUT 2 -p tcp --dport 53 -j ACCEPT iptables -I INPUT 2 -p udp --dport 80 -j ACCEPT iptables -I INPUT 2 -p tcp --dport 80 -j ACCEPT iptables -I INPUT 2 -p udp --dport 443 -j ACCEPT iptables -I INPUT 2 -p tcp --dport 443 -j ACCEPT iptables -I FORWARD -i br0 -o tun0 -j ACCEPT iptables -I FORWARD -i tun0 -o br0 -j ACCEPT Looking forward to hearing from you. Kind regards AirVPN
  4. privado wrote: Hello! The optimal solution would be to configure the DSL router in full bridge mode. Currently, does your DSL router use DHCP? And the E2000? Can you please send us the DD-WRT router OpenVPN connection logs to check (you may need to turn on logging)? Kind regards
  5. privado wrote: Hello! To clarify, is the connection of this kind: Your PCs/devices ((())) DD-WRT router----DSL router----ISP ? Does your DSL router use DHCP for LAN? Does it support IP forwarding? When you don't use OpenVPN, is the connection ok? Looking forward to hearing from you Kind regards
  6. privado wrote: Hello! You can find a good tutorial is in the DD-WRT wiki (see the "Client Mode"): '>http://www.dd-wrt.com/wiki/index.php/OpenVPN#Enable_OpenVPN_in_the_Router> If you have any doubt on any parameter to insert, please do not hesitate to contact us or write in the forum. Kind regards AirVPN admins
  7. blakvoid wrote: Hello! We realize it's not uncommon to find DNS leaks under various Windows OS, including Windows 7. DNS leakage means that a DNS query is sent unencrypted outside the tunnel. It is not OpenVPN responsability, it is due to the OS. A DNS leak may happen when the system falls back to the standard DNS for the main interface adapter and does not use the DNS pushed to the TUN/TAP adapter. Therefore your ISP or any "Man In The Middle" could intercept and read the query. "Fallback" may be caused for example by inability of AirVPN to resolve an address (for example if a non-existent url is typed into a browser). In this case there is no particular risk to compromise anonymity, since the ISP or the MITM can see requests to non-existing domain names. Unfortunately, DNS leaks may happen even when a valid name is resolved. Under Windows, DNS queries are sent out by svchost.exe. When you connect to AirVPN, your TUN/TAP adapter will have an address of the type 10.x.*.*, where 4https://airvpn.org/index.php?option=com_content&view=article&id=74&Itemid=141 for more details). With the above information, it's easy to prevent DNS leaks. Use a firewall to block, when connected to an AirVPN server, any outgoing connection by svchost.exe not originating from the TUN/TAP address. The same method may be use to secure any other application (to make sure, for example, that they don't send out data if the connection drops) or to secure all your network so that no data get out when you are not connected to the VPN. According to the firewall you use details may vary, but the principle is the same. In the screenshot you can see an example of DNS leak fix under Windows with the Comodo Firewall using "Network Security Policy" for svchost.exe. Just remember that if you set this firewall rule as general, you will need to drop it when you are not connected to the VPN, otherwise you will not be able to resolve domain names anymore. Please do not hesitate to contact us for any further information. Kind regards
  8. stevevarney wrote: Hello! Probably it's just DNS caching. Try to flush the cache and see if you can get rid of that RoadRunner webpage. There is another chance, though, i.e. when you type in an url which can't be resolved by Air, your system falls back to your default DNS server (check them and change them if it's the case) and sends a DNS query which is unencrypted outside the tunnel. This should be investigated deeply because can weaken significantly the "anonymity layer". Just monitor your connections to discover if it's the case (it can be fixed, it's called "DNS leakage"). Only the TUN interface (there are no privacy compromising info there) to see if the DNS server is correctly pushed in the connection (check yourself, it must be in the IP range of AirVPN net, for example for connections on the 443 UDP). The logs are just fine. Kind regards
  9. stevevarney wrote: Hello! If you are using the AirVPN client you don't need to download any file. Configuration, certificates and private key files are necessary and must be stored in your OpenVPN config directory if you connect directly with OpenVPN. You can obtain all those files (after you log in the website) through the menu "Member"->"Access without our client", choosing server and port and downloading the air.zip package that our system prepares for you. The following information might help us give you proper support: - configuration of your TUN adapter when you are connected to an AirVPN server (you can obtain it by opening a shell and typing "ipconfig /all") - connection log (right-click on the Air dock icon, select "Logs"; a window will pop-up, click on "Copy to clibpboard" then paste on the forum) - result of the test with http://rojadirecta.com (do you see the ICE domain seizure page, or the real RojaDirecta website?) About the host file, please check that there are no anomalous entries. Kind regards AirVPN admins
  10. stevevarney wrote: Hello! This is not normal. Please check your network, DNS (does your system accept DNS push from our server?) and host file settings. Perform a small test too, please: when connected to a VPN server, browse to http://rojadirecta.com. Do you see the ICE domain seizure page, or the real RojaDirecta website? Can you also please send us an OpenVPN connection log? Which OS are you using? Kind regards AirVPN
  11. blakvoid wrote: Hello! Yes, they are shared. Each server has an "entry" and an "exit" IP address. The exit IP address is shared among all those connected to that server. We do offer custom plans which include dedicated, static IP addresses (anyone interested can contact us). However, as you wrote, a shared IP address offers a better protection. Kind regards AirVPN admins
  12. coomandoo wrote: Hello! As you have already stated there can't be any correlation with our service. Kind regards AirVPN admins
  13. Hello! In order to obtain all relevant data about our servers, please use our configuration generator (menu "Member"->"Access without our client"). Kind regards AirVPN admins
  14. Hello! We're very glad to inform you that a new 1 Gbit/s server located in the United States is available: Sirius. The AirVPN client will show automatically this new server, while if you use the OpenVPN client you can generate all the files to access it through our configuration/certificate/key generator (menu "Member"->"Access without our client"). The server accepts connections on port 53, 80 and 443 UDP and TCP and offers a theoretical maximum of 500 Mbit/s per user. It has a 1 Gbit/s dedicated port. As usual, no traffic limits and no logs. Do not hesitate to contact us for any information or problem. Kind regards and datalove AirVPN admins
  15. Hello and thank you! We're glad to hear that the problem has been solved. Please do not hesitate to contact us for any further information. Kind regards AirVPN admins
  16. Hello! AirVPN client v.1.5 for Windows is now available. Changelogs: - Unicode encoding path problem fixed - Added useful information to the tooltip in the tray area - Now shows the "exit-ip" and not the "server-ip" in the "connected" window. - Micro layout fixes AirVPN 1.5 comes pre-packaged with OpenVPN 2.2.1. When you run the client, it will detect if you need an update of your OpenVPN package, and you can decide to authorize it to make the upgrade (or a first installation) automatically or not. Kind regards AirVPN admins
  17. ip133912 wrote: Hello! Thank you for your nice words. Let's hear what you and the other premium members answer to your question. It is an important feedback for us. Kind regards AirVPN admins
  18. blknit wrote: Hello! Thanks. Can you please also check that ufw is disabled, or its status? Kind regards AirVPN admins
  19. blknit wrote: Hello! Probably you have already considered the following, anyway: according to your network configuration, it may be necessary to enable IP forwarding on your box. Usually IP forwarding is disabled by default in the kernels of the distros,, and surely it is disabled in Ubuntu 11.10. You can do that, in order to test, on the fly: echo 1 > /proc/sys/net/ipv4/ip_forward or sysctl -w net.ipv4.ip_forward=1 Looking forward to hearing from you. Kind regards AirVPN admins
  20. balthazett wrote: Hello! Just tested uTorrent running in a Windows client connected to Vega. It works just fine. We tested DHT, connection to some public trackers, initial seeding, dl/ul. Results are satisfactory and consistent with those of any other server. Perhaps something in your configuration blocking Vega IP addresses in uTorrent? Kind regards AirVPN admins
  21. @boom Hello! Can you tell us which version of Windows and .NET framework you're using? If you can connect through the OpenVPN client, the OpenVPN installation is ok. Can you confirm that you're able to connect to the servers with OpenVPN (we are unsure from your message)? Feel free to give as many information as possible, so that the client programmers can support you with more accuracy. Kind regards AirVPN admins
  22. blknit wrote: Hello! Thank you very much for those tests. They show that the problem is not on the VPN server side. We must concentrate on Linux distros. What version of Ubuntu and Arch are you using? Kind regards AirVPN admins
  23. @balthazett Hello! Vega server has a 1 Gbit/s dedicated port, so a 30% usage of Sigma is the equivalent of just 3% usage of Vega. The wrong geolocation of Vega is a Google mistake. Other USA services correctly see Vega IP as from the USA (Pandora, Hulu etc.). We'll investigate on the issue you report about uTorrent connections and keep you posted as soon as possible. Thank you for your feedback! Kind regards AirVPN admins
  24. @2394john Hello! Before proceeding further, can you please test if ports are reachable in the host? For example, if you connect the host to one of the VPN servers, run a torrent client in the host (outside Wine, for example Transmission) and have it listen to port 43612, is it reachable? Just to ascertain or rule out whether it is a problem in TUN/TAPWine port forwarding. It has been possible to determine that the other pf problem reported in the forum is not related to the servers through a particular simulation (however, to perform the simulation we need your authorization, please contact us in private if interested). Looking forward to hearing from you. Kind regards AirVPN admins
  25. DonkNet wrote: Hello! Very well! Glad to hear that. Please do not hesitate to contact us for any further information. Kind regards AirVPN admins
  • Create New...