Search the Community

It's a new feature in OpenVPN 2.4, for more privacy and can also help with censorship circumvention in some cases. https://github.com/OpenVPN/openvpn/blob/master/Changes.rst Can AirVPN implement this?

As the title says, I'm trying to connect to AirVPN via OpenVPN on Linux but can't. I recently updated to OpenVPN 2.4.0, but it has worked since the update. I generated a config file with no separate keys/certs and ran `sudo openvpn /path/to/air.ovpn`, but this happened: Sat Dec 31 23:26:05 2016 OpenVPN 2.4.0 x86_64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Dec 28 2016 Sat Dec 31 23:26:05 2016 library versions: OpenSSL 1.0.2j 26 Sep 2016, LZO 2.09 Sat Dec 31 23:26:05 2016 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Sat Dec 31 23:26:05 2016 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Sat Dec 31 23:26:05 2016 TCP/UDP: Preserving recently used remote address: [AF_INET]71.19.249.195:443 Sat Dec 31 23:26:05 2016 Socket Buffers: R=[212992->212992] S=[212992->212992] Sat Dec 31 23:26:05 2016 UDP link local: (not bound) Sat Dec 31 23:26:05 2016 UDP link remote: [AF_INET]71.19.249.195:443 Sat Dec 31 23:27:05 2016 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Sat Dec 31 23:27:05 2016 TLS Error: TLS handshake failed Sat Dec 31 23:27:05 2016 SIGUSR1[soft,tls-error] received, process restarting Sat Dec 31 23:27:05 2016 Restart pause, 5 second(s) Sat Dec 31 23:27:10 2016 TCP/UDP: Preserving recently used remote address: [AF_INET]71.19.249.195:443 Sat Dec 31 23:27:10 2016 Socket Buffers: R=[212992->212992] S=[212992->212992] Sat Dec 31 23:27:10 2016 UDP link local: (not bound) Sat Dec 31 23:27:10 2016 UDP link remote: [AF_INET]71.19.249.195:443 ^CSat Dec 31 23:27:15 2016 event_wait : Interrupted system call (code=4) Sat Dec 31 23:27:15 2016 SIGTERM received, sending exit notification to peer Sat Dec 31 23:27:20 2016 SIGTERM[soft,exit-with-notification] received, process exiting My internet works fine, to my knowledge. I can access the internet normally with no problems. This problem affects my phone, desktop, and laptop; all 3 get the same timeout error.

I am running a headless ubuntu server v16.04 on raspberry pi, everything works fine. Now I am trying to setup openvpn client with AirVpn, can anybody provide some instructions on how to do it ?

I am trying to use AirVPN to SSH into a computer. How do I do this? I have tried the .sh file I got from the SSH tutorial, but when I try to connect to the computer running it, I can never log in (permission denied). Trying to use OpenVPN as root with the .ovpn file caused errors about not being able to connect.

My phone is connected to AirVPN via OpenVPN for Android. Most websites are fooled by the VPN, but when I ask google directly (OK Google), it shows my actual IP address. I do not have this issue on my PC. What can I do about this? Thanks in advance.

Initially you should have router with Padavan's firmware with OpenVPN client enabled. The main page of the firmware is https://bitbucket.org/padavan/rt-n56u There is also script Prometheus, which was developed to simplify compilation process and to expand the list of supported devices http://prometheus.freize.net Login to your router via web-interface. By default it has LAN-address 192.168.1.1 Go to VPN Client item of main menu with corresponding link http://192.168.1.1/vpncli.asp#cfg (http://my.router/vpncli.asp#cfg). Toggle the switch "Enable VPN Client", after that fill forms as shown on Scr1.png You can use servers, specified in OpenVPN configuration files with extension "ovpn". Download configuration files needed for OpenVPN connection via tool on the link https://airvpn.com/generator Choose "Linux", and further options. Notice, that there is amount of different options like country, protocol, and port number. In the result you get one or more OpenVPN configuration files with extension "ovpn", possibly in archive. File name in the archive defines country or region, number, protocol and port. For example, consider the file "AirVPN_America_UDP-443.ovpn" "America" means America, "UDP" means UDP protocol, and "443" means port number. We will use this file for example, other files are treated similarly. The string, containing server address, begins with the word "remote". In the example it is "remote america.vpn.airdns.org 443". The last numerical value is port number. On the screen the example of UDP-protocol is shown. To use TCP-protocol change fields "Port" to corresponding value of port number and "Transport" to TCP. Protocol is also specified in the string beginning from "proto". You can leave OpenVPN Extended Configuration, you can also comment the line "ns-cert-type server" with leading "#". Go down and fill forms as shown on Scr2.png, and press "Apply" button. In the example there is option not to obtain DNS from VPN-server. It is assumed, that WAN of router was configured to use OpenDNS (208.67.222.222, 208.67.220.220) or GoogleDNS (8.8.8.8, 8.8.4.4). Also there is option to specify DNS for LAN clients (Advanced Settings -> LAN -> tab DHCP server, http://192.168.232.1/Advanced_DHCP_Content.asp, http://my.router/Advanced_DHCP_Content.asp). However you can set this option to obtain DNS from VPN-server ("Add to existing list" or "Replace all existing"). Pay special attention to the item Restrict Access from VPN Server Site. The item controls access to router from Internet via tunnel. The safest option as shown on Scr2.png is Yes, block all connections (site is foreign). If you choose No (Site-to-Site), using NAT translation, TOTAL ACCESS TO ROUTER INCLUDING MANAGEMENT - HTTP, HTTPS, AND SSH WILL BE GRANTED FROM INTERNET VIA TUNNEL. Go to the tab "OpenVPN Certificates & Keys" with corresponding link http://192.168.1.1/vpncli.asp#ssl (http://my.router/vpncli.asp#ssl), and copy content between tags "<ca>" and "</ca>" to the field "ca.crt", content between tags "<cert>" and "</cert>" to the field "client.crt", content between tags "<key>" and "</key>" to the field "client.key", content between tags "<tls-auth>" and "</tls-auth>" to the field "ta.key", and press "Apply" button, as shown on Scr3.png Tags are always excluded from contents. Now your router should successfully connect to VPN-server. You can check it by the white word "Connected" in the green rectange to the right of VPN-server address on VPN Client item of main menu with corresponding link http://192.168.1.1/vpncli.asp#cfg (http://my.router/vpncli.asp#cfg), as shown on Scr1.png You can also visit site, displaying your IP-address, e.g. https://ipleak.net After positive result you should make your changes permanent. You can do it by three ways: run in console command "mtd_storage.sh save"; on the page Advanced Settings -> Administration -> Settings with corresponding link http://192.168.1.1/Advanced_SettingBackup_Content.asp (http://my.router/Advanced_SettingBackup_Content.asp) press button "Commit" to the right of item "Commit Internal Storage to Flash Memory Now"; reboot router by pressing Reboot button to the right of "Logout" button. To sum up, files, corresponding to filled fields, are stored in the directory /etc/storage/openvpn/client, resulting OpenVPN configuration file is stored in the directory /etc/openvpn/client. To prevent traffic leakage in case VPN-tunnel drops you should edit the contents of item "Run the Script After Connected/Disconnected to VPN Server" on VPN Client item of main menu with corresponding link http://192.168.1.1/vpncli.asp#cfg (http://my.router/vpncli.asp#cfg), which is shown on Scr2.png, to add lines to functions func_ipup and func_ipdown, the result content should be as in the file /etc/storage/vpnc_server_script.sh By the word, it is the same file where form content is saved. Also you should block traffic until tunnel is up. To do it edit the form "Run After Firewall Rules Restarted" on the page Advanced Settings -> Customization -> Scripts with corresponding link http://192.168.1.1/Advanced_Scripts_Content.asp (http://my.router/Advanced_Scripts_Content.asp), the result content should be as in the file /etc/storage/post_iptables_script.sh Addional lines serve to remove SNAT target. Finally you should make your changes permanent by the same way, as was discussed before. vpnc_server_script.sh: #!/bin/sh ### Custom user script ### Called after internal VPN client connected/disconnected to remote VPN server ### $1 - action (up/down) ### $IFNAME - tunnel interface name (e.g. ppp5 or tun0) ### $IPLOCAL - tunnel local IP address ### $IPREMOTE - tunnel remote IP address ### $DNS1 - peer DNS1 ### $DNS2 - peer DNS2 # private LAN subnet behind a remote server (example) peer_lan="192.168.9.0" peer_msk="255.255.255.0" ### example: add static route to private LAN subnet behind a remote server func_ipup() { # route add -net $peer_lan netmask $peer_msk gw $IPREMOTE dev $IFNAME # unblock traffic if blocking rule exists if iptables -C FORWARD -j REJECT; then iptables -D FORWARD -j REJECT fi return 0 } func_ipdown() { # route del -net $peer_lan netmask $peer_msk gw $IPREMOTE dev $IFNAME # block traffic leakage in case of tunnel drops if (! iptables -C FORWARD -j REJECT); then iptables -I FORWARD -j REJECT fi return 0 } logger -t vpnc-script "$IFNAME $1" case "$1" in up) func_ipup ;; down) func_ipdown ;; esac post_iptables_script.sh: #!/bin/sh ### Custom user script ### Called after internal iptables reconfig (firewall update) # prevent traffic leakage while tunnel is not up if [ -z "$(ip a s tun0 | grep 'state UP')" ] && (! iptables -C FORWARD -j REJECT); then iptables -I FORWARD -j REJECT fi ipch=$(iptables -t nat -S | grep SNAT | grep -v br0) if [ ! -z "$ipch" ]; then eval 'iptables -t nat -D'${ipch:2} fi

Initially you should have router with OpenWRT firmware with OpenVPN client enabled. The main page of the firmware is http://openwrt.org Router, flashed with OpenWRT firmware image, initially accept connection only by telnet, so you should connect to it by telnet to the IP 192.168.1.1 and change root password with command "passwd". After this command it accepts connection via ssh. By default openvpn isn't included in the firmware image, so you should install it by use of opkg: # opkg update # opkg install openvpn-openssl You can also install luci-component of openvpn configuration, but it is optional: # opkg install install luci-app-openvpn You can also build firmware image with openvpn. Good manual of general OpenVPN client configuration you can find on the page https://github.com/StreisandEffect/streisand/wiki/Setting-an-OpenWrt-Based-Router-as-OpenVPN-Client We will follow it with modifications, specific for AirVPN. After openvpn installation you can make it autostarting when router starts: # /etc/init.d/openvpn enable Download configuration files needed for OpenVPN connection via tool on the link https://airvpn.org/generator Choose "Linux", and further options. Notice, that there is amount of different options like country, protocol, and port number. In the result you get one or more OpenVPN configuration files with extension "ovpn", possibly in archive. File name in the archive defines country or region, number, protocol and port. For example, consider the file "AirVPN_America_UDP-443.ovpn" "America" means America, "UDP" means UDP protocol, and "443" means port number. We will use this file for example, other files are treated similarly. Comment with "#" the option "explicit-exit-notify 5" in the file, because OpenVPN client in OpenWRT doesn't recognize it. In result the line should start with "#": "# explicit-exit-notify 5". Copy the file "AirVPN_America_UDP-443.ovpn" with pscp or WinSCP programs in Windows, scp command in Linux to /etc/openvpn/ folder of router filesystem. In case of copy problems you should force using exactly scp protocol (it also can use sftp). The file itself contains contents of file "ca.crt" between tags "<ca>" and "</ca>", "user.crt" between tags "<cert>" and "</cert>", "user.key" between tags "<key>" and "</key", and contents of file "ta.key" between tags "<tls-auth>" and "</tls-auth>". You can create separate files "ca.crt", "user.crt", "user.key", and "ta.key" with corresponding content excluding tags, in the same folder, and replace tags with content in original file with following strings: ca ca.crt cert user.crt key user.key tls-auth ta.key 1 Notice, that contents of all files for different OpenVPN configuration files are identical. In other words, the significand difference of OpenVPN configuration files is string, containing server address and port, beginning with the word "remote". Configuration of OpenVPN using the file "AirVPN_America_UDP-443.ovpn" could be implemented by two ways. 1) Change the extension of the file "ovpn" to "conf". In this case OpenVPN will find it automatically by extension. 2) Specify file name in /etc/config/openvpn You can use uci: # uci set openvpn.airvpn=openvpn # uci set openvpn.airvpn.enabled='1' # uci set openvpn.airvpn.config='/etc/openvpn/AirVPN_America_UDP-443.ovpn' # uci commit openvpn The file /etc/config/openvpn should contain following appended strings: config openvpn 'airvpn' option enabled '1' option config '/etc/openvpn/AirVPN_America_UDP-443.ovpn' You can also change extension of the file "ovpn" to "conf", and speficify it in the file /etc/config/openvpn, in this case OpenVPN will start with this configuration file just once. You can also manually specify parameters specific for OpenVPN-connection in the file /etc/config/openvpn. In this case you don't need the file "AirVPN_America_UDP-443.ovpn", because all necessary parameters from it are specified explicitly. However, it is tiresomely. Create new network interface: # uci set network.airvpntun=interface # uci set network.airvpntun.proto='none' # uci set network.airvpntun.ifname='tun0' # uci commit network The file /etc/config/network should contain following appended strings: config interface 'airvpntun' option proto 'none' option ifname 'tun0' Create new firewall zone and add forwarding rule from LAN to VPN: # uci add firewall zone # uci set firewall.@zone[-1].name='vpnfirewall' # uci set firewall.@zone[-1].input='REJECT' # uci set firewall.@zone[-1].output='ACCEPT' # uci set firewall.@zone[-1].forward='REJECT' # uci set firewall.@zone[-1].masq='1' # uci set firewall.@zone[-1].mtu_fix='1' # uci add_list firewall.@zone[-1].network='airvpntun' # uci add firewall forwarding # uci set firewall.@forwarding[-1].src='/external_image/?url=lan' # uci set firewall.@forwarding[-1].dest='vpnfirewall' # uci commit firewall To prevent traffic leakage outside the VPN-tunnel you should remove forwarding rule from lan to wan. In default configuration there is single forwarding rule, so the command is: # uci del firewall.@forwarding[0] You can also set "masquerading" option to '0' for wan zone, it goes after lan zone, so the command is: # uci set firewall.@zone[1].masq=0 After configuration you should commit changes: # uci commit firewall The file /etc/config/firewall should contain following appended strings: config zone option name 'vpnfirewall' option input 'REJECT' option output 'ACCEPT' option forward 'REJECT' option masq '1' option mtu_fix '1' list network 'airvpntun' config forwarding option src 'lan' option dest 'vpnfirewall' Now we should configure DNS servers. The simplest approach is to use public DNS for WAN interface of router. You can add OpenDNS: # uci set network.wan.peerdns='0' # uci del network.wan.dns # uci add_list network.wan.dns='208.67.222.222' # uci add_list network.wan.dns='208.67.220.220' # uci commit The file /etc/config/network should contain section 'wan' with following strings (three bottom strings has been appended): config interface 'wan' option ifname 'eth0.2' option force_link '1' option proto 'dhcp' option peerdns '0' list dns '208.67.222.222' list dns '208.67.220.220' You can also add GoogleDNS: # uci set network.wan.peerdns='0' # uci del network.wan.dns # uci add_list network.wan.dns='8.8.8.8' # uci add_list network.wan.dns='8.8.4.4' # uci commit The appended strings should be similar to previous one. To prevent traffic leakage in case VPN-tunnel drops you should edit the file /etc/firewall.user with following content: # This file is interpreted as shell script. # Put your custom iptables rules here, they will # be executed with each firewall (re-)start. # Internal uci firewall chains are flushed and recreated on reload, so # put custom rules into the root chains e.g. INPUT or FORWARD or into the # special user chains, e.g. input_wan_rule or postrouting_lan_rule. if (! ip a s tun0 up) && (! iptables -C forwarding_rule -j REJECT); then iptables -I forwarding_rule -j REJECT fi if (! iptables -C forwarding_lan_rule ! -o tun+ -j REJECT); then iptables -I forwarding_lan_rule ! -o tun+ -j REJECT fi You should also create the file 99-prevent-leak in the folder /etc/hotplug.d/iface/ with following content: #!/bin/sh if [ "$ACTION" = ifup ] && (ip a s tun0 up) && (iptables -C forwarding_rule -j REJECT); then iptables -D forwarding_rule -j REJECT fi if [ "$ACTION" = ifdown ] && (! ip a s tun0 up) && (! iptables -C forwarding_rule -j REJECT); then iptables -I forwarding_rule -j REJECT fi In some cases openvpn hangs with log message like (couldn't resolve host ...). In this case tunnel stays up, but connection is lost. It should be reconnected manually, with the following script /etc/openvpn/reconnect.sh, which is added to /etc/rc.local as: /etc/openvpn/reconnect.sh & The content of script reconnect.sh is like: #!/bin/sh n=10 while sleep 50; do t=$(ping -c $n 8.8.8.8 | grep -o -E '\d+ packets r' | grep -o -E '\d+') if [ "$t" -eq 0 ]; then /etc/init.d/openvpn restart fi done Update of luci-app-openvpn - git-19.256.41054-c048f23-1 tried to find file with name 'openvpn-airvpn.conf' (see section in /etc/openvpn/config). So you should rename your file 'AirVPN_America_UDP-443.ovpn' to 'openvpn-airvpn.conf', and comment or remove corresponding string: config openvpn 'airvpn' option enabled '1' # option config '/etc/openvpn/AirVPN_America_UDP-443.ovpn'

Dears, I've followed the tutorial on how to connect to AirVPN through DD-WRT but it seems that I can't do it on my own So I would appreciate your help The error I'm getting is: Clientlog: 20161112 18:22:31 N TLS Error: TLS handshake failed 20161112 18:22:31 I SIGUSR1[soft tls-error] received process restarting 20161112 18:22:31 Restart pause 2 second(s) 20161112 18:22:33 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 20161112 18:22:33 Socket Buffers: R=[180224->131072] S=[180224->131072] 20161112 18:22:33 I UDPv4 link local: [undef] 20161112 18:22:33 I UDPv4 link remote: [AF_INET]109.232.227.148:443 20161112 18:23:33 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 20161112 18:23:33 N TLS Error: TLS handshake failed 20161112 18:23:33 I SIGUSR1[soft tls-error] received process restarting 20161112 18:23:33 Restart pause 2 second(s) 20161112 18:23:35 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 20161112 18:23:35 Socket Buffers: R=[180224->131072] S=[180224->131072] 20161112 18:23:35 I UDPv4 link local: [undef] 20161112 18:23:35 I UDPv4 link remote: [AF_INET]109.232.227.148:443 20161112 18:24:35 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 20161112 18:24:35 N TLS Error: TLS handshake failed 20161112 18:24:35 I SIGUSR1[soft tls-error] received process restarting 20161112 18:24:35 Restart pause 2 second(s) 20161112 18:24:37 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 20161112 18:24:37 Socket Buffers: R=[180224->131072] S=[180224->131072] 20161112 18:24:39 I UDPv4 link local: [undef] 20161112 18:24:39 I UDPv4 link remote: [AF_INET]213.152.162.103:443 20161112 18:25:07 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20161112 18:25:07 D MANAGEMENT: CMD 'state' 20161112 18:25:07 MANAGEMENT: Client disconnected 20161112 18:25:07 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20161112 18:25:07 D MANAGEMENT: CMD 'state' 20161112 18:25:07 MANAGEMENT: Client disconnected 20161112 18:25:07 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20161112 18:25:07 D MANAGEMENT: CMD 'state' 20161112 18:25:07 MANAGEMENT: Client disconnected 20161112 18:25:07 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20161112 18:25:07 D MANAGEMENT: CMD 'status 2' 20161112 18:25:07 MANAGEMENT: Client disconnected 20161112 18:25:07 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20161112 18:25:07 D MANAGEMENT: CMD 'log 500' 20161112 18:25:07 MANAGEMENT: Client disconnected 20161112 18:25:39 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 20161112 18:25:39 N TLS Error: TLS handshake failed 20161112 18:25:39 I SIGUSR1[soft tls-error] received process restarting 20161112 18:25:39 Restart pause 2 second(s) 20161112 18:25:41 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 20161112 18:25:41 Socket Buffers: R=[180224->131072] S=[180224->131072] 20161112 18:25:41 I UDPv4 link local: [undef] 20161112 18:25:41 I UDPv4 link remote: [AF_INET]213.152.162.103:443 20161112 18:26:41 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 20161112 18:26:41 N TLS Error: TLS handshake failed 20161112 18:26:41 I SIGUSR1[soft tls-error] received process restarting 20161112 18:26:41 Restart pause 2 second(s) 20161112 18:26:43 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 20161112 18:26:43 Socket Buffers: R=[180224->131072] S=[180224->131072] 20161112 18:26:43 I UDPv4 link local: [undef] 20161112 18:26:43 I UDPv4 link remote: [AF_INET]213.152.162.103:443 20161112 18:27:43 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 20161112 18:27:43 N TLS Error: TLS handshake failed 20161112 18:27:43 I SIGUSR1[soft tls-error] received process restarting 20161112 18:27:43 Restart pause 2 second(s) 20161112 18:27:45 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 20161112 18:27:45 Socket Buffers: R=[180224->131072] S=[180224->131072] 20161112 18:27:45 I UDPv4 link local: [undef] 20161112 18:27:45 I UDPv4 link remote: [AF_INET]213.152.162.103:443 20161112 18:28:46 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 20161112 18:28:46 N TLS Error: TLS handshake failed 20161112 18:28:46 I SIGUSR1[soft tls-error] received process restarting 20161112 18:28:46 Restart pause 2 second(s) 20161112 18:28:48 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 20161112 18:28:48 Socket Buffers: R=[180224->131072] S=[180224->131072] 20161112 18:28:48 I UDPv4 link local: [undef] 20161112 18:28:48 I UDPv4 link remote: [AF_INET]213.152.162.103:443 20161112 18:29:48 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 20161112 18:29:48 N TLS Error: TLS handshake failed 20161112 18:29:48 I SIGUSR1[soft tls-error] received process restarting 20161112 18:29:48 Restart pause 2 second(s) 20161112 18:29:50 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 20161112 18:29:50 Socket Buffers: R=[180224->131072] S=[180224->131072] 20161112 18:29:52 I UDPv4 link local: [undef] 20161112 18:29:52 I UDPv4 link remote: [AF_INET]213.152.161.132:443 20161112 18:30:52 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 20161112 18:30:52 N TLS Error: TLS handshake failed 20161112 18:30:52 I SIGUSR1[soft tls-error] received process restarting 20161112 18:30:52 Restart pause 2 second(s) 20161112 18:30:54 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 20161112 18:30:54 Socket Buffers: R=[180224->131072] S=[180224->131072] 20161112 18:30:54 I UDPv4 link local: [undef] 20161112 18:30:54 I UDPv4 link remote: [AF_INET]213.152.161.132:443 20161112 18:30:55 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20161112 18:30:55 D MANAGEMENT: CMD 'state' 20161112 18:30:55 MANAGEMENT: Client disconnected 20161112 18:30:55 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20161112 18:30:55 D MANAGEMENT: CMD 'state' 20161112 18:30:55 MANAGEMENT: Client disconnected 20161112 18:30:55 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20161112 18:30:55 D MANAGEMENT: CMD 'state' 20161112 18:30:55 MANAGEMENT: Client disconnected 20161112 18:30:55 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20161112 18:30:55 D MANAGEMENT: CMD 'status 2' 20161112 18:30:55 MANAGEMENT: Client disconnected 20161112 18:30:55 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20161112 18:30:55 D MANAGEMENT: CMD 'log 500' 19700101 01:00:00 ca /tmp/openvpncl/ca.crt cert /tmp/openvpncl/client.crt key /tmp/openvpncl/client.key management 127.0.0.1 16 management-log-cache 100 verb 3 mute 3 syslog writepid /var/run/openvpncl.pid client resolv-retry infinite nobind persist-key persist-tun script-security 2 dev tun1 proto udp cipher aes-256-cbc auth sha1 remote nl.vpn.airdns.org 443 comp-lzo yes tls-client tun-mtu 1500 mtu-disc yes ns-cert-type server fast-io tun-ipv6 tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 Can someone please help me ? I've attached my config in DD-WRT Thanks.

Hi, I have searched a lot to achieve this. I am looking for a comprehensive step by step (being a novice in this area) to setup a separate Virtual Access point in a DD-WRT router which uses OpenVPN and TOR (This feature is available in latest version of DD-WRT) at the same time. Also I want to ensure that any traffic goes through this VAP only if OpenVPN is up and running. I want to have OpenVPN on port 443 (TCP) due to aggressive DPI by local ISPs for VoIP. Looking to hear from experts I have gone through some guides (no.1 and no.2) but these aren't completely covered or not most relevant.

Hi, I am having trouble getting AirVPN running on: - Samsung Galaxy S5 (SM-G900F) - Android 6.0.1 - rooted using OpenVPN for Android by Arne Schwabe. I have created a .ovpn file using Chrome Android (creating such a file in Firefox Android also gives this problem) and followed the instructions here: https://airvpn.org/topic/11476-using-airvpn-with-openvpn-for-android/ When I try to start the newly made profile in OpenVPN for Android, I can see a dialog appearing for a split second, before seeing it disappear. Log: VPN API permission dialog cancelled My question is: How can I remedy this issue and connect to AirVPN on my Android device? Thanks in advance, Arceon

This is only a solution for people in their home country willing/wanting to bypass the VPN to access their Netflix account. Does not help for out-of-country Netflix access. I was surprised to not see this in the forum, as it's very simple and works. It is a very short script added to the Custom Configuration which pulls the current IP addresses for a domain name (Netflix.com, Hulu.com) and routes those addresses "around" the VPN. allow-pull-fqdn route www.netflix.com 255.255.255.255 net_gateway So far I've been using this for a day, and had to restart things one time to get it to pick up new addresses. I would like to find a way to run this at regular intervals to add to the IP list (without duplicating addresses already in the list).

hey guys, with ufw enabled, vpn connects but wget and web pages don't resolve: $uname -a Linux 4.4.0-38-generic #57-Ubuntu SMP Tue Sep 6 2016 x86_64 x86_64 x86_64 GNU/Linux $ufw reset $ufw allow out on wlp1s0 to 213.152.161.180 port 443 proto udp $ufw allow out on tun0 $ufw status verbose Status: active Logging: on (low) Default: deny (incoming), deny (outgoing), disabled (routed) New profiles: skip To Action From -- ------ ---- 213.152.161.180 443/udp ALLOW OUT Anywhere on wlp1s0 # NL-Alblasserdam_Alchiba_UDP-443.ovpn Anywhere ALLOW OUT Anywhere on tun0 # tun0 $openvpn --config ~/VPN/NL-Alblasserdam_Alchiba_UDP-443.ovpn Mon Oct 3 2016 OpenVPN 2.3.10 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Feb 2 2016 Mon Oct 3 2016 library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08 Mon Oct 3 2016 Control Channel Authentication: tls-auth using INLINE static key file Mon Oct 3 2016 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Mon Oct 3 2016 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Mon Oct 3 2016 Socket Buffers: R=[212992->212992] S=[212992->212992] Mon Oct 3 2016 UDPv4 link local: [undef] Mon Oct 3 2016 UDPv4 link remote: [AF_INET]213.152.161.180:443 Mon Oct 3 2016 TLS: Initial packet from [AF_INET]213.152.161.180:443, sid=b2d0c912 4505e529 Mon Oct 3 2016 VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org Mon Oct 3 2016 Validating certificate key usage Mon Oct 3 2016 ++ Certificate has key usage 00a0, expects 00a0 Mon Oct 3 2016 VERIFY KU OK Mon Oct 3 2016 Validating certificate extended key usage Mon Oct 3 2016 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication Mon Oct 3 2016 VERIFY EKU OK Mon Oct 3 2016 VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, emailAddress=info@airvpn.org Mon Oct 3 2016 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key Mon Oct 3 2016 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Mon Oct 3 2016 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key Mon Oct 3 2016 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Mon Oct 3 2016 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA Mon Oct 3 2016 [server] Peer Connection Initiated with [AF_INET]213.152.161.180:443 Mon Oct 3 2016 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) Mon Oct 3 2016 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.4.0.1,comp-lzo no,route-gateway 10.4.0.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.4.48.174 255.255.0.0' Mon Oct 3 2016 OPTIONS IMPORT: timers and/or timeouts modified Mon Oct 3 2016 OPTIONS IMPORT: LZO parms modified Mon Oct 3 2016 OPTIONS IMPORT: --ifconfig/up options modified Mon Oct 3 2016 OPTIONS IMPORT: route options modified Mon Oct 3 2016 OPTIONS IMPORT: route-related options modified Mon Oct 3 2016 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified Mon Oct 3 2016 ROUTE_GATEWAY 10.42.0.1/255.255.255.0 IFACE=wlp1s0 HWADDR=xx:xx:xx:xx:xx:xx Mon Oct 3 2016 TUN/TAP device tun0 opened Mon Oct 3 2016 TUN/TAP TX queue length set to 100 Mon Oct 3 2016 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0 Mon Oct 3 2016 /sbin/ip link set dev tun0 up mtu 1500 Mon Oct 3 2016 /sbin/ip addr add dev tun0 10.4.48.174/16 broadcast 10.4.255.255 Mon Oct 3 2016 /sbin/ip route add 213.152.161.180/32 via 10.42.0.1 Mon Oct 3 2016 /sbin/ip route add 0.0.0.0/1 via 10.4.0.1 Mon Oct 3 2016 /sbin/ip route add 128.0.0.0/1 via 10.4.0.1 Mon Oct 3 2016 Initialization Sequence Completed $route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.4.0.1 128.0.0.0 UG 0 0 0 tun0 0.0.0.0 10.42.0.1 0.0.0.0 UG 600 0 0 wlp1s0 10.4.0.0 0.0.0.0 255.255.0.0 U 0 0 0 tun0 10.42.0.0 0.0.0.0 255.255.255.0 U 600 0 0 wlp1s0 128.0.0.0 10.4.0.1 128.0.0.0 UG 0 0 0 tun0 169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 wlp1s0 213.152.161.180 10.42.0.1 255.255.255.255 UGH 0 0 0 wlp1s0 $ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: wlp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether xx:xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff inet 10.42.0.9/24 brd 10.42.0.255 scope global wlp1s0 valid_lft forever preferred_lft forever inet6 <removed>/64 scope link valid_lft forever preferred_lft forever 3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100 link/none inet 10.4.48.174/16 brd 10.4.255.255 scope global tun0 valid_lft forever preferred_lft forever inet6 <removed>/64 scope link flags 800 valid_lft forever preferred_lft forever i don't usually touch my iptables directly but here's the output: $iptables -L Chain INPUT (policy DROP) target prot opt source destination ufw-before-logging-input all -- anywhere anywhere ufw-before-input all -- anywhere anywhere ufw-after-input all -- anywhere anywhere ufw-after-logging-input all -- anywhere anywhere ufw-reject-input all -- anywhere anywhere ufw-track-input all -- anywhere anywhere Chain FORWARD (policy DROP) target prot opt source destination ufw-before-logging-forward all -- anywhere anywhere ufw-before-forward all -- anywhere anywhere ufw-after-forward all -- anywhere anywhere ufw-after-logging-forward all -- anywhere anywhere ufw-reject-forward all -- anywhere anywhere ufw-track-forward all -- anywhere anywhere Chain OUTPUT (policy DROP) target prot opt source destination ufw-before-logging-output all -- anywhere anywhere ufw-before-output all -- anywhere anywhere ufw-after-output all -- anywhere anywhere ufw-after-logging-output all -- anywhere anywhere ufw-reject-output all -- anywhere anywhere ufw-track-output all -- anywhere anywhere Chain ufw-after-forward (1 references) target prot opt source destination Chain ufw-after-input (1 references) target prot opt source destination ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:netbios-ns ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:netbios-dgm ufw-skip-to-policy-input tcp -- anywhere anywhere tcp dpt:netbios-ssn ufw-skip-to-policy-input tcp -- anywhere anywhere tcp dpt:microsoft-ds ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:bootps ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:bootpc ufw-skip-to-policy-input all -- anywhere anywhere ADDRTYPE match dst-type BROADCAST Chain ufw-after-logging-forward (1 references) target prot opt source destination LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] " Chain ufw-after-logging-input (1 references) target prot opt source destination LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] " Chain ufw-after-logging-output (1 references) target prot opt source destination LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] " Chain ufw-after-output (1 references) target prot opt source destination Chain ufw-before-forward (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED ACCEPT icmp -- anywhere anywhere icmp destination-unreachable ACCEPT icmp -- anywhere anywhere icmp source-quench ACCEPT icmp -- anywhere anywhere icmp time-exceeded ACCEPT icmp -- anywhere anywhere icmp parameter-problem ACCEPT icmp -- anywhere anywhere icmp echo-request ufw-user-forward all -- anywhere anywhere Chain ufw-before-input (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED ufw-logging-deny all -- anywhere anywhere ctstate INVALID DROP all -- anywhere anywhere ctstate INVALID ACCEPT icmp -- anywhere anywhere icmp destination-unreachable ACCEPT icmp -- anywhere anywhere icmp source-quench ACCEPT icmp -- anywhere anywhere icmp time-exceeded ACCEPT icmp -- anywhere anywhere icmp parameter-problem ACCEPT icmp -- anywhere anywhere icmp echo-request ACCEPT udp -- anywhere anywhere udp spt:bootps dpt:bootpc ufw-not-local all -- anywhere anywhere ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns ACCEPT udp -- anywhere 239.255.255.250 udp dpt:1900 ufw-user-input all -- anywhere anywhere Chain ufw-before-logging-forward (1 references) target prot opt source destination Chain ufw-before-logging-input (1 references) target prot opt source destination Chain ufw-before-logging-output (1 references) target prot opt source destination Chain ufw-before-output (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED ufw-user-output all -- anywhere anywhere Chain ufw-logging-allow (0 references) target prot opt source destination LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW ALLOW] " Chain ufw-logging-deny (2 references) target prot opt source destination RETURN all -- anywhere anywhere ctstate INVALID limit: avg 3/min burst 10 LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] " Chain ufw-not-local (1 references) target prot opt source destination RETURN all -- anywhere anywhere ADDRTYPE match dst-type LOCAL RETURN all -- anywhere anywhere ADDRTYPE match dst-type MULTICAST RETURN all -- anywhere anywhere ADDRTYPE match dst-type BROADCAST ufw-logging-deny all -- anywhere anywhere limit: avg 3/min burst 10 DROP all -- anywhere anywhere Chain ufw-reject-forward (1 references) target prot opt source destination Chain ufw-reject-input (1 references) target prot opt source destination Chain ufw-reject-output (1 references) target prot opt source destination Chain ufw-skip-to-policy-forward (0 references) target prot opt source destination DROP all -- anywhere anywhere Chain ufw-skip-to-policy-input (7 references) target prot opt source destination DROP all -- anywhere anywhere Chain ufw-skip-to-policy-output (0 references) target prot opt source destination DROP all -- anywhere anywhere Chain ufw-track-forward (1 references) target prot opt source destination Chain ufw-track-input (1 references) target prot opt source destination Chain ufw-track-output (1 references) target prot opt source destination Chain ufw-user-forward (1 references) target prot opt source destination Chain ufw-user-input (1 references) target prot opt source destination Chain ufw-user-limit (0 references) target prot opt source destination LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning prefix "[UFW LIMIT BLOCK] " REJECT all -- anywhere anywhere reject-with icmp-port-unreachable Chain ufw-user-limit-accept (0 references) target prot opt source destination ACCEPT all -- anywhere anywhere Chain ufw-user-logging-forward (0 references) target prot opt source destination Chain ufw-user-logging-input (0 references) target prot opt source destination Chain ufw-user-logging-output (0 references) target prot opt source destination Chain ufw-user-output (1 references) target prot opt source destination ACCEPT udp -- anywhere 213.152.161.180 udp dpt:https ACCEPT all -- anywhere anywhere any help would be great. let me know if you need anymore info.

Two different topics in the same post since I can only make a single post a day. Sorry. First, what is the proper way to set the.ovpn configuration file in order to enable VPN through Tor? I have attempted using 127.0.0.1 as the SOCKS proxy but that has not worked. Maybe it has something to do with the control port? Second, I have been able to get Eddie started on CentOS 7, but for some reason, Eddie does not connect to any server. I used all default settings once, and then disabled DNS check. Posting relevant log below: I 2016.09.30 12:22:37 - Session starting. I 2016.09.30 12:22:38 - Checking authorization ... ! 2016.09.30 12:22:38 - Connecting to Gemma (Canada, Vancouver) . 2016.09.30 12:22:38 - OpenVPN > OpenVPN 2.3.12 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Aug 23 2016 . 2016.09.30 12:22:38 - OpenVPN > library versions: OpenSSL 1.0.1e-fips 11 Feb 2013, LZO 2.06 . 2016.09.30 12:22:38 - OpenVPN > MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:3100 . 2016.09.30 12:22:38 - OpenVPN > Control Channel Authentication: tls-auth using INLINE static key file . 2016.09.30 12:22:38 - OpenVPN > Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication . 2016.09.30 12:22:38 - OpenVPN > Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication . 2016.09.30 12:22:38 - OpenVPN > Socket Buffers: R=[212992->262144] S=[212992->262144] . 2016.09.30 12:22:38 - OpenVPN > UDPv4 link local: [undef] . 2016.09.30 12:22:38 - OpenVPN > UDPv4 link remote: [AF_INET]##.##.###.###:443 . 2016.09.30 12:23:10 - OpenVPN > [UNDEF] Inactivity timeout (--ping-exit), exiting . 2016.09.30 12:23:10 - OpenVPN > SIGTERM received, sending exit notification to peer . 2016.09.30 12:23:15 - OpenVPN > SIGTERM[soft,exit-with-notification] received, process exiting ! 2016.09.30 12:23:15 - Disconnecting . 2016.09.30 12:23:15 - Connection terminated. I 2016.09.30 12:23:16 - Cancel requested. ! 2016.09.30 12:23:16 - Session terminated. If any advancements have been made in either issues, I would greatly appreciate any news - even if it's bad news.

Hi I am new with setting up openvpn on routers. Actualy it is my first time with VPNs. I followed the 'How-to' section for setting up the AirVpn on DD-WRT but it didn't work. What I mean is even though I filled in all the boxes like in the tutorial "https://airvpn.org/ddwrt/" nothing happened. I am still connected to the internet with the IP given by my ISP. Nothing seems to have changed. My ISP cable is connected directly to my personal router's WAN port. Connection type PPPoE. Router model: TP-Link WR1043ND v2 The maximum speed from my ISP is 300Mb/s. Attached are pictures with my settings. I searched on the forum for a similar problem but I couldn't spot it. If I missed it please let me know. If you need more details just tell me how to get it. Thanks

Recently joined and trying to lock down the fort. How can I patch up the DNS leak? I disabled IPV6 on Ethernet 2 and Wi-Fi adapters, and IPLeak appears to pass. Just DNS leaking.

Hi, Am in need of help understanding how things work when using AirVPN config files with OpenVPN on a machine that uses a (mandatory) DirectAccess connection (https://en.wikipedia.org/wiki/DirectAccess). I've got OpenVPN running (as administrator) with an AirVPN config. Once the VPN tunnel is up, if I visit airvpn.org with Firefox, then I am told that I'm successfully connected to an AirVPN server. Can I then assume that all my traffic from Firefox is hidden from anyone that administrates the Windows DirectAccess connection, who may be checking the IPs that I am visiting? Thx

Hi everybody! I'm new here, thanks for the service and thanks in advance for your help I live in a student dorm and they gave us an internet connection working through a VPN using PPTP dual access. I'd live to connect to an AirVPN server so that they can't see my traffic. But it is not working! I just payed a trial of 3 days and using it through a wifi hotspot of my smarthphone it works, while being in the offered network it doesn't. The error it gives me is this one: and then it stays there.. Ask me if you need some logs or what else! Thank you

Hi guys, I've subscribed to the Airvpn service about 4 months ago and I'm very happy with it. Nevertheless, as a Linux user (currently Lubuntu 16.04) which isn't using the client option, it was becoming somewhat annoying to turn on and turn off the openvpn and the stunnel in different terminals every time. Few days ago I sat and wrote a small CLI script in python, that is automating the process of connecting and disconnecting to the Airvpn service. The script can be found here: https://github.com/hemulin/airvpn_toggler Simply put, what it does is: When turning on - 1) Scanning the configs files folder and asking you from which country you wish to exit 2) After you choose a country, it turns on the stunnel as a background process and waiting for it to finish the initialization 3) After the stunnel init has finished, it turns on the openvpn as a background process and waiting for it to finish init. 4) After the openvpn has finished its init, the script validates that the external IP has changed and if yes, adding a system tray indicator to show it is connected. When turning off - 1) Killing the system tray indicator, the openvpn and the stunnel processes. 2) Validating that the external IP has changed. Currently it is working well for me, but I still consider it to be a "work in progress", so (1) I still improves it and (2) Feel free to ask for features (and of course, forks and pull requests are welcome). Cheers, Hemulin

It looks as is OpenVPN has released a new update (2.3.11). https://openvpn.net/index.php/open-source/downloads.html Should we update this? Or keep the version of OpenVPN installed with the AirVPN software provided? -Rob

Hi all, First-time poster with a real head-scratcher (to me, probably obvious to others). I'm trying to set up a server on Google Compute Engine with AirVPN. I created a Ubuntu 16 VM from scratch, installed OpenVPN, generated a config and ran sudo openvpn config.ovpn (I renamed the config file). By all appearances this works fine. I lose my connection (as expected) and can reconnect via the Persei external IP through a forwarded port to 22 over SSH. Great, right? However I can't ping anything, can't connect to any repos via apt-get, can't do anything on the internet at all really. After some investigation I find that I can ping IPs, but can't ping any domain names or use nslookup. Ok, DNS is messed up, but no idea why... In trying to fix this, I realize I also can't use sudo for anything. Just using sudo nano /etc/rc.local to alter a file, for example, results in the terminal doing nothing (cursor goes to new line, but no output). I can Ctrl-C to escape though. Note: This weird sudo issue didn't happen when I tried this same process on Debian Jesse, however the DNS problem did. I also tried using the AirVPN-provided openvpn binary, but all the same problems occurred. So I'm stuck. I've built servers before (on Digital Ocean) with ubuntu and didn't run into this weird DNS/Sudo problem. Here's my config sans certs, but I didn't change a single line from what AirVPN generated. client dev tun proto udp remote 94.100.23.162 443 resolv-retry infinite nobind persist-key persist-tun remote-cert-tls server cipher AES-256-CBC comp-lzo no route-delay 5 verb 3 explicit-exit-notify 5 Any help this community can provide would be much appreciated!

Hello community, i have been plagued with frequent disconnects from servers over and over again for the past few months, it usually starts after a power failure or unexpected shut down (or if i forget to shut down cleanly). It would seem AirVPN is unable to repair itself like it says it does in the recovery section. I have also submitted tickets to support, but they seem to have no idea what the hell is going on, becuase all they can seem to suggest is making sure my AV isnt blocking my connection, generic common sense solutions that do not seem to apply to my problem (not to bash support but i need a few outside opinions here). Anyway i have a log if any of you guys can make anything of it. Once it reconnects me to a new server the connection appears to be stable, however if i try to reconnect to my original server it crashes yet again. In my case my client seems to always fall back to Canada, which is usually why i don't like seeing or using Canada, too many frustrating memories of OpenVPN crashing. Anyways, any advice you can give would be appreciated, log is below. I 2016.08.10 15:49:01 - AirVPN client version: 2.10.3 / x86, System: Windows, Name: Microsoft Windows NT 6.2.9200.0 / x64 . 2016.08.10 15:49:01 - Reading options from C:\Users\M3CHWARRI0R935\AppData\Local\AirVPN\AirVPN.xml . 2016.08.10 15:49:03 - Data Path: C:\Users\M3CHWARRI0R935\AppData\Local\AirVPN . 2016.08.10 15:49:03 - App Path: C:\Program Files (x86)\AirVPN . 2016.08.10 15:49:03 - Executable Path: C:\Program Files (x86)\AirVPN\AirVPN.exe . 2016.08.10 15:49:03 - Command line arguments (1): path="home" . 2016.08.10 15:49:03 - Operating System: Microsoft Windows NT 6.2.9200.0 . 2016.08.10 15:49:03 - Updating systems & servers data ... . 2016.08.10 15:49:04 - Systems & servers data update completed I 2016.08.10 15:49:04 - OpenVPN Driver - TAP-Windows Adapter V9, version 9.21.2 I 2016.08.10 15:49:04 - OpenVPN - Version: OpenVPN 2.3.8 (C:\Program Files (x86)\AirVPN\openvpn.exe) I 2016.08.10 15:49:04 - SSH - Version: plink 0.63 (C:\Program Files (x86)\AirVPN\plink.exe) I 2016.08.10 15:49:04 - SSL - Version: stunnel 5.17 (C:\Program Files (x86)\AirVPN\stunnel.exe) ! 2016.08.10 15:49:04 - Activation of Network Lock - Windows Firewall ! 2016.08.10 15:49:10 - Ready I 2016.08.10 15:49:30 - Session starting. I 2016.08.10 15:49:30 - Network adapter DHCP switched to static (Intel® I211 Gigabit Network Connection) I 2016.08.10 15:49:34 - IPv6 disabled. I 2016.08.10 15:49:34 - Checking authorization ... W 2016.08.10 15:49:34 - Authorization check failed, continue anyway ({1]) ! 2016.08.10 15:49:34 - Connecting to Pavonis (United States, Chicago, Illinois) . 2016.08.10 15:49:34 - OpenVPN > OpenVPN 2.3.8 i686-w64-mingw32 [sSL (OpenSSL)] [LZO] [iPv6] built on Aug 13 2015 . 2016.08.10 15:49:34 - OpenVPN > library versions: OpenSSL 1.0.2d 9 Jul 2015, LZO 2.08 . 2016.08.10 15:49:34 - OpenVPN > MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:3100 . 2016.08.10 15:49:34 - OpenVPN > Control Channel Authentication: tls-auth using INLINE static key file . 2016.08.10 15:49:34 - OpenVPN > Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication . 2016.08.10 15:49:34 - OpenVPN > Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication . 2016.08.10 15:49:34 - OpenVPN > Socket Buffers: R=[65536->262144] S=[65536->262144] . 2016.08.10 15:49:34 - OpenVPN > Attempting to establish TCP connection with [AF_INET]149.255.33.154:80 [nonblock] . 2016.08.10 15:49:35 - OpenVPN > TCP connection established with [AF_INET]149.255.33.154:80 . 2016.08.10 15:49:35 - OpenVPN > TCPv4_CLIENT link local: [undef] . 2016.08.10 15:49:35 - OpenVPN > TCPv4_CLIENT link remote: [AF_INET]149.255.33.154:80 . 2016.08.10 15:49:35 - OpenVPN > TLS: Initial packet from [AF_INET]149.255.33.154:80, sid=500bdef9 5c9f6b6c . 2016.08.10 15:49:35 - OpenVPN > VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org . 2016.08.10 15:49:35 - OpenVPN > Validating certificate key usage . 2016.08.10 15:49:35 - OpenVPN > ++ Certificate has key usage 00a0, expects 00a0 . 2016.08.10 15:49:35 - OpenVPN > VERIFY KU OK . 2016.08.10 15:49:35 - OpenVPN > Validating certificate extended key usage . 2016.08.10 15:49:35 - OpenVPN > ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication . 2016.08.10 15:49:35 - OpenVPN > VERIFY EKU OK . 2016.08.10 15:49:35 - OpenVPN > VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, emailAddress=info@airvpn.org . 2016.08.10 15:49:37 - OpenVPN > Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key . 2016.08.10 15:49:37 - OpenVPN > Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication . 2016.08.10 15:49:37 - OpenVPN > Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key . 2016.08.10 15:49:37 - OpenVPN > Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication . 2016.08.10 15:49:37 - OpenVPN > Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA . 2016.08.10 15:49:37 - OpenVPN > [server] Peer Connection Initiated with [AF_INET]149.255.33.154:80 . 2016.08.10 15:49:39 - OpenVPN > SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) . 2016.08.10 15:49:39 - OpenVPN > PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.7.0.1,comp-lzo no,route-gateway 10.7.0.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.7.0.152 255.255.0.0' . 2016.08.10 15:49:39 - OpenVPN > OPTIONS IMPORT: timers and/or timeouts modified . 2016.08.10 15:49:39 - OpenVPN > OPTIONS IMPORT: LZO parms modified . 2016.08.10 15:49:39 - OpenVPN > OPTIONS IMPORT: --ifconfig/up options modified . 2016.08.10 15:49:39 - OpenVPN > OPTIONS IMPORT: route options modified . 2016.08.10 15:49:39 - OpenVPN > OPTIONS IMPORT: route-related options modified . 2016.08.10 15:49:39 - OpenVPN > OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified . 2016.08.10 15:49:39 - OpenVPN > do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0 . 2016.08.10 15:49:39 - OpenVPN > open_tun, tt->ipv6=0 . 2016.08.10 15:49:39 - OpenVPN > TAP-WIN32 device [Ethernet 2] opened: \\.\Global\{56383FD0-CF6B-47B7-9CCC-FCF828A2A063}.tap . 2016.08.10 15:49:39 - OpenVPN > TAP-Windows Driver Version 9.21 . 2016.08.10 15:49:39 - OpenVPN > Set TAP-Windows TUN subnet mode network/local/netmask = 10.7.0.0/10.7.0.152/255.255.0.0 [sUCCEEDED] . 2016.08.10 15:49:39 - OpenVPN > Notified TAP-Windows driver to set a DHCP IP/netmask of 10.7.0.152/255.255.0.0 on interface {56383FD0-CF6B-47B7-9CCC-FCF828A2A063} [DHCP-serv: 10.7.255.254, lease-time: 31536000] . 2016.08.10 15:49:39 - OpenVPN > Successful ARP Flush on interface [7] {56383FD0-CF6B-47B7-9CCC-FCF828A2A063} . 2016.08.10 15:49:44 - OpenVPN > TEST ROUTES: 1/1 succeeded len=0 ret=1 a=0 u/d=up . 2016.08.10 15:49:44 - OpenVPN > C:\WINDOWS\system32\route.exe ADD 149.255.33.154 MASK 255.255.255.255 192.168.0.1 . 2016.08.10 15:49:44 - OpenVPN > ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=25 and dwForwardType=4 . 2016.08.10 15:49:44 - OpenVPN > Route addition via IPAPI succeeded [adaptive] . 2016.08.10 15:49:44 - OpenVPN > C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.7.0.1 . 2016.08.10 15:49:44 - OpenVPN > ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=35 and dwForwardType=4 . 2016.08.10 15:49:44 - OpenVPN > Route addition via IPAPI succeeded [adaptive] . 2016.08.10 15:49:44 - OpenVPN > C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.7.0.1 . 2016.08.10 15:49:44 - OpenVPN > ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=35 and dwForwardType=4 . 2016.08.10 15:49:44 - OpenVPN > Route addition via IPAPI succeeded [adaptive] . 2016.08.10 15:49:44 - Starting Management Interface . 2016.08.10 15:49:44 - OpenVPN > Initialization Sequence Completed I 2016.08.10 15:49:44 - DNS of a network adapter forced (TAP-Windows Adapter V9) I 2016.08.10 15:49:44 - DNS of a network adapter forced (Intel® I211 Gigabit Network Connection) I 2016.08.10 15:49:44 - Flushing DNS I 2016.08.10 15:49:44 - Checking route I 2016.08.10 15:50:09 - Checking DNS ! 2016.08.10 15:50:21 - Connected. . 2016.08.10 15:50:21 - OpenVPN > MANAGEMENT: Client connected from [AF_INET]127.0.0.1:3100 . 2016.08.10 15:50:21 - OpenVpn Management > >INFO:OpenVPN Management Interface Version 1 -- type 'help' for more info . 2016.08.10 16:01:28 - OpenVPN > Connection reset, restarting [-1] . 2016.08.10 16:01:28 - OpenVPN > SIGUSR1[soft,connection-reset] received, process restarting . 2016.08.10 16:01:28 - OpenVPN > Restart pause, 5 second(s) ! 2016.08.10 16:01:28 - Disconnecting . 2016.08.10 16:01:28 - Management - Send 'signal SIGTERM' . 2016.08.10 16:01:28 - OpenVPN > MANAGEMENT: CMD 'signal SIGTERM' . 2016.08.10 16:01:28 - OpenVPN > MANAGEMENT: Client disconnected . 2016.08.10 16:01:28 - OpenVPN > Assertion failed at misc.c:779 . 2016.08.10 16:01:28 - OpenVPN > Exiting due to fatal error . 2016.08.10 16:01:28 - OpenVpn Management > SUCCESS: signal SIGTERM thrown . 2016.08.10 16:01:28 - OpenVpn Management > >FATAL:Assertion failed at misc.c:779 . 2016.08.10 16:01:28 - Connection terminated. I 2016.08.10 16:01:28 - DNS of a network adapter restored to original settings (TAP-Windows Adapter V9) I 2016.08.10 16:01:28 - DNS of a network adapter restored to original settings (Intel® I211 Gigabit Network Connection) I 2016.08.10 16:01:31 - Checking authorization ... ! 2016.08.10 16:01:32 - Connecting to Alwaid (Canada, Toronto, Ontario) . 2016.08.10 16:01:32 - OpenVPN > OpenVPN 2.3.8 i686-w64-mingw32 [sSL (OpenSSL)] [LZO] [iPv6] built on Aug 13 2015 . 2016.08.10 16:01:32 - OpenVPN > library versions: OpenSSL 1.0.2d 9 Jul 2015, LZO 2.08 . 2016.08.10 16:01:32 - OpenVPN > MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:3100 . 2016.08.10 16:01:32 - OpenVPN > Control Channel Authentication: tls-auth using INLINE static key file . 2016.08.10 16:01:32 - OpenVPN > Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication . 2016.08.10 16:01:32 - OpenVPN > Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication . 2016.08.10 16:01:32 - OpenVPN > Socket Buffers: R=[65536->262144] S=[65536->262144] . 2016.08.10 16:01:32 - OpenVPN > Attempting to establish TCP connection with [AF_INET]184.75.221.114:80 [nonblock] . 2016.08.10 16:01:33 - OpenVPN > TCP connection established with [AF_INET]184.75.221.114:80 . 2016.08.10 16:01:33 - OpenVPN > TCPv4_CLIENT link local: [undef] . 2016.08.10 16:01:33 - OpenVPN > TCPv4_CLIENT link remote: [AF_INET]184.75.221.114:80 . 2016.08.10 16:01:33 - OpenVPN > TLS: Initial packet from [AF_INET]184.75.221.114:80, sid=27e33004 9c2f9715 . 2016.08.10 16:01:34 - OpenVPN > VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org . 2016.08.10 16:01:34 - OpenVPN > Validating certificate key usage . 2016.08.10 16:01:34 - OpenVPN > ++ Certificate has key usage 00a0, expects 00a0 . 2016.08.10 16:01:34 - OpenVPN > VERIFY KU OK . 2016.08.10 16:01:34 - OpenVPN > Validating certificate extended key usage . 2016.08.10 16:01:34 - OpenVPN > ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication . 2016.08.10 16:01:34 - OpenVPN > VERIFY EKU OK . 2016.08.10 16:01:34 - OpenVPN > VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, emailAddress=info@airvpn.org . 2016.08.10 16:01:35 - OpenVPN > Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key . 2016.08.10 16:01:35 - OpenVPN > Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication . 2016.08.10 16:01:35 - OpenVPN > Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key . 2016.08.10 16:01:35 - OpenVPN > Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication . 2016.08.10 16:01:35 - OpenVPN > Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA . 2016.08.10 16:01:35 - OpenVPN > [server] Peer Connection Initiated with [AF_INET]184.75.221.114:80 . 2016.08.10 16:01:38 - OpenVPN > SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) . 2016.08.10 16:01:38 - OpenVPN > PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.7.0.1,comp-lzo no,route-gateway 10.7.0.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.7.0.22 255.255.0.0' . 2016.08.10 16:01:38 - OpenVPN > OPTIONS IMPORT: timers and/or timeouts modified . 2016.08.10 16:01:38 - OpenVPN > OPTIONS IMPORT: LZO parms modified . 2016.08.10 16:01:38 - OpenVPN > OPTIONS IMPORT: --ifconfig/up options modified . 2016.08.10 16:01:38 - OpenVPN > OPTIONS IMPORT: route options modified . 2016.08.10 16:01:38 - OpenVPN > OPTIONS IMPORT: route-related options modified . 2016.08.10 16:01:38 - OpenVPN > OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified . 2016.08.10 16:01:38 - OpenVPN > do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0 . 2016.08.10 16:01:38 - OpenVPN > open_tun, tt->ipv6=0 . 2016.08.10 16:01:38 - OpenVPN > TAP-WIN32 device [Ethernet 2] opened: \\.\Global\{56383FD0-CF6B-47B7-9CCC-FCF828A2A063}.tap . 2016.08.10 16:01:38 - OpenVPN > TAP-Windows Driver Version 9.21 . 2016.08.10 16:01:38 - OpenVPN > Set TAP-Windows TUN subnet mode network/local/netmask = 10.7.0.0/10.7.0.22/255.255.0.0 [sUCCEEDED] . 2016.08.10 16:01:38 - OpenVPN > Notified TAP-Windows driver to set a DHCP IP/netmask of 10.7.0.22/255.255.0.0 on interface {56383FD0-CF6B-47B7-9CCC-FCF828A2A063} [DHCP-serv: 10.7.255.254, lease-time: 31536000] . 2016.08.10 16:01:38 - OpenVPN > Successful ARP Flush on interface [7] {56383FD0-CF6B-47B7-9CCC-FCF828A2A063} . 2016.08.10 16:01:43 - OpenVPN > TEST ROUTES: 1/1 succeeded len=0 ret=1 a=0 u/d=up . 2016.08.10 16:01:43 - OpenVPN > C:\WINDOWS\system32\route.exe ADD 184.75.221.114 MASK 255.255.255.255 192.168.0.1 . 2016.08.10 16:01:43 - OpenVPN > ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=25 and dwForwardType=4 . 2016.08.10 16:01:43 - OpenVPN > Route addition via IPAPI succeeded [adaptive] . 2016.08.10 16:01:43 - OpenVPN > C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.7.0.1 . 2016.08.10 16:01:43 - OpenVPN > ROUTE: route addition failed using CreateIpForwardEntry: The object already exists. [status=5010 if_index=7] . 2016.08.10 16:01:43 - OpenVPN > Route addition via IPAPI failed [adaptive] . 2016.08.10 16:01:43 - OpenVPN > Route addition fallback to route.exe . 2016.08.10 16:01:43 - OpenVPN > env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem . 2016.08.10 16:01:43 - OpenVPN > C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.7.0.1 . 2016.08.10 16:01:43 - OpenVPN > ROUTE: route addition failed using CreateIpForwardEntry: The object already exists. [status=5010 if_index=7] . 2016.08.10 16:01:43 - OpenVPN > Route addition via IPAPI failed [adaptive] . 2016.08.10 16:01:43 - OpenVPN > Route addition fallback to route.exe . 2016.08.10 16:01:43 - OpenVPN > env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem . 2016.08.10 16:01:43 - Starting Management Interface . 2016.08.10 16:01:43 - OpenVPN > Initialization Sequence Completed I 2016.08.10 16:01:43 - DNS of a network adapter forced (TAP-Windows Adapter V9) I 2016.08.10 16:01:43 - DNS of a network adapter forced (Intel® I211 Gigabit Network Connection) I 2016.08.10 16:01:44 - Flushing DNS I 2016.08.10 16:01:44 - Checking route I 2016.08.10 16:02:08 - Checking DNS ! 2016.08.10 16:02:21 - Connected. . 2016.08.10 16:02:21 - OpenVPN > MANAGEMENT: Client connected from [AF_INET]127.0.0.1:3100 . 2016.08.10 16:02:21 - OpenVpn Management > >INFO:OpenVPN Management Interface Version 1 -- type 'help' for more info ! 2016.08.10 16:02:56 - Disconnecting . 2016.08.10 16:02:56 - Management - Send 'signal SIGTERM' . 2016.08.10 16:02:56 - OpenVPN > MANAGEMENT: CMD 'signal SIGTERM' . 2016.08.10 16:02:56 - OpenVPN > C:\WINDOWS\system32\route.exe DELETE 184.75.221.114 MASK 255.255.255.255 192.168.0.1 . 2016.08.10 16:02:56 - OpenVPN > Route deletion via IPAPI succeeded [adaptive] . 2016.08.10 16:02:56 - OpenVPN > C:\WINDOWS\system32\route.exe DELETE 0.0.0.0 MASK 128.0.0.0 10.7.0.1 . 2016.08.10 16:02:56 - OpenVPN > Route deletion via IPAPI succeeded [adaptive] . 2016.08.10 16:02:56 - OpenVPN > C:\WINDOWS\system32\route.exe DELETE 128.0.0.0 MASK 128.0.0.0 10.7.0.1 . 2016.08.10 16:02:56 - OpenVPN > Route deletion via IPAPI succeeded [adaptive] . 2016.08.10 16:02:56 - OpenVPN > Closing TUN/TAP interface . 2016.08.10 16:02:56 - OpenVPN > SIGTERM[hard,] received, process exiting . 2016.08.10 16:02:56 - Connection terminated. I 2016.08.10 16:02:56 - DNS of a network adapter restored to original settings (TAP-Windows Adapter V9) I 2016.08.10 16:02:56 - DNS of a network adapter restored to original settings (Intel® I211 Gigabit Network Connection) I 2016.08.10 16:02:59 - Checking authorization ... ! 2016.08.10 16:02:59 - Connecting to Pavonis (United States, Chicago, Illinois) . 2016.08.10 16:03:00 - OpenVPN > OpenVPN 2.3.8 i686-w64-mingw32 [sSL (OpenSSL)] [LZO] [iPv6] built on Aug 13 2015 . 2016.08.10 16:03:00 - OpenVPN > library versions: OpenSSL 1.0.2d 9 Jul 2015, LZO 2.08 . 2016.08.10 16:03:00 - OpenVPN > MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:3100 . 2016.08.10 16:03:00 - OpenVPN > Control Channel Authentication: tls-auth using INLINE static key file . 2016.08.10 16:03:00 - OpenVPN > Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication . 2016.08.10 16:03:00 - OpenVPN > Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication . 2016.08.10 16:03:00 - OpenVPN > Socket Buffers: R=[65536->262144] S=[65536->262144] . 2016.08.10 16:03:00 - OpenVPN > Attempting to establish TCP connection with [AF_INET]149.255.33.154:80 [nonblock] . 2016.08.10 16:03:01 - OpenVPN > TCP connection established with [AF_INET]149.255.33.154:80 . 2016.08.10 16:03:01 - OpenVPN > TCPv4_CLIENT link local: [undef] . 2016.08.10 16:03:01 - OpenVPN > TCPv4_CLIENT link remote: [AF_INET]149.255.33.154:80 . 2016.08.10 16:03:01 - OpenVPN > TLS: Initial packet from [AF_INET]149.255.33.154:80, sid=4c577530 bc5b35eb . 2016.08.10 16:03:01 - OpenVPN > VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org . 2016.08.10 16:03:01 - OpenVPN > Validating certificate key usage . 2016.08.10 16:03:01 - OpenVPN > ++ Certificate has key usage 00a0, expects 00a0 . 2016.08.10 16:03:01 - OpenVPN > VERIFY KU OK . 2016.08.10 16:03:01 - OpenVPN > Validating certificate extended key usage . 2016.08.10 16:03:01 - OpenVPN > ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication . 2016.08.10 16:03:01 - OpenVPN > VERIFY EKU OK . 2016.08.10 16:03:01 - OpenVPN > VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, emailAddress=info@airvpn.org . 2016.08.10 16:03:02 - OpenVPN > Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key . 2016.08.10 16:03:02 - OpenVPN > Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication . 2016.08.10 16:03:02 - OpenVPN > Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key . 2016.08.10 16:03:02 - OpenVPN > Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication . 2016.08.10 16:03:02 - OpenVPN > Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA . 2016.08.10 16:03:02 - OpenVPN > [server] Peer Connection Initiated with [AF_INET]149.255.33.154:80 . 2016.08.10 16:03:05 - OpenVPN > SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) . 2016.08.10 16:03:05 - OpenVPN > PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.7.0.1,comp-lzo no,route-gateway 10.7.0.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.7.0.152 255.255.0.0' . 2016.08.10 16:03:05 - OpenVPN > OPTIONS IMPORT: timers and/or timeouts modified . 2016.08.10 16:03:05 - OpenVPN > OPTIONS IMPORT: LZO parms modified . 2016.08.10 16:03:05 - OpenVPN > OPTIONS IMPORT: --ifconfig/up options modified . 2016.08.10 16:03:05 - OpenVPN > OPTIONS IMPORT: route options modified . 2016.08.10 16:03:05 - OpenVPN > OPTIONS IMPORT: route-related options modified . 2016.08.10 16:03:05 - OpenVPN > OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified . 2016.08.10 16:03:05 - OpenVPN > do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0 . 2016.08.10 16:03:05 - OpenVPN > open_tun, tt->ipv6=0 . 2016.08.10 16:03:05 - OpenVPN > TAP-WIN32 device [Ethernet 2] opened: \\.\Global\{56383FD0-CF6B-47B7-9CCC-FCF828A2A063}.tap . 2016.08.10 16:03:05 - OpenVPN > TAP-Windows Driver Version 9.21 . 2016.08.10 16:03:05 - OpenVPN > Set TAP-Windows TUN subnet mode network/local/netmask = 10.7.0.0/10.7.0.152/255.255.0.0 [sUCCEEDED] . 2016.08.10 16:03:05 - OpenVPN > Notified TAP-Windows driver to set a DHCP IP/netmask of 10.7.0.152/255.255.0.0 on interface {56383FD0-CF6B-47B7-9CCC-FCF828A2A063} [DHCP-serv: 10.7.255.254, lease-time: 31536000] . 2016.08.10 16:03:05 - OpenVPN > Successful ARP Flush on interface [7] {56383FD0-CF6B-47B7-9CCC-FCF828A2A063} . 2016.08.10 16:03:10 - OpenVPN > TEST ROUTES: 1/1 succeeded len=0 ret=1 a=0 u/d=up . 2016.08.10 16:03:10 - OpenVPN > C:\WINDOWS\system32\route.exe ADD 149.255.33.154 MASK 255.255.255.255 192.168.0.1 . 2016.08.10 16:03:10 - OpenVPN > ROUTE: route addition failed using CreateIpForwardEntry: The object already exists. [status=5010 if_index=10] . 2016.08.10 16:03:10 - OpenVPN > Route addition via IPAPI failed [adaptive] . 2016.08.10 16:03:10 - OpenVPN > Route addition fallback to route.exe . 2016.08.10 16:03:10 - OpenVPN > env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem . 2016.08.10 16:03:10 - OpenVPN > C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.7.0.1 . 2016.08.10 16:03:10 - OpenVPN > ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=35 and dwForwardType=4 . 2016.08.10 16:03:10 - OpenVPN > Route addition via IPAPI succeeded [adaptive] . 2016.08.10 16:03:10 - OpenVPN > C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.7.0.1 . 2016.08.10 16:03:10 - OpenVPN > ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=35 and dwForwardType=4 . 2016.08.10 16:03:10 - OpenVPN > Route addition via IPAPI succeeded [adaptive] . 2016.08.10 16:03:10 - Starting Management Interface . 2016.08.10 16:03:10 - OpenVPN > Initialization Sequence Completed I 2016.08.10 16:03:10 - DNS of a network adapter forced (TAP-Windows Adapter V9) I 2016.08.10 16:03:10 - DNS of a network adapter forced (Intel® I211 Gigabit Network Connection) I 2016.08.10 16:03:10 - Flushing DNS I 2016.08.10 16:03:10 - Checking route I 2016.08.10 16:03:35 - Checking DNS ! 2016.08.10 16:03:47 - Connected. . 2016.08.10 16:03:47 - OpenVpn Management > >INFO:OpenVPN Management Interface Version 1 -- type 'help' for more info . 2016.08.10 16:03:47 - OpenVPN > MANAGEMENT: Client connected from [AF_INET]127.0.0.1:3100 . 2016.08.10 16:04:02 - OpenVPN > Connection reset, restarting [-1] . 2016.08.10 16:04:02 - OpenVPN > SIGUSR1[soft,connection-reset] received, process restarting . 2016.08.10 16:04:02 - OpenVPN > Restart pause, 5 second(s) ! 2016.08.10 16:04:02 - Disconnecting . 2016.08.10 16:04:02 - Management - Send 'signal SIGTERM' . 2016.08.10 16:04:02 - OpenVPN > MANAGEMENT: CMD 'signal SIGTERM' . 2016.08.10 16:04:02 - OpenVPN > MANAGEMENT: Client disconnected . 2016.08.10 16:04:02 - OpenVPN > Assertion failed at misc.c:779 . 2016.08.10 16:04:02 - OpenVPN > Exiting due to fatal error . 2016.08.10 16:04:02 - Connection terminated. I 2016.08.10 16:04:02 - DNS of a network adapter restored to original settings (TAP-Windows Adapter V9) I 2016.08.10 16:04:02 - DNS of a network adapter restored to original settings (Intel® I211 Gigabit Network Connection) I 2016.08.10 16:04:05 - Checking authorization ... ! 2016.08.10 16:04:06 - Connecting to Alwaid (Canada, Toronto, Ontario) . 2016.08.10 16:04:06 - OpenVPN > OpenVPN 2.3.8 i686-w64-mingw32 [sSL (OpenSSL)] [LZO] [iPv6] built on Aug 13 2015 . 2016.08.10 16:04:06 - OpenVPN > library versions: OpenSSL 1.0.2d 9 Jul 2015, LZO 2.08 . 2016.08.10 16:04:06 - OpenVPN > MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:3100 . 2016.08.10 16:04:06 - OpenVPN > Control Channel Authentication: tls-auth using INLINE static key file . 2016.08.10 16:04:06 - OpenVPN > Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication . 2016.08.10 16:04:06 - OpenVPN > Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication . 2016.08.10 16:04:06 - OpenVPN > Socket Buffers: R=[65536->262144] S=[65536->262144] . 2016.08.10 16:04:06 - OpenVPN > Attempting to establish TCP connection with [AF_INET]184.75.221.114:80 [nonblock] . 2016.08.10 16:04:07 - OpenVPN > TCP connection established with [AF_INET]184.75.221.114:80 . 2016.08.10 16:04:07 - OpenVPN > TCPv4_CLIENT link local: [undef] . 2016.08.10 16:04:07 - OpenVPN > TCPv4_CLIENT link remote: [AF_INET]184.75.221.114:80 . 2016.08.10 16:04:07 - OpenVPN > TLS: Initial packet from [AF_INET]184.75.221.114:80, sid=e3bc45f1 4225220f . 2016.08.10 16:04:07 - OpenVPN > VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org . 2016.08.10 16:04:07 - OpenVPN > Validating certificate key usage . 2016.08.10 16:04:07 - OpenVPN > ++ Certificate has key usage 00a0, expects 00a0 . 2016.08.10 16:04:07 - OpenVPN > VERIFY KU OK . 2016.08.10 16:04:07 - OpenVPN > Validating certificate extended key usage . 2016.08.10 16:04:07 - OpenVPN > ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication . 2016.08.10 16:04:07 - OpenVPN > VERIFY EKU OK . 2016.08.10 16:04:07 - OpenVPN > VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, emailAddress=info@airvpn.org . 2016.08.10 16:04:09 - OpenVPN > Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key . 2016.08.10 16:04:09 - OpenVPN > Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication . 2016.08.10 16:04:09 - OpenVPN > Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key . 2016.08.10 16:04:09 - OpenVPN > Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication . 2016.08.10 16:04:09 - OpenVPN > Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA . 2016.08.10 16:04:09 - OpenVPN > [server] Peer Connection Initiated with [AF_INET]184.75.221.114:80 . 2016.08.10 16:04:11 - OpenVPN > SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) . 2016.08.10 16:04:11 - OpenVPN > PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.7.0.1,comp-lzo no,route-gateway 10.7.0.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.7.0.22 255.255.0.0' . 2016.08.10 16:04:11 - OpenVPN > OPTIONS IMPORT: timers and/or timeouts modified . 2016.08.10 16:04:11 - OpenVPN > OPTIONS IMPORT: LZO parms modified . 2016.08.10 16:04:11 - OpenVPN > OPTIONS IMPORT: --ifconfig/up options modified . 2016.08.10 16:04:11 - OpenVPN > OPTIONS IMPORT: route options modified . 2016.08.10 16:04:11 - OpenVPN > OPTIONS IMPORT: route-related options modified . 2016.08.10 16:04:11 - OpenVPN > OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified . 2016.08.10 16:04:11 - OpenVPN > do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0 . 2016.08.10 16:04:11 - OpenVPN > open_tun, tt->ipv6=0 . 2016.08.10 16:04:11 - OpenVPN > TAP-WIN32 device [Ethernet 2] opened: \\.\Global\{56383FD0-CF6B-47B7-9CCC-FCF828A2A063}.tap . 2016.08.10 16:04:11 - OpenVPN > TAP-Windows Driver Version 9.21 . 2016.08.10 16:04:11 - OpenVPN > Set TAP-Windows TUN subnet mode network/local/netmask = 10.7.0.0/10.7.0.22/255.255.0.0 [sUCCEEDED] . 2016.08.10 16:04:11 - OpenVPN > Notified TAP-Windows driver to set a DHCP IP/netmask of 10.7.0.22/255.255.0.0 on interface {56383FD0-CF6B-47B7-9CCC-FCF828A2A063} [DHCP-serv: 10.7.255.254, lease-time: 31536000] . 2016.08.10 16:04:11 - OpenVPN > Successful ARP Flush on interface [7] {56383FD0-CF6B-47B7-9CCC-FCF828A2A063} . 2016.08.10 16:04:16 - OpenVPN > TEST ROUTES: 1/1 succeeded len=0 ret=1 a=0 u/d=up . 2016.08.10 16:04:16 - OpenVPN > C:\WINDOWS\system32\route.exe ADD 184.75.221.114 MASK 255.255.255.255 192.168.0.1 . 2016.08.10 16:04:16 - OpenVPN > ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=25 and dwForwardType=4 . 2016.08.10 16:04:16 - OpenVPN > Route addition via IPAPI succeeded [adaptive] . 2016.08.10 16:04:16 - OpenVPN > C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.7.0.1 . 2016.08.10 16:04:16 - OpenVPN > ROUTE: route addition failed using CreateIpForwardEntry: The object already exists. [status=5010 if_index=7] . 2016.08.10 16:04:16 - OpenVPN > Route addition via IPAPI failed [adaptive] . 2016.08.10 16:04:16 - OpenVPN > Route addition fallback to route.exe . 2016.08.10 16:04:16 - OpenVPN > env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem . 2016.08.10 16:04:16 - OpenVPN > C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.7.0.1 . 2016.08.10 16:04:16 - OpenVPN > ROUTE: route addition failed using CreateIpForwardEntry: The object already exists. [status=5010 if_index=7] . 2016.08.10 16:04:16 - OpenVPN > Route addition via IPAPI failed [adaptive] . 2016.08.10 16:04:16 - OpenVPN > Route addition fallback to route.exe . 2016.08.10 16:04:16 - OpenVPN > env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem . 2016.08.10 16:04:16 - Starting Management Interface . 2016.08.10 16:04:16 - OpenVPN > Initialization Sequence Completed I 2016.08.10 16:04:16 - DNS of a network adapter forced (TAP-Windows Adapter V9) I 2016.08.10 16:04:16 - DNS of a network adapter forced (Intel® I211 Gigabit Network Connection) I 2016.08.10 16:04:16 - Flushing DNS I 2016.08.10 16:04:16 - Checking route I 2016.08.10 16:04:41 - Checking DNS ! 2016.08.10 16:04:53 - Connected. . 2016.08.10 16:04:53 - OpenVPN > MANAGEMENT: Client connected from [AF_INET]127.0.0.1:3100 . 2016.08.10 16:04:53 - OpenVpn Management > >INFO:OpenVPN Management Interface Version 1 -- type 'help' for more info

Hello all, This is collection from different tutorials which I will refer here, but usually changed since some things changed. Setting up VPN on Synology is modified neolefort tutorial from here and reconnect script if from sundi which you can find here, which probably modified this script, plus my iptables for blocking Synology on router level when VPN fails. Other contributions: foobar666 - you no longer need to enter variables manually _sinnerman_ - fixed script for DS 6.1 I'm doing this mostly because I usually forget things I managed to solve after year or two, so this is way to have constant reminder how it was solved and also help others. 1. Get your certificates from AirVPN. Go to the https://airvpn.org/generator/ page to generate the configuration file. (1) SELECT the Advanced Mode (near top right of the page) (2) SELECT LINUX OS (3) Under "Protocols" section select one with protocol UDP and port 443 (at the time of writing, it was first in list). You can choose any combination of protocol/port, but then also change iptables accordingly if you are using failsafe script. (4) Under "Advanced - OpenVPN only" section (right part of page), select "Separate keys/certs from .ovpn file" and change OpenVPN version to "<2.4" (you don't need to do this if you are using DSM7 or newer) (5) SELECT 1 SERVER (refer to section "by single servers") OR COUNTRY OR ANYTHING ELSE YOU WANT In original tutorial, neolefort said to choose 1 server, because in that case you will get IP instead of xxx.airvpn.org domain. Choosing 1 server is safe because it doesn't need working DNS when you want to connect to VPN. If you choose anything else, you need working DNS on your router when establishing VPN connection. (6) Click "GENERATE" at the bottom. (7) Click on the ZIP button in order to download the AIRVPN configuration files and unzip them anywhere on your computer The ZIP archive should contain the following files: -AirVPN_XXXXX_UDP-443.ovpn -ca.crt -user.crt -user.key -ta.key 2. Setup AirVPN on Synology. In new DSM 6 it's much more easier since Synology developers allowed everything in GUI now. - Login as admin or with user from Administrator group. - Open Control panel. - Go "Network" and click on tab "Network Interface" - Click on button "Create" - "Create VPN profile" - Choose "OpenVPN (via importing .ovpn file) - Click "Advanced options" so it shows all options - Profile name: anything you want, but please keep is short and if you can without spaces " ", for example "AirVPN". - User name: LEAVE EMPTY (for DSM 7+ just put anything here) - Password: LEAVE EMPTY (for DSM 7+ just put anything here) - Import .ovpn file: click button and import your AirVPN_XXXXX_UDP-443.ovpn - CA certificate: click button and import your ca.crt - Client certificate: click button and import your user.crt - Client key: click button and import your user.key - Certificate revocation: LEAVE EMPTY - TLS-auth key: click button and import your ta.key - Click "Next" - Select all options, EXCEPT "Enable compression on the VPN link" (well, you can select that also if you really want, but don't ) Now you have working OpenVPN link on your Synology DS6+. You just need to start it from "Control panel" - "Network" - "Network Interface". EXTRAS!!! 3. Setting up external access to your Synology. First what you will notice is, "I CAN'T ACCESS MY SYNOLOGY FROM OUTSIDE OF MY LAN!!!!!!! OMG OMG OMG!!!!" I will not explain port fowards on your router here, if you don't know how to make one, learn! (1) You can port forward trough AirVPN webpage and access your Syno via VPN exit IP. This sometimes works, most of times it doesn't since Syno has some ports you cannot change. Anyway, change your default HTTP / HTTPS port on Syno to your forwarded AirVPN port and you should be fine. But forget about Cloudstation and similliar things. (2) If you want to access Syno via you ISP IP (WAN), then problem is, your Syno is receiving your connection, but it's replying trough VPN. That's a security risk and those connections get droped. But there is solution! - Access "Control panel" - "Network" - "General" - Click "Advanced Settings" button - Mark "Enable multiple gateways" and click "OK" and then "Apply" You're done! It's working now (if you forwarded good ports on your router). 4. Prevent leaks when VPN connection on Synology fails. There will be time, when you VPN will fail, drop, disconnect, and your ISP IP will become visible to world. This is one of ways you can prevent it, on router level. For this you need Tomato, Merlin, DD-WRT or OpenWRT firmware on your router. I will tell you steps for Tomato router. If you are using different firmware, then you need to learn alone how to input this code into your router. Since Shibby version 129 for ARM routers, syntax of iptables changed and depending on which version of iptables you are using, apply that code. - Login to your router (usually just by entering 192.168.1.1 into your browser, if your IP is different, find out which is your gateway IP). - Click on "Administration" - Click on "Scripts" - Choose tab "Firewall" For Shibby v129 for ARM and later (iptables 1.4.x) us this: #Use this order of commands because it executes in reverse order. #This command will execute last, it kills all UDP requests. iptables -I FORWARD -p udp -s 192.168.1.100 -j REJECT #This command will execute second and will block all TCP source ports except those needed for web access or services iptables -I FORWARD -p tcp -s 192.168.1.100 -m multiport ! --sports 5000,5001,6690 -j REJECT #This command will execute first and will ACCEPT connection to your VPN on destination port 443 UDP iptables -I FORWARD -p udp -s 192.168.1.100 -m multiport --dports 443 -j ACCEPT For earlier Shibby versions and later for MIPS routers: #Use this order of commands because it executes in reverse order. #This command will execute last, it kills all UDP requests. iptables -I FORWARD -p udp -s 192.168.1.100 -j REJECT #This command will execute second and will block all TCP source ports except those needed for web access or services iptables -I FORWARD -p tcp -s 192.168.1.100 -m multiport --sports ! 5000,5001,6690 -j REJECT #This command will execute first and will ACCEPT connection to your VPN on destination port 443 UDP iptables -I FORWARD -p udp -s 192.168.1.100 -m multiport --dports 443 -j ACCEPT Port TCP 5000 = HTTP for for Synology web access (change to your if it's not default) Port TCP 5001 = HTTPS for for Synology web access (change to your it's not default) Port TCP 6690 = Cloud Station port Port UDP 443 = AirVPN connection port which you defined in step 1 of this tutorial. If you are using TCP port, then you need to change "-p udp" to "-p tcp" in that line. If you need more ports, just add them separated by comma ",". If you want port range, for example 123,124,125,126,127, you can add it like this 123:127. Change IP 192.168.1.100 to your Synology LAN IP. Be careful NOT TO assign those ports to your Download Station on Synology. This isn't perfect, you can still leak your IP through UDP 443, but since torrent uses mostly TCP, those chances are minimal. If you use TCP port for VPN, then those chances increase. If you really want to be sure nothing leaks even on UDP 443 (or your custom port), you need to choose 1 (ONE) AirVPN server. You need to find that server entry IP and change last IPTABLES rule to something like this: iptables -I FORWARD -p udp -s 192.168.1.100 -d 123.456.789.123 -m multiport --dports 443 -j ACCEPT Where 123.456.789.123 is AirVPN server entry IP. This will allow UDP 443 only for that server, rest will be rejected by router. These are all my opinions, from my very limited knowledge, which may be right and may be wrong. 5. Auto reconnection when VPN is down. Since when you made your VPN connection on your Synology, you checked "Reconnect" option, Syno will try to reconnect automaticly when connection fails. But in some cases, your network will be offline long enough and Syno will stop trying to reconnect, or will hang with VPN connection established, but not working. In those cases you can use this auto reconnect script. This is reconnect script. Just select all script text and copy it. #VPN Check script modified Sep 11, 2016 #Script checks if VPN is up, and if it is, it checks if it's working or not. It provides details like VPN is up since, data #received/sent, VPN IP & WAN IP. #If VPN is not up it will report it in the log file and start it #Change LogFile path to your own location. #Save this script to file of your choosing (for example "synovpn_reconnect"). Store it in one of your Synology shared folders and chmod it: "chmod +x /volume1/shared_folder_name/your_path/synovpn_reconnect" #Edit "/etc/crontab" and add this line without quotes for starting script every 10 minutes: "*/10 * * * * root /volume1/shared_folder_name/your_path/synovpn_reconnect" #After that restart cron with: "/usr/syno/sbin/synoservicectl --restart crond" #!/bin/sh DATE=$(date +"%F") TIME=$(date +"%T") VPNID=$(grep "\[.*\]" /usr/syno/etc/synovpnclient/openvpn/ovpnclient.conf | cut -f 2 -d "[" | cut -f 1 -d "]") VPNNAME=$(grep conf_name /usr/syno/etc/synovpnclient/openvpn/ovpnclient.conf | cut -f 2 -d "=") LogFile="/volume1/filmovi/Backup/airvpn/check_airvpn_$DATE.log" PUBIP=$(curl -s -m 5 icanhazip.com) #PUBIP=$(curl -s -m 5 ipinfo.io/ip) #PUBIP=$(curl -s -m 5 ifconfig.me) CHECKIP=$(echo $PUBIP | grep -c ".") start_vpn() { echo "VPN is down. Attempting to (re)start now." >> $LogFile # /usr/syno/bin/synovpnc kill_client --protocol=openvpn --name=$VPNNAME /usr/syno/bin/synovpnc kill_client /bin/kill `cat /var/run/ovpn_client.pid` 2>/dev/null sleep 35 echo 1 > /usr/syno/etc/synovpnclient/vpnc_connecting echo conf_id=$VPNID > /usr/syno/etc/synovpnclient/vpnc_connecting echo conf_name=$VPNNAME >> /usr/syno/etc/synovpnclient/vpnc_connecting echo proto=openvpn >> /usr/syno/etc/synovpnclient/vpnc_connecting /usr/syno/bin/synovpnc reconnect --protocol=openvpn --name=$VPNNAME >> $LogFile } sleep 6 echo "======================================" >> $LogFile echo "$DATE $TIME" >> $LogFile if ifconfig tun0 | grep -q "00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00" then if [ "$CHECKIP" == 1 ] then IPADDR=$(/sbin/ifconfig tun0 | grep 'inet addr' | cut -d: -f2 | awk '{print $1}') RXDATA=$(/sbin/ifconfig tun0 | grep "bytes:" | cut -d: -f2 | awk '{print $1,$2,$3}') TXDATA=$(/sbin/ifconfig tun0 | grep "bytes:" | cut -d: -f3 | awk '{print $1,$2,$3}') UPTIME=$(cat /var/log/messages | grep "$IPADDR" | awk '{print $1}' | tail -1) UPTIME=$(date -d"$UPTIME" +"%Y/%m/%d %H:%M:%S") echo "VPN is up since: $UPTIME" >> $LogFile echo "Session Data RX: $RXDATA" >> $LogFile echo "Session Data TX: $TXDATA" >> $LogFile echo "VPN IP is: $IPADDR" >> $LogFile echo "WAN IP is: $PUBIP" >> $LogFile else start_vpn fi else start_vpn fi exit 0 (1) Login to you Synology DSM web interface as admin. - As admin go to "Control panel" - "Task Scheduler" (you need to enable advanced mode in top right corner of control panel for this) - Click "Create" button near top of page, then select "Scheduled Task" and then "User-defined script" (2) New popup window will open. - under "Task:" enter task name - under "User:" select "root" if it's not already selected - switch to "Schedule" tab and select how often you want this task to run, my settings are: - "Run of following days" - "Daily" - "First run time" - 00:00 - "Frequency" - "Every 10 minutes" - "Last run time" - 23:50 - switch to "Task settings" tab - paste script you copied into empty box under "User-defined script" title - press OK and you're done I tested this on DSM 6.2.2 and it works without problems for now. Still, I'm keeping old instructions in next post, if someone wants to do it like that. Tip: If you don't want logfile, you can comment out those lines, or remove ">> $LogFile" code from whole script. That's all. If you entered everything correctly, you should be fine and ready to go! Comments are welcome. If you find mistakes, please correct me.

Hello everyone. I am entirely new to Android devices and am rather perplexed by what I am seeing. Allow me to explain. I bought a ARM S905 based Android device to replace basic cable television for my elderly mother. I then had the good sense to try to install OpenVPN on it. First problem was that Google Play required a login, and I could not find a working way to generate a fake login. So I gave up and used a real one. (My only gmail account as well.) But then in a minute I had OpenVPN installed and imported the configuration I made here according to the instructions. It connected fast and here is where I am utterly unable to fathom what happened. It *NEVER* asked me for my username or password... It seems to be working fine, but I worry that it is not actually using the VPN since I never gave it proper credentials. Am I misunderstanding and the config generator imported my username and password as one of the huge blocks of hashed text like the "Static Key" or "Private Key"? Thanks in advance for anyone able to explain this to me. And in addition, if anyone knows a way to make a gmail account not linked directly to me, and without a telephone, I would be very thankful. I have never owned a mobile phone, and my home phone is VoIP and does not seem to accept SMS messages, so I cannot seem to get Google to accept it. I am not about to waste money buying a mobile phone I will never use just so I can make a gmail account to make this device work. Good day everyone. Thanks for reading.

I am trying to configure AirVPN port forwarding features. However after the initial configuration of openvpn client for AirVPN it doesn't seem to be pulling an IP address. The only thing that I wasn't able to do during the setup was select " Client Certificate = [ AirVPN_CERT]" The only option was either none (user/password) or webConfigurator. Any suggestions?

Hi, I running different Linux distributions (Arch, Manjaro & Debian) and since the AirVPN client isn't native linux software (and already caused some problems on my Debian workstation) I'm using OpenVPN directly. Although one might argue that AirVPN has developed its client for some reason, I'm not a fan of using non-native software on Linux plus this is some additional/potential source for bugs / security issues. OpenVPN is commonly used and tested, offers a neat command line interface, thus I think its a pretty nice way to use OpenVPN directly for AirVPN connections. However, I more or less new to VPN setups and I cannot figure out what is wrong with my setup. Here's the problem: When I visit ipleak.net (or any other website that detects DNS leaks) I always see my ISP's original DNS ip address, but I want my conncetion to use AirVPN's DNS in order to hide my visited websites. I am using Firefox (but I've also tested it with Chrome/Chromium) and disabled the WebRTC stuff. I even tried the Firefox WebRTC-Blocker AddOn. Nothing helped Am I doing something wrong with the OpenVPN configurator from AirVPN? I am pretty much just selecting the Countires, UDP/TCP and using the generated config file with OpenVPN. I mean there is no "hidden" only use AirVPN DNS-option, right? Any help would be really appreciated. Thanks!