Jump to content
Not connected, Your IP: 44.203.219.117

Search the Community

Showing results for tags 'OpenVPN'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • AirVPN
    • News and Announcement
    • How-To
    • Databases
  • Community
    • General & Suggestions
    • Troubleshooting and Problems
    • Blocked websites warning
    • Eddie - AirVPN Client
    • DNS Lists
    • Reviews
    • Other VPN competitors or features
    • Nonprofit
    • Off-Topic
  • Other Projects
    • IP Leak
    • XMPP

Product Groups

  • AirVPN Access
  • Coupons
  • Misc

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Twitter


Mastodon


AIM


MSN


ICQ


Yahoo


XMPP / Jabber


Skype


Location


Interests

Found 198 results

  1. Hi, I guess my real IP is leaked. I am in the Netherlands and I want to use a German VPN. When I check my IP all seems fine. But all the ads and google+1 is in Dutch!? (See attached image.) ipleaks.net and dnsleaktest.com don't show that leak. I use OpenVPN and update-resolv-conf and I also added following line to the ovpn (for which I used the generator): script-security 2 up /etc/openvpn/update-resolv-conf down /etc/openvpn/update-resolv-conf I deleted all cookies, cache, and flashcookies. How does google for example know my real location?
  2. Hey! I've got an annoying problem since today. Whenever i make a connection with OpenVPN windows analyzes the network type and decides it's domain (since the machine is on a domain). Would not be much of a problem, but my killswitch is based on that the ovpn-connection is treated as "public" not domain. Now, whatever i try to do, it still becomes domain. System: - Win7x64 on 2012R2-Domain, latest openvpn, nothing else (yet). What i tried: - setting every unknown/new network as public via GPO - also doing the same via local secpol - setting ndistype for the tapi-interface of ovpn - deleting nlm-cache, deleting routes, resetting ip4 completly - setting network type via registry Starts to drive me mad :-) Would be thankful for any idea!
  3. Hello, Trying to connect from iPad to UK (area) proxy servers per instructions here https://airvpn.org/ios/ Connection not established, throws "Connection timeout", I've tried "Advanced Options", "Resolved hosts in .ovpn file" and "All servers for area or region" as per here https://airvpn.org/topic/10000-connection-timeout/ OpenVPN log attached (openvpn.txt). Any suggestions most appreciated. Thanks! Swain openvpn.txt
  4. Hi, I'm very new to all this kind of tech and wondered if anyone can help. I currently have a cloud ibox2+se satellite recieved box that has an option in it called openvpn and I just wondered if anyone can assist me in getting it to work with my virgin super hub router, I'm a bit nervous to mess around with any settings without any advice or tutorials. All help greatly recieved. Many thanks
  5. I'd like to share the configuration which I use with VPN in order discuss and for others to use. The idea is to launch apps which should use VPN inside a separate network namespace. Other apps will run inside the default network namespace and use the default direct connection without VPN. Linux network namespaces enable you to configure a container with separate set of network interfaces with separate routing table, separate firewall rules and separate resolv.conf. Only processes which are inside the namespace will be able to access and use all that. You should compile network namespace support in your kernel and the support the "veth" network device. veth is a pair of virtual devices. They operate this way: data that comes into one, comes out from another and vice versa. We use them to link namespaces together because your eth0 can only exist in one namespace. I am running: OS: Gentoo init system: systemd network managent tool: netctl (from Arch Linux, available in Gentoo) You would have to adapt your configuration if you're using anything else. It should be easy. GENERAL OVERVIEW. Default namespace contains these interface: lo lan0 veth1 br0 Additional namespace contains: lo veth0 tun0 lan0 is my physical net interface (you could think of that as eth0). Kernel links veth0 to veth1. br0 bridges lan0 and veth1 together. tun0 is the VPN tunnel through veth0. I called my additional namespace "vpn". This way processes from both namespaces can communicate with my LAN. Processes from the default namespace communicate this way: (br0) -> lan0. Processes from "vpn" namespace communicate this way. In case of a LAN connection: veth0 -> veth1 -> (br0) -> lan0 In general case: tun0 -> veth0 -> veth1 -> (br0) -> lan0 STEP 1. Startup script. Create a startup script which takes care of creating veth0/veth1 pair for you. It also creates the vpn namespace. In my case it is a systemd unit which runs before netctl: [unit] Description=Custom network namespace Before=netctl@bridge.service network.target Wants=network.target [service] Type=oneshot RemainAfterExit=1 ExecStart=/bin/ip netns add vpn ExecStart=/bin/ip link add type veth ExecStart=/bin/ip link set veth0 address 16:7c:e1:06:53:dd ExecStart=/bin/ip link set veth1 address f6:7c:e1:06:53:dd ExecStart=/bin/ip link set veth0 netns vpn ExecStart=/bin/ip link set veth1 up ExecStop=/bin/ip netns delete vpn [install] WantedBy=multi-user.target You can see that I am assigning MAC addresses here manually. The point is how br0 gets its MAC address. I want lan0's MAC higher than veth1's MAC in order for br0 to use lan0's MAC and for MAC-based DHCP server not to misbehave on my router. If br0 gets veth1's MAC, the machine will get a different IP address in comparison to what it gets without a bridge. STEP 2. resolv.conf After you run the script or reboot, you have to setup resolv.conf for the namespace. Look for it in /etc/netns/vpn/resolv.conf. For airvpn it should contain "nameserver 10.4.0.1" line. For a shell running in "vpn" namespace, /etc/netns/vpn/resolv.conf will be automatically bound to /etc/resolv.conf. STEP 3. Bridge interface. Setup the bridge interface. In my case it is a netctl profile in /etc/netctl/bridge: Description="bridge connection" Interface=br0 Connection=bridge BindsToInterfaces=(lan0 veth1) IP=dhcp TimeoutDHCP=15 STEP 4. Running openvpn in the namespace. Reboot and check that br0 is up. Create a helper script /usr/local/bin/ns_enter: #!/bin/bash ifconfig lo up ifconfig veth0 up ip route flush table main ip add flush dev veth0 ip add add 192.168.1.100/24 dev veth0 ip route add default via 192.168.1.1 metric 10 iptables -F OUTPUT iptables -A OUTPUT -d 95.211.138.7 -j ACCEPT iptables -A OUTPUT -d 192.168.1.0/24 -j ACCEPT iptables -A OUTPUT -o tun0 -j ACCEPT iptables -P OUTPUT DROP Note that you have to specify the IP address and gateway for your LAN. Now you enter the namespace this way: sudo ip netns exec vpn /usr/local/bin/ns_enter sudo ip netns exec vpn su - <your_username> 95.211.138.7 is the VPN server. This rules allow all local traffic (192.168.1.0/24) and all traffic through VPN. Note that you cannot put hostname instead of 95.211.138.7 in your .ovpn file because openvpn wouldn't be able to resolve it. Check that the shell has access to exactly 2 interfaces: lo, veth0 (run ifconfig for that). Now launch openvpn: sudo openvpn --config /etc/openvpn/airvpn.ovpn --daemon You should see the 3rd interface (tun0) appear soon. Ready to roll. You can launch apps in background from the shell. The only serious problem I've encountered is that you can't runs apps which need dbus connections this way. I haven't figured out how to fix that yet. Setting the envitonment variable didn't help. Does anyone know why?
  6. Hello I a new user and would like to know how to set up an SSH tunnel with OpenVPN in my Mac with Viscosity App. I generated these files and imported them all to the Viscosity: https://cl.ly/aeTZ/Captura_de_Tela_2015-04-14_as_18.17.12.png [Or attached file!] I can connect via UDP-443 _ but I can't connect through SSH _-53. What am I doing wrong? I think I'm connected with OpenVPN but without the SSH tunnel. How should I do?
  7. Hello! ubuntu 14.04LTS Is there a simple way to bypass the vpn for plex or rather a specific port? I need a direct connection to my dedicated server for plex. Any help is very much appreciated. Thx! edit: I found a simple solution for ubuntu. Now, I use an ubuntu lxc-container for everything that I want to do with AirVPN (openvpn). The main system does not connect to AirVPN, thus I can easily establish a direct connection with my plex server. I know this should be possible with firewall rules and routes, but this is a good option for me.
  8. Good day, First of all I am running Ubuntu 14.04 on my laptop. What I want to achiev is to connect to tor via Airvpn. (That's the safest setup way, am I right?). Problems that I occure: To connect to Tor, I need to setup proxy in Airvpn client. Ant then use data in Tor configuration and achieve connection. Airvpn client without proxy setting works flawless. After I turn on proxy (socks5), I cant connect to server, I get reconnect loop, log: I 2015.03.09 11:03:54 - AirVPN client version: 2.8.8, System: Linux, Name: Ubuntu 14.10 \n \l, Architecture: x86 . 2015.03.09 11:03:54 - Reading options from /home/vibe/.airvpn/AirVPN.xml . 2015.03.09 11:03:56 - Data Path: /home/vibe/.airvpn . 2015.03.09 11:03:56 - App Path: /usr/lib/AirVPN . 2015.03.09 11:03:56 - Executable Path: /usr/lib/AirVPN/AirVPN.exe . 2015.03.09 11:03:56 - Command line arguments (1): path="/home/vibe/.airvpn" . 2015.03.09 11:03:57 - Operating System: Unix 3.16.0.23 - Linux Q 3.16.0-23-generic #31-Ubuntu SMP Tue Oct 21 18:00:35 UTC 2014 i686 i686 i686 GNU/Linux . 2015.03.09 11:03:57 - Updating systems & servers data ... I 2015.03.09 11:03:57 - OpenVPN Driver - Found I 2015.03.09 11:03:57 - OpenVPN - Version: OpenVPN 2.3.2 (/usr/sbin/openvpn) I 2015.03.09 11:03:57 - SSH - Version: OpenSSH_6.6.1p1 Ubuntu-8, OpenSSL 1.0.1f 6 Jan 2014 (/usr/bin/ssh) I 2015.03.09 11:03:57 - SSL - Version: stunnel 5.02 (/usr/bin/stunnel4) I 2015.03.09 11:03:57 - IPV6: Available ! 2015.03.09 11:03:57 - Ready . 2015.03.09 11:03:57 - Updating systems & servers data ..., 1° try failed (CUrl is not installed on this system, and it's required for SOCKS proxy., with 'socks' proxy and 'none' auth) . 2015.03.09 11:03:57 - Updating systems & servers data ..., 2° try failed (CUrl is not installed on this system, and it's required for SOCKS proxy., with 'socks' proxy and 'none' auth) . 2015.03.09 11:03:57 - Updating systems & servers data ..., 3° try failed (CUrl is not installed on this system, and it's required for SOCKS proxy., with 'socks' proxy and 'none' auth) . 2015.03.09 11:03:57 - Updating systems & servers data ..., 4° try failed (CUrl is not installed on this system, and it's required for SOCKS proxy., with 'socks' proxy and 'none' auth) . 2015.03.09 11:03:57 - Updating systems & servers data ..., 5° try failed (CUrl is not installed on this system, and it's required for SOCKS proxy., with 'socks' proxy and 'none' auth) . 2015.03.09 11:03:58 - Updating systems & servers data ..., 6° try failed (CUrl is not installed on this system, and it's required for SOCKS proxy., with 'socks' proxy and 'none' auth) . 2015.03.09 11:03:58 - Updating systems & servers data ..., 7° try failed (CUrl is not installed on this system, and it's required for SOCKS proxy., with 'socks' proxy and 'none' auth) . 2015.03.09 11:03:58 - Updating systems & servers data ..., 8° try failed (CUrl is not installed on this system, and it's required for SOCKS proxy., with 'socks' proxy and 'none' auth) W 2015.03.09 11:03:58 - Cannot retrieve systems & servers data. Please retry later or contact us for help. (CUrl is not installed on this system, and it's required for SOCKS proxy.) I 2015.03.09 11:04:49 - Session starting. I 2015.03.09 11:04:49 - Installing tunnel driver F 2015.03.09 11:04:50 - Only TCP protocol is allowed with a proxy. . 2015.03.09 11:04:58 - Updating systems & servers data ... . 2015.03.09 11:04:58 - Updating systems & servers data ..., 1° try failed (CUrl is not installed on this system, and it's required for SOCKS proxy., with 'socks' proxy and 'none' auth) . 2015.03.09 11:04:58 - Updating systems & servers data ..., 2° try failed (CUrl is not installed on this system, and it's required for SOCKS proxy., with 'socks' proxy and 'none' auth) . 2015.03.09 11:04:58 - Updating systems & servers data ..., 3° try failed (CUrl is not installed on this system, and it's required for SOCKS proxy., with 'socks' proxy and 'none' auth) . 2015.03.09 11:04:58 - Updating systems & servers data ..., 4° try failed (CUrl is not installed on this system, and it's required for SOCKS proxy., with 'socks' proxy and 'none' auth) . 2015.03.09 11:04:58 - Updating systems & servers data ..., 5° try failed (CUrl is not installed on this system, and it's required for SOCKS proxy., with 'socks' proxy and 'none' auth) . 2015.03.09 11:04:58 - Updating systems & servers data ..., 6° try failed (CUrl is not installed on this system, and it's required for SOCKS proxy., with 'socks' proxy and 'none' auth) . 2015.03.09 11:04:58 - Updating systems & servers data ..., 7° try failed (CUrl is not installed on this system, and it's required for SOCKS proxy., with 'socks' proxy and 'none' auth) . 2015.03.09 11:04:58 - Updating systems & servers data ..., 8° try failed (CUrl is not installed on this system, and it's required for SOCKS proxy., with 'socks' proxy and 'none' auth) W 2015.03.09 11:04:58 - Cannot retrieve systems & servers data. Please retry later or contact us for help. (CUrl is not installed on this system, and it's required for SOCKS proxy.) I 2015.03.09 11:05:12 - Session starting. I 2015.03.09 11:05:12 - Installing tunnel driver I 2015.03.09 11:05:12 - Retrieving manifest W 2015.03.09 11:05:12 - Unable to retrieve systems & servers data. Continue anyway with the old data. . 2015.03.09 11:05:12 - Updating systems & servers data ... I 2015.03.09 11:05:12 - Checking authorization ... . 2015.03.09 11:05:12 - Updating systems & servers data ..., 1° try failed (CUrl is not installed on this system, and it's required for SOCKS proxy., with 'socks' proxy and 'none' auth) . 2015.03.09 11:05:12 - Updating systems & servers data ..., 2° try failed (CUrl is not installed on this system, and it's required for SOCKS proxy., with 'socks' proxy and 'none' auth) . 2015.03.09 11:05:12 - Checking authorization ..., 1° try failed (CUrl is not installed on this system, and it's required for SOCKS proxy., with 'socks' proxy and 'none' auth) . 2015.03.09 11:05:12 - Updating systems & servers data ..., 3° try failed (CUrl is not installed on this system, and it's required for SOCKS proxy., with 'socks' proxy and 'none' auth) . 2015.03.09 11:05:12 - Checking authorization ..., 2° try failed (CUrl is not installed on this system, and it's required for SOCKS proxy., with 'socks' proxy and 'none' auth) . 2015.03.09 11:05:12 - Updating systems & servers data ..., 4° try failed (CUrl is not installed on this system, and it's required for SOCKS proxy., with 'socks' proxy and 'none' auth) . 2015.03.09 11:05:13 - Checking authorization ..., 3° try failed (CUrl is not installed on this system, and it's required for SOCKS proxy., with 'socks' proxy and 'none' auth) . 2015.03.09 11:05:13 - Updating systems & servers data ..., 5° try failed (CUrl is not installed on this system, and it's required for SOCKS proxy., with 'socks' proxy and 'none' auth) . 2015.03.09 11:05:13 - Checking authorization ..., 4° try failed (CUrl is not installed on this system, and it's required for SOCKS proxy., with 'socks' proxy and 'none' auth) . 2015.03.09 11:05:13 - Updating systems & servers data ..., 6° try failed (CUrl is not installed on this system, and it's required for SOCKS proxy., with 'socks' proxy and 'none' auth) . 2015.03.09 11:05:13 - Checking authorization ..., 5° try failed (CUrl is not installed on this system, and it's required for SOCKS proxy., with 'socks' proxy and 'none' auth) . 2015.03.09 11:05:13 - Updating systems & servers data ..., 7° try failed (CUrl is not installed on this system, and it's required for SOCKS proxy., with 'socks' proxy and 'none' auth) . 2015.03.09 11:05:13 - Checking authorization ..., 6° try failed (CUrl is not installed on this system, and it's required for SOCKS proxy., with 'socks' proxy and 'none' auth) . 2015.03.09 11:05:13 - Updating systems & servers data ..., 8° try failed (CUrl is not installed on this system, and it's required for SOCKS proxy., with 'socks' proxy and 'none' auth) W 2015.03.09 11:05:13 - Cannot retrieve systems & servers data. Please retry later or contact us for help. (CUrl is not installed on this system, and it's required for SOCKS proxy.) . 2015.03.09 11:05:13 - Checking authorization ..., 7° try failed (CUrl is not installed on this system, and it's required for SOCKS proxy., with 'socks' proxy and 'none' auth) . 2015.03.09 11:05:13 - Checking authorization ..., 8° try failed (CUrl is not installed on this system, and it's required for SOCKS proxy., with 'socks' proxy and 'none' auth) W 2015.03.09 11:05:13 - Authorization check failed, continue anyway ({1]) ! 2015.03.09 11:05:13 - Connecting to Grafias (Netherlands, Amsterdam) I 2015.03.09 11:05:13 - DNS of the system will be updated to VPN DNS (ResolvConf method) . 2015.03.09 11:05:13 - OpenVPN > OpenVPN 2.3.2 i686-pc-linux-gnu [sSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [iPv6] built on Dec 1 2014 . 2015.03.09 11:05:13 - OpenVPN > MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:3100 . 2015.03.09 11:05:13 - OpenVPN > NOTE: the current --script-security setting may allow this configuration to call user-defined scripts . 2015.03.09 11:05:13 - OpenVPN > Control Channel Authentication: tls-auth using INLINE static key file . 2015.03.09 11:05:13 - OpenVPN > Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication . 2015.03.09 11:05:13 - OpenVPN > Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication . 2015.03.09 11:05:13 - OpenVPN > Socket Buffers: R=[87380->131072] S=[16384->131072] . 2015.03.09 11:05:13 - OpenVPN > Attempting to establish TCP connection with [AF_INET]127.0.0.1:9150 [nonblock] . 2015.03.09 11:05:13 - OpenVPN > TCP connection established with [AF_INET]127.0.0.1:9150 . 2015.03.09 11:05:13 - OpenVPN > socks_handshake: server asked for username/login auth but we were not provided any credentials . 2015.03.09 11:05:13 - OpenVPN > SIGTERM[soft,init_instance] received, process exiting ! 2015.03.09 11:05:13 - Disconnecting . 2015.03.09 11:05:13 - Connection terminated. I 2015.03.09 11:05:16 - Checking authorization ... . 2015.03.09 11:05:16 - Checking authorization ..., 1° try failed (CUrl is not installed on this system, and it's required for SOCKS proxy., with 'socks' proxy and 'none' auth) . 2015.03.09 11:05:16 - Checking authorization ..., 2° try failed (CUrl is not installed on this system, and it's required for SOCKS proxy., with 'socks' proxy and 'none' auth) . 2015.03.09 11:05:16 - Checking authorization ..., 3° try failed (CUrl is not installed on this system, and it's required for SOCKS proxy., with 'socks' proxy and 'none' auth) . 2015.03.09 11:05:16 - Checking authorization ..., 4° try failed (CUrl is not installed on this system, and it's required for SOCKS proxy., with 'socks' proxy and 'none' auth) . 2015.03.09 11:05:16 - Checking authorization ..., 5° try failed (CUrl is not installed on this system, and it's required for SOCKS proxy., with 'socks' proxy and 'none' auth) . 2015.03.09 11:05:16 - Checking authorization ..., 6° try failed (CUrl is not installed on this system, and it's required for SOCKS proxy., with 'socks' proxy and 'none' auth) . 2015.03.09 11:05:16 - Checking authorization ..., 7° try failed (CUrl is not installed on this system, and it's required for SOCKS proxy., with 'socks' proxy and 'none' auth) . 2015.03.09 11:05:16 - Checking authorization ..., 8° try failed (CUrl is not installed on this system, and it's required for SOCKS proxy., with 'socks' proxy and 'none' auth) W 2015.03.09 11:05:16 - Authorization check failed, continue anyway ({1]) I 2015.03.09 11:05:16 - Cancel requested. ! 2015.03.09 11:05:16 - Session terminated. By the way how to access Tor line in Airvpn->Preferences->Protocols? Off problem topic question - would openvpn increase security or solve problem? (Sorry newbie) Have a nice day, amen1337 P.S.: Sorry for poor English
  9. Hey guys, So I spent the last few hours or so trying to figure out this bug I was getting while starting AirVPN, and I wanted to share my results in case some poor soul comes across this seemingly obscure situation in the future. I'll do bullet points as to try not to talk too much: AirVPN was working greatI installed Visual Studio 2013 ProAirVPN then stops working immediately after installI notice there are a few new network adaptersMUCH MUCH later I found that by uninstalling a feature called Hyper-V, which (I'm only guessing) came with Visual Studio, did the "Driver installation failed" error stop and I was able to connectSo yeah... I spent some time digging through the source and then utilizing the newly installed VS to compile and debug the lines surrounding the error. Well, I had never heard of Hyper-V before and so all I wanted was AirVPN to work with my current adapter situation. I thought it was because one C# library function was returning adapter descriptions that AirVPN wasn't expecting. But even when I tried forcing it to one of the 10 available adapters (some of which were labelled TAP) yieled pretty much the same result every time. I now think it was due to the bridging that Hyper-V forced upon me, and since my issue is resolved I don't care to look into this further. Tl;dr: Check if Hyper-V is installed in your Windows features. If so, uninstall it, reboot, and re-run AirVPN. If Hyper-V isn't installed try this: https://airvpn.org/topic/13126-driver-installation-failed/ Here's what my adapters looked like before uninstalling Hyper-V: Here's an image that shows how to uninstall Hyper-V:
  10. I'm trying to connect to AirVPN under Arch Linux via NetworkManager/OpenVPN. It connects successfully (it shows a padlock), but if I go to http://ipleak.net/ I can still see both my ISP public IP and my ISP DNS server. I followed this guide (even if it's for Ubuntu). You can find the relevant logs from the "journalctl" command in the attachment.
  11. Hi All. I am a noob if it goes about VPN. I have installed AirVpn client and I try to connect to a server in Netherland, but just after I'm connected client disconnects and tries to reconnect. Any ideas what cause it? I work on Windows 7 Enterprise 64bit. I'm attaching my log. Thank you for your help. I 2014.10.19 00:52:16 - Session starting.! 2014.10.19 00:52:16 - Checking environment! 2014.10.19 00:52:17 - Checking authorization! 2014.10.19 00:52:17 - Connecting to Grafias (Netherlands, Amsterdam). 2014.10.19 00:52:17 - OpenVPN > OpenVPN 2.3.4 x86_64-w64-mingw32 [sSL (OpenSSL)] [LZO] [iPv6] built on Aug 18 2014. 2014.10.19 00:52:17 - OpenVPN > library versions: OpenSSL 1.0.1i 6 Aug 2014, LZO 2.05. 2014.10.19 00:52:17 - OpenVPN > MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:3100. 2014.10.19 00:52:17 - OpenVPN > Control Channel Authentication: tls-auth using INLINE static key file. 2014.10.19 00:52:17 - OpenVPN > Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication. 2014.10.19 00:52:17 - OpenVPN > Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication. 2014.10.19 00:52:17 - OpenVPN > Socket Buffers: R=[8192->8192] S=[64512->64512]. 2014.10.19 00:52:17 - OpenVPN > UDPv4 link local: [undef]. 2014.10.19 00:52:17 - OpenVPN > UDPv4 link remote: [AF_INET]62.212.72.175:443. 2014.10.19 00:52:17 - OpenVPN > TLS: Initial packet from [AF_INET]62.212.72.175:443, sid=127a7e95 c34d41a3. 2014.10.19 00:52:18 - OpenVPN > VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org. 2014.10.19 00:52:18 - OpenVPN > Validating certificate key usage. 2014.10.19 00:52:18 - OpenVPN > ++ Certificate has key usage 00a0, expects 00a0. 2014.10.19 00:52:18 - OpenVPN > VERIFY KU OK. 2014.10.19 00:52:18 - OpenVPN > Validating certificate extended key usage. 2014.10.19 00:52:18 - OpenVPN > ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication. 2014.10.19 00:52:18 - OpenVPN > VERIFY EKU OK. 2014.10.19 00:52:18 - OpenVPN > VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, emailAddress=info@airvpn.org. 2014.10.19 00:52:21 - OpenVPN > Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key. 2014.10.19 00:52:21 - OpenVPN > Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication. 2014.10.19 00:52:21 - OpenVPN > Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key. 2014.10.19 00:52:21 - OpenVPN > Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication. 2014.10.19 00:52:21 - OpenVPN > Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 4096 bit RSA. 2014.10.19 00:52:21 - OpenVPN > [server] Peer Connection Initiated with [AF_INET]62.212.72.175:443. 2014.10.19 00:52:23 - OpenVPN > SENT CONTROL [server]: 'PUSH_REQUEST' (status=1). 2014.10.19 00:52:24 - OpenVPN > PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.4.0.1,comp-lzo no,route 10.4.0.1,topology net30,ping 10,ping-restart 60,ifconfig 10.4.19.230 10.4.19.229'. 2014.10.19 00:52:24 - OpenVPN > OPTIONS IMPORT: timers and/or timeouts modified. 2014.10.19 00:52:24 - OpenVPN > OPTIONS IMPORT: LZO parms modified. 2014.10.19 00:52:24 - OpenVPN > OPTIONS IMPORT: --ifconfig/up options modified. 2014.10.19 00:52:24 - OpenVPN > OPTIONS IMPORT: route options modified. 2014.10.19 00:52:24 - OpenVPN > OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified. 2014.10.19 00:52:24 - OpenVPN > do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0. 2014.10.19 00:52:24 - OpenVPN > open_tun, tt->ipv6=0. 2014.10.19 00:52:24 - OpenVPN > TAP-WIN32 device [Połączenie lokalne 3] opened: \\.\Global\{BADF76DC-0AFB-4AEC-9AE7-AD0F2616AAE2}.tap. 2014.10.19 00:52:24 - OpenVPN > TAP-Windows Driver Version 9.9. 2014.10.19 00:52:24 - OpenVPN > Notified TAP-Windows driver to set a DHCP IP/netmask of 10.4.19.230/255.255.255.252 on interface {BADF76DC-0AFB-4AEC-9AE7-AD0F2616AAE2} [DHCP-serv: 10.4.19.229, lease-time: 31536000]. 2014.10.19 00:52:24 - OpenVPN > Successful ARP Flush on interface [31] {BADF76DC-0AFB-4AEC-9AE7-AD0F2616AAE2}. 2014.10.19 00:52:29 - OpenVPN > TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up. 2014.10.19 00:52:29 - OpenVPN > C:\Windows\system32\route.exe ADD 62.212.72.175 MASK 255.255.255.255 192.168.1.254. 2014.10.19 00:52:29 - OpenVPN > ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4. 2014.10.19 00:52:29 - OpenVPN > Route addition via IPAPI succeeded [adaptive]. 2014.10.19 00:52:29 - OpenVPN > C:\Windows\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.4.19.229. 2014.10.19 00:52:29 - OpenVPN > ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4. 2014.10.19 00:52:29 - OpenVPN > Route addition via IPAPI succeeded [adaptive]. 2014.10.19 00:52:29 - OpenVPN > C:\Windows\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.4.19.229. 2014.10.19 00:52:29 - OpenVPN > ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4. 2014.10.19 00:52:29 - OpenVPN > Route addition via IPAPI succeeded [adaptive]. 2014.10.19 00:52:29 - OpenVPN > C:\Windows\system32\route.exe ADD 10.4.0.1 MASK 255.255.255.255 10.4.19.229. 2014.10.19 00:52:29 - OpenVPN > ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4. 2014.10.19 00:52:29 - OpenVPN > Route addition via IPAPI succeeded [adaptive]. 2014.10.19 00:52:29 - Starting Management Interface. 2014.10.19 00:52:29 - OpenVPN > Initialization Sequence Completed! 2014.10.19 00:52:29 - Flushing DNSW 2014.10.19 00:52:30 - Tunnel not ready, interface status: Down. 2014.10.19 00:52:30 - OpenVPN > MANAGEMENT: Client connected from [AF_INET]127.0.0.1:3100! 2014.10.19 00:52:30 - Disconnecting. 2014.10.19 00:52:30 - Management - Send 'signal SIGTERM'. 2014.10.19 00:52:30 - OpenVpn Management > >INFO:OpenVPN Management Interface Version 1 -- type 'help' for more info. 2014.10.19 00:52:30 - OpenVPN > MANAGEMENT: CMD 'signal SIGTERM'. 2014.10.19 00:52:30 - OpenVPN > SIGTERM received, sending exit notification to peer. 2014.10.19 00:52:35 - OpenVPN > C:\Windows\system32\route.exe DELETE 10.4.0.1 MASK 255.255.255.255 10.4.19.229. 2014.10.19 00:52:35 - OpenVPN > Route deletion via IPAPI succeeded [adaptive]. 2014.10.19 00:52:35 - OpenVPN > C:\Windows\system32\route.exe DELETE 62.212.72.175 MASK 255.255.255.255 192.168.1.254. 2014.10.19 00:52:35 - OpenVPN > Route deletion via IPAPI succeeded [adaptive]. 2014.10.19 00:52:35 - OpenVPN > C:\Windows\system32\route.exe DELETE 0.0.0.0 MASK 128.0.0.0 10.4.19.229. 2014.10.19 00:52:35 - OpenVPN > Route deletion via IPAPI succeeded [adaptive]. 2014.10.19 00:52:35 - OpenVPN > C:\Windows\system32\route.exe DELETE 128.0.0.0 MASK 128.0.0.0 10.4.19.229. 2014.10.19 00:52:35 - OpenVPN > Route deletion via IPAPI succeeded [adaptive]. 2014.10.19 00:52:35 - OpenVPN > Closing TUN/TAP interface. 2014.10.19 00:52:35 - OpenVPN > SIGTERM[soft,exit-with-notification] received, process exiting. 2014.10.19 00:52:35 - Connection terminated.I 2014.10.19 00:52:37 - Cancel requested.I 2014.10.19 00:52:37 - Session terminated.
  12. Hi everyone, I know there have been speculatory threads on VM in the past, but I wanted to post some findings in case anyone finds them useful. I have a 152Mbps connection from VM in the UK and have noticed the following: Using the Superhub 2 and OpenVPN (443, UDP) gives a hard cap around 3MB/sec over ethernetUsing the Superhub 2 and OpenVPN (443, UDP) gives full speed on 5GHz wifiUsing an old PC running pfSense beta with the Superhub 2 in modem only mode removes the 'cap' and allows full speeds regardless of connection method I had been very frustrated by the 3MB/sec limit, especially when downloading torrents over OpenVPN (port 443, UDP or TCP) using a cat6e desktop PC. The limit applied in Windows and Linux equally and I'd eventually tracked down the issue to the Superhub 2. After switching into modem only mode and connecting through the pfSense box, I was able to get full speed regardless of the OS, and connection method (wireless or ethernet). Having switched back temporarily to the Superhub 2 in router mode (to set up a media streamer on the TV) I once again encountered the cap when downloading a Linux torrent (Elementary OS Freya Beta 1). This time I was running Eddie rather than OpenVPN GUI so I switched the connection to SSL Tunnel 443 and voila - full speeds! So either VM are throttling OpenVPN connections, or there's a bug in the SH2 which interferes with the handling of OpenVPN connections. Given VM's history of throttling and capping I would generally suspect the former to be true. However, I have noticed that even with normal OpenVPN connections (443, UDP) I get full speed over wifi but the cap returns when switching to ethernet. It seems the SH2 has (yet another) bug or issue in routing OpenVPN connections, and changing its firewall settings etc has no effect. Anyone on VM experiencing issues with low speeds would probably see good results from switching to the SSL tunnel. I'd be interested to hear back from anyone else having problems with their SH to see if this helps others. I could always stick to the pfSense box of course, but it's an old desktop which uses a lot of energy compared to a small consumer router box. My network isn't complicated enough to warrant the pfSense box unless it's essential - which now, with the SSL tunnel, it isn't.
  13. Hi, Basically I have trouble connecting to AirVPN. Im using a fairly new build if that does matter (DD-WRT v24-sp2 (10/06/14) kongac - build 25015M-SP1) AirVPN works with viscosity in windows with the same basic settings (some openvpn configuration)The router worked with PrivateInternetAccess VPN service, so it the problem SHOULD not be the client on the dd wrt routerWhat I tryed: Different TLS Cipers (None, TLS-DHE-RSA-WITH-AES-128-CBC-SHA, TLS-DHE-RSA-WITH-AES-256-CBC-SHA256, TLS-RSA-WITH-AES-128-CBC-SHA)Keeping the TSL Auth Key emptyAdding or leaving additional config: resolv-retry infinite persist-key persist-tun remote-cert-tls server explicit-exit-notify 5 VPN Log Client: WAIT Local Address: Remote Address: Clientlog: 20141020 19:04:16 I OpenVPN 2.3.4 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Oct 6 2014 20141020 19:04:16 I library versions: OpenSSL 1.0.1i 6 Aug 2014 LZO 2.08 20141020 19:04:16 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:16 20141020 19:04:16 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 20141020 19:04:16 W WARNING: file '/tmp/openvpncl/client.key' is group or others accessible 20141020 19:04:16 W WARNING: file '/tmp/openvpncl/ta.key' is group or others accessible 20141020 19:04:16 I Control Channel Authentication: using '/tmp/openvpncl/ta.key' as a OpenVPN static key file 20141020 19:04:16 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication 20141020 19:04:16 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication 20141020 19:04:16 Socket Buffers: R=[172032->131072] S=[172032->131072] 20141020 19:04:16 I UDPv4 link local: [undef] 20141020 19:04:16 I UDPv4 link remote: [AF_INET]109.201.154.189:443 20141020 19:04:53 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20141020 19:04:53 D MANAGEMENT: CMD 'state' 20141020 19:04:53 MANAGEMENT: Client disconnected 20141020 19:04:53 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20141020 19:04:53 D MANAGEMENT: CMD 'state' 20141020 19:04:53 MANAGEMENT: Client disconnected 20141020 19:04:53 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20141020 19:04:53 D MANAGEMENT: CMD 'state' 20141020 19:04:53 MANAGEMENT: Client disconnected 20141020 19:04:53 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20141020 19:04:53 D MANAGEMENT: CMD 'status 2' 20141020 19:04:53 MANAGEMENT: Client disconnected 20141020 19:04:53 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20141020 19:04:53 D MANAGEMENT: CMD 'log 500' 20141020 19:04:53 MANAGEMENT: Client disconnected 20141020 19:05:16 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 20141020 19:05:16 N TLS Error: TLS handshake failed 20141020 19:05:16 I SIGUSR1[soft tls-error] received process restarting 20141020 19:05:16 Restart pause 2 second(s) 20141020 19:05:18 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 20141020 19:05:18 Socket Buffers: R=[172032->131072] S=[172032->131072] 20141020 19:05:18 I UDPv4 link local: [undef] 20141020 19:05:18 I UDPv4 link remote: [AF_INET]46.166.186.216:443 20141020 19:06:11 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20141020 19:06:11 D MANAGEMENT: CMD 'state' 20141020 19:06:11 MANAGEMENT: Client disconnected 20141020 19:06:11 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20141020 19:06:11 D MANAGEMENT: CMD 'state' 20141020 19:06:11 MANAGEMENT: Client disconnected 20141020 19:06:11 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20141020 19:06:11 D MANAGEMENT: CMD 'state' 20141020 19:06:11 MANAGEMENT: Client disconnected 20141020 19:06:11 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20141020 19:06:11 D MANAGEMENT: CMD 'status 2' 20141020 19:06:11 MANAGEMENT: Client disconnected 20141020 19:06:11 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20141020 19:06:11 D MANAGEMENT: CMD 'log 500' 20141020 19:06:18 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 20141020 19:06:18 N TLS Error: TLS handshake failed 20141020 19:06:18 I SIGUSR1[soft tls-error] received process restarting 20141020 19:06:18 Restart pause 2 second(s) 20141020 19:06:20 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 20141020 19:06:20 Socket Buffers: R=[172032->131072] S=[172032->131072] 20141020 19:06:20 I UDPv4 link local: [undef] 20141020 19:06:20 I UDPv4 link remote: [AF_INET]109.201.154.189:443 20141020 19:07:20 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 20141020 19:07:20 N TLS Error: TLS handshake failed 20141020 19:07:20 I SIGUSR1[soft tls-error] received process restarting 20141020 19:07:20 Restart pause 2 second(s) 20141020 19:07:22 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 20141020 19:07:22 Socket Buffers: R=[172032->131072] S=[172032->131072] 20141020 19:07:22 I UDPv4 link local: [undef] 20141020 19:07:22 I UDPv4 link remote: [AF_INET]109.201.152.238:443 20141020 19:08:22 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 20141020 19:08:22 N TLS Error: TLS handshake failed 20141020 19:08:22 I SIGUSR1[soft tls-error] received process restarting 20141020 19:08:22 Restart pause 2 second(s) 20141020 19:08:24 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 20141020 19:08:24 Socket Buffers: R=[172032->131072] S=[172032->131072] 20141020 19:08:24 I UDPv4 link local: [undef] 20141020 19:08:24 I UDPv4 link remote: [AF_INET]109.201.154.189:443 20141020 19:09:24 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 20141020 19:09:24 N TLS Error: TLS handshake failed 20141020 19:09:24 I SIGUSR1[soft tls-error] received process restarting 20141020 19:09:24 Restart pause 2 second(s) 20141020 19:09:26 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 20141020 19:09:26 Socket Buffers: R=[172032->131072] S=[172032->131072] 20141020 19:09:26 I UDPv4 link local: [undef] 20141020 19:09:26 I UDPv4 link remote: [AF_INET]46.166.186.216:443 20141020 19:10:27 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 20141020 19:10:27 N TLS Error: TLS handshake failed 20141020 19:10:27 I SIGUSR1[soft tls-error] received process restarting 20141020 19:10:27 Restart pause 2 second(s) 20141020 19:10:29 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 20141020 19:10:29 Socket Buffers: R=[172032->131072] S=[172032->131072] 20141020 19:10:29 I UDPv4 link local: [undef] 20141020 19:10:29 I UDPv4 link remote: [AF_INET]109.201.154.162:443 20141020 19:11:29 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 20141020 19:11:29 N TLS Error: TLS handshake failed 20141020 19:11:29 I SIGUSR1[soft tls-error] received process restarting 20141020 19:11:29 Restart pause 2 second(s) 20141020 19:11:31 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 20141020 19:11:31 Socket Buffers: R=[172032->131072] S=[172032->131072] 20141020 19:11:31 I UDPv4 link local: [undef] 20141020 19:11:31 I UDPv4 link remote: [AF_INET]109.201.135.220:443 20141020 19:12:31 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 20141020 19:12:31 N TLS Error: TLS handshake failed 20141020 19:12:31 I SIGUSR1[soft tls-error] received process restarting 20141020 19:12:31 Restart pause 2 second(s) 20141020 19:12:33 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 20141020 19:12:33 Socket Buffers: R=[172032->131072] S=[172032->131072] 20141020 19:12:33 I UDPv4 link local: [undef] 20141020 19:12:33 I UDPv4 link remote: [AF_INET]46.166.188.198:443 20141020 19:13:33 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 20141020 19:13:33 N TLS Error: TLS handshake failed 20141020 19:13:33 I SIGUSR1[soft tls-error] received process restarting 20141020 19:13:33 Restart pause 2 second(s) 20141020 19:13:35 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 20141020 19:13:35 Socket Buffers: R=[172032->131072] S=[172032->131072] 20141020 19:13:35 I UDPv4 link local: [undef] 20141020 19:13:35 I UDPv4 link remote: [AF_INET]109.201.135.220:443 20141020 19:13:48 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20141020 19:13:48 D MANAGEMENT: CMD 'state' 20141020 19:13:48 MANAGEMENT: Client disconnected 20141020 19:13:48 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20141020 19:13:48 D MANAGEMENT: CMD 'state' 20141020 19:13:48 MANAGEMENT: Client disconnected 20141020 19:13:48 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20141020 19:13:48 D MANAGEMENT: CMD 'state' 20141020 19:13:48 MANAGEMENT: Client disconnected 20141020 19:13:48 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20141020 19:13:48 D MANAGEMENT: CMD 'status 2' 20141020 19:13:48 MANAGEMENT: Client disconnected 20141020 19:13:48 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20141020 19:13:48 D MANAGEMENT: CMD 'log 500' 19700101 01:00:00 ca /tmp/openvpncl/ca.crt cert /tmp/openvpncl/client.crt key /tmp/openvpncl/client.key management 127.0.0.1 16 management-log-cache 100 verb 3 mute 3 syslog writepid /var/run/openvpncl.pid client resolv-retry infinite nobind persist-key persist-tun script-security 2 dev tun1 proto udp cipher aes-256-cbc auth sha1 remote nl.privateinternetaccess.com 443 comp-lzo yes tun-mtu 1500 mtu-disc yes ns-cert-type server fast-io tun-ipv6 tls-auth /tmp/openvpncl/ta.key 1 DD WRT Configurations
  14. Hi, Yesterday i subscribed for a 3 day AIRVPN plan. I installed "openvpn-install-2.3.4-I002-x86_64.exe" and generated config files with USA and UK servers having ports TCP 443 alone. Everytime i try connecting it gives a TLS handshake error. My PC is connected to our organisation's firewall, Fortiguard which filters our Internet connection. It has only port 80(TCP) and 443(TCP) opened [ checked it through Nmap tool ]. All other ports are closed. OS- windows 7 64 bit. Here is my log, Fri Oct 03 13:13:10 2014 Warning: cannot open --log file: C:\Program Files\OpenVPN\log\AirVPN_United-States_TCP-443.log: Access is denied. (errno=5) Fri Oct 03 13:13:10 2014 OpenVPN 2.3.4 x86_64-w64-mingw32 [sSL (OpenSSL)] [LZO] [PKCS11] [iPv6] built on Jun 5 2014 Fri Oct 03 13:13:10 2014 library versions: OpenSSL 1.0.1h 5 Jun 2014, LZO 2.05 Fri Oct 03 13:13:10 2014 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25343 Fri Oct 03 13:13:10 2014 Need hold release from management interface, waiting... Fri Oct 03 13:13:10 2014 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25343 Fri Oct 03 13:13:10 2014 MANAGEMENT: CMD 'state on' Fri Oct 03 13:13:10 2014 MANAGEMENT: CMD 'log all on' Fri Oct 03 13:13:10 2014 MANAGEMENT: CMD 'hold off' Fri Oct 03 13:13:10 2014 MANAGEMENT: CMD 'hold release' Fri Oct 03 13:13:10 2014 Control Channel Authentication: tls-auth using INLINE static key file Fri Oct 03 13:13:10 2014 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Fri Oct 03 13:13:10 2014 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Fri Oct 03 13:13:10 2014 Socket Buffers: R=[8192->8192] S=[8192->8192] Fri Oct 03 13:13:10 2014 MANAGEMENT: >STATE:1412322190,RESOLVE,,, Fri Oct 03 13:13:11 2014 Attempting to establish TCP connection with [AF_INET]149.255.33.154:443 Fri Oct 03 13:13:11 2014 MANAGEMENT: >STATE:1412322191,TCP_CONNECT,,, Fri Oct 03 13:13:11 2014 TCP connection established with [AF_INET]149.255.33.154:443 Fri Oct 03 13:13:11 2014 TCPv4_CLIENT link local: [undef] Fri Oct 03 13:13:11 2014 TCPv4_CLIENT link remote: [AF_INET]149.255.33.154:443 Fri Oct 03 13:13:11 2014 MANAGEMENT: >STATE:1412322191,WAIT,,, Fri Oct 03 13:14:11 2014 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Fri Oct 03 13:14:11 2014 TLS Error: TLS handshake failed Fri Oct 03 13:14:11 2014 Fatal TLS error (check_tls_errors_co), restarting Fri Oct 03 13:14:11 2014 SIGUSR1[soft,tls-error] received, process restarting Fri Oct 03 13:14:11 2014 MANAGEMENT: >STATE:1412322251,RECONNECTING,tls-error,, Fri Oct 03 13:14:11 2014 Restart pause, 5 second(s) Fri Oct 03 13:14:16 2014 Socket Buffers: R=[8192->8192] S=[8192->8192] Fri Oct 03 13:14:16 2014 MANAGEMENT: >STATE:1412322256,RESOLVE,,, Fri Oct 03 13:14:16 2014 Attempting to establish TCP connection with [AF_INET]149.255.33.154:443 Fri Oct 03 13:14:16 2014 MANAGEMENT: >STATE:1412322256,TCP_CONNECT,,, Fri Oct 03 13:14:16 2014 TCP connection established with [AF_INET]149.255.33.154:443 Fri Oct 03 13:14:16 2014 TCPv4_CLIENT link local: [undef] Fri Oct 03 13:14:16 2014 TCPv4_CLIENT link remote: [AF_INET]149.255.33.154:443 Fri Oct 03 13:14:16 2014 MANAGEMENT: >STATE:1412322256,WAIT,,, and this repeats.. What i found out is, i opened Ultrasurf Proxy [which is the only proxy software that works bypassing Fortiguard in my organisation] and connected to its proxy and then tried connecting AirVPN and voila, it got connected without an problem to an USA server. After i disconnected Ultrasurf, AirVPN couldn't connect back. !!! I also installed Eddie 2.6 and tried connecting with "protocol TCP 443" selected from preferences, but couldn't connect. I even tried SSL 443 but couldn't connect here is my log, Sat Oct 04 13:04:27 2014 OpenVPN 2.3.4 x86_64-w64-mingw32 [sSL (OpenSSL)] [LZO] [PKCS11] [iPv6] built on Jun 5 2014 Sat Oct 04 13:04:27 2014 library versions: OpenSSL 1.0.1h 5 Jun 2014, LZO 2.05 Enter Management Password: Sat Oct 04 13:04:27 2014 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340 Sat Oct 04 13:04:27 2014 Need hold release from management interface, waiting... Sat Oct 04 13:04:28 2014 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340 Sat Oct 04 13:04:28 2014 MANAGEMENT: CMD 'state on' Sat Oct 04 13:04:28 2014 MANAGEMENT: CMD 'log all on' Sat Oct 04 13:04:28 2014 MANAGEMENT: CMD 'hold off' Sat Oct 04 13:04:28 2014 MANAGEMENT: CMD 'hold release' Sat Oct 04 13:04:28 2014 MANAGEMENT: CMD 'proxy NONE ' Sat Oct 04 13:04:29 2014 Control Channel Authentication: tls-auth using INLINE static key file Sat Oct 04 13:04:29 2014 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Sat Oct 04 13:04:29 2014 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Sat Oct 04 13:04:29 2014 Socket Buffers: R=[8192->8192] S=[8192->8192] Sat Oct 04 13:04:29 2014 Attempting to establish TCP connection with [AF_INET]127.0.0.1:1413 Sat Oct 04 13:04:29 2014 MANAGEMENT: >STATE:1412408069,TCP_CONNECT,,, Sat Oct 04 13:04:30 2014 TCP: connect to [AF_INET]127.0.0.1:1413 failed, will try again in 5 seconds: Connection refused (WSAECONNREFUSED) Sat Oct 04 13:04:30 2014 SIGUSR1[soft,init_instance] received, process restarting Sat Oct 04 13:04:30 2014 MANAGEMENT: >STATE:1412408070,RECONNECTING,init_instance,, Sat Oct 04 13:04:30 2014 Restart pause, 5 second(s) Sat Oct 04 13:04:35 2014 MANAGEMENT: CMD 'proxy NONE ' Sat Oct 04 13:04:36 2014 Socket Buffers: R=[8192->8192] S=[8192->8192] Sat Oct 04 13:04:36 2014 Attempting to establish TCP connection with [AF_INET]127.0.0.1:1413 Sat Oct 04 13:04:36 2014 MANAGEMENT: >STATE:1412408076,TCP_CONNECT,,, Sat Oct 04 13:04:37 2014 TCP: connect to [AF_INET]127.0.0.1:1413 failed, will try again in 5 seconds: Connection refused (WSAECONNREFUSED) Sat Oct 04 13:04:37 2014 SIGUSR1[soft,init_instance] received, process restarting Sat Oct 04 13:04:37 2014 MANAGEMENT: >STATE:1412408077,RECONNECTING,init_instance,, Sat Oct 04 13:04:37 2014 Restart pause, 5 second(s) I did raise a support ticket and their reply was, There is no communication between your node and the VPN servers. You are maybe behind a proxy. If so, OpenVPN can connect over a proxy. You need to know proxy type, proxy listening port and IP address (or reachable host name), authentication type (if any), authentication credentials (if any). Then you can generate a configuration file with such parameters (tick "Advanced Mode" in the Configuration Generator and fill in the proxy parameters). If you think you are not behind a proxy, try a connection of OpenVPN over SSL. In our client Eddie you can quickly test OpenVPN over SSL by clicking "AirVPN" button, selecting "Preferences", clicking "Protocols" tab, selecting "SSL Tunnel - Port 443" and clicking "Save". Eddie supports OpenVPN connections over a proxy as well (they can be configured in the "Proxy" tab). Kind regards AirVPN Support Team But i would like to point out that, i could communicate with AirVPN servers when using Ultrasurf and my internet connection dowsn't go through a proxy. Kindly can anyone help me out.
  15. I've been using this service for some time, here I have a few questions to the admins 1. Do you plan to enable DNSSEC on your DNS service (10.4.0.1)? 2. Do you plan to enable IPv6 at exits and inside the tunnel? And as transport protocol? I think recent versions of OpenVPN can do that easier than before (but I haven't tested myself). 3. Can you make it possible to disable/renew user keys and certificates and have 3 of them at a time, one for every allowed device? Now I don't know how to act if I leak my key.
  16. "Some events happen whether we want them to or not." This is a quote taken from a sign in the game Antichamber. It will appear on the wall of signs in the starting room after visiting 20 rooms in total. And if you think of it, it's an event you cannot circumvent, you cannot visit the 19th room and then suddenly proceed to the 21st. This principle is valid for a variety of things, birthdays for example. One of those events that happen whether we want them to or not is an annual subscription coming to an end. Because of that I would like to publish my own opinion on AirVPN, my story, my thoughts, my experiences. -- The beginnings -- It all began in 2012. The whole year I was downloading and seeding things using BitTorrent. I used a private russian tracker which wasn't as known to german companies as Rutor, a public russian tracker. Because of the fact that my tracker is private I believed I wouldn't get caught using BitTorrent as fast as other people get caught for using public trackers. And in fact, since my registration in 2008 I never got any letters. A few days before New Year's Eve I finally got caught seeding a movie. In February 2013 we got a letter from a law office with information about torrent name and hash, date and time, client, IP. The consequences: No more torrents for now. And I made my first research on how to continue torrenting without a fuss. I heard about VPNs, read about how they work and which companies usually stand behind them. Didn't do anything else but making plans for the future. -- Snowden! -- The second stage began shortly after Snowden's leaks. I was concerned about what the NSA knew about me and my surroundings and I think I wasn't all alone with that. I even forgot my torrents for a moment because of this. The idea of subscribing to a VPN provider suddenly was of importance. At the same time I was still struggling with replacing movie torrents by searching for a good movie streaming service in Germany but no one was able to match my needs. I tried Watchever as the most interesting provider (cheap, easy to use, good streaming quality) but many movies just weren't there. Lovefilm (now Amazon Prime Instant Video) was even worse, and Maxdome's pricing was a catastrophe. -- The final decision -- It was August 2013 by now. I started gathering information about VPN providers and access software and tried out a few of them, including faceless.me and ipredator. That's when I discovered TorrentFreak and their article "Which are the best anonymous VPN providers?" - first contact with AirVPN though it didn't receive much attention for now. It was after I read the updated "Review: Is your VPN service really anonymous?" I noticed AirVPN. I did some research on their reputation on the internet and finally registered. A few days later (I still didn't have a client so I spent those days with gathering information on that) I asked for a trial period to see if things would work for me and received a reply two days later.. ... I was concerned about whether my client really worked because I didn't notice any change in speed after connecting. There is no better first impression, really. I subscribed to AirVPN on September 5, 2013. -- First impressions and the forums -- Many things surprised me a lot, especially the status page with status information on bandwidth usage and connected clients, and the forums. I figured: If there's a forum, then you're not just a client, you're getting invited to be part of a community. So I wanted to integrate myself into that community, too, and started writing regularly, trying to help people with their connection problems. I also published some guides about how I use AirVPN. Most of the community is still anonymous and that's okay. I personally didn't like being anonymous all the time, so I opened myself a bit. That way people don't get a feeling as if they would talk to someone with a question mark head (reference to Anonymous hacker's sign ). I made my profile publicly aviable and published my birthday, my location and some of my interests there. Staff is reading the forums, too. They help where they can, though it sometimes can take some time to get a reply from them. This too applies to the Support Desk. But I always keep in mind that day by day more and more people register and become a customer. The more customers, the more time you'd need to reply to all of them. Antichamer sign quote: "Patience has it's own rewards." -- The servers-- Server's aviability and stability depends on the data center. Some servers are really good, able to be called 100% aviable such as the german servers I was using, in 2013 it mainly was Tauri, others sometimes had high packet loss issues and line problems. I occasionally used servers in America and the Netherlands for a few hours and didn't have problems, either. I find it nice to have many connection modes aviable though I never used any other than UDP port 443. But there were users who reported poor performance with it. Switching to another port solved the problem for most of them - an excellent example why this is a nice feature. Additionally, every server accepts specially secured connections - OpenVPN over SSL and SSH. The goal is an encrypted OpenVPN tunnel inside the encrypted SSH/SSL tunnel in order to prevent Deep Packet Inspection currently used by China for example. This way it's easier to connect from inside China and circumvent their Great Firewall. I never needed that feature, that's why I cannot write anything but descriptive terms about it. -- The client -- AirVPN has an own open source client which I never used. I'm using another open source client, Securepoint OpenVPN, and posted an introduction to it. As far as I remember, when I registered AirVPN's client was in a very bad condition. Earlier this year it has been changed, now people are getting more and more satisfied with it. -- Additional features -- Initially I wrote about the status page and the forums being two extremely useful additional features. Also notable is the remote port forwarding feature similar to the port forwarding feature on a router. Working good despite some seldomly occuring flaws.the speed test feature able to calculate how fast your AirVPN connection ("In-Tunnel speed") is in comparison to your real internet connection ("Out-Tunnel speed"). Works as good as the port forwarding feature.-- So, is AirVPN really the "air to breathe the real internet"? -- Yes, it is. And no, it isn't. Really nice slogan, by the way. Yes, because you really circumvent geolocation blocks (Netflix, YouTube) and censorship (China's Great Firewall) using AirVPN. Yes, because you prevent eavesdroppers from seeing what you do (encryption feature). And from manipulating your traffic (integrity feature). No, because your real internet connection wouldn't face extra blocking that apply to VPN providers. Just look into the Blocked websites forum. No, because using a VPN provider is based on trust. You trust the provider not to track your usage and not to betray you. -- So, what now? -- Most of the Netflix users might have heard that Netflix will start it's services in Germany next month. After all, I heard so much good things about Netflix that I really want to give it a try. I'm looking forward to subscribe to Netflix like I did with Spotify years ago. Since then I never downloaded a single music torrent again. I'm planning to stop downloading movie torrents, too, but only if Netflix really has everything, in a quality that matches my current internet speed. It that's the case, OpenVPN will be superfluous. But I won't just leave. I'll stay here and try helping people out. After all, I might need AirVPN again if I ever happen to be on vacation. I wouldn't expose my data to a public WiFi hotspot where a nerdy-looking guy with a self-made super laptop is sitting in some dark corner, attempting to grab emails and credentials from the hotel guests' devices.. or if I just want to use Netflix if it's not aviable in the country. "But didn't you write that Snowden was the guy who inspired you to subscribe to AirVPN?" - He was part of the inspiration. But to be honest, it never was my complete intention to hide myself from the NSA or other entities. I subscribed because I nearly was sued for doing what I love and I needed someone to stand in front of me, effectively protecting me from being nearly sued again for doing what I love. Anyway, one month of my subscription is left. And even if it's not the end, I'd like to thank AirVPN for a great service so far and the community for being a great one. 8)
  17. Security researchers have developed an application called pacumen to analyze encrypted traffic. With the information provided by it an attacker can find out if a certain (specified) application is communicating behind an encrypted connection. This analysis technique is called a side channel attack. In pacumen, you create a classifier (detection rules for the application you'd like to uncover in the traffic) and a pcap file with sniffed traffic (preferably covering hours of length). It then starts analyzing it and calculates a value, representing the similarity of the analyzed traffic with the specified rules. For example: The researchers tried to uncover usage of Skype inside an SSH tunnel and were quite successful. The same thing can be done with any other protocol, let's say, to see if some user is using Facebook over HTTPS. Or identifying BitTorrent inside OpenVPN. China and Iran could theoretically use it to uncover OpenVPN over SSH/SSL. Countermeasures are padding of all packets and/or sending contant dummy packets. Note that both of them would lower performance of tunnels drastically.
  18. Hey @all, I'm running AirVPN on my dd-wrt router through server x in location y, and want to change locations/servers for certain websites by running openvpn on windows with a different server/location. I can establish a connection, but the final server/connection remains the one I set on dd-wrt. Any suggestions? Thanks in advance Kind regards
  19. My AirVPN was working for a while then all of a sudden out of nowhere this issue comes along. 1) I open AirVPN 2) I login 3) I select a network 4) Connecting... for a while 5) I'm now logged out back at Step 2 I tried 1) re-installing .net 4.0 2) re-installing openVPN (from both the latest airvpn zip but also the latest from the openvpn website directly) 3) re-installed TAP and re-setup TAP from Windows > "Add a new TAP virtual ethernet adapter" which completes succesfully I'm out of ideas, why is this not working!
  20. I've been using the Eddie client for a while now but I can not get it to work over ssh or ssl. I keeps disconnecting and reconnect repeating a cycle that creates a bunch of processes. 6/11/2014 - 9:55 PM AirVPN client version: 2.1, System: Linux, Architecture: x64 6/11/2014 - 9:55 PM Reading options from /home/klepto/AIR/AirVPN.xml 6/11/2014 - 9:55 PM Data Path: /home/klepto/AIR 6/11/2014 - 9:55 PM App Path: /home/klepto/AIR 6/11/2014 - 9:55 PM Executable Path: /home/klepto/AIR/airvpn 6/11/2014 - 9:55 PM Command line arguments: 6/11/2014 - 9:55 PM Operating System: Unix 3.14.6.1 - Linux LUNASYLUM 3.14.6-1-ARCH #1 SMP PREEMPT Sun Jun 8 10:08:38 CEST 2014 x86_64 GNU/Linux 6/11/2014 - 9:55 PM OpenVPN Driver - Found 6/11/2014 - 9:55 PM OpenVPN - Version: OpenVPN 2.3.3 (/home/klepto/AIR/openvpn) 6/11/2014 - 9:55 PM SSH - Version: OpenSSH_6.6.1p1, OpenSSL 1.0.1h 5 Jun 2014 (/usr/bin/ssh) 6/11/2014 - 9:55 PM SSL - Version: stunnel 5.01 (/home/klepto/AIR/stunnel) 6/11/2014 - 9:55 PM IPV6: Available 6/11/2014 - 9:55 PM Session starting. 6/11/2014 - 9:55 PM Checking environment 6/11/2014 - 9:55 PM Waiting for latency tests 6/11/2014 - 9:55 PM Checking authorization 6/11/2014 - 9:55 PM Connecting to Pavonis (us) 6/11/2014 - 9:55 PM SSL > 2014.06.11 21:55:35 LOG5[26060]: stunnel 5.01 on x86_64-unknown-linux-gnu platform 6/11/2014 - 9:55 PM SSL > 2014.06.11 21:55:35 LOG5[26060]: Compiled/running with OpenSSL 1.0.1g 7 Apr 2014 6/11/2014 - 9:55 PM SSL > 2014.06.11 21:55:35 LOG5[26060]: Threading:PTHREAD Sockets:POLL,IPv6 SSL:ENGINE,OCSP 6/11/2014 - 9:55 PM SSL > 2014.06.11 21:55:35 LOG5[26060]: Reading configuration from file /home/klepto/AIR/a6a54b9427fd348ef37fea2ec7f05b91b6ba82fec6e24e851b036484588e613f.tmp.ssl 6/11/2014 - 9:55 PM SSL > 2014.06.11 21:55:35 LOG6[26060]: Initializing service [openvpn] 6/11/2014 - 9:55 PM SSL > 2014.06.11 21:55:35 LOG5[26060]: Configuration successful 6/11/2014 - 9:55 PM OpenVPN > OpenVPN 2.3.3 x86_64-unknown-linux-gnu [sSL (OpenSSL)] [LZO] [EPOLL] [MH] [iPv6] built on Apr 14 2014 6/11/2014 - 9:55 PM OpenVPN > MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:3100 6/11/2014 - 9:55 PM OpenVPN > Control Channel Authentication: tls-auth using INLINE static key file 6/11/2014 - 9:55 PM OpenVPN > Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication 6/11/2014 - 9:55 PM OpenVPN > Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication /* Removed IP info */ 6/11/2014 - 9:55 PM OpenVPN > Validating certificate key usage 6/11/2014 - 9:55 PM OpenVPN > ++ Certificate has key usage 00a0, expects 00a0 6/11/2014 - 9:55 PM OpenVPN > VERIFY KU OK 6/11/2014 - 9:55 PM OpenVPN > Validating certificate extended key usage 6/11/2014 - 9:55 PM OpenVPN > ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication 6/11/2014 - 9:55 PM OpenVPN > VERIFY EKU OK 6/11/2014 - 9:55 PM OpenVPN > VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, emailAddress=info@airvpn.org 6/11/2014 - 9:55 PM OpenVPN > Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key 6/11/2014 - 9:55 PM OpenVPN > Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication 6/11/2014 - 9:55 PM OpenVPN > Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key 6/11/2014 - 9:55 PM OpenVPN > Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication 6/11/2014 - 9:55 PM OpenVPN > Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 4096 bit RSA 6/11/2014 - 9:55 PM OpenVPN > [server] Peer Connection Initiated with [AF_INET]127.0.0.1:53314 6/11/2014 - 9:55 PM OpenVPN > SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) 6/11/2014 - 9:55 PM OpenVPN > OPTIONS IMPORT: timers and/or timeouts modified 6/11/2014 - 9:55 PM OpenVPN > OPTIONS IMPORT: LZO parms modified 6/11/2014 - 9:55 PM OpenVPN > OPTIONS IMPORT: --ifconfig/up options modified 6/11/2014 - 9:55 PM OpenVPN > OPTIONS IMPORT: route options modified 6/11/2014 - 9:55 PM OpenVPN > OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified 6/11/2014 - 9:55 PM Flushing DNS 6/11/2014 - 9:55 PM Checking route 6/11/2014 - 9:55 PM Connected. 6/11/2014 - 9:55 PM OpenVPN > MANAGEMENT: Client connected from [AF_INET]127.0.0.1:3100 6/11/2014 - 9:55 PM OpenVpn Management > >INFO:OpenVPN Management Interface Version 1 -- type 'help' for more info 6/11/2014 - 9:55 PM Disconnecting 6/11/2014 - 9:55 PM Management - Send 'signal SIGTERM' 6/11/2014 - 9:55 PM OpenVPN > MANAGEMENT: CMD 'signal SIGTERM' 6/11/2014 - 9:55 PM SSL > 2014.06.11 21:55:42 LOG6[26063]: Read socket closed (readsocket) 6/11/2014 - 9:55 PM SSL > 2014.06.11 21:55:42 LOG6[26063]: SSL_shutdown successfully sent close_notify alert 6/11/2014 - 9:55 PM SSL > 2014.06.11 21:55:42 LOG3[26063]: transfer: s_poll_wait: TIMEOUTclose exceeded: closing 6/11/2014 - 9:55 PM SSL > 2014.06.11 21:55:42 LOG5[26063]: Connection closed: 12137 byte(s) sent to SSL, 15169 byte(s) sent to socket 6/11/2014 - 9:55 PM Connecting to Pavonis (us) 6/11/2014 - 9:55 PM SSL > 2014.06.11 21:55:46 LOG5[26081]: stunnel 5.01 on x86_64-unknown-linux-gnu platform 6/11/2014 - 9:55 PM SSL > 2014.06.11 21:55:46 LOG5[26081]: Compiled/running with OpenSSL 1.0.1g 7 Apr 2014 6/11/2014 - 9:55 PM SSL > 2014.06.11 21:55:46 LOG5[26081]: Threading:PTHREAD Sockets:POLL,IPv6 SSL:ENGINE,OCSP 6/11/2014 - 9:55 PM SSL > 2014.06.11 21:55:46 LOG5[26081]: Reading configuration from file /home/klepto/AIR/232ecf01d2847609b6f741c518067d5a8012298972f180adcaed1ec52264c4dc.tmp.ssl 6/11/2014 - 9:55 PM SSL > 2014.06.11 21:55:46 LOG6[26081]: Initializing service [openvpn] 6/11/2014 - 9:55 PM SSL > 2014.06.11 21:55:46 LOG5[26081]: Configuration successful 6/11/2014 - 9:55 PM OpenVPN > OpenVPN 2.3.3 x86_64-unknown-linux-gnu [sSL (OpenSSL)] [LZO] [EPOLL] [MH] [iPv6] built on Apr 14 2014 6/11/2014 - 9:55 PM SSL > 2014.06.11 21:55:46 LOG6[26084]: Negotiated TLSv1/SSLv3 ciphersuite: ECDHE-RSA-AES256-SHA (256-bit encryption) 6/11/2014 - 9:55 PM OpenVPN > Socket Buffers: R=[87380->131072] S=[16384->131072] 6/11/2014 - 9:55 PM SSL > 2014.06.11 21:55:46 LOG6[26084]: Compression: null, expansion: null 6/11/2014 - 9:55 PM OpenVPN > Attempting to establish TCP connection with [AF_INET]127.0.0.1:34604 [nonblock] 6/11/2014 - 9:55 PM OpenVPN > TCP connection established with [AF_INET]127.0.0.1:34604 6/11/2014 - 9:55 PM OpenVPN > TCPv4_CLIENT link local: [undef] 6/11/2014 - 9:55 PM OpenVPN > TCPv4_CLIENT link remote: [AF_INET]127.0.0.1:34604 6/11/2014 - 9:55 PM OpenVPN > TLS: Initial packet from [AF_INET]127.0.0.1:34604, sid=0eb09504 ef87f7e3 6/11/2014 - 9:55 PM OpenVPN > VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org 6/11/2014 - 9:55 PM OpenVPN > Validating certificate key usage 6/11/2014 - 9:55 PM OpenVPN > ++ Certificate has key usage 00a0, expects 00a0 6/11/2014 - 9:55 PM OpenVPN > VERIFY KU OK 6/11/2014 - 9:55 PM OpenVPN > Validating certificate extended key usage 6/11/2014 - 9:55 PM OpenVPN > ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication 6/11/2014 - 9:55 PM OpenVPN > VERIFY EKU OK 6/11/2014 - 9:55 PM OpenVPN > VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, emailAddress=info@airvpn.org
  21. Hi- this isn't so much a problem as a change I've noticed since upgrading my OS to run OpenVPN Last year was running 2 main devices. Laptop on Ubuntu 9.04 and a tablet on Ice Cream Sandwich. OpenVPN wouldn't run on Ubuntu 9.04 on laptop, had to configure seperately via Network Manager. Worked a treat on laptop, except whenever my connection was disrupted and AirVPN automatically reconnected but to a different server, Facebook and Gmail would go into spasms, lock me out and I'd need to reanswer security questions. It was painful, but I felt safe I could run OpenVPN on my Android tablet, and I don't recall having this reconnection security issue at either site ( but didn't use the tablet much ) I upgraded to Mint last year, was able to install OpenVPN and run my AirVPN acct through it. But I did notice that since then, neither FB or Gmail has had security issues with this when connection drops and is re-established via a different server A colleague suggested that perhaps in the interim AirVPN may have updated it's routing so that reconnects don't cause Facebook/ Gmail to warn about session hijacks, and I should check that first Is this the case? Or is OpenVPN somehow signalling that a VPN is being used with some sites such as Facebook? TIA
  22. Hello. I give up trying to setup a router with DD-WRT. Each time I turn it on I have to configure a new server because it can't connect to the one already set (TLS handshake failed, Certificate is not valid, unreachable address, I get something different each time). I followed the instructions in the site (https://airvpn.org/ddwrt/), downloaded configuration for various servers, but either it takes a long to get one that connects, or can't connect to any US server at all. I'm not blaming anyone here, it's just that it's frustrating. This is the error I'm getting this time> I've connected to this server successfully before. Is there something I'm forgetting to setup on the router so once I can connect to a server and I turn the router off, the settings stay in it and next time it reconnects automatically? Any help or guidance is very much appreciated. Thank you very much in advance.
  23. Hi all, I've build a pfsense router myself because I found that speeds were dramatically dropping through my Linksys router (EA6500) or through my client. By building my own router I had more control over the hardware and firmware. I have a 200 Mb/s - 10 Mb/s ISP connection. My router build as follows: Shutlle DS61 V1.1 mini ITX barebone / socket 1155 / 2 x Gbit LAN2 x 4 GB SO DDR3 Kingston HyperXIntel XEON E3-1230 V2 3.10 GHz (has no graphic chip)Kingston 60 GB SSDIn order to get graphics (which I'll need for installation, since the mini ITX motherboard doesn't support an extra graphics card) I bought an old Celeron 2.70 GHz with graphic chip. Now pfsense is installed, I will be using the Celeron for a while in case something goes wrong in pfsense settings and I'll be needing graphics again. So after I'm done with installing packages, setting up everything, I will replace it with the XEON. Speedtest with the Celeron while connected to VPN I think that is pretty impressive since I had around 60 Mb/s - 9.5 Mb/s before I had this router. If you forget about the XEON and keep the Celeron (for 24/7 use, I'll take the XEON also because of it's 'AES NI' instruction within the chipset) it will cost you about 500 dollars or about 370 euro's. The XEON included adds an extra 250 dollars or 195 euro's. This is a better investment than buying any other consumer router with a 600 MHz Broadcom processor. This is a kick ass router! For a proper installation of pfsense I can recommend this video: (good packages: squid, havp, snort (get a paid oinkcode for 27 dollars/year, otherwise you'll have a 10 days delay in updates)) SET UP AIRVPN IN PFSENSE Configure an airvpn *.ovpn file (use a region, airvpn will connect to the best server automatically)From the pfSense interface, navigate to the dropdown menus: System ---> Cert Manager and stay in the first tab.Click the button as seen here to create a new certificate. Give it a description like: cert airvpn. Ensure that "Import an existing certificate authority" is selected. Open the *.ovpn file and copy/paste the first certificate (starting with: -----BEGIN CERTIFICATE----- and ending with: -----END CERTIFICATE-----) into the 1st fieldClick save (leave the orher field empty)Click on the tab Certificates and click on the plus button as seen here Give it a description like: certificate airvpn. Ensure that "Import an existing certificate authority" is selected.Open the *.ovpn file and copy/paste the second certificate (starting with: ---- CERTIFICATE:----- and ending with: -----END CERTIFICATE-----) into the 1st fieldSo in the file it looks like this: -----END CERTIFICATE----- (end of the first certificate we've just imported) </ca> <cert> Certificate: The second copy/paste should start at: Certificate: copy/paste the third certificate (starting with: -----BEGIN CERTIFICATE----- and ending with: -----END CERTIFICATE-----) into the 3d fieldClick saveNavigate to the system dropdown menus: VPN ---> OpenVPNClick the Client tab and click on the Plus buttonFollow below settings in the pictures where: 1. serverhost or host adres can be found in the *.ovpn file ending with probably airvpn.org, 2.The serverport can be found in the top of the *ovpn file as well. Navigate to the system dropdown menus Interfaces ----> (assign) and click on the Plus button -Note in the previous screenshot you will notice a StrongVPN interface. you will NOT have that on your box yet, so dont worry. After clicking on the plus button pfSense will tell you it has successfully added a new interface. the network port name will most likley be named "ovpnc1". Ensure that the new interface is selected as "ovpnc1" (it could be ovpnc2, ovpnc3, etc... depends if you have other ovpn interfaces or not)navigate to the system dropdown menus Interfaces ---> OPT1 (or whatever your new interface from the previous step is) and follow steps in below picture Click saveNavigate to the system dropdown menus System ---> Routing and click on the Plus button Follow the settings in the picture below -Note 1: The ip seen in the picture 208.67.222.222 is the ip of OpenDNS -Note 2: By selecting "Default Gateway", the connection to the internet drops if the VPN connection drops. You'll have to set the WAN as default manually in the case if you need an internet connection. navigate to the system dropdown menus Firewall ---> Rules and click on the LAN tabClick on the Plus button to create a new ruleFollow instructions in the picture below Action: PASS -- Interface: LAN Protocol: ANY Source: LAN Subnet Destination: ANY -- Description: LAN to Internet force through VPN **IMPORTANT**: scroll down to "Gateway" under the "Advanced features" of the rule. Set gateway to your VPN interface (see above picture). After Clicking save, you should see something like this navigate to the system dropdown menus Firewall ---> NAT and click on the Outbound tabenable "Manual Outbound NAT rule generation" and select save. Reboot the router and you're done... If you want to/need to start manually, go to Status -----> Services and click on the Play button next to the VPN interface status. Check Status ------> Dashboard for connections as seen in the picture below (in the WAN section you'll see your ISP's IP, which is connection you're coming from to Airvpn (Note from AirVPN: We inevitably know it. Any reference will be deleted when the connection is closed). Don't worry, you're visible with a different IP on the internet. The reason I choose a XEON is the 10% watt reduction and the AES NI instructions in the chip (AirVPN is 256 bit AES encrypted). This will lower my CPU usage and speed up the process. Below you find a picture with system loads while having 10 torrents running and downloading a large file at full speed from usenet (ssl encrypted)... See the CPU usage on the Celeron. That will change I think with a XEON. Good luck and don't forget to install Snort, HAVP and Squit on your pfsense. Good guides out there on Google... knicker
  24. I just downloaded a new configuration from the config generator. I created one for Asia and one of USA. I used the generator to make the generator create separate files for the keys, certs. The ovpn is set to use port 443. This has worked before. Now it seems to time out. Tue Apr 15 18:23:52 2014 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Tue Apr 15 18:23:52 2014 TLS Error: TLS handshake failed Tue Apr 15 18:23:52 2014 SIGUSR1[soft,tls-error] received, process restarting Here is everything: openvpn Asia443.ovpn Tue Apr 15 18:20:48 2014 OpenVPN 2.3.2 x86_64-redhat-linux-gnu [sSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [iPv6] built on Sep 12 2013 Tue Apr 15 18:20:48 2014 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file Tue Apr 15 18:20:48 2014 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Tue Apr 15 18:20:48 2014 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Tue Apr 15 18:20:48 2014 Socket Buffers: R=[212992->131072] S=[212992->131072] Tue Apr 15 18:20:48 2014 UDPv4 link local: [undef] Tue Apr 15 18:20:48 2014 UDPv4 link remote: [AF_INET]119.81.1.123:443 Tue Apr 15 18:21:48 2014 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Tue Apr 15 18:21:48 2014 TLS Error: TLS handshake failed Tue Apr 15 18:21:48 2014 SIGUSR1[soft,tls-error] received, process restarting Tue Apr 15 18:21:48 2014 Restart pause, 2 second(s) Tue Apr 15 18:21:50 2014 Socket Buffers: R=[212992->131072] S=[212992->131072] Tue Apr 15 18:21:50 2014 UDPv4 link local: [undef] Tue Apr 15 18:21:50 2014 UDPv4 link remote: [AF_INET]119.81.1.123:443
  25. Hello!, When connecting on linux via the command 'sudo openvpn AirVPN_America_UDP-443.ovpn' I get the error in the subject line. It appears that I'm connected without problems but just wanted to check. I'm running the latest versions of Arch linux, openvpn, openssl, and have seperated keys/certs from ovpn files. The files are all in my home directory with permissions -rw-r--r-- Thank you for your help
×
×
  • Create New...