Search the Community

Hello, In the "Guide to Getting Started + Links for Advanced Users" under "Which other steps can I take to increase my privacy and security" it states: If you're looking for a technical challenge, you can install pfSense on a very powerful computer, to make it act like a router, so that all devices connected to your Wi-Fi will be covered by the VPN.If you're a geek or networking enthusiast, you can also check out things such as the Turris Omnia router, which offers very powerful hardware & software. So my question is: What is the functional difference between the two? One's a small computer you recommend turning into a router. The other is basically a supped up open source router running openWRT. Upon inspection, I'm not quite sure why this router (Turris Omnia) was recommended over something like the Asus RT-AC5300. I'm essentially looking for the most secure router possible.

Hey everybody, I am using ubuntu 16.04 and used to connect to airvpn via openvpn and everything always worked quiet well. But now I had to buy a new router, which is a EuroDocsiss router, and it seems that vpn does not work behind this thing. When I connect in the terminal via openvpn everything works just fine and I get "Initialization Sequence Completed" but when I try to connect to any site nothing works. Does anyone have any suggestions how to nail down the problem? I am far from being a crack in handling ubuntu and stuff alike so please be patient with me Thanks for the help! Here are some terminal outputs that might be helpful?! This is without vpn connection: sterome@Sterome:~$ ifconfig eth0 Link encap:Ethernet HWaddr b8:88:e3:eb:38:c7 UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 TX bytes:0 (0.0 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:17605 errors:0 dropped:0 overruns:0 frame:0 TX packets:17605 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:2395916 (2.3 MB) TX bytes:2395916 (2.3 MB) wlan0 Link encap:Ethernet HWaddr 60:36:dd:c3:34:1c inet addr:192.168.0.2 Bcast:192.168.0.255 Mask:255.255.255.0 inet6 addr: 2a02:2450:103a:a6a:5c97:d6ce:4d4a:59e/64 Scope:Global inet6 addr: 2a02:2450:103a:a6a:6236:ddff:fec3:341c/64 Scope:Global inet6 addr: fe80::6236:ddff:fec3:341c/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:715983 errors:0 dropped:0 overruns:0 frame:0 TX packets:394160 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:987194124 (987.1 MB) TX bytes:38882147 (38.8 MB) sterome@Sterome:~$ route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 wlan0 192.168.0.0 0.0.0.0 255.255.255.0 U 9 0 0 wlan0 sterome@Sterome:~$ ping -c3 airvpn.org PING airvpn.org (5.196.64.52) 56(84) bytes of data. 64 bytes from ns334629.ip-5-196-64.eu (5.196.64.52): icmp_seq=1 ttl=51 time=34.1 ms 64 bytes from ns334629.ip-5-196-64.eu (5.196.64.52): icmp_seq=2 ttl=51 time=33.2 ms 64 bytes from ns334629.ip-5-196-64.eu (5.196.64.52): icmp_seq=3 ttl=51 time=39.3 ms --- airvpn.org ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2003ms rtt min/avg/max/mdev = 33.242/35.559/39.318/2.686 ms This comes up after connecting to the vpn: sterome@Sterome:~$ ifconfig eth0 Link encap:Ethernet HWaddr b8:88:e3:eb:38:c7 UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 TX bytes:0 (0.0 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:17661 errors:0 dropped:0 overruns:0 frame:0 TX packets:17661 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:2404286 (2.4 MB) TX bytes:2404286 (2.4 MB) tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:10.4.22.129 P-t-P:10.4.22.129 Mask:255.255.0.0 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:14 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:0 (0.0 TX bytes:3224 (3.2 KB) wlan0 Link encap:Ethernet HWaddr 60:36:dd:c3:34:1c inet addr:192.168.0.2 Bcast:192.168.0.255 Mask:255.255.255.0 inet6 addr: 2a02:2450:103a:a6a:5c97:d6ce:4d4a:59e/64 Scope:Global inet6 addr: 2a02:2450:103a:a6a:6236:ddff:fec3:341c/64 Scope:Global inet6 addr: fe80::6236:ddff:fec3:341c/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:716130 errors:0 dropped:0 overruns:0 frame:0 TX packets:394305 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:987220501 (987.2 MB) TX bytes:38906803 (38.9 MB) sterome@Sterome:~$ route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.4.0.1 128.0.0.0 UG 0 0 0 tun0 0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 wlan0 10.4.0.0 0.0.0.0 255.255.0.0 U 0 0 0 tun0 62.102.148.143 192.168.0.1 255.255.255.255 UGH 0 0 0 wlan0 128.0.0.0 10.4.0.1 128.0.0.0 UG 0 0 0 tun0 192.168.0.0 0.0.0.0 255.255.255.0 U 9 0 0 wlan0 sterome@Sterome:~$ ping -c3 airvpn.org ping: unknown host airvpn.org

Hello, I've created a router config and set it up on my router, but the traffic is not going through the VPN. Here is a part of the generated router config without the certificates: clientdev tun proto udp remote us.vpn.airdns.org 443 resolv-retry infinite nobind persist-key persist-tun remote-cert-tls server cipher AES-256-CBC comp-lzo no route-delay 5 verb 3 explicit-exit-notify 5 Here is my router log: Mar 22 09:11:09 RT-N56U: WAN up (eth3) Mar 22 09:11:09 dnsmasq[397]: read /etc/hosts - 3 addresses Mar 22 09:11:09 dnsmasq[397]: read /etc/storage/dnsmasq/hosts - 0 addresses Mar 22 09:11:09 dnsmasq-dhcp[397]: read /etc/dnsmasq/dhcp/dhcp-hosts.rc Mar 22 09:11:09 dnsmasq[397]: using nameserver 167.206.10.178#53 Mar 22 09:11:09 dnsmasq[397]: using nameserver 167.206.10.179#53 Mar 22 09:11:09 miniupnpd[449]: version 1.9 starting UPnP-IGD ext if eth3 BOOTID=1490188269 Mar 22 09:11:09 miniupnpd[449]: HTTP listening on port 17455 Mar 22 09:11:09 httpd[445]: Server listening port 80 (HTTP). Mar 22 09:11:10 RT-N56U: starting OpenVPN client... Mar 22 09:11:10 openvpn-cli[476]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Mar 22 09:11:10 kernel: br0: port 3(rai0) entered forwarding state Mar 22 09:11:10 kernel: br0: port 2(ra0) entered forwarding state Mar 22 09:11:10 kernel: br0: port 1(eth2) entered forwarding state Mar 22 09:11:19 NTP Client: Synchronizing time to pool.ntp.org. Mar 22 09:11:22 NTP Client: System time changed, offset: 2.135226s Mar 22 09:12:13 openvpn-cli[476]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Mar 22 09:13:15 openvpn-cli[476]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Mar 22 09:14:17 openvpn-cli[476]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Mar 22 09:15:19 openvpn-cli[476]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Mar 22 09:16:21 openvpn-cli[476]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Mar 22 09:17:23 openvpn-cli[476]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Mar 22 09:18:25 openvpn-cli[476]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Mar 22 09:19:27 openvpn-cli[476]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Attaching a screenshot from my router admin config: Can you please help me troubleshoot? Thanks!Jim

Hi, I'm using a Asus rt-n66u router for a while with OpenVPN on port 433. Since speeds are not good, I played with settings / multiple configs to get better speeds but so far those efforts failed. I have a Ziggo ISP account that allows a max speed of 150 Mbps down. On my laptop (Wifi) without vpn I get speeds around 50 to 65 Mbps. When I use AirVPN via the Asus rt-n66u router, I get speeds around < 10 Mbps down and equal up. I've used the https://airvpn.org/asuswrt/ howto page, so uploading the .ovpn file into the router. Currently I run latest Merlin 380.65 firmware. I also used lower versions of Merlins firmware, which did not cause change in behaviour. I've puzzled a lot to get the config on higher speeds but it does not matter if I use UDP or TCP and / or change ports. Tried them all. I used the AirVPN generator set to router, country set to Netherlands and as described using either UDP or TCP trying multiple ports. I can understand that vpn causes overhead in traffic but dropping down to 10 Mbps is a bit too much. What can I do to speed things up?

Hello everyone! I am using AirVPN on Fedora 25 and the first week it worked perfectly. But, as I got a router (D-Link DIR-868L) this week I have started noticing DNS Leaks occurring now and then, and if I bypass the router by connecting straight to wall the DNS leaks go away. It doesn't seem to matter what way I have of connecting to the VPN, I have tried Gnome-Network-Manager, Eddie and using the terminal and it is all the same. How can I fix this?

Hi My Asus RTN66u had given up and I need a new one that will allow me to add AirVPN , my experience with the ASUS was not positive do I am after some help, shared experiences if possible? Thanks

Hi AirVPN, using a trial and have a few questions. ​ ​ On Android. 6.0 phone . 1. Is there an android app planned? Only real drawback to AirVPN as its without the network lock feature. (and get more customers with an android app!) ​ 2. OpenVPN is often disconnecting, sometimes waits to reconnect and will also just disconnect. (unlimited retrys is on) Should persistent tun be ticked or not? i carry on browsing not knowing the key lock has gone. ​ 3. Time difference between location and device is noticed in some tests, can it be stopped? ​ And how secure is using a VPN with google play services (cant disable)? ​ ​Router 4. is it possible to set up the router to connect to a choice of the real ip or an AirVPN set ip from the wireless connection setting menu? ​ ​Thanks for reading

Dears, I've followed the tutorial on how to connect to AirVPN through DD-WRT but it seems that I can't do it on my own So I would appreciate your help The error I'm getting is: Clientlog: 20161112 18:22:31 N TLS Error: TLS handshake failed 20161112 18:22:31 I SIGUSR1[soft tls-error] received process restarting 20161112 18:22:31 Restart pause 2 second(s) 20161112 18:22:33 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 20161112 18:22:33 Socket Buffers: R=[180224->131072] S=[180224->131072] 20161112 18:22:33 I UDPv4 link local: [undef] 20161112 18:22:33 I UDPv4 link remote: [AF_INET]109.232.227.148:443 20161112 18:23:33 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 20161112 18:23:33 N TLS Error: TLS handshake failed 20161112 18:23:33 I SIGUSR1[soft tls-error] received process restarting 20161112 18:23:33 Restart pause 2 second(s) 20161112 18:23:35 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 20161112 18:23:35 Socket Buffers: R=[180224->131072] S=[180224->131072] 20161112 18:23:35 I UDPv4 link local: [undef] 20161112 18:23:35 I UDPv4 link remote: [AF_INET]109.232.227.148:443 20161112 18:24:35 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 20161112 18:24:35 N TLS Error: TLS handshake failed 20161112 18:24:35 I SIGUSR1[soft tls-error] received process restarting 20161112 18:24:35 Restart pause 2 second(s) 20161112 18:24:37 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 20161112 18:24:37 Socket Buffers: R=[180224->131072] S=[180224->131072] 20161112 18:24:39 I UDPv4 link local: [undef] 20161112 18:24:39 I UDPv4 link remote: [AF_INET]213.152.162.103:443 20161112 18:25:07 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20161112 18:25:07 D MANAGEMENT: CMD 'state' 20161112 18:25:07 MANAGEMENT: Client disconnected 20161112 18:25:07 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20161112 18:25:07 D MANAGEMENT: CMD 'state' 20161112 18:25:07 MANAGEMENT: Client disconnected 20161112 18:25:07 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20161112 18:25:07 D MANAGEMENT: CMD 'state' 20161112 18:25:07 MANAGEMENT: Client disconnected 20161112 18:25:07 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20161112 18:25:07 D MANAGEMENT: CMD 'status 2' 20161112 18:25:07 MANAGEMENT: Client disconnected 20161112 18:25:07 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20161112 18:25:07 D MANAGEMENT: CMD 'log 500' 20161112 18:25:07 MANAGEMENT: Client disconnected 20161112 18:25:39 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 20161112 18:25:39 N TLS Error: TLS handshake failed 20161112 18:25:39 I SIGUSR1[soft tls-error] received process restarting 20161112 18:25:39 Restart pause 2 second(s) 20161112 18:25:41 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 20161112 18:25:41 Socket Buffers: R=[180224->131072] S=[180224->131072] 20161112 18:25:41 I UDPv4 link local: [undef] 20161112 18:25:41 I UDPv4 link remote: [AF_INET]213.152.162.103:443 20161112 18:26:41 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 20161112 18:26:41 N TLS Error: TLS handshake failed 20161112 18:26:41 I SIGUSR1[soft tls-error] received process restarting 20161112 18:26:41 Restart pause 2 second(s) 20161112 18:26:43 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 20161112 18:26:43 Socket Buffers: R=[180224->131072] S=[180224->131072] 20161112 18:26:43 I UDPv4 link local: [undef] 20161112 18:26:43 I UDPv4 link remote: [AF_INET]213.152.162.103:443 20161112 18:27:43 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 20161112 18:27:43 N TLS Error: TLS handshake failed 20161112 18:27:43 I SIGUSR1[soft tls-error] received process restarting 20161112 18:27:43 Restart pause 2 second(s) 20161112 18:27:45 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 20161112 18:27:45 Socket Buffers: R=[180224->131072] S=[180224->131072] 20161112 18:27:45 I UDPv4 link local: [undef] 20161112 18:27:45 I UDPv4 link remote: [AF_INET]213.152.162.103:443 20161112 18:28:46 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 20161112 18:28:46 N TLS Error: TLS handshake failed 20161112 18:28:46 I SIGUSR1[soft tls-error] received process restarting 20161112 18:28:46 Restart pause 2 second(s) 20161112 18:28:48 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 20161112 18:28:48 Socket Buffers: R=[180224->131072] S=[180224->131072] 20161112 18:28:48 I UDPv4 link local: [undef] 20161112 18:28:48 I UDPv4 link remote: [AF_INET]213.152.162.103:443 20161112 18:29:48 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 20161112 18:29:48 N TLS Error: TLS handshake failed 20161112 18:29:48 I SIGUSR1[soft tls-error] received process restarting 20161112 18:29:48 Restart pause 2 second(s) 20161112 18:29:50 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 20161112 18:29:50 Socket Buffers: R=[180224->131072] S=[180224->131072] 20161112 18:29:52 I UDPv4 link local: [undef] 20161112 18:29:52 I UDPv4 link remote: [AF_INET]213.152.161.132:443 20161112 18:30:52 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 20161112 18:30:52 N TLS Error: TLS handshake failed 20161112 18:30:52 I SIGUSR1[soft tls-error] received process restarting 20161112 18:30:52 Restart pause 2 second(s) 20161112 18:30:54 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 20161112 18:30:54 Socket Buffers: R=[180224->131072] S=[180224->131072] 20161112 18:30:54 I UDPv4 link local: [undef] 20161112 18:30:54 I UDPv4 link remote: [AF_INET]213.152.161.132:443 20161112 18:30:55 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20161112 18:30:55 D MANAGEMENT: CMD 'state' 20161112 18:30:55 MANAGEMENT: Client disconnected 20161112 18:30:55 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20161112 18:30:55 D MANAGEMENT: CMD 'state' 20161112 18:30:55 MANAGEMENT: Client disconnected 20161112 18:30:55 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20161112 18:30:55 D MANAGEMENT: CMD 'state' 20161112 18:30:55 MANAGEMENT: Client disconnected 20161112 18:30:55 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20161112 18:30:55 D MANAGEMENT: CMD 'status 2' 20161112 18:30:55 MANAGEMENT: Client disconnected 20161112 18:30:55 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20161112 18:30:55 D MANAGEMENT: CMD 'log 500' 19700101 01:00:00 ca /tmp/openvpncl/ca.crt cert /tmp/openvpncl/client.crt key /tmp/openvpncl/client.key management 127.0.0.1 16 management-log-cache 100 verb 3 mute 3 syslog writepid /var/run/openvpncl.pid client resolv-retry infinite nobind persist-key persist-tun script-security 2 dev tun1 proto udp cipher aes-256-cbc auth sha1 remote nl.vpn.airdns.org 443 comp-lzo yes tls-client tun-mtu 1500 mtu-disc yes ns-cert-type server fast-io tun-ipv6 tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 Can someone please help me ? I've attached my config in DD-WRT Thanks.

This is only a solution for people in their home country willing/wanting to bypass the VPN to access their Netflix account. Does not help for out-of-country Netflix access. I was surprised to not see this in the forum, as it's very simple and works. It is a very short script added to the Custom Configuration which pulls the current IP addresses for a domain name (Netflix.com, Hulu.com) and routes those addresses "around" the VPN. allow-pull-fqdn route www.netflix.com 255.255.255.255 net_gateway So far I've been using this for a day, and had to restart things one time to get it to pick up new addresses. I would like to find a way to run this at regular intervals to add to the IP list (without duplicating addresses already in the list).

hi all, noob question maybe. I don't get my configuration to work. I use an Asus AC-3200 router, with original firmware. Installed the VPN-client. Works flawlessly. But: when i enter the DNS manually on the WAN-tab (10.4.0.1 and 10.5.0.1), then no website can be found. Router says "no connection". Using Google's DNS works fine, but i wanna use AirVPN's DNS. What am i doing wrong?

So I love AirVPN, I use the portable app that runs on my machine, and I get great speeds, usually 60 Mbps when connected. However I would love to run it on my router so that way I could possibly run another VPN on top of it for extra security, but it's more so for the peace of mind knowing that my router is 100% securing my data at all times. I have 2 different routers, and I was going to try to have my main dedicated router broadcasting my normal signal, and then my Asus Rt-n66u running a VPN at all times. After running through the setup guides and everything I was able to get a successful connection however the speeds were terrible, maxing out at around 7 Mbps. I need desperate help as my other router (r7000) has a similar problem with speeds only maxing out at about 10 Mbps. This isn't doable, and I love getting decent speeds but I can't work with something this slow. Has anyone else here had any similar issues with installation to a router? I was also looking at the Ubiquiti Edgerouter as a higher performing router, I just want to be sure I've expended all my resources before I buy another router that may be more powerful.

howdy, when the client is on, i cant connet to my router (fritzbox) over my browser (safari). is the client disconnected, it is working. what do i wrong in the options? and which options i must change.. airvpn client or fritzbox? tia

Hi All, I was just looking for a plug and play pfsense router and I found this amazing product: https://www.ovpn.se/en/box Its to bad it's from a another VPN provider but I just asked the support and they say that every OVPN config file will run on it. I now have a Asus ac3200 200/20 mbit connection with VPN I got 40mbits and I hope the speed are much higher with this router. Has anyone experiences with this product and idea what speed I would get ? I hope the airvpn config files will run smootly on it. Btw Air thanks for the new servers!!!!!

Hi! I have been using AirVPN for about 3 months now. It has worked fine, until, yesterday, I got a new router. AirVPN is now no longer able to connect with the Eddie Client for PC, but is able to connect with the OpenVPN app on my iPhone and iPad. When it says "Checking route" in the client, this is when it fails and says "Operation Failed". I have managed to identify the problem, but I have not found out how to fix it. EDIT: I have fixed the problem! I did some Google searching and I found a solution. I opened an administrator command prompt, ran netsh winsock reset catalog netsh int ipv4 reset reset.log netsh int ipv6 reset reset.login that order. I then rebooted my computer. I am now able to connect to AirVPN servers without any problems. If anyone else is having this problem, run the commands above, hopefully it fixes it for you too. My logs: I 2016.05.04 18:51:31 - AirVPN client version: 2.10.3 / x64, System: Windows, Name: Microsoft Windows NT 6.2.9200.0 / x64 . 2016.05.04 18:51:31 - Reading options from C:\Program Files\AirVPN\AirVPN.xml . 2016.05.04 18:51:32 - Data Path: C:\Program Files\AirVPN . 2016.05.04 18:51:32 - App Path: C:\Program Files\AirVPN . 2016.05.04 18:51:32 - Executable Path: C:\Program Files\AirVPN\AirVPN.exe . 2016.05.04 18:51:32 - Command line arguments (0): . 2016.05.04 18:51:32 - Operating System: Microsoft Windows NT 6.2.9200.0 . 2016.05.04 18:51:32 - Updating systems & servers data ... I 2016.05.04 18:51:32 - OpenVPN Driver - TAP-Windows Adapter V9, version 9.9.2 I 2016.05.04 18:51:32 - OpenVPN - Version: OpenVPN 2.3.8 (C:\Program Files\AirVPN\openvpn.exe) I 2016.05.04 18:51:32 - SSH - Version: plink 0.63 (C:\Program Files\AirVPN\plink.exe) I 2016.05.04 18:51:32 - SSL - Version: stunnel 5.17 (C:\Program Files\AirVPN\stunnel.exe) ! 2016.05.04 18:51:32 - Ready . 2016.05.04 18:51:33 - Systems & servers data update completed I 2016.05.04 18:52:06 - Checking login ... ! 2016.05.04 18:52:07 - Logged in. ! 2016.05.04 18:52:08 - Activation of Network Lock - Windows Firewall I 2016.05.04 18:52:34 - Session starting. I 2016.05.04 18:52:34 - IPv6 disabled. I 2016.05.04 18:52:34 - Checking authorization ... ! 2016.05.04 18:52:35 - Connecting to Atria (Sweden, Uppsala) . 2016.05.04 18:52:35 - OpenVPN > OpenVPN 2.3.8 x86_64-w64-mingw32 [sSL (OpenSSL)] [LZO] [iPv6] built on Aug 13 2015 . 2016.05.04 18:52:35 - OpenVPN > library versions: OpenSSL 1.0.2d 9 Jul 2015, LZO 2.08 . 2016.05.04 18:52:35 - OpenVPN > MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:3100 . 2016.05.04 18:52:35 - OpenVPN > Control Channel Authentication: tls-auth using INLINE static key file . 2016.05.04 18:52:35 - OpenVPN > Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication . 2016.05.04 18:52:35 - OpenVPN > Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication . 2016.05.04 18:52:35 - OpenVPN > Socket Buffers: R=[65536->131072] S=[261360->131072] . 2016.05.04 18:52:35 - OpenVPN > UDPv4 link local: [undef] . 2016.05.04 18:52:35 - OpenVPN > UDPv4 link remote: [AF_INET]62.102.148.150:443 . 2016.05.04 18:52:35 - OpenVPN > TLS: Initial packet from [AF_INET]62.102.148.150:443, sid=7a07eba3 eee7fa44 . 2016.05.04 18:52:35 - OpenVPN > VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org . 2016.05.04 18:52:35 - OpenVPN > Validating certificate key usage . 2016.05.04 18:52:35 - OpenVPN > ++ Certificate has key usage 00a0, expects 00a0 . 2016.05.04 18:52:35 - OpenVPN > VERIFY KU OK . 2016.05.04 18:52:35 - OpenVPN > Validating certificate extended key usage . 2016.05.04 18:52:35 - OpenVPN > ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication . 2016.05.04 18:52:35 - OpenVPN > VERIFY EKU OK . 2016.05.04 18:52:35 - OpenVPN > VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, emailAddress=info@airvpn.org . 2016.05.04 18:52:36 - OpenVPN > Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key . 2016.05.04 18:52:36 - OpenVPN > Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication . 2016.05.04 18:52:36 - OpenVPN > Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key . 2016.05.04 18:52:36 - OpenVPN > Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication . 2016.05.04 18:52:36 - OpenVPN > Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA . 2016.05.04 18:52:36 - OpenVPN > [server] Peer Connection Initiated with [AF_INET]62.102.148.150:443 . 2016.05.04 18:52:38 - OpenVPN > SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) . 2016.05.04 18:52:39 - OpenVPN > PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.4.0.1,comp-lzo no,route-gateway 10.4.0.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.4.0.15 255.255.0.0' . 2016.05.04 18:52:39 - OpenVPN > OPTIONS IMPORT: timers and/or timeouts modified . 2016.05.04 18:52:39 - OpenVPN > OPTIONS IMPORT: LZO parms modified . 2016.05.04 18:52:39 - OpenVPN > OPTIONS IMPORT: --ifconfig/up options modified . 2016.05.04 18:52:39 - OpenVPN > OPTIONS IMPORT: route options modified . 2016.05.04 18:52:39 - OpenVPN > OPTIONS IMPORT: route-related options modified . 2016.05.04 18:52:39 - OpenVPN > OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified . 2016.05.04 18:52:39 - OpenVPN > do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0 . 2016.05.04 18:52:39 - OpenVPN > open_tun, tt->ipv6=0 . 2016.05.04 18:52:39 - OpenVPN > TAP-WIN32 device [Ethernet 2] opened: \\.\Global\{2BD6C86E-B2E4-4CF7-9738-A25DF3115706}.tap . 2016.05.04 18:52:39 - OpenVPN > TAP-Windows Driver Version 9.9 . 2016.05.04 18:52:39 - OpenVPN > Set TAP-Windows TUN subnet mode network/local/netmask = 10.4.0.0/10.4.0.15/255.255.0.0 [sUCCEEDED] . 2016.05.04 18:52:39 - OpenVPN > Notified TAP-Windows driver to set a DHCP IP/netmask of 10.4.0.15/255.255.0.0 on interface {2BD6C86E-B2E4-4CF7-9738-A25DF3115706} [DHCP-serv: 10.4.255.254, lease-time: 31536000] . 2016.05.04 18:52:39 - OpenVPN > Successful ARP Flush on interface [22] {2BD6C86E-B2E4-4CF7-9738-A25DF3115706} . 2016.05.04 18:52:44 - OpenVPN > TEST ROUTES: 1/1 succeeded len=0 ret=1 a=0 u/d=up . 2016.05.04 18:52:44 - OpenVPN > C:\WINDOWS\system32\route.exe ADD 62.102.148.150 MASK 255.255.255.255 10.10.10.1 . 2016.05.04 18:52:44 - OpenVPN > Warning: route gateway is ambiguous: 10.10.10.1 (2 matches) . 2016.05.04 18:52:44 - OpenVPN > Route addition via IPAPI failed [adaptive] . 2016.05.04 18:52:44 - OpenVPN > Route addition fallback to route.exe . 2016.05.04 18:52:44 - OpenVPN > env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem . 2016.05.04 18:52:44 - OpenVPN > C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.4.0.1 . 2016.05.04 18:52:44 - OpenVPN > ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4 . 2016.05.04 18:52:44 - OpenVPN > Route addition via IPAPI succeeded [adaptive] . 2016.05.04 18:52:44 - OpenVPN > C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.4.0.1 . 2016.05.04 18:52:44 - OpenVPN > ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4 . 2016.05.04 18:52:44 - OpenVPN > Route addition via IPAPI succeeded [adaptive] . 2016.05.04 18:52:44 - Starting Management Interface . 2016.05.04 18:52:44 - OpenVPN > Initialization Sequence Completed I 2016.05.04 18:52:45 - DNS of a network adapter forced (TAP-Windows Adapter V9) I 2016.05.04 18:53:03 - DNS of a network adapter forced (Realtek PCIe FE Family Controller) I 2016.05.04 18:53:03 - Flushing DNS I 2016.05.04 18:53:04 - Checking route W 2016.05.04 18:54:16 - The operation has timed out ! 2016.05.04 18:54:16 - Disconnecting . 2016.05.04 18:54:16 - Management - Send 'signal SIGTERM' . 2016.05.04 18:54:16 - OpenVPN > MANAGEMENT: CMD 'signal SIGTERM' . 2016.05.04 18:54:16 - OpenVPN > SIGTERM received, sending exit notification to peer . 2016.05.04 18:54:16 - OpenVpn Management > >INFO:OpenVPN Management Interface Version 1 -- type 'help' for more info . 2016.05.04 18:54:21 - OpenVPN > C:\WINDOWS\system32\route.exe DELETE 62.102.148.150 MASK 255.255.255.255 10.10.10.1 . 2016.05.04 18:54:21 - OpenVPN > Warning: route gateway is ambiguous: 10.10.10.1 (2 matches) . 2016.05.04 18:54:21 - OpenVPN > Route deletion via IPAPI failed [adaptive] . 2016.05.04 18:54:21 - OpenVPN > Route deletion fallback to route.exe . 2016.05.04 18:54:21 - OpenVPN > env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem . 2016.05.04 18:54:21 - OpenVPN > C:\WINDOWS\system32\route.exe DELETE 0.0.0.0 MASK 128.0.0.0 10.4.0.1 . 2016.05.04 18:54:21 - OpenVPN > Route deletion via IPAPI succeeded [adaptive] . 2016.05.04 18:54:21 - OpenVPN > C:\WINDOWS\system32\route.exe DELETE 128.0.0.0 MASK 128.0.0.0 10.4.0.1 . 2016.05.04 18:54:21 - OpenVPN > Route deletion via IPAPI succeeded [adaptive] . 2016.05.04 18:54:21 - OpenVPN > Closing TUN/TAP interface . 2016.05.04 18:54:21 - OpenVPN > SIGTERM[soft,exit-with-notification] received, process exiting . 2016.05.04 18:54:21 - Connection terminated. I 2016.05.04 18:54:21 - DNS of a network adapter restored to original settings (TAP-Windows Adapter V9) I 2016.05.04 18:54:41 - DNS of a network adapter restored to original settings (Realtek PCIe FE Family Controller) I 2016.05.04 18:54:42 - Cancel requested. I 2016.05.04 18:54:42 - IPv6 restored. ! 2016.05.04 18:54:42 - Session terminated. ! 2016.05.04 18:55:50 - Deactivation of Network Lock The Default Gateway of my OLD router was 10.10.10.1. However, the default gateway of the new router is different (10.10.1.1) It looks like the AirVPN client is still trying to connect to the old default gateway IP, not the new one. That seems to be the issue. How do I fix it so that the client uses my new default gateway IP, instead of the old one? (I am on Windows 10 by the way)

I have posted the logs to support but I don't know how much help they will be, Using TalkTalk D-LINK router until today when I switched to my new Huawei HG633 router to coincide with a new fiber connection starting today for which the new router is needed. From the word go with the new router, terrible DNS leaks showing at ipleak.net and dnsleaks.com with TalkTalk looming all over the page. DNS leaks occur: Both wireless and wired On two laptops (Lenovo and Acer) but not on the Toshiba laptop Not on the Android phone on both Windows 8 and Windows 10. Network Lock is enabled, of course. If anyone can shine a light, please do!

This router might require sacrifices to actually work. A great weapon against network intruders: If someone is in your network, simply don't feed it.

Step 1: First configure the Tomato VPN client (I am using Shibby's AIO build 134, but any of the recent VPN builds that have policy based routing included should work) so that all traffic is sent through the VPN and ensure that works. Once that is working, you can continue. Getting that working is outside the scope of this guide, and a good guide can be found here. Step 2: On the 'Advanced' tab of the VPN client, check the Ignore Redirect Gateway (route-nopull) option and on the Routing Policy tab, check the Redirect Through VPN option, and add the devices you want to redirect through the VPN. In my case, I added Source IP 192.168.1.120, as this is the only client on my LAN I want to be routed through the VPN. Once that's done, ensure the VPN client is running and see if you have internet access through the tunnel for the specified client. I use ipleak.net to test. You will likely notice that while your IP address is that of the VPN, DNS is still being served by whichever DNS servers your router has configured. This is normal, and is solved in step 3. Step 3: On the Advanced -> DHCP/DNS tab, in the advanced configuration: # Create a tag for clients to use a specific DNS server dhcp-option=tag:vpn,option:dns-server,10.30.0.1 # Tell these clients when they connect to use the VPN tag dhcp-host=XX:XX:XX:XX:XX:XX,set:vpn,hostnameyouwanttouse,192.168.1.120 The XX:XX:XX:XX:XX:XX above is the MAC address of your device's network interface. You can find this easily on the Status -> Device List tab. This line is essentially assigning static DHCP for the client with the MAC address specified. This tells all clients tagged as 'vpn' to use 10.30.0.1 as their DNS server. Disconnect your client that you wish to route through the VPN and reconnect it so that it renews the DHCP lease. You may also need to flush the DNS on the client. On Windows this is done from a command prompt run as administrator and typing: ipconfig /flushdnsNote: I am connecting to air on port 2018 to make QoS rules easier, so that's why you see 10.30.0.1 for the DNS server. Use whichever Air DNS server is appropriate for your connection. Step 4: Now, in Administration -> Scripts -> Firewall add the following: iptables -t nat -I PREROUTING -i br0 -s 192.168.1.120 -p udp --dport 53 -j DNAT --to 10.30.0.1 iptables -t nat -I PREROUTING -i br0 -s 192.168.1.120 -p tcp --dport 53 -j DNAT --to 10.30.0.1 iptables -I FORWARD ! -o tun11 -s 192.168.1.120 -j DROP The first two lines prevent the specified client from specifying their own DNS servers, so if this is an issue for you, these rules will make sure the client always uses Air's DNS server. The third line prevents ANY traffic from that client using anything other than the VPN interface "tun11". Note: tun11 is the interface Tomato creates for VPN Client 1. If you use VPN Client 2 use tun12 instead. Routing an entire bridge: To take this a step further I also created an entire bridge (br1) on a different subnet (172.16.0.1/24), and a virtual wireless network on that bridge that 100% uses the VPN tunnel. The rules for an entire subnet are a little different. Configuring additional bridges and virtual wireless access points in Tomato is outside the scope of this guide. Again, in the VPN Client Policy Routing tab, add the "Source IP" and enter 172.16.0.0/24, then in Advanced -> DHCP/DNS: dhcp-option=tag:br1,option:dns-server,10.30.0.1 This tells all clients that connect to br1 to use 10.30.0.1 as their DNS server. Tomato, by default, tags the clients with the bridge they are connected to, so that's all that is required to tell clients on that bridge to use a different DNS server. Then in the Firewall: iptables -t nat -I PREROUTING -i br1 -p udp --dport 53 -j DNAT --to 10.30.0.1 iptables -t nat -I PREROUTING -i br1 -p tcp --dport 53 -j DNAT --to 10.30.0.1 iptables -t nat -I POSTROUTING -s 172.16.0.1/255.255.255.0 -o tun11 -j MASQUERADE iptables -I FORWARD -i br1 -o tun11 -j ACCEPT iptables -I FORWARD -i tun11 -o br1 -j ACCEPT iptables -I FORWARD ! -o tun11 -s 172.16.0.1/255.255.255.0 -j DROP Again, the first two lines prevent clients from specifying their own DNS servers. The next three lines are required, as Tomato's VPN client doesn't automatically add them for bridges other than br0. Without these, no traffic will move between br3 and tun11 (and hence, you will not get a connection). The last line prevents all traffic on br1 if the VPN is down. Port Forwarding: This is straight from AirVPN's FAQ, copied here for completeness. To forward ports to clients, four firewall rules are required for each port you wish to forward. Here I am forwarding port 12345 (both UDP and TCP) to my one VPN'd client on my main LAN.: iptables -I FORWARD -i tun11 -p udp -d 192.168.1.120 --dport 12345 -j ACCEPT iptables -I FORWARD -i tun11 -p tcp -d 192.168.1.120 --dport 12345 -j ACCEPT iptables -t nat -I PREROUTING -i tun11 -p tcp --dport 12345 -j DNAT --to-destination 192.168.1.120 iptables -t nat -I PREROUTING -i tun11 -p udp --dport 12345 -j DNAT --to-destination 192.168.1.120 Preventing leaks on the main LAN when not using policy routing: If you are not interested in policy based routing, and just want to prevent leaks while routing all traffic through the VPN, make sure you check Redirect Internet traffic in the VPN Client Advanced tab and then the following firewall rules: iptables -t nat -I PREROUTING -i br0 -p udp --dport 53 -j DNAT --to 10.30.0.1 iptables -t nat -I PREROUTING -i br0 -p tcp --dport 53 -j DNAT --to 10.30.0.1 iptables -I FORWARD ! -o tun11 -s 192.168.1.1/255.255.255.0 -j DROP The above is completely untested by me as I don't want to route my main LAN (other than a single client) over the VPN. It may cause connectivity issues with the router itself if the tunnel goes down. If someone does test, please come back here and report your results! I hope this guide helps anyone wishing to use Tomato's VPN client to get connected and if you run in to any trouble, I am happy to try and help solve the issue. Troubleshooting: If something isn't working and you've entered everything correctly, I've found that rebooting the client you want routed through the VPN or restarting the VPN client can help. Also, rebooting the router will flush out anything left over between configuration steps and can sometimes solve problems. You can also rebuild the firewall rules in Tomato by going to the Tools->System Commands tab in the interface, and sending service firewall restart. If these don't help, double check that everything is configured appropriately.

Hi, I have tried this service a little bit now, and it seems to work fine for my needs. However I now have two obstacles that I can't seem to overcome with my current setup: 1. All supported vpn-clients seem to require admin privileges (Windows) each time I connect to AirVPN, but for my work laptop I need to request admin privileges each and every time (and say why I need them), so it is not feasible in the long run. 2. Even if I have my phone or laptop connected to VPN, when I try streaming to my TV using Chromecast (1st gen) it doesn't work, because Chromecast actually performs the http requests itself (ie outside the VPN). The only proper solution to these two problems, as far as understand it, is to have a router with the VPN connection, and then connect both my laptop and Chromecast to this router (using wifi). However, when browsing the forum, many people talk about most standard routers out there having too little CPU power for this. But having a dedicated server for this is out of the question for me, since I need a simple and easy setup, suitable for travel. On the other hand, I don't need "amazing" speed. My current internet connection is 10/1 Mbps, and I think if it drops down to 4-8 Mbps when using a standard DD WRT router setup I still can watch Netflix and similar at decent quality. Anything faster then that would of course be nice, but nothing I am prepared to pay extra for, or spend extra time setting up (unless we talk like 30 minutes extra). So, can someone recommend a decent router that could handle this? Would I need something like Netgear Nighthawk R7000, or can I get away with something cheaper? Preconfigured routers from an online shop is not an option for me, since I am in Thailand at the moment and don't trust the postal service here, also I basically want to find something that I can start using like today or tomorrow. So a list of recommended routers would be really helpful, then I can go to some local IT shop and check what they have and compare to that list. Also, I see that the main reason for the VPN putting so much strain on the router CPU is the encryption and decryption of the data. But is there no way to disable this encryption when not needed? What would be the reason for encrypting my Netflix traffic, for example? I know that the "main" feature of an VPN usually is considered to be privacy of some sort, but in cases when it really isn't needed there should be a way to optimize for speed, right? Because, if encryption could be disabled, surely a much cheaper router would work, and still give good speeds, I am sure... Regards /Jimi

Hi, I just followed some instructions and managed to get my netgear wndr4500 upgraded to have dd-wrt on it. it's the latest kong version of the firmware. i did this so that i could get my airvpn to come through my router. which i then set up following your guide. it was fully functioning, my only problem was that the speed had dropped to less than a 20th of the download and slightly slower upload (pictures linked). the speed with my isp's router is 100mb, so it's already slightly slower with dd-wrt but not a big deal. but the speed with the vpn activated is just too slow for what i need. I could use some help in resolving this. Thanks, Grand Kai.

Using AirVPN with OpenWRT This guide is for users who want to set up a OpenWRT (Chaos Calmer) router and have it already up and running without modification. This guide will work with a router that has more than one network interface and at least 8 MB flash (because of the dependencies). Please backup your router first!!! 1. Set up the wan interface as a dhcp client, that way you can use your router at most of the isp boxes. 2. Set up a wireless network with the name and password of you choise, a dhcp server. (Please note that you should use WPA2-PSK). 3. Connect to your new wireless network. 4. Unbridge the LAN interface(s). Go to "Physical Settings" of the LAN interface(s) and uncheck the "creates a bridge over specified interface(s). Check the interface button of your new wireless network. 5. Connect to your router via SSH. 6. Install dependencies for the openvpn setup. First update the packages, than install openvpn and nanoopkg update opkg install openvpn-openssl opkg install nano 7. Backup the openvpn files mv /etc/config/openvpn /etc/config/openvpn_old 8. Create a new interface called airvpncat >> /etc/config/network << EOFconfig interface 'airvpn' option proto 'none' option ifname 'tun0'EOF 9. Use the "Config Generator" of Airvpn to create the openvpn files. Please select the "Advanced Mode" and check "Separate keys/certs from .ovpn file" and"Resolved hosts in .ovpn file". Save the files on your machine. 10. On the router move into the openvpn folder cd /etc/openvpn 11. Use nano to create all the required files on your router.Copy and paste the following files "AirVPN_**************.ovpn, ta.key, ca.crt, user.crt, user.key".Rename the "AirVPN_**************.ovpn" into airvpn.conf for usability.nano airvpn.conf nano ta.key nano ca.crt nano user.crt nano user.key The air.conf should look like this clientdev tunproto udpremote xxx.XXX.xxx.XXX XXXresolv-retry infinitenobindpersist-keypersist-tunremote-cert-tls servercipher AES-256-CBCcomp-lzo noroute-delay 5verb 3ca ca.crtcert user.crtkey user.keytls-auth ta.key 1 12. Create a firewall zone for the vpn.cat >> /etc/config/firewall << EOFconfig zone option name 'air_firewall' option input 'REJECT' option output 'ACCEPT' option forward 'REJECT' option masq '1' option mtu_fix '1' option network 'airvpn' config forwarding option dest 'air_firewall' option src 'lan' EOF 13. Reboot router 14. Test openvpn configurationopenvpn --cd /etc/openvpn --config /etc/openvpn/airvpn.confAt the end it should show "Initialization Sequence Completed"Stop openvpn with "Ctrl-C". 15. Use the Airvpn DNS (here Port 443 - Protocol UDP) and reboot. Please change if you use different port (https://airvpn.org/specs/)uci add_list dhcp.lan.dhcp_option="6,10.4.0.1"uci commit dhcpreboot 16. Secure against IP Leak, backup old firewall and create new firewall rules mv /etc/config/firewall /etc/config/firewall.backup cat >> /etc/config/firewall << EOF config defaults option syn_flood '1' option input 'ACCEPT' option output 'ACCEPT' option forward 'REJECT' config zone option name 'lan' option network 'lan' option input 'ACCEPT' option output 'ACCEPT' option forward 'REJECT' config zone option name 'wan' option output 'ACCEPT' option forward 'REJECT' option network 'wan' option input 'ACCEPT' config zone option name 'airvpn' option input 'REJECT' option output 'ACCEPT' option forward 'REJECT' option masq '1' option mtu_fix '1' option network 'airvpn' config rule option name 'Allow-DHCP-Renew' option src 'wan' option proto 'udp' option dest_port '68' option target 'ACCEPT' option family 'ipv4' config rule option name 'Allow-Ping' option src 'wan' option proto 'icmp' option icmp_type 'echo-request' option family 'ipv4' option target 'ACCEPT' config rule option name 'Allow-DHCPv6' option src 'wan' option proto 'udp' option src_ip 'fe80::/10' option src_port '547' option dest_ip 'fe80::/10' option dest_port '546' option family 'ipv6' option target 'ACCEPT' config rule option name 'Allow-ICMPv6-Input' option src 'wan' option proto 'icmp' list icmp_type 'echo-request' list icmp_type 'echo-reply' list icmp_type 'destination-unreachable' list icmp_type 'packet-too-big' list icmp_type 'time-exceeded' list icmp_type 'bad-header' list icmp_type 'unknown-header-type' list icmp_type 'router-solicitation' list icmp_type 'neighbour-solicitation' list icmp_type 'router-advertisement' list icmp_type 'neighbour-advertisement' option limit '1000/sec' option family 'ipv6' option target 'ACCEPT' config rule option name 'Allow-ICMPv6-Forward' option src 'wan' option dest '*' option proto 'icmp' list icmp_type 'echo-request' list icmp_type 'echo-reply' list icmp_type 'destination-unreachable' list icmp_type 'packet-too-big' list icmp_type 'time-exceeded' list icmp_type 'bad-header' list icmp_type 'unknown-header-type' option limit '1000/sec' option family 'ipv6' option target 'ACCEPT' config include option path '/etc/firewall.user' config forwarding option dest 'airvpn' option src 'lan' EOF TEST WITH ipleak.net...It worked that way with my router, i would be happy if someone else could verify my setup.

Hello! I have a really strange problem. I using Nusakan on my Asus ac3200 router with the latest merlin. The VPN connection reconnects after a X couple of days. 20 Minutes ago this happend again. See log of my Router. Have any of you guys a Idea what the problem is? Thanks in Advance!

A refreshed guide is available here: Prerequisite Install DD-WRT on router go to https://www.dd-wrt.com/ Select "router database", then enter you router model number. Follow the instructions as described and install the DD-WRT *vpn*.bin. Steps Create configuration files from our Config Generator. Select the server location and port you want to connect to, tick "Advanced Mode", tick "Separate certs/keys from .ovpn file", then generate and download the configuration files. Under the router "setup tab" locate your router's local IP address. Go to Specs page of AirVPN website and locate Air VPN DNS for the server you want to connect to, and enter it under Static DNS 1. Navigate to the "Services" tab then select the "VPN" tab. Select "Enable" under OpenVPN Client. Set the Server IP/Name and Port to the Air VPN server you selected (see here to determine VPN server entry-IP address: https://airvpn.org/topic/14378-how-can-i-get-vpn-servers-entry-ip-addresses ). Set Tunnel Device to "TUN" Set Tunnel Protocol to either "UDP" or "TCP" according to the Air VPN server you selected Set Encryption Cipher to " AES-256" Set Hash Algorithm to "SHA1" Put a check mark beside "nsCertType verification" Select "Enable" Advanced Options Select "Enable" LZO Compression Select "Enable" NAT Set Local IP Address to the router's local IP address found earlier. Set TLS Cipher to "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384" or "None" Unzip the AirVPN configuration file you downloaded. Using your favorite text editor - Open up "ca.crt" and copy all of the contents into the CA Cert window. - Open up "user.crt" and copy only and including "----- BEGIN CERTIFICATE----- to the end of ----- END CERTIFICATE----- " into Public Client Cert. - Open up "user.key" and copy all of the contents into Private Client Key. - Open up "ta.key" and copy all of the contents into TLS Auth Key Select "Save" at the bottom of the page then "Apply Setting" Select "Save" at the bottom of the page then "Apply Setting" DD-WRT firewall rules Go to "Administration" tab then select the "Commands" tab. Copy the following firewall rules into the command window (IMPORTANT: check your tun interface name and set it accordingly - some firmware builds will have tun1 and not tun0) iptables -I FORWARD -i br0 -o tun0 -j ACCEPT iptables -I FORWARD -i tun0 -o br0 -j ACCEPT iptables -I INPUT -i tun0 -j REJECT iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE Click on "Save Firewall" Verification of VPN setup Go to https://airvpn.org and at the bottom of the screen it should show you are connected. Trouble Shooting If you're not shown as connected wait a minute then refresh the web (it could take a minute to make a connection with the VPN and log in). Go to DD-WRT configuration and navigate to the "Services" tab, then "VPN" tab. Once there go to the bottom of the page and click on "Apply Settings". Once completed wait a minute and verify your connection again. If you're still not connected verify the server status you're trying to connect to. Go to Air VPN website and log in, then navigate to "Support" and select "Server Status". If server is down reconfigure DD-WRT to connect to another server. If you are still have difficulties connecting, view the OpenVPN log file in DD-WRT. You can find the log by going to DD-WRT configuration and navigating to the "Status" tab and selecting "OpenVpn". Hopefully the log will give you some indication of why you can not connect. Still having issues Contact Air VPN support, they are quick at responding back to you and very knowledgeable. Another option is to ask on the Air VPN forums.

About Tomato Firmware Tomato is a small, lean and simple replacement firmware for Linksys' WRT54G/GL/GS, Buffalo WHR-G54S/WHR-HP-G54 and other Broadcom-based routers. Official website: http://www.polarcloud.com/tomato. PrerequisiteMake sure you triple-check that your version of Tomato supports OpenVPN or you'll be sorry. I strongly recommend Toastman's build of Tomato because of its widespread feature support and stability. StepsUnder Basic->Network, configure your 3 static DNS servers. If you wish to use the AirVPN DNS set 10.4.0.1 as first DNS IP address. The Air DNS will enable you to access internal Air services, geo-routing services and bypass ICE/ICANN USA censorship (more information here). About the others, I recommend picking ones from the OpenNIC Project because many of the servers don't keep any logs, which is consistent with the Air service, plus they would allow your internet service to continue functioning in the event of a government-ordered root DNS server shutdown- https://servers.opennic.org/Under Basic->Time, make sure that the correct time zone and server is configured.Download the OpenVPN (.ovpn) file of your choosing under "Client Area -> Config Generator" after you log in the AirVPN site. In the Configuration Generator make sure to tick "Advanced Mode" and "Separate certs/keys from .ovpn files". In order to determine the IP address of the server you wish to connect to, please resolve "servername.airservers.org". For example, for Acrux resolve "acrux.airservers.org". Find the server names by looking at Status page.For the actual configuration, please see the following two screenshots of the Basic and Advanced OpenVPN Client Configuration: Under Basic, sub in your own correct protocol, IP and port in place of what I have in my own config. In the Advanced Custom Configuration text box, the options are as follows: resolv-retry infinite remote-cert-tls server comp-lzo verb 3 Under Keys, you'll need to again text edit your user.key, user.crt, ca.crt and ta.key files, copy the matching keys and certificates and paste them into the text boxes in your router config. - ta.key is the Static Key - ca.crt is the Certificate Authority certificate (in some older builds, "Server certificate") - user.crt is the Client Certificate - user.key is the Client KeyAbout certificates files (user.crt and ca.crt) content, just copy and paste from "-----BEGIN CERTIFICATE-----" (included) up to "-----END CERTIFICATE-----" (included).Save all settings.Under Status, click Start Now and count for 30 seconds. Go to https://airvpn.org and at the bottom of the screen it should show you are connected or visit https://ipleak.net for check. Tested withToastman's build of Tomato [v1.28.7500 MIPSR2Toastman-RT K26 VPN] on Asus RT-N16 router.Tomato-ND-1.28.7633-Toastman-IPT-ND-SmallVPN on Buffalo WHR-G54S Feedback For any comment or feedback, you can find the discussion here. Thanks to Baraka for this article.

About AsusWRT AsusWRT is a unified firmware developed by Asus for use in their recent routers. The firmware was originally based on Tomato-RT/Tomato-USB, but has since seen many changes. Asus started using this new firmware with their recent routers (RT-AC68U, RT-AC87U), but they also started moving other routers to this new firmware. Prerequisite Asus Router with AsusWRT (native OpenVPN support). Model tested: RT-AC68U but it should work for all Asus routers that have AsusWRT. see Official website for AsusWRT model support list. [Firmware Notes]: Please upgrade the router Firmware to the latest version. "New Asus Firmware supports 4096 bits key and will work with AirVPN." Steps 1. Create configuration files from our Config Generator. Select [Router or others] and choose a server you like. Tick on [Direct, protocol UDP, port 443] and click on [Generate]. Save the openvpn config file .ovpn (Ex: AirVPN__UDP-443.ovpn) anywhere on your computer. 2. Open the Asus router webinterface and click on [VPN]. Click on [Add profile], choose [OpenVPN] tab. Enter a "description", leave username and password EMPTY. Click on [browse] and select the downloaded openvpn config file (.ovpn). Click on [upload]. Click on [OK]. That's it now you can click on [Activate] to connect to AirVPN server. 3. Make sure to setup the AirVPN DNS this way: Click on [WAN] tab. Turn [DNS server] "off" (No) and enter AirVPN's DNS 10.4.0.1 as first DNS IP address (it's DNS for Protocol UDP, Port 443 - see Specs for more details). About the secondary DNS entry, we recommend picking ones from the OpenNIC Project. The AirVPN DNS will enable you to access AirVPN geo-routing services to bypass discriminations based on IP address geo-location. 4. Visit https://ipleak.net and check whether it works. Every client (PC, Smartphone, Console, Smart TV ..) which is connected to the router now is secured by VPN and also has full access to the anti-geo-blocking service. Useful Info A custom firmware for Asus routers based on official AsusWRT called Asuswrt-Merlin is available. AsusWRT-Merlin retains all the features of the original stock AsusWRT firmware with added/enhanced features. More info on AsusWRT-Merlin website http://asuswrt.lostrealm.ca/features

Hi. I use AirVPN in my macbook to watch netflix in different countries since I only have an American Netflix account. This however doesn't work with Amazon FIreTv Stick's Netflix. How do I use AirVPN to configure my router to connect directly to AirVPN servers so that both the macbook and the firetv stick connect through the VPN? Thanks.