Jump to content
Not connected, Your IP: 44.222.64.76

Search the Community

Showing results for tags 'SSH'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • AirVPN
    • News and Announcement
    • How-To
    • Databases
  • Community
    • General & Suggestions
    • Troubleshooting and Problems
    • Blocked websites warning
    • Eddie - AirVPN Client
    • DNS Lists
    • Reviews
    • Other VPN competitors or features
    • Nonprofit
    • Off-Topic
  • Other Projects
    • IP Leak
    • XMPP

Product Groups

  • AirVPN Access
  • Coupons
  • Misc

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Twitter


Mastodon


AIM


MSN


ICQ


Yahoo


XMPP / Jabber


Skype


Location


Interests

Found 45 results

  1. I'm with Virgin Media in the UK, on 160/12 cable. Last year I had a spate of low speed (3MB/sec hard cap) which I initially blamed on throttling of OpenVPN as I could hit full speed on my naked ISP connection. After some investigation I found it was actually a bug in the ISP supplied router, so I switched to my own and the problem went away. Lately however, I'm having a hard speed cap problem and it really looks like issues caused by either VM's use of DPI and/or OpenVPN throttling/shaping at ISP level. VM operate a whitelist for shaping, so unless the protocol is whitelisted it's shaped by default. VM categorically and publicly deny any form of throttling, shaping or interference with OpenVPN connections. I've been using an Ubuntu torrent as a speed benchmark as it's multi-threaded, consistently very fast, and can be used off-VPN without fear of legal issues. I have tested every port and protocol in Eddie, as well as via Viscosity (to rule out Eddie issues). I also tried the same tests with several other well respected VPN providers with good networks and the results were consistent across them all, Air included. Note that I am using MB/sec in its proper format, meaning megabytes per second. 1MB/sec = 8Mbps. All results are for the same Ubuntu 15.04 x64 torrent downloaded in the latest qBittorrent v3.2.3 on Mac OS X (also verified on Linux, PCBSD and Windows 8.1 Pro). As well as checking against multiple VPN companies, multiple OpenVPN software and multiple operating systems, I also reproduced the results on multiple machines (mid 2012 MacBook Pro and my FX8350 / 16GB DDR3 / Samsung Evo 850 sad / Radeon R9 380 gfx desktop). I repeated the tests with several ethernet cables (to rule out cable issues), as well as with *machine* > router > modem and *machine* > modem (to rule out firmware or routing issues). Every time, regardless of the variable, the results below were consistent. ISP : 19MB/sec OpenVPN 53 UDP : 2MB/sec OpenVPN (all other ports in turn) UDP : 5MB/sec OpenVPN (all ports) TCP : 4 - 5 MB/sec OpenVPN + SSH 22 : 2MB/sec OpenVPN + SSH 80 (or 53) : 13 - 18 MB/sec (lower in peak times, high off-peak) OpenVPN + SSL 443 : 13 - 18 MB/sec (lower in peak times, high off-peak) As we can see, generally SSL and SSH masking the OpenVPN connection allows almost full line speed (minus the encryption overheads). That's great. As soon as it's a bare OpenVPN connection the speeds cap out at around 33% of what they should be. Bare OpenVPN TCP is a little slower than UDP (as you'd expect) but otherwise in accordance with the general 5MB/sec cap experienced on UDP. The only exceptions are UDP:53 and SSH:22 which are both heavily restricted to around 2MB/sec. Now to my mind, knowing what I do of VM's shaping and DPI systems, this would only make sense if they were interfering with OpenVPN either by purposefully throttling it, or else their DPI system is messing up the connection. They further seem to restrict SSH:22 and UDP:53 by protocol but not by port. This actually makes sense, as all other Eddie combinations are quite random whereas SSH:22 (SSH) and UDP:53 (DNS) are established network traffic protocols and thus could be singled out for listing in the shaping systems. If we reverse the protocol/port (to give SSH 53 and UDP 22) we once again obfuscate the tunnel and go back to full speeds! I also get a lot of decrypt/replay errors in the logs on every single port for 'normal' OpenVPN. As soon as I hide the OpenVPN in either SSL or SSH the errors simply don't occur. Ever. This suggests that the extra tunnel is hiding the OpenVPN tunnel from being shaped, or else the DPI process in and of itself is breaking OpenVPN and causing the packets to arrive out of order. Maybe that in and of itself can hurt speed? So there you go. Sorry for the long post but it's an interesting (if thoroughly frustrating and annoying) issue. What do you gurus think? Given I have worked to change the variables one at a time to rule out issues with AirVPN (different providers), the router and/or its firmware (direct connection to modem, bypassing router), wireless issues (used ethernet directly) and OS limits or bugs (used multiple OSs) I can't see anything is left... except issues with the ISP shaping/throttling or else their DPI breaking things. I posted a thread very similar to this in VM's support forums, but for a whole week it has gone unanswered by any staff. Interestingly it is the only thread on the forum to have been ignored. Make of that what you wish. I await your replies with interest. Thanks in advance for reading.
  2. Dear AirVpn Forum Members, Since i am using Airvpn in my work, behind work firewall, my firewall blocks ddwrt open vpn connection. But in my computer I can use AirVpn SSH in my work. All i need please make a tutorial, how we setup ssh + openvpn on to DDWRT routers for airvpn. There is SSH service in DDWRT. I need how we configure it. Could you please show me the configuration of SSH + airvpn openvpn settings for ddwrt router? Best regards,
  3. I recently noticed that my openvpn speeds weren't great. It didn't matter whether I was connecting via udp or tcp or a specific port. And so I tried connecting via ssl and ssh tunnels. Both were surprsingly much faster. So, I have two questions, please: 1) Am I correct in my understanding that openvpn via a ssh tunnel is more efficient and generally preferred over openvpn via a ssl tunnel? 2) For openvpn via a ssh tunnel, which port is preferred and recommended? Thanks much for the assistance and advice!
  4. I have to following question which I am sure has a simple solution though I am not knowledgable enough to figure it out myself: I have a tomato router running as a client for the VPN connection to AirVPN (with IP 192.168.1.1). Now I have a computer in the LAN which should serve as a SSH server towards the outside (with IP 192.168.1.2). I have set up a port forwarding, to forward the port 22 from the WAN to the client 192.168.1.2. Which works when the VPN is not on. If I connect the router with AirVPN having in AirVPN a port forwarding to the local port 22 set up and then try to connect from the outside to the SSH-server, I suddenly end up talking to the SSH-server of the router. So the port forwarding does not work. I guess the reason is that the connection comes in through the tunnel and thus the port forwarding rule does not match. How can I adjust the settings of my router that the connection to the port 22 through the tunnel are forwarded to 192.168.1.2? Thank you for your help, Fabian P.S. Luckily I figured out that the connection from the outside can talk to the SSH of the router (even though it is set up not to accept any external connection attempts). But I guess that is what the P in VPN stands for. In the mean time, I turned the SSH server off: the standard options for the SSH login on the router where set and I guess there is nothing worse than your router being hacked...
  5. Hello, I am using a Blackberry Passport and would like to connect to AirVPN using an SSH tunnel. The options look like the picture below. Where can I find the information to fill this in? If it's not possible with the BB options, does anyone know of reliable open-source software for the Blackberry Passport that support the VPN SSH tunnel. My knowledge is still limited with all this, but learning. Thanks!
  6. Hi there, I've been using the AirVPN service now for several weeks and its been great! Due to my ISP (VirginMedia) throttling VPN connections, I've been using the SSL/SSH Tunnels to get through. None the less they still apply a general throttle of 2 MB/s to all encrypted connections. After having done a bit of testing with one of my servers, I realised that the throttling is not done across the whole spectrum of ports, only ports 1 to 1024. For anything higher, in my test case 5432, there was no more throttling being applied. Would it be possible to have the SSH/SSL tunnels connecting over a port greater than 1024, in addition to the current ones (22, 52, 80, and 443)? Thanks!
  7. Hi, Is there any development going on to enable SSH or SSL tunnels on Android to avoid DPI in China? Some other providers already have this service on Android. Thanks,
  8. Hello I a new user and would like to know how to set up an SSH tunnel with OpenVPN in my Mac with Viscosity App. I generated these files and imported them all to the Viscosity: https://cl.ly/aeTZ/Captura_de_Tela_2015-04-14_as_18.17.12.png [Or attached file!] I can connect via UDP-443 _ but I can't connect through SSH _-53. What am I doing wrong? I think I'm connected with OpenVPN but without the SSH tunnel. How should I do?
  9. One user descriped a way how to bypass the great firewall in china: https://airvpn.org/topic/11134-ssh-or-ssl-tunnel-on-android/?p=21319 Why isn't android supported officially? If the devs decide to support this I will make an video which would explain this feature and how to install it.
  10. Short question, probably short answer... Can i use the ssh tunnel port 22 protocol with a dd-wrt router? Thanks!
  11. Security researchers have developed an application called pacumen to analyze encrypted traffic. With the information provided by it an attacker can find out if a certain (specified) application is communicating behind an encrypted connection. This analysis technique is called a side channel attack. In pacumen, you create a classifier (detection rules for the application you'd like to uncover in the traffic) and a pcap file with sniffed traffic (preferably covering hours of length). It then starts analyzing it and calculates a value, representing the similarity of the analyzed traffic with the specified rules. For example: The researchers tried to uncover usage of Skype inside an SSH tunnel and were quite successful. The same thing can be done with any other protocol, let's say, to see if some user is using Facebook over HTTPS. Or identifying BitTorrent inside OpenVPN. China and Iran could theoretically use it to uncover OpenVPN over SSH/SSL. Countermeasures are padding of all packets and/or sending contant dummy packets. Note that both of them would lower performance of tunnels drastically.
  12. Since SSL and SSH both use a double layer of encryption, I am wondering if this hides my download totals (bytes going to my PC) from my provider? My guess is not but I would appreciate confirmation. Thank you P.
  13. I'm building a Linux home server, and some resources (mostly protected by password & SSL) will need to be accessible over the internet. Also, I'll need to be able to SSH into my server over the internet, to initiate remote tasks or something of that nature. In order to do any of these things, I'll need to get a dynamic DNS, at least until I can get a static IP. First of all, is this even possible to do while my IP address is masked by airVPN? If so, does this present any additional security concerns? I assume the dynamic DNS provider will know the outbound IP of the AirVPN server I'm using, but would that actually be a problem? After all, every site I connect to can already see that address.
  14. Hi, I have just updated my OpenSSH version to version 6.2p2 - although this made me notice that (as far as I can tell), the AirVPN servers utilise version 5.5p1 (Debian-6+squeeze2). Are there any plans to update this soon, given the number of bug fixes and exploit patches that have been introduced since? Cheers!
  15. Any one else working on an SSH Tunnelled OpenVPN connection on DD-WRT? I have the SSH Tunnel standing up correctly and the OpenVPN connection connecting correctly. HOWEVER, no port 80 traffic. Only pings, traceroute, etc. Ideas? Suggestions? Once I have it working I will write up a how to. If you are in China you need this info!
  16. Hello, I saw that when I am connecting through air over shh, in the Client Area it is not shown my real ip. Why is that?
  17. Hi, I'm using AirVPN successfully on my Mac (10.8.2) with Tunnelblick. However I want to get VPN over SSH working too. I have got the SSH key, openvpn binary, and .sh and .ovpn through the config generator, and the SSH tunnel successfully connects; $ ./AirVPN_United\ Kingdom_SSH-22.sh AirVPN SSH Tunnel OpenSSH_5.9p1, OpenSSL 0.9.8r 8 Feb 2011 debug1: Reading configuration data /etc/ssh_config debug1: /etc/ssh_config line 20: Applying options for * debug1: /etc/ssh_config line 53: Applying options for * debug1: Connecting to 31.193.12.98 [31.193.12.98] port 22. [...] debug1: Connection to port 1412 forwarding to 127.0.0.1 port 2018 requested. debug1: channel 2: new [direct-tcpip] debug1: channel 2: free: direct-tcpip: listening port 1412 for 127.0.0.1 port 2018, connect from 127.0.0.1 port 56739, nchannels 3 debug1: Connection to port 1412 forwarding to 127.0.0.1 port 2018 requested. debug1: channel 2: new [direct-tcpip] debug1: channel 2: free: direct-tcpip: listening port 1412 for 127.0.0.1 port 2018, connect from 127.0.0.1 port 56754, nchannels 3 When I launch the openvpn though, I get an error - "Cannot allocate TUN/TAP dev dynamically" $ sudo ./openvpn AirVPN_United\ Kingdom_SSH-22.ovpn Mon Jul 8 18:12:09 2013 OpenVPN 2.3.1 x86_64-apple-darwin11.1.0 [sSL (OpenSSL)] [LZO] [eurephia] [MH] [iPv6] built on Apr 26 2013 Mon Jul 8 18:12:09 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables Mon Jul 8 18:12:09 2013 Socket Buffers: R=[131072->65536] S=[131072->65536] Mon Jul 8 18:12:09 2013 Attempting to establish TCP connection with [AF_INET]127.0.0.1:1412 [nonblock] Mon Jul 8 18:12:10 2013 TCP connection established with [AF_INET]127.0.0.1:1412 Mon Jul 8 18:12:10 2013 TCPv4_CLIENT link local: [undef] Mon Jul 8 18:12:10 2013 TCPv4_CLIENT link remote: [AF_INET]127.0.0.1:1412 Mon Jul 8 18:12:11 2013 TLS: Initial packet from [AF_INET]127.0.0.1:1412, sid=22ba3002 6e01312b Mon Jul 8 18:12:21 2013 VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org Mon Jul 8 18:12:21 2013 VERIFY OK: nsCertType=SERVER Mon Jul 8 18:12:21 2013 VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, emailAddress=info@airvpn.org Mon Jul 8 18:12:47 2013 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key Mon Jul 8 18:12:47 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Mon Jul 8 18:12:47 2013 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key Mon Jul 8 18:12:47 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Mon Jul 8 18:12:47 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA Mon Jul 8 18:12:47 2013 [server] Peer Connection Initiated with [AF_INET]127.0.0.1:1412 Mon Jul 8 18:12:49 2013 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) Mon Jul 8 18:12:51 2013 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.50.0.1,comp-lzo no,route 10.50.0.1,topology net30,ping 10,ping-restart 60,ifconfig 10.50.0.58 10.50.0.57' Mon Jul 8 18:12:51 2013 OPTIONS IMPORT: timers and/or timeouts modified Mon Jul 8 18:12:51 2013 OPTIONS IMPORT: LZO parms modified Mon Jul 8 18:12:51 2013 OPTIONS IMPORT: --ifconfig/up options modified Mon Jul 8 18:12:51 2013 OPTIONS IMPORT: route options modified Mon Jul 8 18:12:51 2013 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified Mon Jul 8 18:12:51 2013 ROUTE_GATEWAY 10.101.0.1/255.255.128.0 IFACE=en1 HWADDR=b8::12:3b:d1:36 Mon Jul 8 18:12:51 2013 Cannot allocate TUN/TAP dev dynamically Mon Jul 8 18:12:51 2013 Exiting due to fatal error The Google hits I've found have all been related to Tunnelblick on the Mac, but for me Tunnelblick is working absolutely fine. Any suggestions on resolving this please?
  18. I've been assisting a friend in getting set up with AirVPN. He's currently at a university out of the US and needs a VPN primarily for accessing US restricted content. Unfortunately, his university network effectively blocks everything, PPTP won't connect on other VPN providers, and AirVPN is unable to complete TLS handshakes on any port available. I did manage to get him up and running with AirVPN running over SSH, however, the performance is leaving a great deal to be desired: maybe 8-10 kilobytes/second. I spoke with a friend of mine who is a networking professional, and he recommended a possible solution. Basically, disable the encryption on the VPN tunnel, and instead rely on the encryption in SSH to protect the session. Given the architecture of AirVPN, will the servers allow unencrypted VPN tunnels? And is this a secure or practical thing to do? Thanks.
  19. I am running an ssh server behind openvpn. I successfully forwarded an airvpn port to my port 22, and I can ssh in my server, nevertheless I can seem to figure out the correct way to use scp to copy files from my local machine to my ssh server. How can i solve the problem? Best Regards
  20. Hello! We're very glad to introduce native support for OpenVPN over SSL and OpenVPN over SSH, and a completely re-designed configuration generator which includes exciting, additional AirVPN services and features. Our service becomes more censorship resistant and easier to use with a wide range of OpenVPN GUIs and wrappers. UPDATE OCT 2014: EDDIE CLIENT AirVPN client version 2, codename Eddie, gets out of the beta testing with version 2.6. Free and open source, it is a major breakthrough from client versions 1.x. Available for Linux, Windows and OS X Mavericks and Yosemite. Eddie includes Network Lock, full integrated TOR support for OpenVPN over TOR, support for OpenVPN over SSL and SSH, "intelligent" anti-censorship circumvention technique, "intelligent" VPN servers efficiency and rating calculations and much, much more. https://airvpn.org/topic/12464-eddie-27-available Currently the only open source OpenVPN wrapper in the world which allows OpenVPN over TOR connections without middle boxes or VM on three different OS. NEW SERVICES: OPENVPN OVER SSL - OPENVPN OVER SSH OpenVPN over SSL and OpenVPN over SSH will allow you to bypass OpenVPN connections disruption. Known ISP countries where the disruption takes place are China, Iran, Syria, Egypt. The connection disruption is possible because OpenVPN connections have a typical fingerprint which lets Deep Packet Inspection discern them from pure SSL/TLS connections. Connecting OpenVPN over SSL or OpenVPN over SSH will make your connection undiscernable from pure SSL or SSH connections, rendering DPI fingerprint identification powerless. OpenVPN over SSL/SSH is included in every Premium subscription without any additional payment. Use OpenVPN over SSL/SSH only when necessary: a slight performance hit is the price to pay. The performance hit is kept as low as possible because the "double-tunneling" is performed directly on our servers without additional hops. NEW FEATURES A new system for host resolution (not available for Windows) and dynamic VPN server choice is available. This will let you have OpenVPN configuration files which will try connections to various servers (according to your preferences) if one or more servers are unavailable. A new connection port (2018) is now available on all Air VPN servers. A new, alternative entry-IP address is now available on all Air VPN servers. NEW CONFIGURATION GENERATOR FEATURES - You can now select servers by countries, continents and planets (currently only one planet) or any combination between single servers and countries. - You can now select an alternative entry-IP address. Each Air server has now an additional entry-IP address to help you bypass IP blocking. - You can now choose a wide variety of compressing options: zip, 7zip, tar, tar & gzip, tar & bzip2. - You can now choose not to compress the files and download them uncompressed one by one NEW CONFIGURATION GENERATOR "ADVANCED MODE" FEATURES - Total connection ports range available, including new port 2018 in addition to 53, 80, 443 and (for SSH) 22. - Option to generate non-embedded configuration files, mandatory if you use network-manager as OpenVPN wrapper under Linux or just in case you use any wrapper that does not support embedded with certificates and keys OpenVPN configurations. - Option to generate files and scripts for OpenVPN over SSL/SSH connections by clicking on "Advanced Mode" - Option to select "Windows" or "Linux and others". Make sure you select the correct option according to your OS, because connections over SSL/SSH in Windows require different files than those required for Linux, *BSD and Unix-like / POSIX compliant systems such as Mac OSX. - New options to generate configuration files that support proxy authentication for OpenVPN over a proxy connections, particularly useful if you're behind a corporate or college proxy which requires authentication. A significant example of usage of OpenVPN over a proxy is OpenVPN over TOR: https://airvpn.org/tor Instruction page for OpenVPN over SSL (only if you don't run our client Eddie): https://airvpn.org/ssl Instruction page for OpenVPN over SSH (only if you don't run our client Eddie): https://airvpn.org/ssh Please do not hesitate to contact us for any additional information. Kind regards & Datalove AirVPN admins
×
×
  • Create New...