Jump to content
Not connected, Your IP: 44.210.107.64

Search the Community

Showing results for tags 'Firewall'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • AirVPN
    • News and Announcement
    • How-To
    • Databases
  • Community
    • General & Suggestions
    • Troubleshooting and Problems
    • Blocked websites warning
    • Eddie - AirVPN Client
    • DNS Lists
    • Reviews
    • Other VPN competitors or features
    • Nonprofit
    • Off-Topic
  • Other Projects
    • IP Leak
    • XMPP

Product Groups

  • AirVPN Access
  • Coupons
  • Misc

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Twitter


Mastodon


AIM


MSN


ICQ


Yahoo


XMPP / Jabber


Skype


Location


Interests

Found 71 results

  1. Hello and thanks for this great VPN service! Clients work well until I try to combine a Network Lock with Open Snitch Our browsers and applications constantly spy on our usage, requiring secure users to block these pesky telemetry echos. A secure connection is not enough. The goal is to have Manjaro (mate) 6.1.62-1 running “Open Snitch” with the Eddie client fully locked (in/out), no LAN or DNS selected. Using any of the locking mechanisms available (iptables / nftables) *Question dose not include the use of Hummingbird in the settings.* Currently using both the cli (version 2.23.2) and UI (version 2.21.8) of the Eddie client. IPv6 is disable at the system level via grub entry. **There are two different errors with the same effect just worded differently.** - UI client gives the error “Unexpected crash of elevated helper: Connection reset by peer” - CLI client gives the error “Unexpected crash of elevated helper:Network subsystem is down” Both require disabling and re-enabling "Networking" via NetworkManager in order to communicate again. Open Snitch has 3 selections for process monitoring. EPBF Proc Audit My current configuration is using “EPBF” as auto selected by Open Snitch install. The Error in Question *What is necessary to have these both running in full; so that I can control any web browser telemetry or applications that phone home with Open Snitch. While managing and controlling my LAN/VPN connections with Eddie. There simply is no such thing as online privacy if you cannot stop telemetry and secure your connection with multiple technologies at the same time from one system. The OS. Thank You for any help and have a great weekend. Happy Thanksgiving AirVPN!
  2. Does anyone have any experience with Untangle firewall? I am trying to get a port forwarded for bittorrent but for some reason it will not work despite my best efforts. I have got the port forward working fine with a local openvpn client on the machine so can confirm it is something to do with untangle. I have my port forward setup as following... Destination local - True Protocol - TCP Destination port - 48146 New destination - 192.168.0.194 New port - 48146 I also have a firewall rule allowing from the vpn tunnel interface to the machine with the client running on it. I have also tested the port is open from the untangle box and can confirm it open. Any input would be appreciated!
  3. Since it is not very easy to use a VPN from countries like Iran a recorded a tutorial on how to use airvpn from these countries: https://usefulvid.com/bypass-the-persian-and-chinese-firewall-by-using-airvpn-with-ssl/ The videos are hosted on my website and on youtube. The reason is that it is not possible to access youtube from Iran. https://youtu.be/jl8I2-GQF94 It would be nice if you could share this with your friends in Iran, China, Turkey, Russia, UAE, Saudi Arabia and provide feedback if this method works. You can also download this video from my website to make it easier to share and spread the word. A video on how to use stunnel on android will follow and also published on this site. Update on 6.1.2018: The Video for Android is finally published: https://www.youtube.com/watch?v=zwf5JI6t0TI For all who suffer from youtube censorship this is the link for you: https://usefulvid.com/bypass-the-persian-and-chinese-firewall-by-using-airvpn-with-ssl/ Second Video on the page
  4. Hi, I have written an alternative client for AirVPN that I would like to share with you. Just as Eddie, it supports other providers, too, as long as OpenVPN config files are provided. For AirVPN and Mullvad it offers a convenient update function that just requires you to enter your credentials in order to download the latest server configurations. Furthermore, it allows you to choose among the plethora of protocols offered by AirVPN (including OpenVPN over SSL/SSH) except the experimental ones (I might add support for those in the future, once they become available for all servers). Qomui (Qt OpenVPN management UI) as I have named it, is written in Python and PyQt and should run on any GNU/Linux distribution. It allows you to easily create double-hop connections. In other words, you can route your requests via two OpenVPN servers. This feature works provider-independent. For example, you could choose a Mullvad server for the first hop, and AirVPN for the second (I have successfully tested this with AirVPN, Mullvad and ProtonVPN). Thereby, it avoids a major downside of similar offers by some providers, namely the fact that if one provider controls all "hops" he or she could potentially still see, log or inspect all your traffic. In the latter case, you would gain little in terms of privacy. With the ability to "mix" providers, Qomui does not suffer from the same problem and hence offers some tangible benefits. Obviously, you would still have to sacrifice some speed/bandwith, though. Depending on your DE (looking at you, Gnome!), Qomui will also display a systray icon that shows the country of the server you are currently connected to. Additional features include protection against DNS leaks and a firewall that optionally blocks all outgoing network connections except for the OpenVPN server you have chosen. Since it is never recommended to run graphical applications as root, which is a major flaw of most OpenVPN clients, all commands that require root privileges are handled by a background service that can be controlled via systemd. The following screenshot gives you an idea of what Qomui looks like (on Arch/Arc Dark Theme). If you are interested, you can download Qomui from github: https://github.com/corrad1nho/qomui Of course, I'd be happy for any kind of feedback. If you find bugs or Qomui does not run properly or not at all on your machine, please let me know. I'm happy to help! At last, a big thank you to AirVPN and its amazing community. The fact that you rely more on explaining technical details than empty promises, has helped me to learn a lot. It is also one of the main reason why I chose AirVPN. Commendably, Eddie is also released as open-source software. Only Mullvad does that, too, to my knowledge. Why doesn't every provider do that? You are selling a service, not software! Why would I trust in proprietary software? Funnily, I have never really used Eddie, though, since I was accustomed to manually adding config files to NetworkManager as my first provider did not offer a GNU/Linux client. My interest in features such as OpenVPN over SSL made me look into more convenient solutions, though. Ultimately I decided to write my own program as I wanted to learn some Python and this provided a perfect practical challenge. I have actually used Qomui daily on multiple machines during the past few months and constantly tried to improve it. So I'd thought it'd be about to time to share it (it's an alpha release, though). Have a nice weekend! Corrado
  5. The port-forwarding page was updated very recently (neat!) and there's now an option to test whether the port is open and reachable. I did test it: unreachable! Darn, I must've changed/enabled the firewall again. Disable it? No, I will show you the proper way how to configure Windows Firewall for port-forwarding. Screenshots attached below Go to "Control Panel\All Control Panel Items\Windows Firewall". You will see the Home/Work and Public networks. Find out which one is your OpenVPN connection to AirVPN (mine is properly named, yours will not be), preferably you should've set it as a public network like me. if the VPN connection is not classified as a public network, change it now. There's no reason to allow Windows to be promiscuous with the local services like printing and file sharing on the VPN network. Read what is says about incoming connections: "Block all connections to programs that are not on the list of allowed programs". We will need to change that On the left click "Advanced settings" (opens "Windows Firewall with Advanced Security") - OR skip steps 1,2: Press Win+R keys and run "WF.msc" You'll see the same thing as in 3: "Public profile is Active - Inbound connections that do not match a rule are blocked" and "Outbound connections that do not match a rule are allowed" This means we only need to create inbound rules to allow incoming connections (port-forwarding) [Allow Program] Go to "Inbound Rules" -> New Rule... Rule Type = Program, Next This program path = choose the program's .exe file. Like "C:\Gameserver\server.exe", NEXT For Minecraft that's either java.exe or javaw.exe in Program Files. Windows: cmd.exe and run "where java" to find out the path. The first line is your answer Action = Allow the connection, Next Profile = Check the profile where AirVPN adapter is (e.g. Public). You can select all three checkboxes, it's ok. Name = "MyServer (allow program)" Your new entry will appear at the top. When you next visit the settings, it will be sorted alphabetically. [Allow ports] Only doing (5) was not enough to get port-forwarding to work, I had to explicitly allow the ports. Go to "Inbound Rules" -> New Rule... Rule Type = Port, Next TCP/UDP (repeat these steps to enable TCP AND UDP with 2 different rules) Specific local ports: Enter the port from port-forwarding page. If you specified a different local port there, enter the local port in Firewall settings. Next Allow the connection, Next Profile = See above or check all Name = "MyServer (allow TCP _port#_) Repeat these steps to allow UDP Now port-forwarding should work and inbound connections be accepted by your server or content-sharing application. This guide was sponsored by windows 7 gang Final result (I forgot to allow UDP 1234 too) Go to Windows Firewall, click advanced settings (left): Create new Inbound rule to Allow program (step 5): Now the individual TCP/UDP ports (step 6)
  6. I just now saw a post in my Telegram newsfeed which had this to say: VPNs targeted, throttled - Gov Jan6 Patriot witch-hunt? https://youtu.be/38za1LYj2XQ Here is the info undeneath the actual YOUTUBE video: HOW can ANYONE "throttle" VPN traffic if it is encrypted? unless they watch a certain port all the time??? And AirVPN lets us pick our own ports or sets apart isolated ports for us.... Why is this even happening?!
  7. Hello, I updated Eddie from 2.16.x to 2.18.9 on Windows 10. I did not uninstall the old version first, just installed over it. It installed ok. The Eddie screen comes up with my login and password already filled out from before when it worked. Upon launching I am not greeted with Cannot login (curl (7) Failed to connect to 63.xxx.xxx.xxx port 80 bad access. I typed my user name and password again - same error. Windows Firewall is on, so I turned it off for Domain, Private and Public. It works. I turned them on one by one and it works for Domain and Public, but as soon as I add private it fails again with the above error. I used 'Allow an app through firewall' added Eddie - Windows UI (both private and public. Still the problem persists when the Private Firewall is turned on. With the private firewall turned off, I can see the list of servers then try to connect to a server and it keep trying and failing with the error curl: (7) Failed to Connect to <server>_exit.airservers.org port 89: Bad access <red x> Checking route IPv4 failed If more info is needed, please let me know! Help? Thanks, Veep
  8. I understand that with the new Eddie version, the Comodo Firewall settings are no longer up to date. I am now getting a whole slew of errors (e.g., not connecting, IPv6 tunnel errors, connection loops, etc.). Instead of trying to fix the problem, I shut the entire firewall down and went back to the basic Windows 8.1 firewall on default settings. At least now airvpn is connecting. There used to be a sticky tutorial here on the AirVPN forums on how to configure Comodo Firewall with AirVPN, but I do not see it anymore (nor can I find it). Is it safe to assume that Comodo Firewall is no longer recommended by the admins? If it is still recommended, what is the recommended setup? Warm regards, Jopa
  9. Hello, Everything was working just fine till recently. Every time I boot up and connect to the AirVPN client, it is always unsuccessful. I check and found out the Windows 10 Firewall is on. When I turn it off, I can connect. When I look at Private Networks active networks, I see Linksys43709. I am guessing I have to add this as an exception - but don't see where. I can add apps (AirVPN-ICMP, AirVPN-In-Allow local, AirVPN-In-AllowVPN) Private networks have been select to be allowed. Settings for AirVPN. Right now I have the FW turned off so it works See attachments, please Help? Thanks, Mr. V
  10. Hi, I am getting several alert entries in my pfsense firewall. There are connections denied to 4 different TOR relays in the US, Switzerland, Germany and the Netherlands. I never had these entries before so I am a bit worried. Example: AirVPN_LAN Source: 192.168.1.xxx:476xx Destination:176.10.104.240:443 Any ideas?
  11. Hi, I would like to use AirVPN on my Android device but am concerned about leaking. I have seen some posts on here about using AfWall+ and was wondering if this is the best way to go. Android now also natively has a kind of Network Lock feature. But then there is also the boot leak (discussed here, along with providing a userinit script for droidwall to disable network connectivity during boot and also a script to prevent Google portal capture during wifi connection: https://blog.torproject.org/mission-impossible-hardening-android-security-and-privacy). My thinking is to use OpenVPN on the latest Lineage OS and would appreciate any assistance on the matter. Thank you.
  12. Hello all, I use a very restrictive firewall for Windows 7 known as TinyWall. I made it only allow programs I specifically let through it. The issue is I've allowed the AirVPN.exe executable through the firewall with no restrictions, but even so I'm not able to connect to a server until I disable the firewall. After I connect to a server, I can then reactivate the firewall. If I have the SSL protocol activated though, and I re-enable the firewall after connecting, it just disconnects from the server. If I let Eddie choose the protocol automatically, it doesn't disconnect after re-enabling the firewall. Judging from the attached screenshot of blocked processes by the firewall and Eddie's logs, it seems it's trying to connect to port 80? Though I'm not sure what exactly is trying to do so, since the executable is not shown. Any ideas? Thanks for any help. system log info.txt
  13. Hi, After I've forwarded the right port in AirVPN client area and put the right settings in qBittorrent, I finally get great speeds while connected to the VPN service. However, the speeds (for torrents), seem to fluctuate heavily between 0 and 200Mbit (my max speed). I have the feeling it is because of some setting or limit somewhere that high speeds cannot be sustained. Here is a screenshot of the Eddie speed: More info: - Using network lock - Using OS X 10.12.6 - Using an SSD - Using Asus AC-3200 router - Only using the utun3 network interface in qBittorrent - Used settings described here for qBittorrent - Disabled firewall on router - Looked for any settings in my router that might impede sustained speed like ICMP flood detection but cannot find those - Using port forwarding in client area Is this normal behaviour? I don't really mind it for the time being, as speed is much faster than before, however maybe I'm missing a setting that could prevent this?
  14. I've been having this problem for months now. I'm running Windows 7 and Windows 10 and use Bitdefender Internet Security on both machines. I want to be able to access certain websites outside of the VPN tunnel (so they see my real IP), but still force all other traffic through the VPN tunnel. To achieve this, I added the exceptions inside Eddie under Settings -> Routes. The problem is: they only work as long as I don't have network lock enabled. How do I know this? I'm testing these routes with sites like ipleak.net, doileak.com, ifconfig.co etc. As soon as I activate network lock, I can't access the sites I specified under "routes" anymore. I can ping them just fine, and run a traceroute command, but I can't access them inside any web browser. I also tried adding them under "allowed addresses" inside the "network lock" settings without any luck. I've been trying to solve this issue with staff for almost two months now, but without luck so far. It would be awesome if some of you could try to reproduce the same error, i.e. setting up these routes to see if you can access these sites while network lock is active. "Disclaimer": I'm using the "Windows Filtering Platform" method for network lock. (Which is the default method anyway as far as I'm aware) Everything is working just fine when I'm using the "Windows Firewall" method, even with network lock enabled. However, I don't want to rely on the Windows Firewall, so I'm using the firewall from Bitdefender Internet Security instead Any ideas or suggestions? Can any of you reproduce this same issue? Are any of you using another third party firewall that doesn't cause this issue? If so, which one? PS: Here are the IPs for some of the sites I used for testing so you can just copy and paste them if you want to test it for yourselves: 95.85.16.212 (ipleak.net) 62.243.70.171 (doileak.com) 188.113.88.193 (ifconfig.co)
  15. Hello everyone, I am TheDarkOnyx. That aside, I am facing problems with connecting with SSL to any server, for that matter. In my case, my school has a hefty firewall that has DPI recently, and it has been effective. I have since been using STunnel and I am using SSL port 28439, and oddly enough, it has been resetting connection by peer by almost every single server available except the Dheneb server. Is there something I should fix? Thanks.
  16. Hey, everyone: Not sure if this is the best place to post this or not, or if this is being discussed elsewhere; I tried to search for topics related to this, but couldn't find anything, so I figured I'd start my own. If it needs to be moved or is already being discussed, please change it, or let me know where I can find the information. I'm not really a fan of Windows 10 firewall, and was hoping there is now a way to use Network lock with Kaspersky firewall? I know a year or so ago, there wasn't really a way, but now I'm seeing something about "Windows Filtering Platform" to help with that? What is WFP? Is there a way to get Eddie and the Network Lock to work with Kaspersky? If so, how would I go about setting it up, and testing to make sure it's setup correctly? If not, how can I make sure that my Network Lock and Kaspersky aren't interfering with one another and are setup correctly? Thank you, Kevin
  17. Hello everyone, I would like to create rules in the Windows 7 firewall so the AirVPN Edie client can work properly. Right now I have to allow all outbound connections for the client to work, which is not that secure. I want to have my Windows 7 firewall block all inbound and outbound connections unless I make a rule which allows a connection. I tried to make new rules in the Windows 7 firewall which included the AirVPN client files located in C:\Program Files\AirVPN to allow the connections but this did not work. I am fairly new to making firewall rules and using a VPN, so I need a basic explanation how to do this. Any advice would be appreciated.
  18. Hi all, I have a little problem. I try to tell it with my terrible English. So i like to setup this VPN(airvpn client) >>> SOCKS PROXY>>> Browsers and others, virtual machines etc... (all socks traffic over vpn). The host os is linux.
  19. Hello, I've recently installed OpenVPN for Android (the open-source recommended choice) but I'm concerned about different issues. For instance, this app doesn't autostart at boot / reboot but has to be manually started. BTW Android uses wifi's previous state after reboot : when Wifi was "on" our real IP is visible until OpenVPN is manually started. When it crashes (it happens with the latest version) our real IP gets exposed too. I wonder if it could be possible to configure a firewall (AfWall+ or Droidwall) to block all the traffic excepting the one which transits through OpenVPN for both Wifi and data (3G/4G) ? These two apps are using iptables but I don't know how to write the custom rules matching my requirements. The help and knowledge of some computer savvy members would be appreciated. If it works we could maybe create a tutorial for the "How to" section of this forum ? I've collected several articles regarding Android and iptables but I've no idea how I could adapt all this for AirVPN .ovpn default config file (Europe). https://android.stackexchange.com/questions/14455/how-can-i-block-the-traffic-outside-the-vpn-even-if-the-vpn-is-down https://github.com/ukanth/afwall/wiki/Apps-leak-private-user-data-during-boot https://blog.torproject.org/blog/mission-impossible-hardening-android-security-and-privacy https://droidvpn.com/page/stopping-leaks-with-droidwall-when-using-droidvpn-8/ https://airvpn.org/faq/software_lock/ Any idea ? Thanks
  20. Hi, Long-time AirVPN user, I'm on a linux PC, using the ufw method described here: (https://airvpn.org/topic/5586-prevent-leaks-with-linux-firestarter-also-stop-traffic-when-vpn-drops/?p=14095). I would like to share this connection with other devices, having my PC serve as a kind of router. Assume I cannot modify my router or the other devices to natively use AirVPN. I have been able to create a wifi hotspot using an ethernet connection. However, my devices are unable to complete the connection until I disable the firewall. Obviously, this is not an acceptable solution as it will allow leaks and I was wondering if anyone here in the community could modify randombit and worric's method to allow hotspot usage.
  21. Hello all, I'm having issues Eddie - Network Lock at Windows startup. I have to manually turn off Windows Firewall every time Windows starts. I don't understand why it automatically turns on if Service is set to "Manual". Can you please tell me if you need any more info to understand the issue? Thanks.
  22. Hello, I have a question that maybe someone more knowledgeable can answer. I have a computer at home that runs airvpn client and a remote computer. I want to be able to connect from either computer to another one with ssh. Without airvpn client, everything works (obviously). If I run airvpn without network lock, I can ssh from home to remote (it goes via the AirVPN server) but not from remote to home. I tried to start airvpn with the parameter "routes.custom=my.remote.ip.addr,255.255.255.255,out" but it didn't help - the required route was not added to the routing table. However, that problem was easily solved: I added the route separately with "route add -host my.remote.ip.address gw 192.168.1.1" and all was well: ssh works from home to remote and from remote to home bypassing AirVPN as I want it to do. Now, I enable network lock. This time I need to add "allowed IP" parameter to be able to ssh from home to remote: ./airvpn -cli -connect -netlock -login=**** password=**** netlock.allowed_ips=my.remote.ip.addr But ssh from remote to home is blocked by the firewall. I can't find any airvpn parameter that can be used to create custom firewall rules. So I ended up with adding the required rule myself. Before: # iptables -L -v --line-numbers Chain INPUT (policy ACCEPT 0 packets, 0 bytes) num pkts bytes target prot opt in out source destination 1 177 16717 ACCEPT all -- lo any anywhere anywhere 2 0 0 ACCEPT all -- any any 255.255.255.255 anywhere 3 93 8963 ACCEPT all -- any any 192.168.0.0/16 192.168.0.0/16 4 26 4651 ACCEPT all -- any any 10.0.0.0/8 10.0.0.0/8 5 0 0 ACCEPT all -- any any 172.16.0.0/12 172.16.0.0/12 6 0 0 ACCEPT icmp -- any any anywhere anywhere icmp echo-request 7 1890 460K ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED 8 0 0 ACCEPT all -- tun+ any anywhere anywhere 9 6 502 DROP all -- any any anywhere anywhere Add the rule: iptables -t filter -I INPUT 9 -i eth0 -p tcp -s my.remote.ip.addr --dport 22 -j ACCEPT After: # iptables -L -v --line-numbers Chain INPUT (policy ACCEPT 0 packets, 0 bytes) num pkts bytes target prot opt in out source destination 1 182 17197 ACCEPT all -- lo any anywhere anywhere 2 0 0 ACCEPT all -- any any 255.255.255.255 anywhere 3 107 10296 ACCEPT all -- any any 192.168.0.0/16 192.168.0.0/16 4 41 6945 ACCEPT all -- any any 10.0.0.0/8 10.0.0.0/8 5 0 0 ACCEPT all -- any any 172.16.0.0/12 172.16.0.0/12 6 0 0 ACCEPT icmp -- any any anywhere anywhere icmp echo-request 7 1981 480K ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED 8 0 0 ACCEPT all -- tun+ any anywhere anywhere 9 0 0 ACCEPT tcp -- eth0 any my.remote.ip.addr anywhere tcp dpt:22 10 6 502 DROP all -- any any anywhere anywhere Now everything works again, but the question remains: what is the best way to achieve that ? In the worst case scenario, I can just start airvpn in the background, wait a minute or so and then run iptables with my additional rule. But that looks ugly. Can anyone think of a better way ? Maybe some "event.session..." or "event.vpn..." parameter will do the trick ? Thanks for any help.
  23. So I have software on my machine which i wish to block connection to the internet on. ​ ​ ​ ​ ​I have my machine set to boot up, run air vpn, air vpn automaticly activates network lock ( this is where the issue occurs ) , then air vpn connects to a whitelisted server. ​ ​ ​ ​Now the problem is that airvpn removes my blocked in and out traffic rules in my firewall for the software i wish to prevent from connecting to the internet at all. ​ ​ ​ ​ ​Is there a way to add rules that airvpn writes when it re configures the firewall settings
  24. hey guys, with ufw enabled, vpn connects but wget and web pages don't resolve: $uname -a Linux 4.4.0-38-generic #57-Ubuntu SMP Tue Sep 6 2016 x86_64 x86_64 x86_64 GNU/Linux $ufw reset $ufw allow out on wlp1s0 to 213.152.161.180 port 443 proto udp $ufw allow out on tun0 $ufw status verbose Status: active Logging: on (low) Default: deny (incoming), deny (outgoing), disabled (routed) New profiles: skip To Action From -- ------ ---- 213.152.161.180 443/udp ALLOW OUT Anywhere on wlp1s0 # NL-Alblasserdam_Alchiba_UDP-443.ovpn Anywhere ALLOW OUT Anywhere on tun0 # tun0 $openvpn --config ~/VPN/NL-Alblasserdam_Alchiba_UDP-443.ovpn Mon Oct 3 2016 OpenVPN 2.3.10 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Feb 2 2016 Mon Oct 3 2016 library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08 Mon Oct 3 2016 Control Channel Authentication: tls-auth using INLINE static key file Mon Oct 3 2016 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Mon Oct 3 2016 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Mon Oct 3 2016 Socket Buffers: R=[212992->212992] S=[212992->212992] Mon Oct 3 2016 UDPv4 link local: [undef] Mon Oct 3 2016 UDPv4 link remote: [AF_INET]213.152.161.180:443 Mon Oct 3 2016 TLS: Initial packet from [AF_INET]213.152.161.180:443, sid=b2d0c912 4505e529 Mon Oct 3 2016 VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org Mon Oct 3 2016 Validating certificate key usage Mon Oct 3 2016 ++ Certificate has key usage 00a0, expects 00a0 Mon Oct 3 2016 VERIFY KU OK Mon Oct 3 2016 Validating certificate extended key usage Mon Oct 3 2016 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication Mon Oct 3 2016 VERIFY EKU OK Mon Oct 3 2016 VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, emailAddress=info@airvpn.org Mon Oct 3 2016 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key Mon Oct 3 2016 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Mon Oct 3 2016 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key Mon Oct 3 2016 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Mon Oct 3 2016 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA Mon Oct 3 2016 [server] Peer Connection Initiated with [AF_INET]213.152.161.180:443 Mon Oct 3 2016 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) Mon Oct 3 2016 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.4.0.1,comp-lzo no,route-gateway 10.4.0.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.4.48.174 255.255.0.0' Mon Oct 3 2016 OPTIONS IMPORT: timers and/or timeouts modified Mon Oct 3 2016 OPTIONS IMPORT: LZO parms modified Mon Oct 3 2016 OPTIONS IMPORT: --ifconfig/up options modified Mon Oct 3 2016 OPTIONS IMPORT: route options modified Mon Oct 3 2016 OPTIONS IMPORT: route-related options modified Mon Oct 3 2016 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified Mon Oct 3 2016 ROUTE_GATEWAY 10.42.0.1/255.255.255.0 IFACE=wlp1s0 HWADDR=xx:xx:xx:xx:xx:xx Mon Oct 3 2016 TUN/TAP device tun0 opened Mon Oct 3 2016 TUN/TAP TX queue length set to 100 Mon Oct 3 2016 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0 Mon Oct 3 2016 /sbin/ip link set dev tun0 up mtu 1500 Mon Oct 3 2016 /sbin/ip addr add dev tun0 10.4.48.174/16 broadcast 10.4.255.255 Mon Oct 3 2016 /sbin/ip route add 213.152.161.180/32 via 10.42.0.1 Mon Oct 3 2016 /sbin/ip route add 0.0.0.0/1 via 10.4.0.1 Mon Oct 3 2016 /sbin/ip route add 128.0.0.0/1 via 10.4.0.1 Mon Oct 3 2016 Initialization Sequence Completed $route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.4.0.1 128.0.0.0 UG 0 0 0 tun0 0.0.0.0 10.42.0.1 0.0.0.0 UG 600 0 0 wlp1s0 10.4.0.0 0.0.0.0 255.255.0.0 U 0 0 0 tun0 10.42.0.0 0.0.0.0 255.255.255.0 U 600 0 0 wlp1s0 128.0.0.0 10.4.0.1 128.0.0.0 UG 0 0 0 tun0 169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 wlp1s0 213.152.161.180 10.42.0.1 255.255.255.255 UGH 0 0 0 wlp1s0 $ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: wlp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether xx:xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff inet 10.42.0.9/24 brd 10.42.0.255 scope global wlp1s0 valid_lft forever preferred_lft forever inet6 <removed>/64 scope link valid_lft forever preferred_lft forever 3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100 link/none inet 10.4.48.174/16 brd 10.4.255.255 scope global tun0 valid_lft forever preferred_lft forever inet6 <removed>/64 scope link flags 800 valid_lft forever preferred_lft forever i don't usually touch my iptables directly but here's the output: $iptables -L Chain INPUT (policy DROP) target prot opt source destination ufw-before-logging-input all -- anywhere anywhere ufw-before-input all -- anywhere anywhere ufw-after-input all -- anywhere anywhere ufw-after-logging-input all -- anywhere anywhere ufw-reject-input all -- anywhere anywhere ufw-track-input all -- anywhere anywhere Chain FORWARD (policy DROP) target prot opt source destination ufw-before-logging-forward all -- anywhere anywhere ufw-before-forward all -- anywhere anywhere ufw-after-forward all -- anywhere anywhere ufw-after-logging-forward all -- anywhere anywhere ufw-reject-forward all -- anywhere anywhere ufw-track-forward all -- anywhere anywhere Chain OUTPUT (policy DROP) target prot opt source destination ufw-before-logging-output all -- anywhere anywhere ufw-before-output all -- anywhere anywhere ufw-after-output all -- anywhere anywhere ufw-after-logging-output all -- anywhere anywhere ufw-reject-output all -- anywhere anywhere ufw-track-output all -- anywhere anywhere Chain ufw-after-forward (1 references) target prot opt source destination Chain ufw-after-input (1 references) target prot opt source destination ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:netbios-ns ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:netbios-dgm ufw-skip-to-policy-input tcp -- anywhere anywhere tcp dpt:netbios-ssn ufw-skip-to-policy-input tcp -- anywhere anywhere tcp dpt:microsoft-ds ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:bootps ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:bootpc ufw-skip-to-policy-input all -- anywhere anywhere ADDRTYPE match dst-type BROADCAST Chain ufw-after-logging-forward (1 references) target prot opt source destination LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] " Chain ufw-after-logging-input (1 references) target prot opt source destination LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] " Chain ufw-after-logging-output (1 references) target prot opt source destination LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] " Chain ufw-after-output (1 references) target prot opt source destination Chain ufw-before-forward (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED ACCEPT icmp -- anywhere anywhere icmp destination-unreachable ACCEPT icmp -- anywhere anywhere icmp source-quench ACCEPT icmp -- anywhere anywhere icmp time-exceeded ACCEPT icmp -- anywhere anywhere icmp parameter-problem ACCEPT icmp -- anywhere anywhere icmp echo-request ufw-user-forward all -- anywhere anywhere Chain ufw-before-input (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED ufw-logging-deny all -- anywhere anywhere ctstate INVALID DROP all -- anywhere anywhere ctstate INVALID ACCEPT icmp -- anywhere anywhere icmp destination-unreachable ACCEPT icmp -- anywhere anywhere icmp source-quench ACCEPT icmp -- anywhere anywhere icmp time-exceeded ACCEPT icmp -- anywhere anywhere icmp parameter-problem ACCEPT icmp -- anywhere anywhere icmp echo-request ACCEPT udp -- anywhere anywhere udp spt:bootps dpt:bootpc ufw-not-local all -- anywhere anywhere ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns ACCEPT udp -- anywhere 239.255.255.250 udp dpt:1900 ufw-user-input all -- anywhere anywhere Chain ufw-before-logging-forward (1 references) target prot opt source destination Chain ufw-before-logging-input (1 references) target prot opt source destination Chain ufw-before-logging-output (1 references) target prot opt source destination Chain ufw-before-output (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED ufw-user-output all -- anywhere anywhere Chain ufw-logging-allow (0 references) target prot opt source destination LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW ALLOW] " Chain ufw-logging-deny (2 references) target prot opt source destination RETURN all -- anywhere anywhere ctstate INVALID limit: avg 3/min burst 10 LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] " Chain ufw-not-local (1 references) target prot opt source destination RETURN all -- anywhere anywhere ADDRTYPE match dst-type LOCAL RETURN all -- anywhere anywhere ADDRTYPE match dst-type MULTICAST RETURN all -- anywhere anywhere ADDRTYPE match dst-type BROADCAST ufw-logging-deny all -- anywhere anywhere limit: avg 3/min burst 10 DROP all -- anywhere anywhere Chain ufw-reject-forward (1 references) target prot opt source destination Chain ufw-reject-input (1 references) target prot opt source destination Chain ufw-reject-output (1 references) target prot opt source destination Chain ufw-skip-to-policy-forward (0 references) target prot opt source destination DROP all -- anywhere anywhere Chain ufw-skip-to-policy-input (7 references) target prot opt source destination DROP all -- anywhere anywhere Chain ufw-skip-to-policy-output (0 references) target prot opt source destination DROP all -- anywhere anywhere Chain ufw-track-forward (1 references) target prot opt source destination Chain ufw-track-input (1 references) target prot opt source destination Chain ufw-track-output (1 references) target prot opt source destination Chain ufw-user-forward (1 references) target prot opt source destination Chain ufw-user-input (1 references) target prot opt source destination Chain ufw-user-limit (0 references) target prot opt source destination LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning prefix "[UFW LIMIT BLOCK] " REJECT all -- anywhere anywhere reject-with icmp-port-unreachable Chain ufw-user-limit-accept (0 references) target prot opt source destination ACCEPT all -- anywhere anywhere Chain ufw-user-logging-forward (0 references) target prot opt source destination Chain ufw-user-logging-input (0 references) target prot opt source destination Chain ufw-user-logging-output (0 references) target prot opt source destination Chain ufw-user-output (1 references) target prot opt source destination ACCEPT udp -- anywhere 213.152.161.180 udp dpt:https ACCEPT all -- anywhere anywhere any help would be great. let me know if you need anymore info.
×
×
  • Create New...