Jump to content
Not connected, Your IP: 3.144.43.194

Search the Community

Showing results for tags 'Routing'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • AirVPN
    • News and Announcement
    • How-To
    • Databases
  • Community
    • General & Suggestions
    • Troubleshooting and Problems
    • Blocked websites warning
    • Eddie - AirVPN Client
    • DNS Lists
    • Reviews
    • Other VPN competitors or features
    • Nonprofit
    • Off-Topic
  • Other Projects
    • IP Leak
    • XMPP

Product Groups

  • AirVPN Access
  • Coupons
  • Misc

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Twitter


Mastodon


AIM


MSN


ICQ


Yahoo


XMPP / Jabber


Skype


Location


Interests

Found 23 results

  1. This guide will explain how to setup OpenVPN in a way such that only select programs will be able to use the VPN connection while all other life continues as usual. Please read this notice before applying the guide Advantages: fail-free "kill switch" functionality (actually better than 98% of VPNs out there) continue using another VPN as primary or don't reroute any other traffic at all nobody, not even peers on LAN, will be able to connect to your torrent client (the only way: through the VPN connection) - eliminating unintended leaks Disadvantage: the apps will still use your default DNS for hostname lookups (secure your DNS separately!) See two more drawings at the end. The guide is applicable to all VPN providers who don't restrict their users to use the OpenVPN client. The method however is universally applicable. It was made with examples from Windows, but with Linux/BSD you will only need little tweaking to do. Specifically, net_gateway placeholder may not available and that's all there is to it. Android clients are probably too limited for this task and lack options we need. - Since there'll be a lot of text, sections titled in (parantheses) are entirely optional to read. The other guide by NaDre is old (2013), hard to read and pursues a slightly different approach. A Staff member actually posted a good first comment there, that's what we're gonna do. (Preface) The BitTorrent as a network is entirely public. Through the decentralized technology called DHT, everyone in the world can find out what torrents you are presumably participating in (this does not apply to private trackers who disable DHT). Clearly this creates an unhealthy atmosphere for privacy of users, e.g. one could find out the OS distribution one is using for a more targetted attack etc. Sometimes the ISPs are outright hostile to peer-to-peer technologies due to the traffic and bandwidth these are consuming. Instead of upgrading dated infrastructure, they cripple their users instead. There are many reasons to use a VPN, that was but a limited selection. ("Split-tunneling") This has become somewhat a marketing term nowadays, but actually explains the nature of the traffic flow well. In this guide only the programs set to use the VPN connection will use it, nothing else. All your traffic goes past the VPN while torrent client traffic (or any other selected program) uses only the VPN connection. ("Kill switch") We'll literally nail it using software settings of your program (the torrent client). This is a marketing-loaded name. In short: if the VPN connection is not available, no traffic ought to be sent bypassing it. In most cases where you have a VPN redirect all your system traffic - you should not rely on it as a feature. The OpenVPN software on Windows is not 100% proof, based on empirical evidence (reconnects and startup/shutdown phases) and some other VPN providers do no better (based on comments and stories). The only bulletproof solution: the VPN tunnel is set up on an intermediary device your PC is connected to - your end device (the PC) has no chance whatsoever to bypass the tunnel in that case. If the VPN provider uses a firewall under the hood, that's good too but with this guide you will not need a firewall nor rely on the VPN software. ("Dual-hop") With the knowledge and methods from this guide you will be able to daisy-chain multiple VPN servers. In essence, your traffic passes PC->VPN1->VPN2->Destination. This was not intended for this guide nor with AirVPN, it's finicky and I wouldn't recommend it myself without a real need and skills to automate the setup and configuration. How it will work Many users (aka mostly idiots on Reddit) are running in circles like qBittorrent is the only client (or probably the only application in the universe, unconfirmed) that can be set to use a certain VPN. Here's the technicality: this is called 'binding' - you can 'bind to IP' which will force the app to use a specific IP address and nothing else. If it cannot use the IP (when VPN is disconnected) then it will not be able to do any networking at all. The OS will deny any communication with the internet: boom! Here's your praised 'kill switch' and 'split-tunneling', 2-in-1. This is the next best bulletproof solution (the only better alternative is to use an intermediary VPN device, as any software could choose a different interface now to communicate with the internet). In a broader sense, you want to 'bind to a network interface' - your client will use any available IPs from the VPN interface - making it ready for IPv4 and IPv6. Oh and you don't need to change the IP once the VPN connection changes to another server. The OS handles the rest. Examples of programs that can bind to user-defined addresses include: (Windows) ping, tracert (IPv6-only, WTF?), curl and wget, and many others, including your favorite torrent client You will find guides online how to do that in your client or just look in settings. (Linux-specific differences of the guide) If you are a Linux/*nix user, there're some minor changes to the quick guide below: * Create custom VPN interface: Create with ip tuntap command. The below line will create 5 interfaces "tun-air1" etc. for YOUR user. Specifying your user allows OpenVPN to drop root rights after connection and run under your user (security). AirVPN allows up to 5 connections. If you have no use for this, create only one. Note: User-owned tunnel interfaces allow to be used by your non-root $user account, but there're issues with running OpenVPN without elevated permissions as $user user="$(whoami)"; for i in {1..5}; do sudo ip tuntap add dev "tun-airvpn$i" mode tun user "$user" group "$user"; done Check their existance with ip -d a -- the interfaces will not be shown under /dev/tun* ALTERNATIVE: openvpn --mktap/--mktun. See manual with man openvpn * Select custom VPN interface: This config part differs from Windows, very confusing. Steps: 1. Replace "dev-node" in config with "dev" 2. Add "dev-type tun" or "tap". Example of config: # if you have these defined multiple times, last entries override previous entries dev tun-airvpn1 # previously dev-node dev-type tun # previously "dev tun" on Windows There're no more differences. In-depth explanation: If you try to use dev-node like for Windows, you will see: OpenVPN log: ERROR: Cannot open TUN/TAP dev /dev/tun-airvpn1: No such file or directory (errno=2) Example strace of error: openat(AT_FDCWD, "/dev/tun-airvpn1", O_RDWR) = -1 ENOENT (No such file or directory) OpenVPN cannot find the TUN/TAP with the name? No, on Linux/*nix/*BSD dev-node has a totally different meaning. Dev-node specifies where the control interface with the kernel is located. On Linux it's usually /dev/node/tun, for the "mknode" command. If OpenVPN can't detect it for some reason, then you'd need to use dev-node. Finally you can start OpenVPN from terminal: sudo openvpn --config 'path/to/config.ovpn' --user mysystemusername --group mysystemusergroup PS: There're issues when running OpenVPN under your current $user. I think the problem was that it couldn't remove added routes after a disconnect. Instead run OpenVPN as root (isn't a good advice but it's what works) Windows Quick Guide Go to the folder where you installed OpenVPN and its exe files: 'C:\Program Files\OpenVPN\' Open CMD inside the 'bin' folder: Hold Shift + Right Click the 'bin' folder -> 'Open Command Window here' We will use tapctl.exe to create a new VPN network interface solely for use with AirVPN (to look around: run "tapctl.exe" or "tapctl.exe help") C:\Program Files\OpenVPN\bin>tapctl create --name AirVPN-TAP {FDA13378-69B9-9000-8FFE-C52DEADBEEF0} C:\Program Files\OpenVPN\bin> A TAP interface is created by default. I have not played enough with Wireguard's TUN to recommend it. You can check it out, it will be under adapters in your Windows network settings Important: Configure your app/torrent client to use this 'AirVPN-TAP' interface. This is what ensures your traffic never leaks. It may appear under a different name, in such case find out which one it is in the output of 'ipconfig /all' (enter this into CMD) If your client does not allow to bind to a general interface but a specific IP (poor decision) then connect to the VPN first to find out the local IP within the VPN network. In this case with AirVPN you may only use one single server or you'll have to constantly change the IP in settings. Generate AirVPN configs where you connect to the server via IPv4! This is important Add these to the .ovpn config files (either under 'Advanced' on the config generator page or manually to each config file) # NOPULL START route-nopull # IF YOU DO NOT USE ANOTHER VPN THAT TAKES OVER ALL YOUR TRAFFIC, USE "net_gateway" (just copy-paste all of this) # net_gateway WILL BE AUTOMATICALLY DETERMINED AND WILL WORK IF YOU CONNECT THROUGH OTHER NETWORKS LIKE A PUBLIC WIFI # personally, due to a second VPN, I had to specify my router IP explicitly instead of net_gateway: 192.168.69.1 # "default"/"vpn_gateway"/"remote_host"/"net_gateway" are allowed placeholders for IPv4 route remote_host 255.255.255.255 net_gateway route 10.0.0.0 255.0.0.0 vpn_gateway route 0.0.0.0 0.0.0.0 default 666 route-ipv6 ::/0 default 666 dev-node AirVPN-TAP # END OF NOPULL Test if the configuration works. Full tests, don't leave it up to chance. In-depth explanation of the OpenVPN config route-nopull rejects any networking routes pushed to you by the server, we will write our own route remote_host 255.255.255.255 <router IP> we tell our system that, to reach remote_host (the AirVPN server IP), it must send traffic to <router IP>. The subnet mask 255.255.255.255 says that this only applies to this single IP set <router IP> to be net_gateway (only for Windows users, check availability on other platforms) <router IP> may be any of the OpenVPN placeholders too, for example "net_gateway" should work universally (you avoid hard-coding the router IP and if it ever changes: wondering years later why the config no longer works) <router IP> is "192.168.1.1" in my case, for my home router that connects me to the internet. route 10.0.0.0 255.0.0.0 vpn_gateway we tell our system that all 10.x.x.x traffic will be sent to the AirVPN server the internal VPN network with AirVPN is always on the 10.0.0.0 - 10.255.255.255 network range. The subnet mask reflects that. However this may interfere with other VPNs if you ever need to be connected to both at once. I will not go into detail on this. What you need to do is to be more specific with 10.x.x.x routes in this config, i.e. instead of /8 subnet, only route the specific /24 subnet of the current VPN server (AirVPN uses a /24 subnet for your connections on each VPN server -> 10.a.b.0 255.255.255.0) vpn_gateway is one of OpenVPN placeholders route 0.0.0.0 0.0.0.0 default 666 allow routing of ANY traffic via the VPN we set the metric to 666, metric defined as path cost (historically) so setting it to a high value will make sure no normal connection runs through it, unless specifically bound to the VPN IP. route-ipv6 ::/0 default 666 same for IPv6. How many can claim they have working VPN IPv6 setup? Welcome in the future. IPv6 is over 20 years old at this point anyhow. dev-node AirVPN-TAP (Windows-only) tell OpenVPN to ONLY use this network interface to create the VPN tunnel on. Nothing should interfere with our setup now That's all, folks! Note: Somehow on Windows my AirVPN connection receives a wrong internal IP that doesn't enable networking at first. In my case I need to wait 1-3 minutes until OpenVPN reconnects itself based on ping timeout: after the reconnect I receive another IP and everything starts to work. I do not know whether it's an OpenVPN or a Windows bug. One last note: using multiple VPNs Actually this will work, that's how I roll. As long as both VPNs don't clash by using the same 10.0.0.0/8 subnet. If this happens, you will need to change Line 5 to point to a more specific (aka smaller) subnet tailored to your AirVPN server. Specifying a 10.x.x.0/24 subnet for routing will surely do (subnet mask: 255.255.255.0). Just be aware that you cannot practically use the same IP range in both networks at the same time (well, you'd need to bind the application you are using to either interface, which you cannot do with a browser or the printing service in case of internal resources). (The story of broken net_gateway) For this placeholder, OpenVPN attempts to determine your 'default gateway', i.e. the router all your internet traffic passes through. It normally works, but may not be supported on other platforms (Linux, sigh). However it has one unintended side-effect: if you already have a VPN that reroutes all your traffic, net_gateway will make all AirVPN traffic go through the first VPN: Your traffic -> VPN1 -> Internet Torrent traffic -> VPN1 -> AirVPN -> Internet That's the unintended dual-hop. Surely you can extend that scheme to 3,4,n-hops if you fiddle enough with routing, subnet masks and correct order. I'm not responsible for headaches We avoid that behavior with Line 4 from our config - the remote_host line forces the AirVPN traffic to go straight to the internet (through your LAN router). One more thing: net_gateway is not available for IPv6 routes in OpenVPN. That's why it currently only works with a IPv4 connection to the VPN server. (Crash course: Subnet masks) You've seen the weird number 255.0.0.0 above. You should refer to other pages for a proper explanation, but basically this is a very simple way for computers to determine the range of IP addresses that are part of a network (a subnet). What's simple for computers is very hard to grasp for us humans. 255 means there are NO changes allowed to the first set of IP numbers. I.e. the 10 in 10.0.0.0 always stays a 10. 0 means all numbers can be used. I.e. the zeroes in 10.0.0.0 can be (0-255), lowest address is 10.0.0.1 and the last address is 10.255.255.254 (technically, 10.0.0.0 is the first and the last 10.255.255.255 is reserved for 'broadcast') Any number in between denotes ... a range in between. 2^(32-prefix)=number. Number is the amount of available addresses and prefix is called the subnet prefix. Both are meant to describe the same thing. For 10.0.0.0/26 or 10.0.0.0 with subnet mask of 255.255.255.192 you get addresses in range 10.0.0.0-10.0.0.64 -- 2^(32-26) = 64. Similarly you can convert the subnet mask into the prefix number and work from there; or eyeball it: 256-192 = 64. (Two ways to accomplish routing) If you have two equal routes, e.g. 0.0.0.0 goes through VPN with metric 666 0.0.0.0 goes through LAN router with metric 10 then obviously the default route for a packet will travel through (2) - because it's a cheaper path. Unless an application specifies to talk only on the VPN interface. However a different rule applies whenever a more specific route exists 0.0.0.0/0 goes through VPN2 with metric 666 0.0.0.0/0 goes through LAN router with metric 10 0.0.0.0/1 goes through VPN1 with metric 30 128.0.0.0/1 goes through VPN1 with metric 30 Here the routes (3) and (4) cover the entire addressing space, just like 0.0.0.0/0. However because they are more specific, they'll be preferred for all traffic because these routes are more selective. This is how OpenVPN does override system routing with VPN routing by default. This is also what the other guide attempted as well, by pushing four {0,64,128,192}.0.0.0/2 routes. Since that was more specific, it would in return override the 0,128 routes and so on. We can calculate how many multi-hops we would be able to do with this method: IPv4 has 32 bits, we will not touch the last 8 bits of the subnets. That leaves us then with 24 bits or 24 maximum amount of hops. Theoretically. The routing table would be outright f---- to look at. This method is a bit more 'secure' in a way because you don't need to rely on overriding a certain metric value, you just slap a more specific route on top and it's automatically made default. Also you don't need to override the default gateway (router) and all that junk. However with my preferred method (first) you can quite easily do DIY dual-hop routing: 0.0.0.0/0 goes through VPN2 with metric 666 0.0.0.0/0 goes through LAN router with metric 10 0.0.0.0/1 goes through VPN1 with metric 30 128.0.0.0/1 goes through VPN1 with metric 30 <VPN2-IP>/32 goes through VPN1 with metric (any) Such a setup will make sure that all traffic destined for the internet (hits 3 and 4) will go through VPN1. If a program specifies the VPN2 network interface, then VPN2 will be reached via VPN1 first (you->VPN1->VPN2). This is quite 'quizzacious' to set up/control. Not part of this guide. As a part of this guide we told the system to route VPN2 via router on LAN. Yet you could indeed chain multiple VPNs this way and force the VPN1 to not only catch all traffic but also be chained via multiple VPNs itself so you would not need to manually set programs. I've seen scripts online for that purpose. Although be aware of MTU issues due to encapsulation. Troubleshooting tips TEST. SERIOUSLY, TEST YOUR SETUP BEFORE ENGAGING YOUR DATA CANNONS! A couple hours now are infinitely many times more worth than a 'leaked' mistake and headaches later on. https://ipleak.net/ - tests your client's default connection route. It would not tell you if your client is alternatively available on LAN for example. If you followed this guide and set up your client correctly, it will not be available on LAN etc. See the images below: 'without interface binding' (most newbie users) and 'with interface binding' (this guide) Wireshark to inspect how the traffic is actually flowing. Follow online tutorials, you only need to select the right network interfaces and filter traffic by port/IP (tcp/udp and your local or VPN IP) curl to send network requests. Like ifconfig.co / ifconfig.io will respond with the IP address it sees you as: curl --interface <your computer IP> http://ifconfig.co curl --interface 192.168.1.42 http://ifconfig.co # for IPv4 or IPv6, default route curl -4 http://ifconfig.co curl -6 http://ifconfig.co > route -4 print and > route -6 print on Windows. To compare the outputs, you can use Notepad++ with the compare plugin (you need two documents open, one in left and another in right pane before comparing). PS: AirVPN configuration generator does not support #comment lines. Please fix. Sorry Linux users, maybe another time I will write something tailored to you. But I believe you are smart cookies and will adapt the OS-specific steps to fulfill this guide's goal.
  2. Hi, I've used Air VPN for years with no problems but I've just changed ISP to TalkTalk in the UK and now I have major problems connecting or it will connect with no routing. I keep getting the following errors in logs: . 2022.06.17 12:04:07 - OpenVPN > AEAD Decrypt error: bad packet ID (may be a replay): [ #6605 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings . 2022.06.17 12:04:07 - OpenVPN > AEAD Decrypt error: bad packet ID (may be a replay): [ #6606 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings . 2022.06.17 12:04:08 - OpenVPN > AEAD Decrypt error: cipher final failed . 2022.06.17 12:04:08 - OpenVPN > AEAD Decrypt error: bad packet ID (may be a replay): [ #10166 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings . 2022.06.17 12:04:08 - OpenVPN > AEAD Decrypt error: bad packet ID (may be a replay): [ #10167 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings . 2022.06.17 12:04:08 - OpenVPN > AEAD Decrypt error: bad packet ID (may be a replay): [ #10168 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings . 2022.06.17 12:04:19 - Above log line repeated 291 times more . 2022.06.17 12:04:19 - OpenVPN > AEAD Decrypt error: cipher final failed . 2022.06.17 12:04:19 - OpenVPN > AEAD Decrypt error: bad packet ID (may be a replay): [ #85653 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings . 2022.06.17 12:04:19 - OpenVPN > AEAD Decrypt error: bad packet ID (may be a replay): [ #85656 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings . 2022.06.17 12:04:19 - OpenVPN > AEAD Decrypt error: bad packet ID (may be a replay): [ #85657 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings . 2022.06.17 12:05:22 - Above log line repeated 1037 times more . 2022.06.17 12:05:22 - OpenVPN > AEAD Decrypt error: cipher final failed . 2022.06.17 12:05:22 - OpenVPN > AEAD Decrypt error: bad packet ID (may be a replay): [ #225061 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings . 2022.06.17 12:05:22 - OpenVPN > AEAD Decrypt error: bad packet ID (may be a replay): [ #225066 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings . 2022.06.17 12:05:22 - OpenVPN > AEAD Decrypt error: bad packet ID (may be a replay): [ #225075 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
  3. I have installed and got AirVPN working great on Windows 10. I have a Plex media server on the same pc but the Plex remote connection goes through the VPN. I want it to go outside the VPN and all other traffic on the pc go through the VPN. I have been able to get Plex to connect when the VPN is disconnected and I have also been able to get Plex to connect while VPN is connected but traffic goes through the VPN. I want to be able to connect to the VPN but all Plex traffic to travel outside the VPN. I need help!
  4. Hello all, I am looking to create a docker container or some type of script to rotate my IP addresses. My goal is to rotate my IP address every time that it is unable to connect to a given IP (TTL like 30 seconds). However, If I am unable to do this I would like to simply rotate my IP address every couple of minutes. Does anyone know how I might do this efficiently? I would preferably run it from a local machine or docker container routing my applications through it.
  5. kbps

    BGP routing

    https://arstechnica.com/information-technology/2019/06/bgp-mishap-sends-european-mobile-traffic-through-china-telecom-for-2-hours/ Intersting article. Interested in what others think about this from the view point of Air users and Air themselves. Do Air have the ability to moniter their servers for an instance such as this? I presume it would show as increased ping times. What would be their course of action if a data center that they use were involved in something like this?
  6. Hello forum! I've used OpenVPN on Asus RT-N18U running DD-WRT over a year now. I made files up.sh to start and dn.sh to stop OpenVPN to get rid of GUI and later on to run them via ssh from lan. OpenVPN version got updated to 2.4 and I made the necessary changes to conf file and scripts. It ran without issues couple of months. However, last Thursday my VPN connection went down while I was just browsing the interwebs. OpenVPN log was filled with messages: Recursive routing detected, drop tun packet to [AF_INET]62.102.148.132:443. There's no difference if I set up OpenVPN via GUI or use only my scripts. I've tried both UDP and TCP protocols but the issue persists. Outcome is always the same. Since then I've contacted AirVPN support as I cannot fix this by myself. I don't have the skills for that and I've tried my everything. As you may notice I feel desperate. EDIT: Here was a zip-file including kernel and ip routing tables, scripts, openvpn.conf file and OpenVPN log. I've censored my IP-address and tun1 IP from the files. All I found out is that the router for some reason removes line 62.102.148.132 via 84.xx.xx.xx dev vlan2 from routing table. You can see the difference between before-error_ip-route.txt. and after-error_ip-route.txt. DD-WRT seems to think that the fastest route outside is only via tun1 as VPN endpoint IP is in the same location as tun1 IP-address. Just a guess, might be totally wrong. Then it removes the previously mentioned routing rule and creates a loop. If I use allow-recursive-routing option in OpenVPN configuration, after a while log begins to spam "UDP messages too big" or something like that. I hadn't done any changes to DD-WRT settings, configuration files or script files. Recursive routing just popped up from no where. Router is being used as a gateway and WiFi AP only. All I've done is I moved to a new apartment which has different IP-address provided by the same ISP. That might not affect anything, just FYI. I really hope someone could help me with this. Thanks. Update: Turns out my ISP assings new IP-address every 20 minutes and almost every service on DD-WRT restarts which makes everything kind of frustrating to config...
  7. On macOS, Eddie often fails reconnecting to AirVPN when recovering from sleeping mode. Either Eddie crashes completely or the routing checking fails.
  8. Hey all, This is my second Day with AirVPN. I'm merely testing the water so I've signed up for 3 days. Initially I was drawn by the famous Network Lock, however right now it seems to be causing me trouble. Anyway, here's what I want to do. I would like to use tunnel only on certain sites. Therefore, I have been using the "Routes" option in the Eddie preference tab. From there, I've set the "Note Specified Routes go:" to Outside of Tunnel. All the sites that I want to be accessing through the tunnel are added to the list with the Action "Inside the VPN Tunnel". Everything works as expected and I've been testing with Ipleak.net to make sure. From there, I noticed the little message that says "Ip in 'Outside of Tunnel' are also unlocked When Netowrk Lock is active'", which according to my understanding means that even with NL active, if a certain ip is set to be Outside the Tunnel, it will remain accesible. Correct me if I'm wrong. Therefore, with my current setup, every single site should still be accessible with NL on, and only the sites that are specifically listed to "Inside Tunnel" should lose their connection upon VPN failure. Correct? However, it seems that when I turn on NL. I lose Access to every single site, whether they be Inside or Outside the Tunnel. Is this a bug, or I'm I just massively misunderstanding this. I could go with regular windows Iptables, but I'd rather use Eddie as it's much more user friendly. Thanks in Advance!
  9. Hi. I configured Eddie so that the IPs of certain websites are accessed only from outside the VPN tunnel. (Settings -> Routes) These routing rules work just fine, but as soon as I activate network lock I can't access the specified sites anymore. I can ping them, but I can't access them inside the browser. They basically get blocked. I tried multiple versions of Eddie (2.12.4, 2.11.15, 2.10.39, various protocols and ports and of course various websites. I also tried both methods for network lock (Windows Firewall & Windows Filtering Platform). I'm having this issue on both Windows 7 and Windows 10. Any ideas how to fix this? Anyone else having this problem? Please, if you have any idea at all on how to fix this, let me know. I really need both network lock and routing rules to work simultaneously.
  10. Hello, I'm using "OpenVPN Settings" on Android, because of an unfixed bug of Android which completely prevents me from using OpenVPN for Android. So I am sorry that I cannot use the recommended app. I created an "Android" config file in the client area, but my first problem is that "/sbin/ip" was not found: iproute was at "/system/bin/ip" instead. I figured out that adding `iproute /system/bin/ip` to my ovpn config file fixed this. Now the openvpn successfully connects either from terminal using `openvpn <filename.ovpn` or using OpenVPN Settings app. But, my browser is still going straight to the web from my mobile network. My IP address is still my normal IP address when I look it up, though OpenVPN logs appear normal and successfully connected. I have tried adding 'redirect-gateway' to the config file but it doesn't work. I would love some support making this connection successful and secure as I would like to use my phone through VPN only for some tasks. I have attached my logs. Thanks!
  11. I've configured the OpenVPN client on my DD-WRT flashed TP-Link router and been running this for a couple of weeks. But I've ran into a couple of issues, firstly when attempting to view or listen to content on my Plex server externally is not possible due to the constant buffering. The other is Netflix has detected I'm using a VPN\proxy and will not let me watch any content. I was wondering if it possible using iptables to force both devices out over the Internet without going over the VPN?
  12. You probably heard of GEMA, the german licensing agency for music content. And you may have heard them and YouTube arguing about licensing fees on YouTube in Germany. As a result YouTube agreed to prevent german IPs from viewing music videos and videos containing even fractions of licensed music. Personally I call this censorship for both viewers and artists/producers. I suggest to create a rule for routing YouTube traffic from all german servers to any server not located in Germany, if possible. Of course I can circumvent this by just connecting to another server outside Germany... but I'm mostly connected to german servers and connecting to another server just to watch one music video is not expedient in my opinion. You may ask: Why do you connect to german servers, then? They're the nearest to my real location and had the best ping results. Advantage for online games.The use of YouTube-only proxy addons like ProxTube is a valid option, though it's proxy servers are not reachable sometimes. But why should I use a tiny proxy service to circumvent blockades if I'm already using a proxy service to which I'm connected the whole time? And for which I pay? It's easier for me to just surf and see that it's running without any modifications, right?I'd really like to see such a routing option. I miss it. -- Being connected to certain servers might not show you the right version of YouTube. The reason isn't clear, it might be a geolocation bug. Following servers are prone to this: Aquilae, DE > Google UK/ITVelorum, DE > Google UK/ITCarinae, UK > Google TR
  13. Hi Is there any way I can add any custom directives to the ovpn.cfg file to route netflix related ip ranges through my ip address and not through the vpn tunnel? I currently have a dsl ac68u modem router combo, hence requesting help with the cfg file as merlin is not supported. Reason being for the selective routing is to bypass the proxy error popup. I hope someone can assist me! thanks!
  14. I believe that passing as few hops as possible on the Internet is a good thing in terms of privacy, security and stability. So I was thinking about developing a setup where I would route traffic to IPs in to country X to the VPN exit node in country X, and traffic to country Y to a VPN exit node in country Y, and so on... This could easily be setup in a router like pfSense etc. I would love to hear your reflections/comments on the security and privacy in such a setup. BR
  15. Hi, Earlier today my airvpn was working fine and was happily connected to a server. However the program froze on my mac and had to force quit it. After force quitting and several fresh installs of the latest software and downgrading to 2.9 I still cannot connect to any of the servers. After a quick check of the log I believe the problem is a routing problem. Please advise. My log: I 2016.02.09 16:19:27 - Session starting.I 2016.02.09 16:19:27 - IPv6 disabled on network adapter (Bluetooth DUN)I 2016.02.09 16:19:27 - IPv6 disabled on network adapter (Ethernet)I 2016.02.09 16:19:27 - IPv6 disabled on network adapter (FireWire)I 2016.02.09 16:19:27 - IPv6 disabled on network adapter (Wi-Fi)I 2016.02.09 16:19:27 - IPv6 disabled on network adapter (Bluetooth PAN)I 2016.02.09 16:19:27 - IPv6 disabled on network adapter (Thunderbolt Bridge)I 2016.02.09 16:19:27 - Checking authorization ...! 2016.02.09 16:19:28 - Connecting to Kocab (Netherlands, Alblasserdam). 2016.02.09 16:19:28 - OpenVPN > OpenVPN 2.3.6 x86_64-apple-darwin14.0.0 [sSL (OpenSSL)] [LZO] [MH] [iPv6] built on Jan 12 2015. 2016.02.09 16:19:28 - OpenVPN > library versions: OpenSSL 1.0.1k 8 Jan 2015, LZO 2.08. 2016.02.09 16:19:28 - OpenVPN > MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:3105. 2016.02.09 16:19:28 - OpenVPN > Control Channel Authentication: tls-auth using INLINE static key file. 2016.02.09 16:19:28 - OpenVPN > Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication. 2016.02.09 16:19:28 - OpenVPN > Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication. 2016.02.09 16:19:28 - OpenVPN > Socket Buffers: R=[196724->65536] S=[9216->65536]. 2016.02.09 16:19:28 - OpenVPN > UDPv4 link local: [undef]. 2016.02.09 16:19:28 - OpenVPN > UDPv4 link remote: [AF_INET]213.152.162.180:443. 2016.02.09 16:19:28 - OpenVPN > TLS: Initial packet from [AF_INET]213.152.162.180:443, sid=382d8973 37e6acb8. 2016.02.09 16:19:28 - OpenVPN > VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org. 2016.02.09 16:19:28 - OpenVPN > Validating certificate key usage. 2016.02.09 16:19:28 - OpenVPN > ++ Certificate has key usage 00a0, expects 00a0. 2016.02.09 16:19:28 - OpenVPN > VERIFY KU OK. 2016.02.09 16:19:28 - OpenVPN > Validating certificate extended key usage. 2016.02.09 16:19:28 - OpenVPN > ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication. 2016.02.09 16:19:28 - OpenVPN > VERIFY EKU OK. 2016.02.09 16:19:28 - OpenVPN > VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, emailAddress=info@airvpn.org. 2016.02.09 16:19:30 - OpenVPN > Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key. 2016.02.09 16:19:30 - OpenVPN > Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication. 2016.02.09 16:19:30 - OpenVPN > Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key. 2016.02.09 16:19:30 - OpenVPN > Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication. 2016.02.09 16:19:30 - OpenVPN > Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 4096 bit RSA. 2016.02.09 16:19:30 - OpenVPN > [server] Peer Connection Initiated with [AF_INET]213.152.162.180:443. 2016.02.09 16:19:32 - OpenVPN > SENT CONTROL [server]: 'PUSH_REQUEST' (status=1). 2016.02.09 16:19:32 - OpenVPN > PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.4.0.1,comp-lzo no,route-gateway 10.4.0.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.4.17.73 255.255.0.0'. 2016.02.09 16:19:32 - OpenVPN > OPTIONS IMPORT: timers and/or timeouts modified. 2016.02.09 16:19:32 - OpenVPN > OPTIONS IMPORT: LZO parms modified. 2016.02.09 16:19:32 - OpenVPN > ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address. 2016.02.09 16:19:32 - OpenVPN > OPTIONS IMPORT: --ifconfig/up options modified. 2016.02.09 16:19:32 - OpenVPN > route: writing to routing socket: File exists. 2016.02.09 16:19:33 - OpenVPN > OPTIONS IMPORT: route options modified. 2016.02.09 16:19:33 - OpenVPN > OPTIONS IMPORT: route-related options modified. 2016.02.09 16:19:33 - OpenVPN > OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified. 2016.02.09 16:19:33 - OpenVPN > Opening utun (connect(AF_SYS_CONTROL)): Resource busy. 2016.02.09 16:19:33 - OpenVPN > Opened utun device utun1. 2016.02.09 16:19:33 - OpenVPN > do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0. 2016.02.09 16:19:33 - OpenVPN > /sbin/ifconfig utun1 delete. 2016.02.09 16:19:33 - OpenVPN > NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure. 2016.02.09 16:19:33 - OpenVPN > /sbin/ifconfig utun1 10.4.17.73 10.4.17.73 netmask 255.255.0.0 mtu 1500 up. 2016.02.09 16:19:33 - OpenVPN > /sbin/route add -net 10.4.0.0 10.4.17.73 255.255.0.0. 2016.02.09 16:19:33 - OpenVPN > add net 10.4.0.0: gateway 10.4.17.73: File exists. 2016.02.09 16:19:33 - OpenVPN > /sbin/route add -net 213.152.162.180 10.10.16.1 255.255.255.255. 2016.02.09 16:19:33 - OpenVPN > add net 213.152.162.180: gateway 10.10.16.1. 2016.02.09 16:19:33 - OpenVPN > /sbin/route add -net 0.0.0.0 10.4.0.1 128.0.0.0. 2016.02.09 16:19:33 - OpenVPN > add net 0.0.0.0: gateway 10.4.0.1. 2016.02.09 16:19:33 - OpenVPN > /sbin/route add -net 128.0.0.0 10.4.0.1 128.0.0.0. 2016.02.09 16:19:33 - OpenVPN > add net 128.0.0.0: gateway 10.4.0.1. 2016.02.09 16:19:33 - Starting Management Interface. 2016.02.09 16:19:33 - OpenVPN > Initialization Sequence CompletedI 2016.02.09 16:19:33 - DNS of a network adapter forced (Bluetooth DUN)I 2016.02.09 16:19:33 - DNS of a network adapter forced (Ethernet)I 2016.02.09 16:19:33 - DNS of a network adapter forced (FireWire)I 2016.02.09 16:19:33 - DNS of a network adapter forced (Wi-Fi)I 2016.02.09 16:19:33 - DNS of a network adapter forced (Bluetooth PAN)I 2016.02.09 16:19:33 - DNS of a network adapter forced (Thunderbolt Bridge)I 2016.02.09 16:19:33 - Flushing DNSI 2016.02.09 16:19:33 - Checking routeE 2016.02.09 16:19:34 - Routing checking failed.. 2016.02.09 16:19:34 - OpenVPN > MANAGEMENT: Client connected from [AF_INET]127.0.0.1:3105! 2016.02.09 16:19:34 - Disconnecting. 2016.02.09 16:19:34 - Management - Send 'signal SIGTERM'. 2016.02.09 16:19:34 - OpenVpn Management > >INFO:OpenVPN Management Interface Version 1 -- type 'help' for more info. 2016.02.09 16:19:34 - OpenVPN > MANAGEMENT: CMD 'signal SIGTERM'. 2016.02.09 16:19:34 - OpenVPN > SIGTERM received, sending exit notification to peer. 2016.02.09 16:19:39 - OpenVPN > /sbin/route delete -net 213.152.162.180 10.10.16.1 255.255.255.255. 2016.02.09 16:19:39 - OpenVPN > delete net 213.152.162.180: gateway 10.10.16.1. 2016.02.09 16:19:39 - OpenVPN > /sbin/route delete -net 0.0.0.0 10.4.0.1 128.0.0.0. 2016.02.09 16:19:39 - OpenVPN > delete net 0.0.0.0: gateway 10.4.0.1. 2016.02.09 16:19:39 - Connection terminated.I 2016.02.09 16:19:39 - DNS of a network adapter restored to original settings (Bluetooth DUN). 2016.02.09 16:19:39 - OpenVPN > /sbin/route delete -net 128.0.0.0 10.4.0.1 128.0.0.0. 2016.02.09 16:19:39 - OpenVPN > delete net 128.0.0.0: gateway 10.4.0.1. 2016.02.09 16:19:39 - OpenVPN > Closing TUN/TAP interfaceI 2016.02.09 16:19:39 - DNS of a network adapter restored to original settings (Ethernet). 2016.02.09 16:19:39 - OpenVPN > SIGTERM[soft,exit-with-notification] received, process exitingI 2016.02.09 16:19:39 - DNS of a network adapter restored to original settings (FireWire)I 2016.02.09 16:19:39 - DNS of a network adapter restored to original settings (Wi-Fi)I 2016.02.09 16:19:39 - DNS of a network adapter restored to original settings (Bluetooth PAN)I 2016.02.09 16:19:39 - DNS of a network adapter restored to original settings (Thunderbolt Bridge)I 2016.02.09 16:19:41 - Cancel requested.I 2016.02.09 16:19:41 - IPv6 restored on network adapter (Bluetooth DUN)I 2016.02.09 16:19:41 - IPv6 restored on network adapter (Ethernet)I 2016.02.09 16:19:41 - IPv6 restored on network adapter (FireWire)I 2016.02.09 16:19:41 - IPv6 restored on network adapter (Wi-Fi)I 2016.02.09 16:19:41 - IPv6 restored on network adapter (Bluetooth PAN)I 2016.02.09 16:19:41 - IPv6 restored on network adapter (Thunderbolt Bridge)! 2016.02.09 16:19:41 - Session terminated.
  16. Having trouble connecting. First the route check times out. Then, if I disable the "check if tunnel works" in the preferences, the DNS check times out. If I disable the DNS check, I can get a connection to a server, but the connection doesn't work (no internet). Been using AirVPN for a while and never had this problem. It worked yesterday, and I've made no changes. What's up? I 2015.12.03 10:16:27 - Session starting. I 2015.12.03 10:16:27 - IPv6 disabled on network adapter (Bluetooth DUN) I 2015.12.03 10:16:27 - IPv6 disabled on network adapter (Wi-Fi) I 2015.12.03 10:16:28 - IPv6 disabled on network adapter (Bluetooth PAN) I 2015.12.03 10:16:28 - IPv6 disabled on network adapter (Thunderbolt Bridge) I 2015.12.03 10:16:28 - Checking authorization ... ! 2015.12.03 10:16:28 - Connecting to Atik (Netherlands, Alblasserdam) . 2015.12.03 10:16:28 - OpenVPN > OpenVPN 2.3.8 x86_64-apple-darwin14.4.0 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on Aug 13 2015 . 2015.12.03 10:16:28 - OpenVPN > library versions: OpenSSL 1.0.2d 9 Jul 2015, LZO 2.08 . 2015.12.03 10:16:28 - OpenVPN > MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:3101 . 2015.12.03 10:16:28 - OpenVPN > Control Channel Authentication: tls-auth using INLINE static key file . 2015.12.03 10:16:28 - OpenVPN > Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication . 2015.12.03 10:16:28 - OpenVPN > Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication . 2015.12.03 10:16:28 - OpenVPN > Socket Buffers: R=[196724->131072] S=[9216->131072] . 2015.12.03 10:16:28 - OpenVPN > UDPv4 link local: [undef] . 2015.12.03 10:16:28 - OpenVPN > UDPv4 link remote: [AF_INET]213.152.161.9:443 . 2015.12.03 10:16:28 - OpenVPN > TLS: Initial packet from [AF_INET]213.152.161.9:443, sid=952cdddf af993acb . 2015.12.03 10:16:28 - OpenVPN > VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org . 2015.12.03 10:16:28 - OpenVPN > Validating certificate key usage . 2015.12.03 10:16:28 - OpenVPN > ++ Certificate has key usage 00a0, expects 00a0 . 2015.12.03 10:16:28 - OpenVPN > VERIFY KU OK . 2015.12.03 10:16:28 - OpenVPN > Validating certificate extended key usage . 2015.12.03 10:16:28 - OpenVPN > ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication . 2015.12.03 10:16:28 - OpenVPN > VERIFY EKU OK . 2015.12.03 10:16:28 - OpenVPN > VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, emailAddress=info@airvpn.org . 2015.12.03 10:16:29 - OpenVPN > Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key . 2015.12.03 10:16:29 - OpenVPN > Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication . 2015.12.03 10:16:29 - OpenVPN > Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key . 2015.12.03 10:16:29 - OpenVPN > Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication . 2015.12.03 10:16:29 - OpenVPN > Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA . 2015.12.03 10:16:29 - OpenVPN > [server] Peer Connection Initiated with [AF_INET]213.152.161.9:443 . 2015.12.03 10:16:31 - OpenVPN > SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) . 2015.12.03 10:16:31 - OpenVPN > PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.4.0.1,comp-lzo no,route-gateway 10.4.0.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.4.22.155 255.255.0.0' . 2015.12.03 10:16:31 - OpenVPN > OPTIONS IMPORT: timers and/or timeouts modified . 2015.12.03 10:16:31 - OpenVPN > OPTIONS IMPORT: LZO parms modified . 2015.12.03 10:16:31 - OpenVPN > OPTIONS IMPORT: --ifconfig/up options modified . 2015.12.03 10:16:31 - OpenVPN > OPTIONS IMPORT: route options modified . 2015.12.03 10:16:31 - OpenVPN > OPTIONS IMPORT: route-related options modified . 2015.12.03 10:16:31 - OpenVPN > OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified . 2015.12.03 10:16:31 - OpenVPN > Opening utun (connect(AF_SYS_CONTROL)): Resource busy . 2015.12.03 10:16:31 - OpenVPN > Opened utun device utun1 . 2015.12.03 10:16:31 - OpenVPN > do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0 . 2015.12.03 10:16:31 - OpenVPN > /sbin/ifconfig utun1 delete . 2015.12.03 10:16:31 - OpenVPN > ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address . 2015.12.03 10:16:31 - OpenVPN > route: writing to routing socket: File exists . 2015.12.03 10:16:31 - OpenVPN > NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure . 2015.12.03 10:16:31 - OpenVPN > /sbin/ifconfig utun1 10.4.22.155 10.4.22.155 netmask 255.255.0.0 mtu 1500 up . 2015.12.03 10:16:32 - OpenVPN > /sbin/route add -net 10.4.0.0 10.4.22.155 255.255.0.0 . 2015.12.03 10:16:32 - OpenVPN > add net 10.4.0.0: gateway 10.4.22.155: File exists . 2015.12.03 10:16:32 - OpenVPN > /sbin/route add -net 213.152.161.9 10.0.1.1 255.255.255.255 . 2015.12.03 10:16:32 - OpenVPN > add net 213.152.161.9: gateway 10.0.1.1 . 2015.12.03 10:16:32 - OpenVPN > /sbin/route add -net 0.0.0.0 10.4.0.1 128.0.0.0 . 2015.12.03 10:16:32 - OpenVPN > add net 0.0.0.0: gateway 10.4.0.1 . 2015.12.03 10:16:32 - OpenVPN > /sbin/route add -net 128.0.0.0 10.4.0.1 128.0.0.0 . 2015.12.03 10:16:32 - OpenVPN > add net 128.0.0.0: gateway 10.4.0.1 . 2015.12.03 10:16:32 - Starting Management Interface . 2015.12.03 10:16:32 - OpenVPN > Initialization Sequence Completed I 2015.12.03 10:16:32 - DNS of a network adapter forced (Bluetooth DUN) I 2015.12.03 10:16:32 - DNS of a network adapter forced (Wi-Fi) I 2015.12.03 10:16:32 - DNS of a network adapter forced (Bluetooth PAN) I 2015.12.03 10:16:32 - DNS of a network adapter forced (Thunderbolt Bridge) I 2015.12.03 10:16:32 - Flushing DNS I 2015.12.03 10:16:32 - Checking route W 2015.12.03 10:17:22 - The request timed out ! 2015.12.03 10:17:22 - Disconnecting . 2015.12.03 10:17:22 - Management - Send 'signal SIGTERM' . 2015.12.03 10:17:22 - OpenVpn Management > >INFO:OpenVPN Management Interface Version 1 -- type 'help' for more info . 2015.12.03 10:17:22 - OpenVPN > MANAGEMENT: CMD 'signal SIGTERM' . 2015.12.03 10:17:22 - OpenVPN > SIGTERM received, sending exit notification to peer . 2015.12.03 10:17:27 - OpenVPN > /sbin/route delete -net 213.152.161.9 10.0.1.1 255.255.255.255 . 2015.12.03 10:17:27 - OpenVPN > delete net 213.152.161.9: gateway 10.0.1.1 . 2015.12.03 10:17:27 - OpenVPN > /sbin/route delete -net 0.0.0.0 10.4.0.1 128.0.0.0 . 2015.12.03 10:17:27 - OpenVPN > delete net 0.0.0.0: gateway 10.4.0.1 . 2015.12.03 10:17:27 - OpenVPN > /sbin/route delete -net 128.0.0.0 10.4.0.1 128.0.0.0 . 2015.12.03 10:17:27 - OpenVPN > delete net 128.0.0.0: gateway 10.4.0.1 . 2015.12.03 10:17:27 - OpenVPN > Closing TUN/TAP interface . 2015.12.03 10:17:27 - Connection terminated. . 2015.12.03 10:17:27 - OpenVPN > SIGTERM[soft,exit-with-notification] received, process exiting I 2015.12.03 10:17:27 - DNS of a network adapter restored to original settings (Bluetooth DUN) I 2015.12.03 10:17:27 - DNS of a network adapter restored to original settings (Wi-Fi) I 2015.12.03 10:17:27 - DNS of a network adapter restored to original settings (Bluetooth PAN) I 2015.12.03 10:17:27 - DNS of a network adapter restored to original settings (Thunderbolt Bridge) I 2015.12.03 10:17:28 - Cancel requested. I 2015.12.03 10:17:28 - IPv6 restored on network adapter (Bluetooth DUN) I 2015.12.03 10:17:28 - IPv6 restored on network adapter (Wi-Fi) I 2015.12.03 10:17:28 - IPv6 restored on network adapter (Bluetooth PAN) I 2015.12.03 10:17:28 - IPv6 restored on network adapter (Thunderbolt Bridge) ! 2015.12.03 10:17:28 - Session terminated.
  17. Hello folks, I have setup my Netgear R6250 with DD-WRT, and OpenVPN connecting to AirVPN. This is all well and good, but now I'd like to somehow be able to choose which traffic is inside or outside the tunnel, either by source IP/subnet, port, destination host, or some other way. A GUI to accomplish this would be wonderful, but not essential. I am open to adding additional devices to perform such functions if that's necessary. I've read many (many many) myriad forum posts and wikis offering differing, conflicting ways to accomplish this using DNSMasq, iptables, Policy based routing, Source based routing, pfSense, and apple pie (I made one of these up). I think much of this is due to the various versions of dd-wrt available, the wonderful various options available to the power user to configure the way they want it, and that there's several different approaches that may or may not work on any given hardware. What that equals for me is confusion. Its my intention to set this up, and document the process in a way that's easy to follow, and add my own experiences to those already floating on the intertubes. Ideally I'd accomplish it with just some dd-wrt trickery. So far the solutions I've found have been written with a specific setup in mind that I'm unable to adapt to my setup, or they just didn't work (or I didn't understand them). It'd be great if we can talk through it together, and rejoice together in our shared insight and accomplishment.
  18. On the routes option of the VPN program for Windows 2.8.8, there is an option for "Not specified routes go:" and the only way I can get my WD live media players to see the computer that has the VPN running on it is to set this option to "Outside the VPN" My Question is, does this compromise the point of the vpn for p2p (I have Vuze binded to the VPN connection, and the port forwarded) or to anything I look at via Firefox on the computer? Or better still do you know of how I would need to have this set up to run the above option as "Inside the VPN Tunnel" and allow the WD live players to see my FTFS network shares on the PC that has the VPN running. Many thanks for your help... On the routes option of the VPN program, there is an option for "Not specified routes go:" and the only way I can get my WD live media players to see the computer that has the VPN running on it is to set this option to "Outside the VPN" My Question is, does this compromise the point of the vpn for p2p (I have Vuze binded to the VPN connection, and the port forwarded) or to anything I look at via Firefox on the computer? Or better still do you know of how I would need to have this set up to run the above option as "Inside the VPN Tunnel" and allow the WD live players to see my FTFS network shares on the PC that has the VPN running. Many thanks for your help...
  19. Hi everyone, I know there have been speculatory threads on VM in the past, but I wanted to post some findings in case anyone finds them useful. I have a 152Mbps connection from VM in the UK and have noticed the following: Using the Superhub 2 and OpenVPN (443, UDP) gives a hard cap around 3MB/sec over ethernetUsing the Superhub 2 and OpenVPN (443, UDP) gives full speed on 5GHz wifiUsing an old PC running pfSense beta with the Superhub 2 in modem only mode removes the 'cap' and allows full speeds regardless of connection method I had been very frustrated by the 3MB/sec limit, especially when downloading torrents over OpenVPN (port 443, UDP or TCP) using a cat6e desktop PC. The limit applied in Windows and Linux equally and I'd eventually tracked down the issue to the Superhub 2. After switching into modem only mode and connecting through the pfSense box, I was able to get full speed regardless of the OS, and connection method (wireless or ethernet). Having switched back temporarily to the Superhub 2 in router mode (to set up a media streamer on the TV) I once again encountered the cap when downloading a Linux torrent (Elementary OS Freya Beta 1). This time I was running Eddie rather than OpenVPN GUI so I switched the connection to SSL Tunnel 443 and voila - full speeds! So either VM are throttling OpenVPN connections, or there's a bug in the SH2 which interferes with the handling of OpenVPN connections. Given VM's history of throttling and capping I would generally suspect the former to be true. However, I have noticed that even with normal OpenVPN connections (443, UDP) I get full speed over wifi but the cap returns when switching to ethernet. It seems the SH2 has (yet another) bug or issue in routing OpenVPN connections, and changing its firewall settings etc has no effect. Anyone on VM experiencing issues with low speeds would probably see good results from switching to the SSL tunnel. I'd be interested to hear back from anyone else having problems with their SH to see if this helps others. I could always stick to the pfSense box of course, but it's an old desktop which uses a lot of energy compared to a small consumer router box. My network isn't complicated enough to warrant the pfSense box unless it's essential - which now, with the SSL tunnel, it isn't.
  20. Hey I got a problem. When i connect to a vpn server, it says connected. but im still using my ISP IP instead of the IP of the VPN Server... How do i fix this? These are my machine details: Operating System Version: Microsoft Windows Server 2012 Datacenter Hardware information: HP ProLiant ML110 G6 Processors: Intel® Xeon® CPU X3430 @2.40GHz Installed Memory (RAM): 24GB Installed Roles: AD DSDHCPDNSFile and Storage ServicesHyper-VIIS 8.0IPAMNAPRemote AccessWDSLog: http://pastebin.com/43UnP5Ci SOLVED: This message is the answer!: Awesome StaffAdvanced Member Staff5013 postsPosted Yesterday, 11:40 PM Hello! The tun/tap interface (the virtual network card used by OpenVPN) does not come up. Please try to run our client Eddie, which includes some additional code which tries to force the interface up. If the client attempt does not work, please follow all the steps described here: https://airvpn.org/t...2012/#entry8321 Kind regards
  21. Hi, I have just become aware of the MPLS protocol. Can someone give me a rough idea of how that could interact with Open VPN and if using an MPLS enabled router would be a good thing for Open VPN users? Thanks
  22. This is my setup: I got 2 machines, a dedicated server machine and a normal laptop. The server is running Windows Server 2012 Datacenter The server has 6 NICs (Network Interface Connections). Ethernet 1 has a internet connection to my ISP router which i do not have login access to. Ethernet 5 (also functions as Mgnt) is connected to my laptop. The setup that i have is that any traffic from/to the laptop on Ethernet 5 goes through Ethernet 1. (a basic NAT setup.) The server translates the private ip from Ethernet 5 to the public ip on Ethernet 1. This works without problems. Heres the problem: When i connect to an airVPN Server, the laptop loses its internet access.. I want the laptop to be able to access internet. It doesnt matter if thats through AirVPN or directly with the real IP. That doesnt matter at all. The only thing that matters is an internet connection that the laptop can use.
  23. Hello AirVPN community, I've been lurking a few months, recently subscribed to the service here and am still learning/experimenting with different configurations. This forum btw, is one of the big reasons I decided to go with AirVPN, so kudos to the community and staff for developing a great knowledge base here. On to my question: I'm trying to route traffic from my Virtual box VM out the VPN interface without having to force ALL host traffic out the VPN. My setup: I followed Nadre's wonderful Traffic splitting guide in order to setup utorrent traffic to go out the VPN interface while the rest of my host(windows 7) traffic goes out the regular LAN interface and it's working marvously. My next goal is to run tails in virtual box and route all traffic from that VM out the VPN. The solution i'm looking for has the following goals: Host traffic goes out the non-vpn interface (check)uTorrent traffic goes out the VPN interface (check)Tails VM traffic goes out the VPN interface while maintaing the two above requirements.I've pondered over some way to use the host routing table to accomplish this, but haven't com up with anything. Virtual Box has a NAT bind option, but it is not currently working from what i gathered from the virtual box forums. I did find another post that claims that what i'm looking to do isn't possible but someone did detail a way to do it with a secondary vm acting as a router. While I could do this, i'd rather not put the extra strain on my host for just day to day stuff unless it's absolutely neccessary. Does anyone around here have a better way to accomplish this without the secondary VM? Thanks!
×
×
  • Create New...