Jump to content
Not connected, Your IP: 3.237.16.210

Search the Community

Showing results for tags 'configuration'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • AirVPN
    • News and Announcement
    • How-To
    • Databases
  • Community
    • General & Suggestions
    • Troubleshooting and Problems
    • Blocked websites warning
    • Eddie - AirVPN Client
    • DNS Lists
    • Reviews
    • Other VPN competitors or features
    • Nonprofit
    • Off-Topic
  • Other Projects
    • IP Leak
    • XMPP
    • Mirrors

Product Groups

  • AirVPN Access
  • Coupons
  • Misc

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Twitter


Mastodon


AIM


MSN


ICQ


Yahoo


XMPP / Jabber


Skype


Location


Interests

Found 13 results

  1. This guide will explain how to setup OpenVPN in a way such that only select programs will be able to use the VPN connection while all other life continues as usual. Please read this notice before applying the guide Advantages: fail-free "kill switch" functionality (actually better than 98% of VPNs out there) continue using another VPN as primary or don't reroute any other traffic at all nobody, not even peers on LAN, will be able to connect to your torrent client (the only way: through the VPN connection) - eliminating unintended leaks Disadvantage: the apps will still use your default DNS for hostname lookups (secure your DNS separately!) See two more drawings at the end. The guide is applicable to all VPN providers who don't restrict their users to use the OpenVPN client. The method however is universally applicable. It was made with examples from Windows, but with Linux/BSD you will only need little tweaking to do. Specifically, net_gateway placeholder may not available and that's all there is to it. Android clients are probably too limited for this task and lack options we need. - Since there'll be a lot of text, sections titled in (parantheses) are entirely optional to read. The other guide by NaDre is old (2013), hard to read and pursues a slightly different approach. A Staff member actually posted a good first comment there, that's what we're gonna do. (Preface) The BitTorrent as a network is entirely public. Through the decentralized technology called DHT, everyone in the world can find out what torrents you are presumably participating in (this does not apply to private trackers who disable DHT). Clearly this creates an unhealthy atmosphere for privacy of users, e.g. one could find out the OS distribution one is using for a more targetted attack etc. Sometimes the ISPs are outright hostile to peer-to-peer technologies due to the traffic and bandwidth these are consuming. Instead of upgrading dated infrastructure, they cripple their users instead. There are many reasons to use a VPN, that was but a limited selection. ("Split-tunneling") This has become somewhat a marketing term nowadays, but actually explains the nature of the traffic flow well. In this guide only the programs set to use the VPN connection will use it, nothing else. All your traffic goes past the VPN while torrent client traffic (or any other selected program) uses only the VPN connection. ("Kill switch") We'll literally nail it using software settings of your program (the torrent client). This is a marketing-loaded name. In short: if the VPN connection is not available, no traffic ought to be sent bypassing it. In most cases where you have a VPN redirect all your system traffic - you should not rely on it as a feature. The OpenVPN software on Windows is not 100% proof, based on empirical evidence (reconnects and startup/shutdown phases) and some other VPN providers do no better (based on comments and stories). The only bulletproof solution: the VPN tunnel is set up on an intermediary device your PC is connected to - your end device (the PC) has no chance whatsoever to bypass the tunnel in that case. If the VPN provider uses a firewall under the hood, that's good too but with this guide you will not need a firewall nor rely on the VPN software. ("Dual-hop") With the knowledge and methods from this guide you will be able to daisy-chain multiple VPN servers. In essence, your traffic passes PC->VPN1->VPN2->Destination. This was not intended for this guide nor with AirVPN, it's finicky and I wouldn't recommend it myself without a real need and skills to automate the setup and configuration. How it will work Many users (aka mostly idiots on Reddit) are running in circles like qBittorrent is the only client (or probably the only application in the universe, unconfirmed) that can be set to use a certain VPN. Here's the technicality: this is called 'binding' - you can 'bind to IP' which will force the app to use a specific IP address and nothing else. If it cannot use the IP (when VPN is disconnected) then it will not be able to do any networking at all. The OS will deny any communication with the internet: boom! Here's your praised 'kill switch' and 'split-tunneling', 2-in-1. This is the next best bulletproof solution (the only better alternative is to use an intermediary VPN device, as any software could choose a different interface now to communicate with the internet). In a broader sense, you want to 'bind to a network interface' - your client will use any available IPs from the VPN interface - making it ready for IPv4 and IPv6. Oh and you don't need to change the IP once the VPN connection changes to another server. The OS handles the rest. Examples of programs that can bind to user-defined addresses include: (Windows) ping, tracert (IPv6-only, WTF?), curl and wget, and many others, including your favorite torrent client You will find guides online how to do that in your client or just look in settings. Windows Quick Guide Go to the folder where you installed OpenVPN and its exe files: 'C:\Program Files\OpenVPN\' Open CMD inside the 'bin' folder: Hold Shift + Right Click the 'bin' folder -> 'Open Command Window here' We will use tapctl.exe to create a new VPN network interface solely for use with AirVPN (to look around: run "tapctl.exe" or "tapctl.exe help") C:\Program Files\OpenVPN\bin>tapctl create --name AirVPN-TAP {FDA13378-69B9-9000-8FFE-C52DEADBEEF0} C:\Program Files\OpenVPN\bin> A TAP interface is created by default. I have not played enough with Wireguard's TUN to recommend it. You can check it out, it will be under adapters in your Windows network settings Important: Configure your app/torrent client to use this 'AirVPN-TAP' interface. This is what ensures your traffic never leaks. It may appear under a different name, in such case find out which one it is in the output of 'ipconfig /all' (enter this into CMD) If your client does not allow to bind to a general interface but a specific IP (poor decision) then connect to the VPN first to find out the local IP within the VPN network. In this case with AirVPN you may only use one single server or you'll have to constantly change the IP in settings. Generate AirVPN configs where you connect to the server via IPv4! This is important Add these to the .ovpn config files (either under 'Advanced' on the config generator page or manually to each config file) # NOPULL START route-nopull # IF YOU DO NOT USE ANOTHER VPN THAT TAKES OVER ALL YOUR TRAFFIC, USE "net_gateway" (just copy-paste all of this) # net_gateway WILL BE AUTOMATICALLY DETERMINED AND WILL WORK IF YOU CONNECT THROUGH OTHER NETWORKS LIKE A PUBLIC WIFI # personally, due to a second VPN, I had to specify my router IP explicitly instead of net_gateway: 192.168.69.1 # "default"/"vpn_gateway"/"remote_host"/"net_gateway" are allowed placeholders for IPv4 route remote_host 255.255.255.255 net_gateway route 10.0.0.0 255.0.0.0 vpn_gateway route 0.0.0.0 0.0.0.0 default 666 route-ipv6 ::/0 default 666 dev-node AirVPN-TAP # END OF NOPULL Test if the configuration works. Full tests, don't leave it up to chance. In-depth explanation of the OpenVPN config route-nopull rejects any networking routes pushed to you by the server, we will write our own route remote_host 255.255.255.255 <router IP> we tell our system that, to reach remote_host (the AirVPN server IP), it must send traffic to <router IP>. The subnet mask 255.255.255.255 says that this only applies to this single IP set <router IP> to be net_gateway (only for Windows users, check availability on other platforms) <router IP> may be any of the OpenVPN placeholders too, for example "net_gateway" should work universally (you avoid hard-coding the router IP and if it ever changes: wondering years later why the config no longer works) <router IP> is "192.168.1.1" in my case, for my home router that connects me to the internet. route 10.0.0.0 255.0.0.0 vpn_gateway we tell our system that all 10.x.x.x traffic will be sent to the AirVPN server the internal VPN network with AirVPN is always on the 10.0.0.0 - 10.255.255.255 network range. The subnet mask reflects that. However this may interfere with other VPNs if you ever need to be connected to both at once. I will not go into detail on this. What you need to do is to be more specific with 10.x.x.x routes in this config, i.e. instead of /8 subnet, only route the specific /24 subnet of the current VPN server (AirVPN uses a /24 subnet for your connections on each VPN server -> 10.a.b.0 255.255.255.0) vpn_gateway is one of OpenVPN placeholders route 0.0.0.0 0.0.0.0 default 666 allow routing of ANY traffic via the VPN we set the metric to 666, metric defined as path cost (historically) so setting it to a high value will make sure no normal connection runs through it, unless specifically bound to the VPN IP. route-ipv6 ::/0 default 666 same for IPv6. How many can claim they have working VPN IPv6 setup? Welcome in the future. IPv6 is over 20 years old at this point anyhow. dev-node AirVPN-TAP tell OpenVPN to ONLY use this network interface to create the VPN tunnel on. Nothing should interfere with our setup now That's all, folks! Note: Somehow on Windows my AirVPN connection receives a wrong internal IP that doesn't enable networking at first. In my case I need to wait 1-3 minutes until OpenVPN reconnects itself based on ping timeout: after the reconnect I receive another IP and everything starts to work. I do not know whether it's an OpenVPN or a Windows bug. One last note: using multiple VPNs Actually this will work, that's how I roll. As long as both VPNs don't clash by using the same 10.0.0.0/8 subnet. If this happens, you will need to change Line 5 to point to a more specific (aka smaller) subnet tailored to your AirVPN server. Specifying a 10.x.x.0/24 subnet for routing will surely do (subnet mask: 255.255.255.0). Just be aware that you cannot practically use the same IP range in both networks at the same time (well, you'd need to bind the application you are using to either interface, which you cannot do with a browser or the printing service in case of internal resources). (The story of broken net_gateway) For this placeholder, OpenVPN attempts to determine your 'default gateway', i.e. the router all your internet traffic passes through. It normally works, but may not be supported on other platforms (Linux, sigh). However it has one unintended side-effect: if you already have a VPN that reroutes all your traffic, net_gateway will make all AirVPN traffic go through the first VPN: Your traffic -> VPN1 -> Internet Torrent traffic -> VPN1 -> AirVPN -> Internet That's the unintended dual-hop. Surely you can extend that scheme to 3,4,n-hops if you fiddle enough with routing, subnet masks and correct order. I'm not responsible for headaches We avoid that behavior with Line 4 from our config - the remote_host line forces the AirVPN traffic to go straight to the internet (through your LAN router). One more thing: net_gateway is not available for IPv6 routes in OpenVPN. That's why it currently only works with a IPv4 connection to the VPN server. (Crash course: Subnet masks) You've seen the weird number 255.0.0.0 above. You should refer to other pages for a proper explanation, but basically this is a very simple way for computers to determine the range of IP addresses that are part of a network (a subnet). What's simple for computers is very hard to grasp for us humans. 255 means there are NO changes allowed to the first set of IP numbers. I.e. the 10 in 10.0.0.0 always stays a 10. 0 means all numbers can be used. I.e. the zeroes in 10.0.0.0 can be (0-255), lowest address is 10.0.0.1 and the last address is 10.255.255.254 (technically, 10.0.0.0 is the first and the last 10.255.255.255 is reserved for 'broadcast') Any number in between denotes ... a range in between. 2^(32-prefix)=number. Number is the amount of available addresses and prefix is called the subnet prefix. Both are meant to describe the same thing. For 10.0.0.0/26 or 10.0.0.0 with subnet mask of 255.255.255.192 you get addresses in range 10.0.0.0-10.0.0.64 -- 2^(32-26) = 64. Similarly you can convert the subnet mask into the prefix number and work from there; or eyeball it: 256-192 = 64. (Two ways to accomplish routing) If you have two equal routes, e.g. 0.0.0.0 goes through VPN with metric 666 0.0.0.0 goes through LAN router with metric 10 then obviously the default route for a packet will travel through (2) - because it's a cheaper path. Unless an application specifies to talk only on the VPN interface. However a different rule applies whenever a more specific route exists 0.0.0.0/0 goes through VPN2 with metric 666 0.0.0.0/0 goes through LAN router with metric 10 0.0.0.0/1 goes through VPN1 with metric 30 128.0.0.0/1 goes through VPN1 with metric 30 Here the routes (3) and (4) cover the entire addressing space, just like 0.0.0.0/0. However because they are more specific, they'll be preferred for all traffic because these routes are more selective. This is how OpenVPN does override system routing with VPN routing by default. This is also what the other guide attempted as well, by pushing four {0,64,128,192}.0.0.0/2 routes. Since that was more specific, it would in return override the 0,128 routes and so on. We can calculate how many multi-hops we would be able to do with this method: IPv4 has 32 bits, we will not touch the last 8 bits of the subnets. That leaves us then with 24 bits or 24 maximum amount of hops. Theoretically. The routing table would be outright f---- to look at. This method is a bit more 'secure' in a way because you don't need to rely on overriding a certain metric value, you just slap a more specific route on top and it's automatically made default. Also you don't need to override the default gateway (router) and all that junk. However with my preferred method (first) you can quite easily do DIY dual-hop routing: 0.0.0.0/0 goes through VPN2 with metric 666 0.0.0.0/0 goes through LAN router with metric 10 0.0.0.0/1 goes through VPN1 with metric 30 128.0.0.0/1 goes through VPN1 with metric 30 <VPN2-IP>/32 goes through VPN1 with metric (any) Such a setup will make sure that all traffic destined for the internet (hits 3 and 4) will go through VPN1. If a program specifies the VPN2 network interface, then VPN2 will be reached via VPN1 first (you->VPN1->VPN2). This is quite 'quizzacious' to set up/control. Not part of this guide. As a part of this guide we told the system to route VPN2 via router on LAN. Yet you could indeed chain multiple VPNs this way and force the VPN1 to not only catch all traffic but also be chained via multiple VPNs itself so you would not need to manually set programs. I've seen scripts online for that purpose. Although be aware of MTU issues due to encapsulation. Troubleshooting tips TEST. SERIOUSLY, TEST YOUR SETUP BEFORE ENGAGING YOUR DATA CANNONS! A couple hours now are infinitely many times more worth than a 'leaked' mistake and headaches later on. https://ipleak.net/ - tests your client's default connection route. It would not tell you if your client is alternatively available on LAN for example. If you followed this guide and set up your client correctly, it will not be available on LAN etc. See the images below: 'without interface binding' (most newbie users) and 'with interface binding' (this guide) Wireshark to inspect how the traffic is actually flowing. Follow online tutorials, you only need to select the right network interfaces and filter traffic by port/IP (tcp/udp and your local or VPN IP) curl to send network requests. Like ifconfig.co / ifconfig.io will respond with the IP address it sees you as: curl --interface <your computer IP> http://ifconfig.co curl --interface 192.168.1.42 http://ifconfig.co # for IPv4 or IPv6, default route curl -4 http://ifconfig.co curl -6 http://ifconfig.co > route -4 print and > route -6 print on Windows. To compare the outputs, you can use Notepad++ with the compare plugin (you need two documents open, one in left and another in right pane before comparing). PS: AirVPN configuration generator does not support #comment lines. Please fix. Sorry Linux users, maybe another time I will write something tailored to you. But I believe you are smart cookies and will adapt the OS-specific steps to fulfill this guide's goal.
  2. I always get this error no matter what: Sat Dec 2 19:17:00 2017 daemon.err openvpn(LA_VPN)[4922]: Options error: specify only one of --tls-server, --tls-client, or --secret Sat Dec 2 19:17:00 2017 daemon.warn openvpn(LA_VPN)[4922]: Use --help for more information. Screenshots are attached, OpenVPN version is 2.4.4-2, is there anything I can do to fix this through LuCI?
  3. Problem: I have devices on different subnets ( 192.168.15.x, 192.168.35.x ) and would like for them to be able to discover each other. Specifically I want them so see each others minecraft (bedrock/pocket) worlds. the 15.x network is the "privileged" home network, where as the 35.x network is intended as guest-wifi network with no internet access ( also vpn clients would be given a IP here ) currently they cannot see each other - if I add a route with 192.168.15.x to the vpn config then vpn clients can access webservers in this subnet but minecraft clients still can't see each other. My router is a N66 running tomatoUSB and both subnets are entirely controlled by it. Question: Is this even possible? If so - how? Any help would be appreciated I currently do not know enough to even successfully google for marginally useful information
  4. Hi there, I'm hoping someone may be able to assist me with a configuration for my router. My setup is that I'm running a DD-WRT based router with three wireless networks and four devices using a wired connection to the router. Half of my local network is allocated to my DHCP pool for most of these devices. I have my VPN up and running fine, however I would like to do something more advanced with my setup. I would like to split up my network somewhat so that two of the wireless networks as well as the wired computers that all get their IPs from the DHCP pool utilize the VPN for their internet traffic while the devices outside of the DHCP pool and on the third wireless network do not use the VPN. I have the Policy Based Routing setup with the subnet of the DHCP pool and I've been playing around with my IPTables configuration, but I'm hitting a wall trying to keep the traffic split. Any help for this would be greatly appreciated. Thanks in advance, Miko
  5. Hey now. I have read many threads w/in these forum(s), I'm sorry to post. I've tried to tweak settings & figure this out on my own, but I'm spent. I've resigned Eddie back to near default settings out of frustration. So here's the crux of the biscuit... I'm running Eddie Version 2.12.4. Windows7 (64bit, not sure if that matters). Cable, High Speed Internet connection. Again, I have most Eddie "default" options set, with a couple exceptions. AirVpn Support said to mark "activate network lock at startup", and I've also checked "remove the gateway route" (seems like a good idea b/c I use win7, I think?). All other options are back at default. I've read in multiple posts that the location of AirVPN IP/Server does not have to be nearby, yet if I go anywhere outside my general area, speed drops-off dramatically. I've checked for leaks, flush DNS, IpV6 is not detected, I'm pretty sure everything is good -execpt my Internet Speed(s). I'm in the US. I've found that the IP's closest to my city are always the fastest (which seems to contradict many of the posts I've read here). If I go to the Netherlands -forget about it! I ran a speed test directly from my ISP ('flash' type speed test), NOT connected to Eddie 9msPing / 180.21MbpsDL / 24.09MbpsUpload. So after the test above... now connected via Eddie/AirVPN, (I tried a couple IP/servers before finding this better result/IP), just now, 11msPing/88.26MbpsDL/22MbpsUpload. <<That's actually really good from what I typically see when running a speed test. Usually, I find I'm 30+Latency, 50Mbps+/-DL, 15Mbps+/-UL -or worse. So when I'm working, I'll sense my connection has slowed, then I have to manually, connect/disconnect/speed test in order to find a fast IP -which obviously s*cks & is time-consuming. Oh yeah, I also find if I disconnect from AirVpn Server, close Eddie, then re-open Eddie (then I'll have better luck w/ the Eddie suggested Servers). I disconnect from my ISP beforehand, plus I have Network Lock enabled... so I'm not sure why simply stopping/re-starting Eddie helps? I installed Eddie with my Windows Firewall On, and everything looks good w/ respect to my Firewall. That's it. 3 hours later, and I now must sleep... I bow my head in defeat, signing-off with Default Settings still intact. Rrrr Many Thanks, DfP *Admin, please delete this if deemed overly addressed w/in previous posts to these Forums.
  6. Hello everyon. AirVPN says "even the most brutal techniques of monitoring, censorship, throttling and traffic shaping will fail against AirVPN" on the frontpage. But my question is, what settings must I use to be as anonymous as possible? Can hardware achieve such? Can the settings in client achieve this? Im currently using SSL Tunnel thats the most secure for my opinion, but i am new... what can I use for even more anonimity? TOR Proxy? thanks for your help.
  7. When using configuration generator, is there a recommendation for what location to choose? I see a footnote recommended to choose by continent, how does this work, especially when using iOS. I'm mainly concerned with performance.
  8. Hello. Not sure if someone uses the Bulk image downloader but anyway . So apparently due to vpn this program can't connect to any site at all. Basically all I need to do is to configure it using proxy. Unfortunately, I am not sure where to get the necessary data. Can you help me? It asks about proxy address, proxy port, login and password.
  9. I'm using a 4 port RT-N16 Toastman build VPN, VLAN version router. Netgear 24port switch Linux machines 2 streaming media players, playstations I want to split the network up into 3 segments. 192.168.1.x, 192.168.2.x, 192.68.3.x *Important* - I don't want any segment on the network to be able to speak to each other. Segment 1 and 2 - I want to Tunnel through the VPN via network manager on the Linux machines using SSL Port 443. These connections have 13 ports to connect through on the switch. 0/01, 0/02, 0/03.....0/013 On 1 segment - I want to go through the VPN to America via the a Tomato router configuration using Client 1. I don't care what port I use. These connections will have 6 ports to connect through the switch. 0/14, 0/15, 0/16......0/19, 0/20 I've been at this for a 2 good solid days manipulating scripts, manual configurations through the GUI on tomato, etc. I like to figure things out myself, and I've learned alot, but i think it's time I asked for some help. Anyone have an idea how to do this? Greatly appreciate your input!
  10. Hi, I'm using Tunnelblick with OSX 10.4.11 on an old Mac G4 to connect via Vuse. Everything has worked fine for many months but now a problem has cropped up. I can connect to any server and the connection is OK for about 6-8 hours, then Tunnelblick consistently displays "Authorizing" instead of "Connected" status, even though an IP check appears to show that it's still connected. How can I fix this? ...Thanks.
  11. Hello. I give up trying to setup a router with DD-WRT. Each time I turn it on I have to configure a new server because it can't connect to the one already set (TLS handshake failed, Certificate is not valid, unreachable address, I get something different each time). I followed the instructions in the site (https://airvpn.org/ddwrt/), downloaded configuration for various servers, but either it takes a long to get one that connects, or can't connect to any US server at all. I'm not blaming anyone here, it's just that it's frustrating. This is the error I'm getting this time> I've connected to this server successfully before. Is there something I'm forgetting to setup on the router so once I can connect to a server and I turn the router off, the settings stay in it and next time it reconnects automatically? Any help or guidance is very much appreciated. Thank you very much in advance.
  12. Hello! I am using COMODO but the posts on the forum about its configuration lock too many connections for my needs. I only want to prevent two programs from communicating when I am not connected to AirVPN, i.e. utorrent and jdownloader. To do that, I set the configuration shown in the picture below: Can you confirm that I do not have any kind of leaks for the two programs when I disconnect from the VPN? Am I safe even if the connection to you stops working? I made some tests and the configuration seems to be effective (when I disconnect from you the downloads and uploads just stop), but I'd like to have a confirmation. Kind regards, Pr1nc1p1
  13. Hi, I am using Mac OSX 10.6.8 and OpenVPN for connection. I have selected nearby servers in closest distance. I also have my torrent port forwarded to 41380. I use uTorrent 1.8.1 on the Mac with TCP connection beause uTorrent only seems to actively seed while having TCP connection. With the UDP connection it was simply not actively seeding back downloads because port forwarding only worked with TCP in the Mac version of uTorrent. Without having an active VPN connection, I get around 20-22 Mbs download from my service provider and about 6 Mbs upload speed. When I am testing the AirVPN server speedtest on my client page while actively connected it indicates only 2 to 2.4 Mbs download speed and about the same upload speed. My torrent connections are also only downloading with no more than 300-500 Kbs all together. This seems to be a great drop in performance. While I undersatnd that the VPN connection with the additional encryption and server access will slow down things, I still find it almost unacceptable that it drops to more than 10% of my original connection speed. When I have started using AirVPN about 6 months ago as a first time user, I was able to get 1.5-2 Mbs download speed (not great but workable), lately in the past few months it has been changed to this dismal slow speed. What is the cause and how can it be improved? Thanks
×
×
  • Create New...