Search the Community
Showing results for tags 'tutorial'.
Found 9 results
-
Tutorial: SSH-Tunneled VPN on Stock Android 0. Notes - no proprietary / commercial apps required. FOSS only! (Free and Open Source Software) - no root / custom ROM required - tested on Android 4.4.4 - minimum requirement: Android 4.x 1. Required apps - OpenVPN for Android - ConnectBot (any advanced SSH client will work, ) - CyanogenMod File Manager (or pick any file manager you like) I highly recommend installing all of these apps via F-Droid, a Free Open Source Software platform: https://f-droid.org/ In order to install F-Droid, you may need to temporarily "Allow installation of apps from unknown sources" in Android's security settings. 2. Generate config files Use the AirVPN Generator (https://airvpn.org/generator/) to create SSH config files for Linux (not Android). Only pick one specific server. Screenshot #1: http://i.imgur.com/FWcuXH2.jpg 3. Transfer config files We only need 2 out of the 3 generated files: - sshtunnel.key - the .ovpn profile Screenshot #2: http://i.imgur.com/p2L7T0l.jpg Transfer both of them to your Android's sdcard. Also, open the .ovpn file in a text editor and look for a line that starts with "route", it contains the server's IP - we will need it in step 5. Example: route 199.19.94.12 255.255.255.255 net_gateway That's the IP we will need. 4. Import key file in ConnectBot Launch ConnectBot. Go into menu and "Manage Pubkeys". Screenshot #3: https://i.imgur.com/uGT3UgC.jpg Import the sshtunnel.key file. Screenshot #4: https://i.imgur.com/ZPYhI6V.jpg 5. Configure SSH connection in ConnectBot Go to ConnectBot's main screen. At the bottom of the screen, enter: sshtunnel@199.19.94.12 (Notice, that's the IP we took note of in step 3). Screenshot #5A: http://i.imgur.com/ludTDgv.jpg If the default port 22 is blocked, you can try an alternative port by appending it at the end: sshtunnel@199.19.94.12:80 or sshtunnel@199.19.94.12:53 - Press Enter on your keyboard. It will try to connect and ask you to continue. Choose "Yes". Screenshot #5B: http://i.imgur.com/UJNpB9n.jpg - Cancel the connection, we need to configure it now. Long-press the newly created connection and choose "Edit host". Screenshot #6: https://i.imgur.com/n3OtM2D.jpg - Change "Use pubkey authentication" to "sshtunnel.key". Screenshot #7: https://i.imgur.com/CwfFSoO.jpg - Disable the option "Start shell session" Screenshot #8: https://i.imgur.com/l2niHqG.jpg - Consider enabling the option "Stay connected". 6. Configure SSH port forwarding - Go to ConnectBot's main screen. - Long-press the new connection again, but this time choose "Edit port forwards". "Add port forward" with the following values: Type: Local Source port: 1412 Destination: 127.0.0.1:2018 Screenshot #9: https://i.imgur.com/TBnsKQx.jpg - Press "Create port forward". Configuration of the SSH connection is now complete. - Go back to ConnectBot's main screen and tap the connection entry to establish a connection. Leave the ConnectBot app using your "home" button. 7. Import OpenVPN config - Launch "OpenVPN for Android" - Tap the folder icon. In the "Open from" dialog, choose "File Manager" Screenshot #10: https://i.imgur.com/Nhc6fDa.jpg - Pick the AirVPN_...SSH-22.ovpn file - OpenVPN will present you with an "import log", tap the "Save" file to accept. - You may want to dive into the new profile's settings, go to "ROUTING" and enable "Use default route". - in the ALLOWED APPS tab, find and select ConnectBot to exclude it from OpenVPN's routing 8. Start OpenVPN connection - In OpenVPN's main screen, tap the VPN profile to establish the connection. - Provided that the SSH connection is still running, OpenVPN will be able to connect. Congratulations 9. How to connect / disconnect from now on When establishing a connection, always - start the SSH connection first - then launch OpenVPN When disconnecting, always - disconnect the OpenVPN connection first - then disconnect SSH in ConnectBot 10. Thoughts on reliabilty and firewalling If avoiding network leaks is important to you: be careful on Android, especially on unreliable mobile or WiFi networks that might cause the connection to collapse quite often. I don't have a solution for this potential issue on stock Android, but if you're on a rooted device, you should absolutely consider installing AFWall+ (available in F-Droid). AFWall+ allows you to firewall individual apps, restricting their network access to VPN-only. (You have to dive into its settings to enable VPN mode). Finally: Good luck!
-
Goal We want to use AirVPN's SSL tunneling mode on Android. SSL tunneling can be very useful, especially to defeat firewalls that block OpenVPN or SSH on a protocol level. We will use the Termux Terminal Emulator to install and run stunnel and OpenVPN for Android to manage the OpenVPN connection. Requirements Android 6.0 or newer (5.0 and derivatives thereof such as FireOS should work too)the Android device does not have to be rootedGoogle PlayStore or the free & open source F-Droid market (recommended)OpenVPN for Android (FOSS) – or Air's official Eddie Android Edition Please stay tuned for future Eddie releases as they may include native SSL tunnel support (which would make this cumbersome guide unnecessary)Termux Terminal Emulator (FOSS)stunnel (FOSS), via Termux repositorya separate computer to download/edit the config files (entirely optional, but recommended) Setup instructions Part 1: generate AirVPN config files 1/7: open AirVPN's config generator. When asked for your operating system, pick Linux: 2/7: Choose servers: Pick a single server. Do not select more than one. Do not select a whole region. 3/7: Protocols: First, enable Advanced Mode: Now select the SSL mode, port 443: 4/7: Accept Terms of Service and generate the config files: 5/7: Download the generated zip archive: 6/7: unzip AirVPN.zip and open the *.ssl file in a text editor. find this line: pid = /tmp/stunnel4.pid replace it with: pid = /data/data/com.termux/files/home/stunnel4.pid 7/7: Now transfer the AirVPN folder to your phone's sdcard / main storage directory. For ease of use, don't put it into any subdirectories. Instead, put it into your "root" storage directory, meaning on the same level as your other default Android folders such as Documents, Download and Movies. Part 2: Install and prepare Android software 1/3: Install OpenVPN for Android, via F-Droid or Play Store. Don't configure anything just yet. 2/3: Install Termux Terminal Emulator, via F-Droid or PlayStore open Termux and run: termux-setup-storageAllow Termux to access files on your device. (Android 8.0 Oreo users, please read the note at the end of this tutorial).The pkg command is used to install und update software packages. Make sure your base packages are all up to date: pkg upgradenow install stunnel: pkg install stunnel 3/3: Still in Termux, jump to the AirVPN folder you copied to your phone: cd storage/shared/AirVPNThe command lsshould list 3 files: AirVPN*.ovpn (the OpenVPN config file)AirVPN*.ssl (the stunnel config file)stunnel.crt (stunnel certificate)Now start stunnel: stunnel AirVPN*.ssl press the Home button to get out of Termux.Start OpenVPN and import the AirVPN*.ovpn config fileEdit your new OpenVPN connection (tap the "pencil button")in the ALLOWED APPS tab, tick the box next to Termuxreturn to OpenVPN's connection listyour VPN connection is now configured. A tap on its name will establish the connection.verify that a connection has been established by looking for the log entry Initialization Sequence Completedbrowse to ipleak.net (or any similar site) to verify that your traffic is indeed routed through the VPN tunnelHere's a short video, demonstrating the steps above: https://vimeo.com/246306477 Part 3: Usage instructions Now that everything is configured, future usage will be much easier: open Termuxnavigate to your AirVPN folder: cd storage/shared/AirVPNnow run stunnel: stunnel AirVPN*.sslPress the Home button and open the OpenVPN appConnect to your VPN profile Addendum: Tips as an alternative to OpenVPN for Android, you can also use Air's official Eddie Android edition. Don't forget to dive into Eddie's settings to exclude ("blacklist") Termux from the VPN tunnel.don't forget to periodically run pkg upgradeto keep all of Termux' packages, including stunnel, up-to-date.To prevent leaks, it's recommended to let OpenVPN set the default route for both IPv4 and IPv6; as well disabling the LAN bypass: you may want to take a look at Termux:Widget (via F-Droid or Play Store. It's an extension to Termux. If you put your stunnel commands into shell scripts, stored in ~/.shortcuts/ , you can launch them via Home screen widgets.enable Termux' extended keyboard by sliding out the left-side menu and long-pressing the KEYBOARD button. This will enable a row of additional keys, such as CTRL, ALT and TAB which are very useful in a terminal environment -- especially the TAB key, allowing you to autocomplete command and path names. Here's a short video on Vimeo demonstrating the extended keyboard.you may generate config files for as many servers as you like, put them into your AirVPN folder on your phone and add the *.ovpn profiles to OpenVPN.you may want to consider AFWall+ for additional firewalling (root required)it is recommended to move the *.ssl and stunnel.crt files out of Android's shared storage and into Termux' private data directory, while also deleting the no longer needed *.ovpn file: cd ~ mkdir st cd storage/shared/AirVPN cp *.ssl stunnel.crt ~/st rm *.ssl stunnel.crt *.ovpn Moving those files obviously changes the paths of your Termux commands. Instead of running: cd storage/shared/AirVPN stunnel AirVPN*.ssl You'd now need to run: cd ~/st stunnel AirVPN*.ssl Addendum: Caveats Following this tutorial will add the Termux app to OpenVPN's exclusion list, allowing it connect to the VPN server. But this also means that anything else you may do via Termux will also bypass the VPN tunnel. If you need a VPN-tunneled terminal app, I recommend using Termux only to run stunnel; using another terminal emulator app for your other tasks. Addendum: Testing and bugs This tutorial has been tested on: Stock Android 6.0Stock Android 7.0Stock Android 8.0LineageOS 14.1 (~ Android 7.1.x)Fire OS 5.6.0.0 (~ Android 5.x), testing done by user steve74it Important Notice for Android 8.0+ (Oreo) users: The command termux-setup-storage does not work (yet). Instead, follow this workaround to access storage: https://github.com/termux/termux-app/issues/157#issuecomment-246659496 The workaround will no longer be necessary once this bug is resolved: https://github.com/termux/termux-packages/issues/1578 EDIT LOG Thu Dec 7 20:24 UTC 2017: initial releaseThu Dec 7 20:40 UTC 2017: formatting correctionsThu Dec 7 20:58 UTC 2017: spellingFri Dec 8 18:47 UTC 2017: add recommended route settings. credit and thanks to Darkspace-HarbingerFri Jan 5 17:30 UTC 2018: add note that this guide is functional on FireOS 5.6 (Android 5.x). testing done by user steve74it, thank you!Mon Jan 22 18:34 UTC 2018: add mikevvl's security tip to move files out of shared storage. thank you!Sun Jul 15 12:16 UTC 2018: recommend against alternative VPN apps (thanks steve74it)Tue Jul 17 12:20 UTC 2018: mention Eddie compatibility (thanks steve74it) Any corrections, further testing, as well as general suggestions for improvement would be much appreciated.
-
For anyone interested in how to setup AirVPN in Linux with NetworkManager on the command line. Create connection Get WireGuard Config File from AirVPN website: https://airvpn.org/generator Name Config File to wg0.conf Import Config File: sudo nmcli connection import type wireguard file wg0.conf View connections: nmcli connection show Rename connection: nmcli connection modify wg0 connection.id "MyConnection" Manage connection Start VPN Connection: nmcli connection up "MyConnection" Stop VPN Connection: nmcli connection down "MyConnection" Check IP visit https://ipleak.net/ Check VPN connection: nmcli connection show --active | grep "MyConnection" Interesting commands Check IP interface: ip a show wg0 nmcli manual page: man nmcli Notes tested on ArchLinux 6.0.9-arch1-1 i tried OpenVPN with NetworkManager first, IPv4 worked but IPv6 didn't, apparently due to a missing feature in networkmanager-openvpn Have a nice day
-
I have officially made the switch to AirVPN and was mainly hoping to set my torrent client to only work through the VPN. What I have found is that the guides on this website are incredibly convoluted and expect a whole lot of knowledge from the user. I'm sure it's not on purpose and to advanced computer users everything is completely comprehensible. But as someone who would like to think of themselves as an above average computer user, I'm hitting walls at every step of the way. I'm not even going to bother asking the creators of those guides to elaborate on certain steps, because there's a good chance I won't understand their elaboration and even if I do, the next steps might result in similar problems. That's where video guides tend to be the most useful, because users can see exactly how a step should be taken instead of having to assume things. So my suggestion is: please do some videos to take users through the most useful/popular guides.
-
NOTICE to the Moderator: PLEASE MOVE TO THE RIGHT FORUM Hello, I want to make a thread about split tunneling through a spezific user. I figured out how it works and want to share it. I use Debian 8/9 but it should work with other distros too. Openvpn Split tunnel though user Debian 8 & 9 based Install openvpn from apt or install it via source apt-get update -y && apt-get upgrade -y && apt-get install openvpn htop nload dstat sudo apt-utils iptables curl resolvconf -y nano /etc/systemd/system/openvpn@openvpn.service Config: [Unit] Description=OpenVPN connection to %i Documentation=man:openvpn(8) Documentation=https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO After=network.target [Service] RuntimeDirectory=openvpn PrivateTmp=true KillMode=mixed Type=forking ExecStart=/usr/sbin/openvpn --daemon ovpn-%i --status /run/openvpn/%i.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/%i.conf --writepid /run/openvpn/%i.pid PIDFile=/run/openvpn/%i.pid ExecReload=/bin/kill -HUP $MAINPID WorkingDirectory=/etc/openvpn Restart=on-failure RestartSec=3 ProtectSystem=yes LimitNPROC=10 DeviceAllow=/dev/null rw DeviceAllow=/dev/net/tun rw [Install] WantedBy=multi-user.target Enable Service systemctl enable openvpn@openvpn.service Download Airvpn/Openvpn config and paste it in there: nano /etc/openvpn/openvpn.conf Add this to the config: nobind script-security 2 route-noexec up /etc/openvpn/iptables.sh down /etc/openvpn/update-resolv-conf Change DNS nano /etc/openvpn/update-resolv-conf foreign_option_1='dhcp-option DNS AIRVPN DNS1' foreign_option_2='dhcp-option DNS AIRVPN DNS2' foreign_option_3='dhcp-option DNS 1.1.1.1' Add user and group adduser --disabled-login vpn usermod -aG vpn XXX usermod -aG XXX vpn Iptables Flush & Rules iptables -F iptables -A OUTPUT ! -o lo -m owner --uid-owner vpn -j DROP apt-get install iptables-persistent -y nano /etc/openvpn/iptables.sh Change INTERFACE, VPNUSER, LOCALIP and NETIF Script: #! /bin/bash export INTERFACE="tun0" export VPNUSER="vpn" export LOCALIP="192.168.1.130" export NETIF="eth0" # flushes all the iptables rules, if you have other rules to use then add them into the script iptables -F -t nat iptables -F -t mangle iptables -F -t filter # mark packets from $VPNUSER iptables -t mangle -A OUTPUT -j CONNMARK --restore-mark iptables -t mangle -A OUTPUT ! --dest $LOCALIP -m owner --uid-owner $VPNUSER -j MARK --set-mark 0x1 iptables -t mangle -A OUTPUT --dest $LOCALIP -p udp --dport 53 -m owner --uid-owner $VPNUSER -j MARK --set-mark 0x1 iptables -t mangle -A OUTPUT --dest $LOCALIP -p tcp --dport 53 -m owner --uid-owner $VPNUSER -j MARK --set-mark 0x1 iptables -t mangle -A OUTPUT ! --src $LOCALIP -j MARK --set-mark 0x1 iptables -t mangle -A OUTPUT -j CONNMARK --save-mark # allow responses iptables -A INPUT -i $INTERFACE -m conntrack --ctstate ESTABLISHED -j ACCEPT # block everything incoming on $INTERFACE to prevent accidental exposing of ports iptables -A INPUT -i $INTERFACE -j REJECT # let $VPNUSER access lo and $INTERFACE iptables -A OUTPUT -o lo -m owner --uid-owner $VPNUSER -j ACCEPT iptables -A OUTPUT -o $INTERFACE -m owner --uid-owner $VPNUSER -j ACCEPT # all packets on $INTERFACE needs to be masqueraded iptables -t nat -A POSTROUTING -o $INTERFACE -j MASQUERADE # reject connections from predator IP going over $NETIF iptables -A OUTPUT ! --src $LOCALIP -o $NETIF -j REJECT # Start routing script /etc/openvpn/routing.sh exit 0 chmod +x /etc/openvpn/iptables.sh nano /etc/openvpn/routing.sh Change ifconfig to ip if your OS dont support ifconfig anymore or install it. apt install net-tools Change VPNIG and VPNUSER if needed Script: #! /bin/bash VPNIF="tun0" VPNUSER="vpn" GATEWAYIP=`ifconfig $VPNIF | egrep -o '([0-9]{1,3}\.){3}[0-9]{1,3}' | egrep -v '255|(127\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})' | tail -n1` if [[ `ip rule list | grep -c 0x1` == 0 ]]; then ip rule add from all fwmark 0x1 lookup $VPNUSER fi ip route replace default via $GATEWAYIP table $VPNUSER ip route append default via 127.0.0.1 dev lo table $VPNUSER ip route flush cache # run update-resolv-conf script to set VPN DNS /etc/openvpn/update-resolv-conf exit 0 chmod +x /etc/openvpn/routing.sh nano /etc/iproute2/rt_tables Add 200 vpn Edit vpn filter nano /etc/sysctl.d/9999-vpn.conf Add: Replace XXXXXX with your eth/wireless interface net.ipv4.conf.all.rp_filter = 2 net.ipv4.conf.default.rp_filter = 2 net.ipv4.conf.XXXXXX.rp_filter = 2 net.ipv6.conf.all.rp_filter = 2 net.ipv6.conf.default.rp_filter = 2 net.ipv6.conf.XXXXXX.rp_filter = 2 Apply Rules and show status sysctl --system service openvpn status Test it IP: sudo -u vpn -i -- curl ipinfo.io DNS: sudo -u vpn -i -- cat /etc/resolv.conf Enjoy
-
Using Windows 10 here. I'm trying to use VPN over Tor, but it's not working! My exit IP is the Tor one and i don't know what to do, since i already followed this: https://airvpn.org/tor/ I'm already with Tor marked in the connection mode, so i test and it says ok, and then i save it. I do this with the Tor Browser already open. I've also already read the "Tor Control Authentication" section of the link above and checked the Torrc file. And there is already the "ControlPort 9151" and the "CookieAuthentication1" writted. In the article above, it also says that i should run from a terminal some kind of code, but it looks like something for Linux distributions. What should I do?
-
I recently bought an Asus router RT-AC68U to flash Tomato firmware as AirVPN offers a config generation for this. I had a few issues with that and noticed that Asus supports OpenVPN from scratch. I've tried it and it works flawless, no tomato is needed. Difficulty: Very low Time: 2 Minutes Prerequisite: - Asus Router (in my case it's a RT-AC68U but it should work for all asus routers that have OpenVPN support) Steps: 1. Browse to https://airvpn.org/generator/ and select 'Router or others' and choose a server you like. Tick on 'Direct, protocol UDP, port 443' and click on 'Generate'. Save this openvpn config file anywhere on your computer. 2. Open the asus router webinterface and click on 'VPN'. Click on 'Add profile', choose OpenVPN. Enter a description, leave username and password EMPTY. Click on 'Browse' and select the downloaded openvpn config file. Click on upload. Click on OK. That's it now you can click on connect. 3. Visit https://ipleak.net and check if it works. By default I have no dns leak. But in case you have you can setup the AirVPN DNS this way: 3b. Click on WAN tab. Turn DNS server off and enter either google's DNS 8.8.8.8 or AirVPN's DNS 10.4.0.1 or both as in the screenshot. That's it. Every client which is connected to the router now is secured by VPN.
-
Hi all, I've build a pfsense router myself because I found that speeds were dramatically dropping through my Linksys router (EA6500) or through my client. By building my own router I had more control over the hardware and firmware. I have a 200 Mb/s - 10 Mb/s ISP connection. My router build as follows: Shutlle DS61 V1.1 mini ITX barebone / socket 1155 / 2 x Gbit LAN2 x 4 GB SO DDR3 Kingston HyperXIntel XEON E3-1230 V2 3.10 GHz (has no graphic chip)Kingston 60 GB SSDIn order to get graphics (which I'll need for installation, since the mini ITX motherboard doesn't support an extra graphics card) I bought an old Celeron 2.70 GHz with graphic chip. Now pfsense is installed, I will be using the Celeron for a while in case something goes wrong in pfsense settings and I'll be needing graphics again. So after I'm done with installing packages, setting up everything, I will replace it with the XEON. Speedtest with the Celeron while connected to VPN I think that is pretty impressive since I had around 60 Mb/s - 9.5 Mb/s before I had this router. If you forget about the XEON and keep the Celeron (for 24/7 use, I'll take the XEON also because of it's 'AES NI' instruction within the chipset) it will cost you about 500 dollars or about 370 euro's. The XEON included adds an extra 250 dollars or 195 euro's. This is a better investment than buying any other consumer router with a 600 MHz Broadcom processor. This is a kick ass router! For a proper installation of pfsense I can recommend this video: (good packages: squid, havp, snort (get a paid oinkcode for 27 dollars/year, otherwise you'll have a 10 days delay in updates)) SET UP AIRVPN IN PFSENSE Configure an airvpn *.ovpn file (use a region, airvpn will connect to the best server automatically)From the pfSense interface, navigate to the dropdown menus: System ---> Cert Manager and stay in the first tab.Click the button as seen here to create a new certificate. Give it a description like: cert airvpn. Ensure that "Import an existing certificate authority" is selected. Open the *.ovpn file and copy/paste the first certificate (starting with: -----BEGIN CERTIFICATE----- and ending with: -----END CERTIFICATE-----) into the 1st fieldClick save (leave the orher field empty)Click on the tab Certificates and click on the plus button as seen here Give it a description like: certificate airvpn. Ensure that "Import an existing certificate authority" is selected.Open the *.ovpn file and copy/paste the second certificate (starting with: ---- CERTIFICATE:----- and ending with: -----END CERTIFICATE-----) into the 1st fieldSo in the file it looks like this: -----END CERTIFICATE----- (end of the first certificate we've just imported) </ca> <cert> Certificate: The second copy/paste should start at: Certificate: copy/paste the third certificate (starting with: -----BEGIN CERTIFICATE----- and ending with: -----END CERTIFICATE-----) into the 3d fieldClick saveNavigate to the system dropdown menus: VPN ---> OpenVPNClick the Client tab and click on the Plus buttonFollow below settings in the pictures where: 1. serverhost or host adres can be found in the *.ovpn file ending with probably airvpn.org, 2.The serverport can be found in the top of the *ovpn file as well. Navigate to the system dropdown menus Interfaces ----> (assign) and click on the Plus button -Note in the previous screenshot you will notice a StrongVPN interface. you will NOT have that on your box yet, so dont worry. After clicking on the plus button pfSense will tell you it has successfully added a new interface. the network port name will most likley be named "ovpnc1". Ensure that the new interface is selected as "ovpnc1" (it could be ovpnc2, ovpnc3, etc... depends if you have other ovpn interfaces or not)navigate to the system dropdown menus Interfaces ---> OPT1 (or whatever your new interface from the previous step is) and follow steps in below picture Click saveNavigate to the system dropdown menus System ---> Routing and click on the Plus button Follow the settings in the picture below -Note 1: The ip seen in the picture 208.67.222.222 is the ip of OpenDNS -Note 2: By selecting "Default Gateway", the connection to the internet drops if the VPN connection drops. You'll have to set the WAN as default manually in the case if you need an internet connection. navigate to the system dropdown menus Firewall ---> Rules and click on the LAN tabClick on the Plus button to create a new ruleFollow instructions in the picture below Action: PASS -- Interface: LAN Protocol: ANY Source: LAN Subnet Destination: ANY -- Description: LAN to Internet force through VPN **IMPORTANT**: scroll down to "Gateway" under the "Advanced features" of the rule. Set gateway to your VPN interface (see above picture). After Clicking save, you should see something like this navigate to the system dropdown menus Firewall ---> NAT and click on the Outbound tabenable "Manual Outbound NAT rule generation" and select save. Reboot the router and you're done... If you want to/need to start manually, go to Status -----> Services and click on the Play button next to the VPN interface status. Check Status ------> Dashboard for connections as seen in the picture below (in the WAN section you'll see your ISP's IP, which is connection you're coming from to Airvpn (Note from AirVPN: We inevitably know it. Any reference will be deleted when the connection is closed). Don't worry, you're visible with a different IP on the internet. The reason I choose a XEON is the 10% watt reduction and the AES NI instructions in the chip (AirVPN is 256 bit AES encrypted). This will lower my CPU usage and speed up the process. Below you find a picture with system loads while having 10 torrents running and downloading a large file at full speed from usenet (ssl encrypted)... See the CPU usage on the Celeron. That will change I think with a XEON. Good luck and don't forget to install Snort, HAVP and Squit on your pfsense. Good guides out there on Google... knicker
-
Hi all, In the case of DNS leakage, within pfsense there's good way to prevent that from happening. In this case you don't need to tweak all your Windows machines ;-) In pfsense navigate to Systems ------> General Setup and set everything as in the below picture. Use the DNS servers from AirVPN. Note that with my settings (also described here and here), your internet will drop in case your vpn connection drops. Then you need to set the wan back to default manually. That's it. No more dns leakage! (I had 6 and 2 from my isp)... knicker