Data Encryption- AES-256 Data Authentication- SHA-256 Handshake- RSA-4096
Have VPN Kill Switch, DNS, & IPv6 leak protection enabled.
Working like a charm, no noticeable effect on speed. Web pages maybe taking a fraction of a second longer to load. Fair trade off for the added security. I'm happy with it.
Working perfect for me too. I am using the exact same options as Fibonacci.
The average CPU time used by the new client on my 3.2 Ghz Quad core CPU is 0.67% at full speed of transfer. For the security this provides, that is quite impressive.
For the future, I would like to see a build of this with additional DNS options. Since DNS requests are processed on the VPN side of things, it largely does not matter if it is encrypted, but if it is not already using something comparable to DNSCurve, that would be a very nice addition. (If I understand how it works, the DNS requests are tunneled through and then sent to be resolved unencrypted from the VPN side. Please clarify if I am mistaken.)
It would also in some situations be useful to be able to set what DNS servers are used rather than let the client decide. Not everyone has much respect for Google and Level 3.
I'm still seeing down speeds ~1/2 what they should be - currently on the Toronto gateway - and the connection is also fluctuating wildly - a few mins at ~2.5 (when it should be ~5) and then down to almost nothing, then building back up, dropping back down. When the speed drops, upload speed also drops.
I was just about to post this and noticed the same thing I'm getting this. Is it a bug?
Not sure, but then I'm no expert. Perhaps, they don't want us accessing the higher encrypted tunnels without the application. I've tried a variety of things, including snooping for different gateway IPs with the app loaded. All attempts end with error log: Authenticate/Decrypt packet error: cipher final failed
The reason it doesn't work yet with direct OpenVPN configurations is that we haven't been told all details. Alternative port numbers are used because SSL certificates can't be properly multiplexed on a single port.
@OmniNegro: Assigning the same DNS servers to all clients actually increases anonymity, because you can't be singled out as easily as if everyone were using different servers. I vote that users who feel the need for other DNS settings continue to change them manually.
I did ask about modifying the .ovpn files towards the start of the thread, but it was the only part of my post not answered. Surely if the servers are accepting connections it'll be possible to simply amend the files to incorporate the required changes, until a GUI comes along for *nix?
Support, can you please let us know the config for this? I'd imagine it's only a matter of editing the files to enter a new set of ports, and a few simple changes to the config to set this up. An easy matter for any *nix user. Thanks.
Just making my report. So far it's working pretty great. I haven't really noticed any slow down at all, even with the highest encryption settings.
The only problem I've run into so far, and I've had the same issue on occasion with the release version, it that once in a while the tray icon will show red/disconnected when I'm actually connected. Sometimes I can get it straight by selecting Connect, sometimes that option isn't available. Sometimes I have to exit the client and restart it to get it working right again. But, as I said, I had that happen a few times before I installed the Beta, so, overall, I say: Well done!
I'm having the speed fluctuations (full speed, then down to nothing for long periods, then spikes of speed, then back to nothing), regardless of the gateway I select. I do not experience the same fluctuations when not connected to the VPN. Only using std encryption & only port forwarding.
I'm having the speed fluctuations (full speed, then down to nothing for long periods, then spikes of speed, then back to nothing), regardless of the gateway I select. I do not experience the same fluctuations when not connected to the VPN. Only using std encryption & only port forwarding.
Exactly. In all configurations. Currently, it seems fine.
Definitely, absolutely *something* with the VPN connection. No idea what.
Will try uninstalling & re-installing the client .....
============
Tried just re-installing the TAP, no difference
Uninstalled the new, re-installed the old, slightly better, but still WAY slow.
I get 6.0MB/s down and 600 KB/s up - with either client, the BEST I'm getting is 1/10TH of that!!! Something is wrong, and it ain't just in Denmark ....
Even tried turning Port forwarding off, still no change.
This is ridiculous. If a solution isn't found soon. I'll cut my losses and go with Boehlr.
==================
k, ran DiffProbe while all traffic was STOPPED - this is on the Texas server -
DiffProbe release. January 2012. Build 1008.
Shaper Detection Module.
Connected to server 4.71.251.149.
Estimating capacity:
Upstream: 14728 Kbps.
Downstream: greater than 200 Mbps.
The measurement will take upto 2.5 minutes. Please wait.
Checking for traffic shapers:
Upstream: Measurement aborted due to high packet loss rate.
Downstream: Measurement aborted due to high packet loss rate.
That initial assessment was clearly premature. Something is whacked here .....
If the system is lower power try changing the openvpn process priority to high. Good idea is to make a ticket at support. They are really good at helping.
The warnings mean that the server has different settings than the client. I'm not sure, but I think I remember my OpenVPN to fall back to the server specified settings for the connection. If you see a log line that confirms the crypto settings you have selected, everything should be fine.
Comments
Data Encryption- AES-256
Data Authentication- SHA-256
Handshake- RSA-4096
Have VPN Kill Switch, DNS, & IPv6 leak protection enabled.
Working like a charm, no noticeable effect on speed. Web pages maybe taking a fraction of a second longer to load. Fair trade off for the added security. I'm happy with it.
The average CPU time used by the new client on my 3.2 Ghz Quad core CPU is 0.67% at full speed of transfer. For the security this provides, that is quite impressive.
(If I understand how it works, the DNS requests are tunneled through and then sent to be resolved unencrypted from the VPN side. Please clarify if I am mistaken.)
It would also in some situations be useful to be able to set what DNS servers are used rather than let the client decide. Not everyone has much respect for Google and Level 3.
@OmniNegro: Assigning the same DNS servers to all clients actually increases anonymity, because you can't be singled out as easily as if everyone were using different servers. I vote that users who feel the need for other DNS settings continue to change them manually.
Support, can you please let us know the config for this? I'd imagine it's only a matter of editing the files to enter a new set of ports, and a few simple changes to the config to set this up. An easy matter for any *nix user. Thanks.
The only problem I've run into so far, and I've had the same issue on occasion with the release version, it that once in a while the tray icon will show red/disconnected when I'm actually connected. Sometimes I can get it straight by selecting Connect, sometimes that option isn't available. Sometimes I have to exit the client and restart it to get it working right again. But, as I said, I had that happen a few times before I installed the Beta, so, overall, I say: Well done!
Good idea is to make a ticket at support. They are really good at helping.
surely if port was dependent on the encryption settings we choose PIA would have the app connect to the correct port.