The warnings mean that the server has different settings than the client. I'm not sure, but I think I remember my OpenVPN to fall back to the server specified settings for the connection. If you see a log line that confirms the crypto settings you have selected, everything should be fine.
Not sure it says the warnings and then this so does it mean it is working?
Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
I like that i have the option to kill encryption if i just want to mask my IP in order to watch a game or something, and this minimizes the hit on bandwidth.
Now, i would like to know how i can disable encryption on a dd-wrt tunnel. On laptop i can play w/ encrytion all i want, and bw won't suffer, but on ddwrt is another thing. I would like to kill the encryption to see if i can have better speed overall.
for no encryption on a router use port 1195, select none for encryption cipher, and add "auth none" without quotes to the custom config.
on my Asus RT-N16 I can pull 1.3 megabytes per second using this method, certainly faster than the default blowfish + SHA1 configuration but not as fast as you might think it would be.
hmm... i'm getting errors with that configuration.
I have the following error logs:
--
20131001 20:47:03 W ******* WARNING *******: null cipher specified no encryption will be used 20131001 20:47:03 W ******* WARNING *******: null MAC specified no authentication will be used 20131001 20:47:03 W WARNING: normally if you use --mssfix and/or --fragment you should also set --tun-mtu 1500 (currently it is 1492) 20131001 20:47:03 I Attempting to establish TCP connection with [AF_INET]209.222.18.43:1195 [nonblock] 20131001 20:47:04 N TCP: connect to [AF_INET]209.222.18.43:1195 failed will try again in 5 seconds: Connection refused 20131001 20:47:10 N TCP: connect to [AF_INET]209.222.18.43:1195 failed will try again in 5 seconds: Connection refused 20131001 20:47:16 N TCP: connect to [AF_INET]209.222.18.43:1195 failed will try again in 5 seconds: Connection refused 20131001 20:47:22 NOTE: --mute triggered...
--
This configuration is intended to be TCP or UDP? When i try it on UDP, the vpn won't even start. When try on TCP i got what i just pasted.
It was active on that port with UDP, but stopped working for me on Sept. 19th. I guess that was around the time when the open beta started. Could be we just have to wait a bit longer.
From what I've been told by our sysadmin team, the unencrypted beta shouldn't be having any issues, but we've got some reports. I'll verify with them next time I see them, but UDP 1195 is the correct port options.
When will we get these new configs for OpenVPN clients like viscosity?
This. I'd start using these features, but I can't because I use Viscosity. Config files/instructions for third party clients, please please pleeeeease?
I like the encryption control idea a lot. My main interest is having the control directly on a router rather than a desktop app.
I'm running a Asus N16 with OpenVPN on Tomato but need a "no encryption" option on a DIR-615 I'm using with DD-WRT. The N16 and 615 are 2nd and 3rd routers, so the 615 isn't running off of the N16. The 615 is used only for my streamers, Dune D1, Boxee Box and Xbox360. I use it simply for getting around location restrictions so security isn't an issue.
The problem I'm having is that the 615 is only fast enough to maintain a solid connection with the us-east server. If I use other servers I end up with a buffering issue every few minutes. Since my current interest is in avoiding "blackout" restrictions I'd like to be able to use a midwest or overseas server but, as I said, buffering issues.
I run the DIR-615 with a PPTP connection. I see from above posts that it was working and now doesn't seem to be. Is there anyone running it with success with no encryption on a router? If not, is there a timeframe for this to be up and running? I'm guessing a no encryption option would solve at least some of my buffering issues.
عند تغيير اسم المستخدم وكلمة المرور هل تبقى اسم المستخدم وكلمة المرو القديمة مفعلة وشغالة ؟ ولماذا لم يتم ارسال اسم المستخدم وكلمة المرور الجديدة الى ايميلي
Ah, thanks anyway. Though if you can, please ask around for more information. Is there anything we, the community, can do to raise awareness for raw configs?
Oh wow! This is fabulous. I'm still using the pia recommended settings and all is working well. I trust you guys so much. This is an absolutely marvelous service. So glad I found you and look forward to being with you for many, many years to come. Great service, terrific people and a caring and personable company. Kudos to you all.
Comments
For comparison, this it what happens when I try to force the tunnel to use something unsupported:
on my Asus RT-N16 I can pull 1.3 megabytes per second using this method, certainly faster than the default blowfish + SHA1 configuration but not as fast as you might think it would be.
20131001 20:47:03 W ******* WARNING *******: null MAC specified no authentication will be used
20131001 20:47:03 W WARNING: normally if you use --mssfix and/or --fragment you should also set --tun-mtu 1500 (currently it is 1492)
20131001 20:47:03 I Attempting to establish TCP connection with [AF_INET]209.222.18.43:1195 [nonblock]
20131001 20:47:04 N TCP: connect to [AF_INET]209.222.18.43:1195 failed will try again in 5 seconds: Connection refused
20131001 20:47:10 N TCP: connect to [AF_INET]209.222.18.43:1195 failed will try again in 5 seconds: Connection refused
20131001 20:47:16 N TCP: connect to [AF_INET]209.222.18.43:1195 failed will try again in 5 seconds: Connection refused
20131001 20:47:22 NOTE: --mute triggered...
Windows 8.1 tomorrow.
Is there anything we, the community, can do to raise awareness for raw configs?