mirmir please help! Insorg pfsense has me licked

Discussion in 'privacy technology' started by fjear, Sep 3, 2014.

  1. fjear

    fjear Registered Member

    Joined:
    Aug 2, 2014
    Posts:
    17
    Hi!

    Today is day 9 of implementing your advanced privacy tutorial; so far so good! It's taken a while as I've restarted the whole process 3 times (first step hdderase on the SSD =\) fixing mistakes along the way, to ensure the uttermost privacy is enabled as per your tutorials.

    I am currently in the process of chaining VPNS.

    I was able to configure iVPN with pfsense but am currently experiencing issues with INSORG (they don't seem to supply much in the way of tutorials)

    Firstly for some reason, the config files point to TCP. I have not been having any luck configuring for UDP (or TCP for that matter)

    Secondly, pfsense only has BF-CBC 128k listed under "encryption algorithms", where as INSORG uses BF-CBC 256k?

    My current Insorg OpenVPN setup via pfsense:

    Code:
    Server mode: Peer to Peer (SSL/TLS)
    Protocol: UDP
    Device mode: tun
    Interface: WAN
    
    Server Host: VPN IP
    Server Port: 5277
    
    Server host name resolution: Unchecked - Infinitely resolve server
    
    TLS Authentication: Check - enable authentication of TLS packets and paste ta.key here
    
    Peer Certificate Authority: Insorg
    Client Certificate: Insorg (CA: Insorg) *In Use
    Encryption algorithim - BF-CBC (128-bit)
    Hardware Crypto: No Hardware crypto accelleration
    
    Compression: Check - Compress tunnel packets using LZO algorithim
    
    Advanced:
    
    verb5; auth-nocache; auth-user-pass /root/user_pass.txt; persist-key; persist-tun; redirect-gateway def1; ns-cert-type server
    
    The system log for OpenVPN reads:
    
    Sep 4 02:52:31   openvpn[91643]: ifconfig_pool_persist_refresh_freq = 600
    Sep 4 02:52:31   openvpn[91643]: ifconfig_ipv6_pool_defined = DISABLED
    Sep 4 02:52:31   openvpn[91643]: ifconfig_ipv6_pool_base = ::
    Sep 4 02:52:31   openvpn[91643]: ifconfig_ipv6_pool_netbits = 0
    Sep 4 02:52:31   openvpn[91643]: n_bcast_buf = 256
    Sep 4 02:52:31   openvpn[91643]: tcp_queue_limit = 64
    Sep 4 02:52:31   openvpn[91643]: real_hash_size = 256
    Sep 4 02:52:31   openvpn[91643]: virtual_hash_size = 256
    Sep 4 02:52:31   openvpn[91643]: client_connect_script = '[UNDEF]'
    Sep 4 02:52:31   openvpn[91643]: learn_address_script = '[UNDEF]'
    Sep 4 02:52:31   openvpn[91643]: client_disconnect_script = '[UNDEF]'
    Sep 4 02:52:31   openvpn[91643]: client_config_dir = '[UNDEF]'
    Sep 4 02:52:31   openvpn[91643]: ccd_exclusive = DISABLED
    Sep 4 02:52:31   openvpn[91643]: tmp_dir = '/tmp'
    Sep 4 02:52:31   openvpn[91643]: push_ifconfig_defined = DISABLED
    Sep 4 02:52:31   openvpn[91643]: push_ifconfig_local = 0.0.0.0
    Sep 4 02:52:31   openvpn[91643]: push_ifconfig_remote_netmask = 0.0.0.0
    Sep 4 02:52:31   openvpn[91643]: push_ifconfig_ipv6_defined = DISABLED
    Sep 4 02:52:31   openvpn[91643]: push_ifconfig_ipv6_local = ::/0
    Sep 4 02:52:31   openvpn[91643]: push_ifconfig_ipv6_remote = ::
    Sep 4 02:52:31   openvpn[91643]: enable_c2c = DISABLED
    Sep 4 02:52:31   openvpn[91643]: duplicate_cn = DISABLED
    Sep 4 02:52:31   openvpn[91643]: cf_max = 0
    Sep 4 02:52:31   openvpn[91643]: cf_per = 0
    Sep 4 02:52:31   openvpn[91643]: max_clients = 1024
    Sep 4 02:52:31   openvpn[91643]: max_routes_per_client = 256
    Sep 4 02:52:31   openvpn[91643]: auth_user_pass_verify_script = '[UNDEF]'
    Sep 4 02:52:31   openvpn[91643]: auth_user_pass_verify_script_via_file = DISABLED
    Sep 4 02:52:31   openvpn[91643]: port_share_host = '[UNDEF]'
    Sep 4 02:52:31   openvpn[91643]: port_share_port = 0
    Sep 4 02:52:31   openvpn[91643]: client = ENABLED
    Sep 4 02:52:31   openvpn[91643]: pull = ENABLED
    Sep 4 02:52:31   openvpn[91643]: auth_user_pass_file = '/root/user_pass.txt'
    Sep 4 02:52:31   openvpn[91643]: OpenVPN 2.3.3 amd64-portbld-freebsd8.3 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on Aug 15 2014
    Sep 4 02:52:31   openvpn[91643]: MANAGEMENT: unix domain socket listening on /var/etc/openvpn/client1.sock
    Sep 4 02:52:31   openvpn[91643]: WARNING: file '/root/user_pass.txt' is group or others accessible
    Sep 4 02:52:31   openvpn[91643]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Sep 4 02:52:31   openvpn[91643]: Control Channel Authentication: using '/var/etc/openvpn/client1.tls-auth' as a OpenVPN static key file
    Sep 4 02:52:31   openvpn[91643]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
    Sep 4 02:52:31   openvpn[91643]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
    Sep 4 02:52:31   openvpn[91643]: LZO compression initialized
    Sep 4 02:52:31   openvpn[91643]: Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
    Sep 4 02:52:31   openvpn[91643]: Socket Buffers: R=[42080->65536] S=[57344->65536]
    Sep 4 02:52:31   openvpn[91643]: Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
    Sep 4 02:52:31   openvpn[91643]: Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
    Sep 4 02:52:31   openvpn[91643]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
    Sep 4 02:52:31   openvpn[91643]: Local Options hash (VER=V4): '504e774e'
    Sep 4 02:52:31   openvpn[91643]: Expected Remote Options hash (VER=V4): '14168603'
    Sep 4 02:52:31   openvpn[91656]: UDPv4 link local (bound): [AF_INET]
    Sep 4 02:52:31   openvpn[91656]: UDPv4 link remote: [AF_INET]
    
    Spent over 24 hours on this now =\ any help would be greatly appreciated.

    Also following your guide, it states to save user-pass file via diagnostics>edit file and save it in /var/etc/openvpn/. When I try to save it here, every time I close the web gui or restart pfsense it dissapears? I have read through other VPN pfsense tutorials and saved it as /root/user_pass.txt alternatively /usr/local/share/user-pass. Does it matter which location from a security perspective? If so, can you please advise which is preferred or alternatively how to permanently save it in /var/etc/openvpn as per your guide.

    Look forward to hearing from you!
     
    Last edited: Sep 3, 2014
  2. fjear

    fjear Registered Member

    Joined:
    Aug 2, 2014
    Posts:
    17
    so I was able to get TCP working by simply adding "keysize 256" in the advanced configuration "verb 5; auth-user-pass /root/user_pass.txt; ns-cert-type-server; keysize 256" :(

    although now still unable to get UDP to work?
     
  3. fjear

    fjear Registered Member

    Joined:
    Aug 2, 2014
    Posts:
    17
    I seem to have narrowed it down to the below from system logs: openvpn, I am having the same issue setting up Bolehvpn UDP

    Any ideas?

    Sep 4 06:02:57 openvpn[8468]: Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-128-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'

    Sep 4 06:02:57 openvpn[8468]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-128-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
     
  4. fjear

    fjear Registered Member

    Joined:
    Aug 2, 2014
    Posts:
    17
    okay so I managed to get boleh UDP working by unchecking "infinitely resolve server" and checking "compress tunnel packets using the LZO algorithim" followed by these settings in advanced configuration: "verb 5; ns-cert-type server; route-delay 10; resolv-retry 10"

    any ideas about INSORG UDP?
     
  5. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    Sorry about the "/var/etc/openvpn/user-pass" problem. The latest pfSense versions clean "unauthorized" stuff from there. I use "/usr/local/share/user-pass" now. I need to update the guide :oops:

    Insorg only seems to work in TCP mode. Also, you may need to test various combinations of VPN server and port/route, depending on what IP address (previous VPN exit) you're coming from. Anyway, here are settings that work for me:
    Code:
    Server mode: Peer to Peer (SSL/TLS)
    Protocol: TCP
    Device mode: tun
    Interface: WAN
    
    Server Host: desired server (each provides all routes)
    Server Port: desired port (port determines route, same for all servers)
    
    Server host name resolution: Checked [Infinitely resolve server]
    
    TLS Authentication: Checked [use "ta.key"]
    
    Peer Certificate Authority: ca [use "ca.crt" in Certificate Authority Manager]
    Client Certificate: client [use "client.crt" and "client.key" in Certificate Manager]
    Encryption algorithim: BF-CBC (128-bit)
    Hardware Crypto: No Hardware crypto accelleration
    
    Compression: Checked [Compress tunnel packets using LZO algorithim]
    
    Advanced: ns-cert-type server;persist-key;persist-tun;keysize 256;redirect-gateway def1;auth-user-pass /usr/local/share/user-pass;verb5
    BolehVPN issues user-specific client.crt certicicates, which I refer to as "username.crt" (with its "username.key"). But there's no need for a user-pass file. Anyway, these settings work for me:
    Code:
    Server mode: Peer to Peer (SSL/TLS)
    Protocol: UDP
    Device mode: tun
    Interface: WAN
    
    Server Host: desired server
    Server Port: 443 [typically]
    
    Server host name resolution: Checked [Infinitely resolve server]
    
    TLS Authentication: Checked [use "ta.key"]
    
    Peer Certificate Authority: ca [use "ca.crt" in Certificate Authority Manager]
    Client Certificate: client [use "username.crt" and "username.key" in Certificate Manager]
    Encryption algorithim: AES-128-CBC (128-bit)
    Hardware Crypto: No Hardware crypto accelleration
    
    Compression: Checked [Compress tunnel packets using LZO algorithim]
    
    Advanced: redirect-gateway def1;persist-key;keepalive 3 10;ns-cert-type server;verb5
    These configurations work, but I don't claim that they're optimal. If you find tweaks that work better, please share.
     
  6. fjear

    fjear Registered Member

    Joined:
    Aug 2, 2014
    Posts:
    17
    thanks for the update! great help :thumb:

    I read on the airvpn forums about installing pfsense directly on the host (3 NIC) which results in an exponential increase in speed (as opposed to using openVPN)

    My setup is configured as per your guide. My host connects to a direct outer vpn via network manager openvpn (with vpnfirewall installed) However, due to certain circumstances, am unable to realise a tenth of my current ISP download speed.

    Can you please advise whether you think installing pfsense directly on the host will be beneficial in my case?

    Also, how would I go about connecting to my direct outer VPN via pfsense with my current configuration. That is, my host currently has adrelanos VPN firewall installed. How would I now setup a pfsense VM so my host can connect to my direct outer VPN once I load up pfsense VM (otherwise will have no network connectivity with vpnfirewall installed) as opposed to using network-manager openvpn?

    Thanks again!
     
  7. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    You can install pfSense on hardware. My perimeter router runs pfSense, but not as a VPN client.

    But you couldn't install pfSense on a VirtualBox host, because pfSense is an OS (based on FreeBSD). Perhaps you could run VirtualBox in pfSense, but that wouldn't help. pfSense uses an OpenVPN client just like Linux or Windows does. And I doubt that the pfSense version would be that much faster.

    Good VPN services should reach at least 50 Mbps using OpenVPN on the host machine. If you have 1000 Mbps from your ISP, it would be worth running pfSense on separate hardware. The key thing for that is using server-grade Intel gigabit network cards. Otherwise the CPU will be hosed.

    Unless you need to use the host without any VPN, just leave the direct outer VPN running on the host with adrelanos VPN firewall. If you need a machine with no VPN, just use a VM that's bridged to the host network adapter. It will show up on your LAN just like another physical machine, and will get an IP address from your router.

    If you do need to use the host without any VPN, just set up the direct outer VPN on another pfSense VM, and disable the host VPN setup and VPN firewall. Then point the second pfSense VM at the new pfSense VM, rather than NATing it to the host.
     
  8. fjear

    fjear Registered Member

    Joined:
    Aug 2, 2014
    Posts:
    17
    excuse my ignorance :(

    I have configured my host according to your high privacy guide, so my ISP will never have a record of my current host etc. I do not plan to use my host without any VPN.

    Just to clarify, I cannot run adrelanos vpnfirewall from my host to keep the host secure, bypass host network manager openvpn (usual way to connect to direct outer vpn) and instead load a pfsense vm that connects to my direct outer vpn, then somehow connect my host to that pfsense vpn which will then enable internet on my host? sorry if it sounds stupid :( only just picked this up, so trying to wrap my head around it

    I have accounts at all the main VPNS mentioned in these forums and can only get ~10-15 Mbps on a NL or DE server (as you advised for the outer direct vpn and I've tested them all including trying UDP/TCP/alternative UDP etc. ) which is currently affecting my speed down the VPN chain.

    Assuming there are no connectivity issues, and the VPN speed I am achieving is normal considering my circumstance, would you advise installing pfsense on the router to mitigate this issue? Can you also please advise whether the link below talks about installing pfsense on the router or simply installing pfsense on the host computer?

    https://airvpn.org/topic/11245-how-to-set-up-pfsense-21-for-airvpn/

    I am currently using the on board LAN NIC, do you think it would make much difference to purchase a quality Intel Pro Desktop NIC card or such in terms of helping achieve higher VPN speed?

    Thank you again for your time and effort. It is greatly appreciated :)
     
  9. fjear

    fjear Registered Member

    Joined:
    Aug 2, 2014
    Posts:
    17
    It just occurred to me using speedtest.net might not really be the most accurate way to assess download speed?

    You mentioned using LiveCD VMS to test speed along the VPN chain with speedtest.net. Based on my limited understanding, I have had to download chrome everytime in order to run speedtest.net as the firefox packaged with ubuntu doesn't come with flash out of the box.

    I am using speedtest.net on my host, but am getting extremely different readings on opposite ends of the spectrum only hours apart.

    Is there a way I can accurately assess download speed on my host, and through out the VPN chain?


    Thanks!
     
  10. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    I doubt very much that a pfSense VM will do substantially better than Network Manager with OpenVPN on the host. If you can't do better than 10-15 Mbps with any of the VPN services, and that's much below your native ISP speed, the onboard NIC could be at fault. Using a VPN requires more CPU, and low-end NICs offload that to the system CPU. It's rather like onboard graphics vs fast cards.

    Anyway, what brand is the onboard NIC? Unless it's Intel or Broadcom, I recommend trying a compatible Intel server NIC card. But be careful, old PCIe 1.0 NICs tend to not work in PCIe 2.0 or PCIe 3.0 slots, even if they fit. This seems to be a good one: http://www.newegg.com/Product/Product.aspx?Item=N82E16833106178. I can't seem to find the older one-port Intel® PRO/1000 PT Server Adapter.

    I doubt that using dedicated hardware running pfSense would do much better. If you were aiming for over 100 Mbps VPN traffic, maybe. Adding a dedicated crypto card would help too.

    The guide https://airvpn.org/topic/11245-how-to-set-up-pfsense-21-for-airvpn/ describes how to set up pfSense on dedicated hardware (not your host machine) to provide two LANs, one just straight Internet, and the other through AirVPN.

    For testing VPN speed, I have installed Flash (also guest additions) in LiveCD VMs. But a better long term solution is having a management VM for each pfSense VM. You can also use speedof.me, which uses HTML5 rather than Flash.

    In order to get reliable results from speedtest.net, I've found it best to try several different test servers and pick the one that gives the highest speed. And then use that test server consistently. Left to its own devices, speedtest.net picks a server "based on latency", but it often picks one with lousy bandwidth (maybe because it's getting hammered).
     
  11. fjear

    fjear Registered Member

    Joined:
    Aug 2, 2014
    Posts:
    17
    Almost a week later 12 and I realise I've done a 360 and am back at the same point :'(

    Due to the abonormally inconsistent speed tests with my onboard NIC, I fired up the browser and started hunting down forums for clues. First step was to upgrade the driver; however couldn't compile it successfully despite hours spent reading posts. For some reason I got it into my head to update the kernel to see if it would have updated drivers. Later on stumbled upon a post stating that particular driver won't compile on kernel 2.6+ :(So next decided to upgrade the kernel hoping that will fix the driver issue. Genius that I am, decided be a good idea to remove the old kernels (not knowing at the time it boots the last installed kernel) which resulted in missing grub and a boot into memtest. That took a good 24 hours of research, from re-installing grub to command line grub to booting LiveCD and chroot update fix packages etc. etc. but nothing worked so ended up reformatting and starting from scratch (have been using 14.04)

    Next decided to flash the bios, which didn't really help still same issue. Then read somewhere someone had luck downloading this dos utility that simply checks the driver and runs a test. They mentioned everytime they experienced latency issues they ran that in dos and boom a magic fix. Funnily enough that actually worked, but due to the fact I was up to the stage where I needed to test 50+ combinations of servers over 4 chains with the right countries to get a proper secure setup happening, I kept looking for an answer. This resulted in an openvpn investigation, specifically had my sights on network-manager and decided to install that to the latest release. Don't ask me how but somehow broke that, to the point where apt-get purge ---remove network-manager, network-manager-gnome etc. and then (because of the high privacy setup) decided to try re-install it all but of course that meant usb from one comp to the host. That was a fun 30 hours, not realising I had updated to Trusty Update, I was downloading packages for Trusty and sapping my head with the dependencies not me, then downloading individual ones etc. etc. you get the point :confused: There was a correct combination and I refused to give in until I had fixed it, however I somehow got carried so decided was time to reinstall.

    So then decided it was time to buy a trusty INTEL network adapter. Got it home, tried to upgrade the drivers and somehow some fiddling around caused an issue with rmmod and modprobe so it wouldn't install without an error (which was strange because the first time i compiled it it worked fine) however after the initial modprobe worked fine, I noticed i skipped the part where you're suppose to rmmod first before modprobe. So of course i rmmod then modprobe then error. uninstall re-install and error. countless hours on forums and error, boot into liveCD etc. etc. no go. So again another format and re-install as I believed the driver was the key (I blame it on the failure to update the onboard NIC and in turn receive an answer as to whether that was the issue) Tried researching into reinstall on a LUKS like resetting system settings, but apparently not supported in 14.04. Back to the forums and research but didn't find much so back to square 1 with a format and this time opted back to 12.04 as per your guide.

    Anyone bored enough to read this, if you plan on implementing mirimirs guide at any stage, STICK with 12.04! 14.04 trusty had so many bugs/issues, was ridiculous. Whilst re-installing decided to boot up into liveCD and try update the up drivers, of course it worked fine. After reinstall of 12.04 achieved fast download speed (as been noticing after re-installs) only to find later that evening, running vms etc. would drop to ~5Mbps. Tested on both NIC and the same thing. Sometime before tried to get openvpn to output a log file but no success. Opened up /var/log/syslog as per usual decided the issue must be the countless VPNfirewall messages dropping packets from local host to gateway etc. but unfortunately my networking knowledge is extremely limited.

    So decided to open vpnfirewall script and noticed the default local host set to 192.** where as my ip is 10.** so decided to fiddle around and put in my ip etc. but that lead to openvpn dying so yeah. Decided had enough fun, found with linux the more you research, the less you know it just doesn't stop.

    However, without a stable vpn download I can't accurately assess vpn latency and with 4 different VPN providers and countless servers to test before deciding on an optimum setup, have now thrown in the towel:thumbd:

    On the plus side, from all the mistakes I've made, I've managed to learn a bit. The downside, Its taken nearly 2 weeks o_O Anyway thanks again to mirimir for all his help and good luck to all those taking the leap!
     
  12. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    Wow :(

    We've all been there, I think, jumping from one problem to the next, digging ourselves deeper. I have, anyway :( And indeed, it can indeed be a learning experience ;)

    I've played a little with Ubuntu 14.04, and I am not at all impressed. It's even more resource-heavy than 12.04, and it doesn't support dm-crypt/LUKS (no alternate install disk). At this point, I would recommend Debian 7.6 x64 as the host OS.

    To configure adrelanos' VPN-Firewall, follow the instructions at https://www.whonix.org/wiki/VPN-Firewall . You edit this part of /usr/bin/vpnfirewall:
    Code:
    ## IP address of the VPN server.
    ## Get the IP using: nslookup vpn-example-server.org
    ## Example: seattle.vpn.riseup.net
    ## Some providers provide multiple VPN servers.
    ## You can enter multiple IP addresses, separated by spaces
    VPN_SERVERS="198.252.153.26"
    ## For OpenVPN.
    VPN_INTERFACE=tun0
    ## Destinations you don not want routed through the VPN.
    LOCAL_NET="192.168.1.0/24 192.168.0.0/24 127.0.0.0/8"
    
    In "VPN_SERVERS" you specify the IP addresses of the VPN servers that you'll be connecting to. For Insorg, the "VPN_SERVERS" line should be (with spaces between multiple IPs):
    Code:
    VPN_SERVERS="46.19.141.106 82.103.130.249 94.75.232.197 212.117.170.192"
    
    "VPN_INTERFACE" should always be "tun0" (because the servers aren't set up to use tap interfaces). For "LOCAL_NET", you specify localhost ("127.0.0.0/8") plus your LAN address range. To determine that, run "ifconfig" in terminal. If eth0 (the LAN address) is 192.168.x.y, you would use "192.168.x.0/24". Given that, the "LOCAL_NET" line should be (replacing "x" with the appropriate number):
    Code:
    LOCAL_NET="192.168.x.0/24 127.0.0.0/8"
    
    In the "ifconfig" output, the tun0 (VPN tunnel) address is probably 10.a.b.c. You don't need to do anything with that.

    Also, for the VPN in Network Manager, "IPv4 Settings" should generally be "Automatic (VPN)". However, if you're having problems with DNS resolution (can ping IPs, but not resolve hosts) you can change that to "Automatic (VPN) addresses only" and specify the DNS server to use. Unfortunately, getting the proper DNS server from the VPN connection log is impossible in Network Manager, even with the tweak from section "Viewing Network Manager OpenVPN Logs" in https://www.ivpn.net/privacy-guides/advanced-privacy-and-anonymity-part-4 . As a stopgap for testing, you can use one of the DNS servers from https://www.wikileaks.org/wiki/Alternative_DNS .

    If your VPN speeds are decreasing after a few hours, it may be enough to just reconnect. However, it's also possible that your ISP is capping VPN bandwidth. In that case, you could switch to a VPN service that provides obfuscated connections, such as AirVPN (SSH and SSL) or iVPN (obfsproxy).
     
  13. fjear

    fjear Registered Member

    Joined:
    Aug 2, 2014
    Posts:
    17
    I was having so much fun banging my head against the wall, as you said jumping from one problem to another. I should have simply asked, you solved an issue I spent 10 days on in a second :(

    As soon as I updated the firewall script to include the correct IP parameters you mentioned everything stablised and DL speed is now consistent :thumb:

    With regards to Ubuntu, my host is currently 12.04 as per your guide. Do you recommend switching to Debian 7.8x64or is Ubuntu 12.04 okay?

    I haven't dabbled with linux for a long time and am enjoying the switch, so this will be my permanent setup

    Thanks!
     
    Last edited: Sep 11, 2014
  14. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    Very cool :thumb:

    OpenVPN, once you clear obstacles, is a very resilient protocol.
    Ubuntu 12.04 is nearing end of lifetime, so it's not a viable long-term solution. I'm fairly happy with Debian 7.6 so far, but some of its GUI utilities are a little flaky. Maybe another Debian flavor would be better, and I'm open to suggestions.
    :thumb:
    De nada :)
     
Loading...