Jump to content

Search the Community

Showing results for tags 'vpn'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • The Lounge
    • General Stuff
    • Member Tutorials
    • TorGuard Reviews
  • TorGuard Software Releases
    • Network Status
    • TorGuard Client Releases
    • Android Client Releases
    • iOS App Releases
    • Chrome Extension Releases
    • Firefox Extension Releases
  • TorGuard VPN Support
    • VPN Questions and General Support
    • VPN Windows Support
    • VPN Mac Support
    • VPN Linux Support
    • VPN Router Support
    • iOS VPN Support
    • Android VPN Support
  • TorGuard Proxy Support
    • Proxy Questions and General Support
    • Firefox Extension Support
    • Chrome Extension Support

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...

Found 48 results

  1. yopparaiiii

    VPN Client setup via DDWRT Router

    I am having trouble setting up the vpn client using dd-wrt firmware router. I've followed this guide. It looks like I got a connection, but I don't have Internet access on any devices connected to the router. Router: Linksys E4200 DDwrt Firmware: K2.6 (30880) Setup: Connection: Log:
  2. My streaming IP was working fine till today. It completely cuts out my connection to the internet when I connect to it now. All other IP addresses on the service work fine including my Dedicated IP address. I have tried it in my iPad, iPhone and laptop computer (all the same). I have requested a new Streaming IP since I have paid for this service and it has stopped working. TorGuard support has been unable to help me, and has been ignoring my request. I have done all the steps they asked me to do and still the same. I will also contact my credit card company to request a refund for unmet services. If anybody else has similar issues with TorGuard, please let me know the outcome.
  3. Hi guys, I got the feeling I'm asking an already answered question, When I create a VPN connection, I get an IP address in the country I chose. When I do a Port Scan of that IP address (for example with nmap) I see allot of OPEN ports. >> nmap ***.***.***.*** Starting Nmap 7.70 ( https://nmap.org ) at 2019-**-** 16:37 WAT Nmap scan report for ***.***.***.*** Host is up (0.079s latency). Not shown: 979 closed ports PORT STATE SERVICE 22/tcp open ssh 25/tcp filtered smtp 53/tcp open domain 80/tcp open http 135/tcp filtered msrpc 139/tcp filtered netbios-ssn 389/tcp open ldap 443/tcp open https 445/tcp filtered microsoft-ds 465/tcp open smtps 993/tcp open imaps 995/tcp open pop3s 1198/tcp open cajo-discovery 1723/tcp open pptp 2000/tcp open cisco-sccp 4443/tcp open pharos 4444/tcp filtered krb524 4445/tcp filtered upnotifyp 5060/tcp open sip 7070/tcp open realserver 8443/tcp open https-alt Nmap done: 1 IP address (1 host up) scanned in 6.48 seconds note: some data is obfuscated with '*''s The thing is, I'm sure I do not have these ports open or such services running. QUESTION: Can somebody explain a bit what these ports are and how this kinda works. And in the case I have a service/port open how would I see it and am I 'safe'. Many thanks, and merry Xmas/newyear..
  4. TorGuard Overlords, With the allowance of 5 simultaneous logins per account, is there any scope to create a unique username/password for these logins? Having the ability to add sub-logins would allow family members/etc to be given VPN access which can easily be revoked at a later date should the need arise. Currently, requiring the primary account holder to do a password reset to achieve the same outcome is a nuisance and requires additional overhead that could be removed with this new feature. For your consideration eikcam
  5. For months, I have been having major issues with TorGuard VPN on my Samsung Galaxy Note 8. The issues include: Most of the time, it takes multiple attempts to connect. It will get stuck in Wait, I'll cancel and retry, it will get stuck in Wait again, and so on. Sometimes I kill the TorGuard app and relaunch it. It can take 10 or more tries before it connects. It gets stuck in Wait, and in Detecting, and in another status that I don't recall. I've tried different servers (Atlanta, Dallas), ports (Auto, Stealth, 389), ciphers (AES-128-CBC, AES-256-GCM, BF-CBC), and protocols (UDP, TCP). Once it's connected, it frequently disconnects. Sometimes it's momentary and auto-reconnects, which still results in me getting booted from my remote desktop session. Other times it's a permanent disconnect and I have to manually attempt to reconnect. These problems are very disruptive, and annoying. Thus far I've tried 2 other VPN services besides TorGuard, and neither one have the capabilities that I need. TorGuard is great, but I need it to work.
  6. Matt_H

    MLB.TV with Anonymous VPN

    Is anyone able to watch MLB.TV streaming games over Anonymous VPN this season? Any game I attempt to watch I get a regional blackout error. I attempted Chicago, Toronto, Turkey, and Iceland servers, all with the same results. I was able to watch games over Anonymous VPN last season.
  7. Dear Community, First you all know the drill by now - " The Intro " we would all have a better world if we remember to practice the concept that - NOW ! is the time for all of US ( A ) to GET UP & GET INVLOVED and act with SOUL POWER ! - lyrics to sing along : https://genius.com/James-brown-get-up-get-into-it-get-involved-lyrics plus https://genius.com/James-brown-soul-power-lyrics and video : https://www.youtube.com/watch?v=1pvIarW3xHg Bonus JB : https://www.youtube.com/watch?v=v8TvBPshngE Since version OPNsense 18.7 - you may install stubby and getdns on OPNsense by simply issuing command # pkg install getdns ( Special Thanks and Kudos to Franco and the marvelous OPNsense Development Team ) - Please disregard and do not use any guides and / or tutorials which pre-date this one which covers installation and configuration of DNS Privacy on OPNsense FireWall. This is an updated guide / tutorial which explains how to setup adding DNS-Over-TLS support for OPNsense. I run GetDns and Stubby forwarded to and integrated with Unbound. For those who wish to explore Stubby and GetDns - this method is the one recommended by DNSPRIVACY - see here : https://getdnsapi.net/ https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Daemon+-+Stubby https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Clients#DNSPrivacyClients-Unbound - please read this carefully - you will note that it indicates : Unbound As A DNS TLS Client Features:Unbound can be run as a local caching forwarder, configured to use SSL upstream, however it cannot yet authenticate upstreams, re-use TCP/TLS connections, be configured for Opportunistic mode or send several of the privacy related options (padding, ECS privacy) etc. Some users combine Unbound (as a caching proxy with other features such as DNS Blacklisting) and Stubby (as a fully featured TLS forwarder). I was asked by a still skeptical devotee of DOH " What makes this way better than just running the DNS-over-https-proxy ? My answer was : Read this and make your decisions and conclusions concerning DOH vs DOT . Here is the article below : https://www.netmeister.org/blog/doh-dot-dnssec.html Bottom Line Conclusion From Jan Schaumann - The Author of This Blog Entry : For that, my current preference is quite clearly DNS-over-TLS: I fear a bifurcation of DNS resolution by apps combined with the push for using public resolvers with DoH will lead to a more complex environment and threat model for many users. Short Synopsis of DOH: In other words , ( with DOH ) we gain the same protections as with DoT for our web applications, but leaves all other DNS traffic vulnerable. Subsequently, as a matter of fact and in practice with DNS OVER TLS ALL DNS traffic is invulnerable and protected.This is why I run DOT and eschew DOH on my OPNsense Router. Further, Personally, I run GETDNS STUBBY and UNBOUND as described here along with ( wait for it ) FireFox DOH along with Encrypted SNI - plus TLS v 1.3 in Stubby and naturally a properly configured and encrypted VPN - These are the reasons I choose to use GetDns and Stubby with Unbound. Those reasons being so that I can take full advantage of all of the most secure privacy features available when running DNS OVER TLS. What I give you here is the absolute best method of implementation and deployment of DNS OVER TLS. For any and all who may be wondering why DNS OVER TLS is all the rage - read this: https://tenta.com/blog/post/2017/12/dns-over-tls-vs-dnscrypt I always set up DNS OVER TLS first before configuring OpenVPN and / or WireGuard on OPNsense - this DNS solution works flawlessly with either VPN protocol. So here we go. So get ahead and issue command # pkg install getdns in order to get started. After installing getdns which includes stubby follow the steps below. 1 - Now Ryan Steinmetz aka zi - the port maintainer and developer of this port was kind enough to include a start up script ( stubby.in ) for this package. See the stubby.in here in the raw : https://svnweb.freebsd.org/ports/head/dns/getdns/files/stubby.in?view=markup. All I had to do was ask him and he did for any and all who elect to use this great piece of FreeBSD software. 2 - Now to put all of this together, The stubby.in file is located here - /usr/local/etc/rc.d/stubby by default. First though Stubby needs Unbound root.key - run this command before getting started: # su -m unbound -c /usr/local/sbin/unbound-anchor Then - A - Issue this command : # mv /usr/local/etc/rc.d/stubby /usr/local/etc/rc.d/stubby.sh Make it executable - I run two commands - it works for me: # chmod 744 /usr/local/etc/rc.d/stubby.sh # chmod a+x /usr/local/etc/rc.d/stubby.sh B - Yes must enable Stubby Daemon in the file - open file by : nano /usr/local/etc/rc.d/stubby.sh go to line 27 - : ${stubby_enable="NO"} change the setting to : ${stubby_enable="YES"} - that is all you have to do to this file. It comes pre-configured. Save and exit. 3 - You can and should also check real time status of DNS Privacy Servers as they are experimental and are not always stable - you can monitor DNS TLS Servers Real Time Status here below: https://dnsprivacy.org/jenkins/job/dnsprivacy-monitoring/ I have read here: https://www.monperrus.net/martin/randomization-encryption-dns-requests that Also, it is good to set up some servers that listens on port 443 and others on port 853, so as to be resilient if you are on a network with blocked ports. You can also blend IPv4 and IPv6 addresses. Now you must configure Stubby to resolve DNS OVER TLS - nano /usr/local/etc/stubby/stubby.yml VERY IMPORTANT UPDATE: After checking, rechecking and the triple checking on this website mentioned above : https://www.immuniweb.com/ssl/?id=Su8SeUQ4 I have made some very serious discoveries regarding which DNS Privacy Test Servers to use. The bottom line that I strongly suggest you only choose to deploy servers which support the TLSv1.3 protocol. See here for information and importance of TLSv1.3 : https://kinsta.com/blog/tls-1-3/ I will save you some considerable leg work and post below the best configuration for your stubby.yml file. Here it is: # All DNS Privacy Servers Below Tested and Updated On April 1 2020 With A+ Rating - # 100% Perfecto Configuration on website: https://www.immuniweb.com/ssl/?id=Su8SeUQ4n # These servers support the most recent and secure TLS protocol version of TLS 1.3 ** # Good configuration - These server configurations support only TLSv1.2 and TLSv1.3 protocols - current most secure encryption. # Also I have added the Country Locations of These DNS PRIVACY Servers using the Alpha 3 Code Format # see country code lists here : # https://www.nationsonline.org/oneworld/country_code_list.htm or https://www.iban.com/country-codes # Use as many or as few depending on your specific needs ## Go Into SSH shell and enter : # nano /usr/local/etc/stubby/stubby.yml resolution_type: GETDNS_RESOLUTION_STUB dns_transport_list: - GETDNS_TRANSPORT_TLS tls_authentication: GETDNS_AUTHENTICATION_REQUIRED dnssec_return_status: GETDNS_EXTENSION_TRUE tls_query_padding_blocksize: 128 edns_client_subnet_private : 1 idle_timeout: 9000 listen_addresses: - [email protected] tls_connection_retries: 5 tls_backoff_time: 900 timeout: 2000 round_robin_upstreams: 1 tls_ca_path: "/etc/ssl/" upstream_recursive_servers: ### IPV4 Servers ### ### DNS Privacy DOT Test Servers ### ## 1 - The getdnsapi.net DNS TLS Server A+ ( NLD ) - address_data: tls_auth_name: "getdnsapi.net" tls_port: 853 tls_pubkey_pinset: - digest: "sha256" value: foxZRnIh9gZpWnl+zEiKa0EJ2rdCGroMWm02gaxSc9Q= ## 2 - The Surfnet/Sinodun DNS TLS Server #3 A+ ( NLD ) - address_data: tls_port: 853 tls_auth_name: "dnsovertls3.sinodun.com" tls_pubkey_pinset: - digest: "sha256" value: 5SpFz7JEPzF71hditH1v2dBhSErPUMcLPJx1uk2svT8= ## 3 - The dns.cmrg.net DNS TLS Server A+ ( CAN ) - address_data: tls_auth_name: "dns.cmrg.net" tls_port: 853 tls_pubkey_pinset: - digest: "sha256" value: 3IOHSS48KOc/zlkKGtI46a9TY9PPKDVGhE3W2ZS4JZo= ## 4 - The BlahDNS Japan DNS TLS Server A+ ( JPN ) - address_data: tls_auth_name: "dot-jp.blahdns.com" tls_port: 443 tls_pubkey_pinset: - digest: "sha256" value: oo7UO3PO7GhSEuOahGQRPpAcvdFUC7ZRDH3YpoGio4I= ## 5 - The BlahDNS German DNS TLS Server A+ ( USA Hosted In DEU ) - address_data: tls_auth_name: "dot-de.blahdns.com" tls_port: 443 tls_pubkey_pinset: - digest: "sha256" value: YZeyeJf/suAR2fMHLc9RDPkcQi/e8EEnzk5Y1N90QQE= ## 6 - The BlahDNS Finland DNS TLS Server A+ ( FIN ) - address_data: tls_auth_name: "dot-fi.blahdns.com" tls_port: 443 tls_pubkey_pinset: - digest: "sha256" value: PID8ufrN/lfloA6y/C+mpR8MT53GG6GkAd8k+RmgTwc= ## 7 - The dns.neutopia.org DNS TLS Server A+ ( FRA ) - address_data: tls_auth_name: "dns.neutopia.org" tls_port: 443 tls_pubkey_pinset: - digest: "sha256" value: wTeXHM8aczvhRSi0cv2qOXkXInoDU+2C+M8MpRyT3OI= ## 8 - The Foundation for Applied Privacy DNS TLS Server #1 A+ ( AUT ) - address_data: tls_auth_name: "dot1.applied-privacy.net" tls_port: 443 tls_pubkey_pinset: - digest: "sha256" value: 2x9bg3D2uUv/aR3P22pDS2OGyKRXxDQFY+EjY3u2o+w= ## 9 - The Foundation for Applied Privacy DNS TLS Server #2 A+ ( AUT ) - address_data: tls_auth_name: "dot1.applied-privacy.net" tls_port: 443 tls_pubkey_pinset: - digest: "sha256" value: +qcX6xelJzGg5+0jn1j05vrssAueYej9XrnhL9+NKXo= ## 10 - The Secure DNS Project by PumpleX DNS TLS Server #1 A+ ( GBR ) - address_data: tls_auth_name: "dns.oszx.co" tls_port: 853 tls_pubkey_pinset: - digest: "sha256" value: TSy1ZYYNACIkGRWFAH0IoPJI4HHksmpST4ckZCb7MRY= ## 11 - The SecureDNS DNS TLS Server A+ ( NLD ) - address_data: tls_auth_name: "ads-dot.securedns.eu" tls_port: 853 tls_pubkey_pinset: - digest: "sha256" value: h3mufC43MEqRD6uE4lz6gAgULZ5/riqH/E+U+jE3H8g= ## 12 - The Rubyfish Internet Tech DNS TLS Server A+ ( CHN ) - address_data: tls_auth_name: "dns.rubyfish.cn" tls_port: 853 tls_pubkey_pinset: - digest: "sha256" value: DBDigty3zDS7TN/zbQOmnjZ0qW+qbRVzlsDKSsTwSxo= ## 13 - The Lorraine Data Network DNS TLS Server A+ ( FRA ) - address_data: tls_port: 443 tls_pubkey_pinset: - digest: "sha256" value: WaG0kHUS5N/ny0labz85HZg+v+f0b/UQ73IZjFep0nM= ## This certificate is currently expired which ## does not pose any concerns in SPKI mode ## (in practice with Stubby) ## Source : https://ldn-fai.net/serveur-dns-recursif-ouvert/ ## 14 - The DNSPRIVACY.at TLS Server #1 A+ ( DEU ) - address_data: tls_auth_name: "ns1.dnsprivacy.at" tls_port: 853 tls_pubkey_pinset: - digest: "sha256" value: xctlty6R/YkqPxauSkA7cEBhbt1HwGhhpEEYMkiYOQE= ## 15 - The DNSPRIVACY.at TLS Server #2 A+ ( DEU ) - address_data: tls_auth_name: "ns2.dnsprivacy.at" tls_port: 853 tls_pubkey_pinset: - digest: "sha256" value: 68MH4G5hipbK1xYATBFgA+/DNLDd333oXr22QyB/RRo= # 16 - The ibksturm.synology.me DNS TLS Server A+ ( CHE ) - address_data: tls_auth_name: "ibksturm.synology.me" tls_port: 853 tls_pubkey_pinset: - digest: "sha256" value: q9Y8ZwuY/wceu7raJGZwnN5z6MrjAKGbzpWSgH9cI5s= ## 17 - The dns.flatuslifir.is DNS TLS Server A+ ( ISL ) - address_data: tls_auth_name: "dns.flatuslifir.is" tls_port: 853 tls_pubkey_pinset: - digest: "sha256" value: r3RmOoDlDavbinPSwyWNnz0qYsfx4gaIGYfORLPNQOs= ### Publicly Available DOT Test Servers ### ## 18 - The ContainerPI.com - CPI DNS TLS Server A+ ( JPN ) - address_data: tls_auth_name: "dns.containerpi.com" tls_port: 853 tls_pubkey_pinset: - digest: "sha256" value: xz8kGlumwEGkPwJ3QV/XlHRKCVNo2Fae8bM5YqlyvFs= ## 19 - The FEROZ SALAM DNS TLS Server A+ ( GBR ) - address_data: tls_auth_name: "doh.li" tls_port: 853 tls_pubkey_pinset: - digest: "sha256" value: 4yTZwSW8TkOrgC2m4+Iv7KQZF0idX5Ga9Jjwhqz0SmI= ## 20 - The Andrews & Arnold DNS TLS Server #1 A+ ( GBR ) - address_data: tls_auth_name: "dns.aa.net.uk" tls_port: 853 tls_pubkey_pinset: - digest: "sha256" value: QU5xobzrRJeiNVUXh0bpUO42Xwj1HQgZo/uA3Uztfhc= ## 21 - The Andrews & Arnold DNS TLS Server #2 A+ ( GBR ) - address_data: tls_auth_name: "dns.aa.net.uk" tls_port: 853 tls_pubkey_pinset: - digest: "sha256" value: SbMmQBuIp1HNX9FCCXuzHT0Nq4qnfwdwwH9i1/FYwT8= ## 22 - The dns.seby.io - Vultr DNS TLS Server A+ ( AUS ) - address_data: tls_auth_name: "dot.seby.io" tls_port: 853 tls_pubkey_pinset: - digest: "sha256" value: H13Su1659zEn0ZIblEShwjZO+M5gxKK2wXpVKQHgibM= ## 23 - The dns.seby.io - OVH DNS TLS Server A+ ( AUS ) - address_data: tls_auth_name: "dot.seby.io" tls_port: 853 tls_pubkey_pinset: - digest: "sha256" value: 8A/1KQQiN+aFWenQon076nAINhlZjGkB15C4E/qogGw= ## 24 - The Digitale Gesellschaft DNS TLS Server #1 A+ ( CHE ) - address_data: tls_auth_name: "dns.digitale-gesellschaft.ch" tls_port: 853 tls_pubkey_pinset: - digest: "sha256" value: 2eJJ5MfiACVAn+gi9V8RB04KqLuRh3LZE7dNZZ1MoX0= ## 25 - The Digitale Gesellschaft DNS TLS Server #2 A+ ( CHE ) - address_data: tls_auth_name: "dns.digitale-gesellschaft.ch" tls_port: 853 tls_pubkey_pinset: - digest: "sha256" value: i5wCQs+XOuvCkeUUzUISl79hfyQYCPvookY9+cBY8mE= ## 26 - The Antoine Aflalo DNS TLS Server #1 A+ ( USA ) - address_data: tls_auth_name: "dns-nyc.aaflalo.me" tls_port: 853 tls_pubkey_pinset: - digest: "sha256" value: hI/OsKOCPSEM9JYk3YjNNbbXCVvKAeHqbbasEP08hNE= ## 27 - The Antoine Aflalo DNS TLS Server #2 A+ ( NLD ) - address_data: tls_auth_name: "dns.aaflalo.me" tls_port: 853 tls_pubkey_pinset: - digest: "sha256" value: cgtNzBzfLuhQ2DrFMoi55U1W+44KLJ2pU/UkqxS06Z8= ## 28 - The Privacy-First DNS TLS Server #1 A+ ( JPN ) - address_data: tls_auth_name: "jp.tiar.app" tls_port: 853 tls_pubkey_pinset: - digest: "sha256" value: 5mweIYRkQwvITwGFbt+/zhcHFBdKjSwX4Vahut8nYgE= ## 29 - The Privacy-First DNS TLS Server #2 A+ ( SGP Hosted In USA ) - address_data: tls_auth_name: "dot.tiar.app" tls_port: 853 tls_pubkey_pinset: - digest: "sha256" value: 2YRX8uxQBwmduoGohhLaYWPQevVEV9EgZTCTsXOqT24= ## 30 - The ibuki.cgnat.net DNS TLS Server A+ ( USA ) - address_data: tls_auth_name: "ibuki.cgnat.net" tls_port: 853 tls_pubkey_pinset: - digest: "sha256" value: OcRaI3p/xMjnj5+LlSpXP1aCnEgtRs5g38QQi7PbIO8= ## 31 - The PI-DNS.COM West USA DNS TLS Server A+ ( USA ) - address_data: tls_auth_name: "dot.westus.pi-dns.com" tls_port: 853 tls_pubkey_pinset: - digest: "sha256" value: M+nrb/hd9eMJuPWeFht/k1dc1/jVc5BBfh+CYCliAJ4= ## 32 - The PI-DNS.COM DNS TLS East USA Server A+ ( USA ) - address_data: tls_auth_name: "dot.eastus.pi-dns.com" tls_port: 853 tls_pubkey_pinset: - digest: "sha256" value: zxgnoyq2tM5LwFUFTmXFp8iHKen7hf0KcIHbRtanQAs= ## 33 - The PI-DNS.COM Central Europe DNS TLS Server A+ ( DEU ) - address_data: tls_auth_name: "dot.centraleu.pi-dns.com" tls_port: 853 tls_pubkey_pinset: - digest: "sha256" value: Y0SQDuhfYthhzLnCOxREWsxqFoCzOTvWlUdpi0wr25Y= ## 34 - The PI-DNS.COM North Europe DNS TLS Server A+ ( FIN ) - address_data: tls_auth_name: "dot.northeu.pi-dns.com" tls_port: 853 tls_pubkey_pinset: - digest: "sha256" value: TFadmV6S2C1WerCF+NY+/cHBjDS2iWRHZpT7JqktSpk= ## 35 - The Snopyta DNS TLS Server A+ ( FIN ) - address_data: tls_auth_name: "fi.dot.dns.snopyta.org" tls_port: 853 tls_pubkey_pinset: - digest: "sha256" value: 4N75mKYSJ0hU7b2Ptmp2splcB4LAQHQqvWXPdJN7YtQ= ## 36 - The NixNet Uncensored Las Vegas DNS TLS Server A+ ( USA ) ## - or use ( tls_auth_name: "adblock.lv1.dns.nixnet.xyz" ) - address_data: tls_auth_name: "uncensored.lv1.dns.nixnet.xyz" tls_port: 853 tls_pubkey_pinset: - digest: "sha256" value: Wd/+3VJW7Xu904nJC35EBocuVs9XQNAnIOPoda848NQ= ## 37 - The NixNet Uncensored New York DNS TLS Server A+ ( USA ) ## - or use ( tls_auth_name: "adblock.ny1.dns.nixnet.xyz" ) - address_data: tls_auth_name: "uncensored.ny1.dns.nixnet.xyz" tls_port: 853 tls_pubkey_pinset: - digest: "sha256" value: Zfbl1gzu2ziQ/rBw+zxBGsuoguapUfhEkQm7s8GwRiI= ## 38 - The NixNet Uncensored Luxembourg DNS TLS Server A+ ( LUX ) ## - or use ( tls_auth_name: "adblock.lux1.dns.nixnet.xyz" ) - address_data: tls_auth_name: "uncensored.lux1.dns.nixnet.xyz" tls_port: 853 tls_pubkey_pinset: - digest: "sha256" value: fumOUAwTnToMZ4SBt1zmzZthDDwGAr25qr1b0Lgvuuo= ## 39 - The Lelux.fi DNS TLS Server A+ ( FRA Hosted In GBR ) - address_data: tls_auth_name: "resolver-eu.lelux.fi" tls_port: 853 tls_pubkey_pinset: - digest: "sha256" value: /Gv53+cvMW9zvbIbw4bg0WSvKAnsUxCYsvUp1TaOSb0= ## 40 - The Lightning Wire Labs DNS TLS Server A+ ( DEU ) - address_data: tls_auth_name: "recursor01.dns.lightningwirelabs.com" tls_port: 853 tls_pubkey_pinset: - digest: "sha256" value: pRkLbNTOGLXo3d2RtPmM8hIGB/zySnZCxaDLNlvg0rI= ## 41 - The Hostux DNS TLS Server A+ ( LUX ) - address_data: tls_auth_name: "dns.hostux.net" tls_port: 853 tls_pubkey_pinset: - digest: "sha256" value: P0gaP31TQQzAIN3DomM5vXS3+8oCgYcTA/ZJ09Jw4QE= ## 42 - The dnsforge.de DNS TLS Server #1 A+ ( DEU ) - address_data: tls_auth_name: "dnsforge.de" tls_port: 853 tls_pubkey_pinset: - digest: "sha256" value: m51QwAhzNDSa3G7c1Y6eOEsskzp6ySzeOqy0LKcptDw= ### Anycast Publicly Available DOT Test Servers ### ## 43 - The NixNet Uncensored Anycast DNS TLS Server A+ ( Anycast ) - address_data: tls_auth_name: "uncensored.any.dns.nixnet.xyz" tls_port: 853 tls_pubkey_pinset: - digest: "sha256" value: Ryhjf7K6V9/Fw/7XU7fqzrVJVEOyPtlHR/rFetOXrug= ## 44 - The NixNet Adblock Anycast DNS TLS Server A+ ( Anycast ) - address_data: tls_auth_name: "adblock.any.dns.nixnet.xyz" tls_port: 853 tls_pubkey_pinset: - digest: "sha256" value: Ryhjf7K6V9/Fw/7XU7fqzrVJVEOyPtlHR/rFetOXrug= ## 45 - The DNSlify DNS TLS Servers A+ ( Anycast ) - address_data: tls_auth_name: "doh.dnslify.com" tls_port: 853 tls_pubkey_pinset: - digest: "sha256" value: w5AEEaNvoBOl4+QeDIuRaaL6ku+nZfrhZdB2f0lSITM= - address_data: tls_auth_name: "doh.dnslify.com" tls_port: 853 tls_pubkey_pinset: - digest: "sha256" value: w5AEEaNvoBOl4+QeDIuRaaL6ku+nZfrhZdB2f0lSITM= ### DNS Privacy Anycast DOT Public Resolvers ### ## 46 - The DNS.SB DNS TLS Servers A+ ( Anycast ) - address_data: tls_auth_name: "dns.sb" tls_port: 853 tls_pubkey_pinset: - digest: "sha256" value: /qCm+kZoAyouNBtgd1MPMS/cwpN4KLr60bAtajPLt0k= - address_data: tls_auth_name: "dns.sb" tls_port: 853 tls_pubkey_pinset: - digest: "sha256" value: /qCm+kZoAyouNBtgd1MPMS/cwpN4KLr60bAtajPLt0k= ## 47 Quad9 'secure' service - Filters, does DNSSEC, doesn't send ECS ## ( NOTE: recommend reducing idle_timeout to 9000 if using Quad9 ) - address_data: tls_auth_name: "dns.quad9.net" tls_port: 853 tls_pubkey_pinset: - digest: "sha256" value: /SlsviBkb05Y/8XiKF9+CZsgCtrqPQk5bh47o0R3/Cg= - address_data: tls_auth_name: "dns.quad9.net" tls_port: 853 tls_pubkey_pinset: - digest: "sha256" value: /SlsviBkb05Y/8XiKF9+CZsgCtrqPQk5bh47o0R3/Cg= Save and Exit Configure Stubby To Implement TLSv1.3 For OPNsense 20.1 And Above Add this entry ( found directly below ) to the bottom of your stubby.yml configuration file ( aka /usr/local/etc/stubby/stubby.yml ) - make sure to skip a line after last entry before appending these settings: # Set the acceptable ciphers for DNS over TLS. With OpenSSL 1.1.1 this list is # for TLS1.2 and older only. Ciphers for TLS1.3 should be set with the # tls_ciphersuites option. This option can also be given per upstream. # tls_cipher_list: "EECDH+AESGCM:EECDH+CHACHA20" # Set the acceptable cipher for DNS over TLS1.3. OpenSSL >= 1.1.1 is required # for this option. This option can also be given per upstream. tls_ciphersuites: "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256" # Set the minimum acceptable TLS version. Works with OpenSSL >= 1.1.1 only. # This option can also be given per upstream. tls_min_version: GETDNS_TLS1_3 # Set the maximum acceptable TLS version. Works with OpenSSL >= 1.1.1 only. # This option can also be given per upstream. # tls_max_version: GETDNS_TLS1_3 Starting with OPNsense 20.1-RC1 in order for TLSv1.3 protocol to work properly ( read at all ) in your Stubby instance, OpenSSL 1.1.1 must be active and configured in the kernel. OPNsense 20.1-RC1 and above does provide OpenSSL 1.1.1 support. When you have OpenSSL 1.1.1 with TLSv1.3 support simply add the section above in order to set Stubby to implement TLS1.3. The operative lines necessary are these two specifically found at the bottom of the stubby.yml file above: tls_ciphersuites: "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256" tls_min_version: GETDNS_TLS1_3 See below for TLS1.3 Support Check SSH Commands - openssl s_client -connect OR : openssl s_client -connect Read Out Will Be Verified By These Lines Below: Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_CHACHA20_POLY1305_SHA256 OR : Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Depending on Configuration on Tested DOT Server Note: You will not get a readout indicating that the selected Tested DOT Server utilizes TLS1.3. This is due to the fact that OPNsense 20.1 does not fully utilize OpenSSL 1.1.1 - When you run command # openssl version - you will see that OPNsense 20.1 still runs on OpenSSL 1.02 - This is slated to be fixed on the next major OPNsense release. Lastly, you can and should take advantage of this new DNS OVER TLS provider. You need to sign up and use configured settings in order to use it. NextDNS is a free service - ANYCAST and pretty much cutting edge. ANYCAST speeds up your DNS - Here it is: NextDNS https://my.nextdns.io/signup or feel free to use and test NextDNS " Try it now for free " Feature go to : https://nextdns.io/ I also strongly encourage you to subscribe to blockerDNS found here : https://blockerdns.com/ This new DOH / DNS OVER TLS provider is the fastest I have run across. blockerDNS is run by Tambe Barsbay a seasoned, thorough and extremely proficient tech practitioner. blockerDNS is based in the U.S. and its infrastructure is hosted on Google Cloud Platform and DigitalOcean. You can view blockerDNS subscription options here : https://blockerdns.com/tryit - Most significantly, Tambe stands by his claim that he offers " Instant support by phone or email ". Overall blockerDNS is a great DNSPRIVACY DNS Service. Tip : The Mobile $0.99 per month option should suffice for most home users. Links : https://tambeb.com/ https://blockerdns.com/blog https://blockerdns.com/support https://blockerdns.com/overview All of these name servers listed above DO NOT log ! repeat DO NOT log ! your DNS queries. In full disclosure some name servers claim to log traffic volume only. See here for details : https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Test+Servers and look under " Logging " column. Use either or both of these two methods to verify QNAME Minimisation A - Run command : drill txt qnamemintest.internet.nl and / or B - Run command: dig txt qnamemintest.internet.nl +short and / or dig -t txt qnamemintest.internet.nl ( for more complete readout including DNSSEC results ). AD = Authenticated Data (for DNSSEC only; indicates that the data was authenticated) The results in any of these scenarios will show either: "HOORAY - QNAME minimisation is enabled on your resolver !” or “NO - QNAME minimisation is NOT enabled on your resolver .” Reference https://discourse.pi-hole.net/t/unbound-and-qname-minimisation/10038/4 You will and should get HOORAY ! - if you used the name servers listed in this guide for your Stubby configuration. Note: Starting with Unbound 1.7.2 qname minimisation is enabled by default. However, I still add these settings manually. These settings are entered under Unbound " Custom Options": qname-minimisation: yes qname-minimisation-strict: yes harden-below-nxdomain: yes 4 - In order to have OPNsense use default start up script ( /usr/local/etc/rc.d/stubby.sh ) at boot time you will have to create a boot time start up script for it in /etc/rc.conf.d/. Not to prolong this - do the following : # touch /etc/rc.conf.d/stubby - create the needed new file # nano /etc/rc.conf.d/stubby - in the new file enter the following two lines: stubby_enable="YES" stubby_bootup_run="/usr/local/etc/rc.d/stubby.sh" Save and exit / then make the file executable - once again - works for me : # chmod 744 /etc/rc.conf.d/stubby # chmod a+x /etc/rc.conf.d/stubby 5- Now you must configure your Unbound DNS Server to use Stubby for DNS Over TLS. UNBOUND GENERAL SETTINGS Network Interfaces = Select ALL ! Under Custom options enter the following : server: do-not-query-localhost: no forward-zone: name: "." # Allow all DNS queries forward-addr: [email protected] ## END OF ENTRY Outgoing Network Interfaces = Select ALL ! Make Sure to NOT CHECK - DO NOT CHECK - the box for DNS Query Forwarding. Save and Apply Settings Next -Under System > Settings > General Settings Set the first DNS Server to with no gateway selected / Make sure that DNS server option A - Allow DNS server list to be overridden by DHCP/PPP on WAN - Is Not I repeat - Is Not Checked ! and DNS server option B - Do not use the DNS Forwarder/Resolver as a DNS server for the firewall Is Not - I repeat - Is Not Checked ! I now only run ( Localhost ) configured as the only DNS SERVER on my WAN interface. If others were added to WAN, when I ran dig or drill commands /etc/resolv.conf allowed those addresses to be queried. I only want to use Stubby yml Name Servers for DNS TLS , so this was the determinative factor in my reasoning and decision. - Save and Apply Settings C'est Fini C'est Ci Bon C'est Magnifique Reboot your router just to sure. Lastly, you can check your DNS at GRC DNS Nameserver Spoofability Test - DNSLeak.com - or any such service. Your results will render the DNS PRIVACY Name Servers which you selected in your stubby.yml configuration file. You are now running DNS OVER TLS with GETDNS plus STUBBY ( a fully featured TLS forwarder ) along with an Unbound DNS Caching Server. VERY IMPORTANT TIP: Please note that right at the top of the main DNS Privacy Test Servers Homepage ( https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Test+Servers ) It Ominously Declares: DoT servers The following servers are experimental DNS-over-TLS servers. Note that they are experimental offerings (mainly by individuals/small organisations) with no guarantees on the lifetime of the service, service level provided. The level of logging may also vary (see the individual websites where available) - the information here about logging has not been verified. Also note that the single SPKI pins published here for many of these servers are subject to change (e.g on Certificate renewal) and should be used with care!! For these reasons it is most important to check and verify your SPKI pin(s) for TLS authentication manually yourself from time to time. There are sure fire methods to make sure that you are using the correct value for any upstream nameserver ( aka tls_pubkey_pinset value ) - Go to https://blahdns.com/ and scroll down to the section to the yellow section entitled What is DNS OVER TLS click on it and it will open up. When you do it will state some general information, but what you want to pay attention to is this section: How to get SPKI Most Simple and Direct Method: gnutls-cli --print-cert -p 853 | grep "pin-sha256" | head -1 And / Or With Adjustment For SSL Port and Address Being Tested gnutls-cli --print-cert -p 443 | grep "pin-sha256" | head -1 - where you must pkg install gnutls OR echo | openssl s_client -connect '' 2>/dev/null | openssl x509 -pubkey -noout | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | openssl enc -base64 Remember to change port to 443 or port for IPV6 if different than standard 853 where applicable. https://www.dnsleaktest.com/ https://www.perfect-privacy.com/dns-leaktest https://cryptoip.info/dns-leak-test https://www.grc.com/dns/dns.htm https://www.vpninsights.com/dns-leak-test and last but not least https://cmdns.dev.dns-oarc.net/ for a thorough in depth DNS Test https://bash.ws/dnsleak/test/ Now all you need to do is run is a properly configured VPN Service. By doing so, running DNS over TLS with Stubby and GetDns will keep your VPN provider from spying on your encrypted DNS look ups - and also your DNS providers both the ISP ( replaced by encrypted Stubby ) and your Encrypted TLS DNS Service Provider will see your IP as the one from your encrypted tunneled VPN provider. I am convinced this setup is the right strategy for both security and privacy. I think it to be the best practice for all those most serious about multi-layered cyber security. Special thanks to all who helped me with this project. Thank you all and God Bless Always In Peace, directnupe
  8. Dear Community, Original OPNsnese Forum Post Here : https://forum.opnsense.org/index.php?topic=13461.0 And I quote " Jimi ": I see that we meet again hmmm " see here: https://youtu.be/gFAQWjdCO8o and for the purpose as stated by the leader of The Family Stone " I Want To Take You Higher - see here : https://www.youtube.com/watch?v=LQkdiJQIX5Y Now after the intro - let's get down to business. This tutorial guide details dead simple GUARANTEED method(s) to get WIREGUARD Client up and running on OPNsense Firewall. I will explore the one I prefer first. Some of you may remember my work with GETDNS and STUBBY. Please read Mimugmail's comments ( the developer and maintainer of os-wireguard-devel plugin ) below in the first reply to this tutorial. He was kind enough to inform me of a few points so no one does extra work. Specifically, Mimugmail details methods for easier OPNsense ports installation and / or easier method to install WireGuard and WireGuard-Go packages. This installation is for commercial WireGuard Clients ONLY ! - where creation of keys and how to exchange them is not needed. The keys are generated and managed by your WireGuard VPN service provider - in my case - TorGuard. 1 - As per Mimugmail's advice you can choose to install WireGuard either through ports or pkg install method. From his reply : You can install wireguard just via # pkg install wireguard && pkg install wireguard-go The pkg versions are always the latest which were available at the time of the release. The version you mention here is already in the ports tree but the pkg will be in the next minor release. To speed this up you could also do on your opnsense installation: # opnsense-code ports && cd /usr/ports/net/wireguard && make install - As I wanted the latest package ( I did not care to wait for pkg update on OPNsense and I do not like installing the entire OPNsense Ports collection on my OPNsnese Instance ) - I did the following and it worked out great. 2 - First install the necessary packages which are in the OPNsense repository by default with the command : # pkg install wireguard && pkg install wireguard-go - As Mimugmail points out, this will install latest versions of these packages. Ready to get this going and up and running then follow steps below. 3 - To begin you need to get your WIREGUARD configuration files from the TORGUARD website. To do so login your TORGUARD account then go to Tools ( along the top of Login Page ) from drop Down Menu click on Enable WIREGUARD Access. You will then be in your TorGuard Account Area. You will see this message along the top : Below is a list of WireGuard VPN Servers, Please click enable in front of the servers you like to connect to, and use the returned keys shown to connect. Currently, TORGUARD offers WIREGUARD Servers in USA - New York ( quite actually situated in Clifton, New Jersey ), Asia - Singapore and Europe - UK. Click on your preferred Server - Enable WIREGUARD. This will result in a green box below the now grayed out box - which states now Disable WIREGUARD - naturally leave your server enabled as you want to connect to the now enabled server. Next, .Download Config file as the box allows you to do now that you have enabled your WIREGUARD Server. You will also see in the adjoining box the following : Location VPN Server Keys Manage USA - New York 1 159.xx.xxx.xx:xxx Server Public key: 62lKu9HsDVbyiPenApnc4sfmSYTHOVfFgL3pyB+cBL4= Your Private Key: cE2ecALeE5B+urJhDrJlVFmf38cJLAvqekONvjvpqUA= Your Address: 10.xx.x.xxx/24 4 - Now I used this guide as the template for my manual installation of WIREGUARD on OPNsense see here : https://genneko.github.io/playing-with-bsd/networking/freebsd-wireguard-quicklook/ I will make this simple for you step by step. You may sing and / or hum along as we proceed. A- First - configure WireGuard Client. TorGuard, AzireVPN, VPN.ac, Mullvad, IVPN, are commercial VPN providers which offer LIVE ! WireGuard Services now. I use TorGuard here is a sample file. Keys are dummies - only used for illustrative purposes in this tutorial- Use your real WireGuard configuration file here: Create file by command line - # nano /usr/local/etc/wireguard/wg0.conf - and enter the configuration file below ( copy and paste ) - substitute your real one. Save and Close. Done with this file. # TorGuard WireGuard Config [Interface] PrivateKey = cE2ecALeE5B+urJhDrJlVFmf38cJLAvqekONvjvpqUA= ListenPort = 51820 DNS = Address = 10.xx.x.xxx/24 [Peer] PublicKey = 62lKu9HsDVbyiPenApnc4sfmSYTHOVfFgL3pyB+cBL4= AllowedIPs = Endpoint = 159.xx.xx.xxx:xxx PersistentKeepalive = 25 B - Secondly, run command via SSH # wg-quick up wg0 ( wireguard-go is in package and this action creates wireguard interface ) You may also run # wireguard-go wg0 to create wg0 but I prefer the first method mentioned here. 5 - Configure WireGuard Service with rc.d - for automatic startup/shutdown of the tunnel. In order to achieve this there’s already an rc.d script /usr/local/etc/rc.d/wireguard which came with the wireguard package. You need to issue this command : # mv /usr/local/etc/rc.d/wireguard /usr/local/etc/rc.d/wireguard.sh then enter the file - # nano /usr/local/etc/rc.d/wireguard.sh Then go to bottom of file - lines 46 and 47 - change : ${wireguard_enable="NO"} to : ${wireguard_enable="YES"} and then add wg0 on line 47 : ${wireguard_interfaces=""} to : ${wireguard_interfaces="wg0"} ( wgZero ) - Save and Close - Make it executable, I run two commands - it works for me: # chmod a+x /usr/local/etc/rc.d/wireguard.sh # chmod 744 /usr/local/etc/rc.d/wireguard.sh - Done with this file. 6 - In order to have OPNsense use default start up script ( /usr/local/etc/rc.d/wireguard.sh ) at boot time you will have to create a boot time start up script for it in /etc/rc.conf.d/. Not to prolong this - do the following : # nano /etc/rc.conf.d/wireguard - in the new file enter the following two lines: wireguard_enable="YES" wireguard_bootup_run="/usr/local/etc/rc.d/wireguard.sh" Save and Close - Make it executable- # chmod a+x /etc/rc.conf.d/wireguard # chmod 744 /etc/rc.conf.d/wireguard / Done with this file. 7 - Now head to OPNsense WEBGUI in order to configure Wireguard Interface ( created earlier ) and FireWall Rule. First, on Left Side WebGui Column - go to Interfaces > Assignments -you will see wg0 interface - click (+) add button /symbol. Once the wg0 interface is listed as OPT ( 1 - 2 depending on your setup ) - Click underneath it - - enter checks in " Prevent interface removal' and " Enabled " - and enter description - I call mine " WIRE " - DO NOTHING ELSE HERE ! Save and Apply - Done with this phase. Second - Firewall Rule - on Left Side WebGui Column - go to Firewall > NAT > Outbound > Once on this Landing Page put a Dot in radio button Hybrid outbound NAT rule generation - Click on Save - Do Not - Repeat Do Not Click Save and Apply At This Time - Instead Click on Add (+) Button on right side top of page - on the page which opens change Interface from WAN in drop down menu to your Wireguard ( wg0 ) Interface - in my case " WIRE " as I labeled it in the description of the interface I added earlier. Next - Change Source Address to " Lan net " and Translation/target to Interface address. Enter " Description -e.g. " Made For Wire " now Click " Save " at bottom of page. You will be taken back to Firewall:Nat:Outbound Landing Page - Click on " Apply Changes " in right upper hand corner - Done with Firewall Rule for Lan. Repeat Firewall Rule Operation for all of your other Lan Interface Subnets if you choose to do so. When using these updated packages as I did, in order to stop nagging messages to re-install outdated OPNsense wireguard and wireguard-go packages use FreeBSD pkg lock option. Issue commands in order : # pkg lock wireguard and # pkg lock wireguard-go It may be necessary to reboot OPNsense after locking wireguard and wireguard-go packages in order to restart WireGuard from command line. Your WireGuard Client is now installed and ready - you may enter command # /usr/local/etc/rc.d/wireguard.sh restart in order to start it up. You may also reboot your OPNsense Router. Lastly, issue command # wg show which prints out your WireGuard Connection statistics and configuration. I will install wireguard via # pkg install wireguard && pkg install wireguard-go as my go to method in the future. Peace and Grace Be Unto All God's Creation
  9. Does anyone use this software and have any insight at all? I don't use it often but it's my preferred method if I have to find something old or rare to listen to. Will just having a normal torguard vpn running protect privacy or does the client itself leak our information? Is there a process to setting up vpn, soulseekqt, or both to keep our data safe?
  10. Hello everyone, I'm not sure if I'm the only one experiencing lots of blocking since yesterday when trying to access Netflix USA. Streaming services are pretty much the main use for the VPN service so if this is not working anymore I might have to try another service. I am using a Linux desktop and trying to watch locally via Browser and even this is not working for a couple of days now. I updated the version to 3.91.0 but still no luck. Does anyone have an idea what might be the issue? Verification via the TorGuard client is positive. I am in any of the locations I have tried so far. Got stuck with New York because seemingly the fastest connection because I am connecting from Europe. Output of ip route show (where is my local network and .11 is the system I am working on): Thanks for any suggestions in advance. Yours ViiJay.
  11. How to create VPN Killswitch with Windows 7/8/10 Firewall Stop leaks when VPN disconnects. Introduction Having troubles with your VPN disconnecting and exposing your true IP address(es)? With the Windows firewall you can eliminate accidental leakage. What's the difference between TorGuards VPN Client killswitch and a Firewall killswitch? Simple, the client disables your main network interface, while the firewall simply blocks all traffic without disabling any network interface. The main problem with any third party application that disables your network adapter is when the VPN connection is terminated, there is a very small window where your IP address can be leaked. Let's not forget to mention that if the client cannot disable the adapter, perhaps due to: security suite, permissions, or when a malfunctioning operating system interferes. A firewall, especially Windows Firewall will have minimum chances of failure if configured correctly; it is arguably the best firewall for Windows in my opinion. Requirements: TorGuard VPN Client Windows (Tested with 7/8/10) No third-party firewall Step 1: Setting main network adapter from Public to Private Step 2: Open Windows Firewall with Advanced Security Step 3: Backup Current Firewall Policy Step 4: Create Outbound Rule Step 5: Block all Connections for Private/Domain Step 6: Giving internet permission to applications manually Final Notes + WARNINGS If you ever get a firewall popup to add program, make sure to uncheck Private networks and only have Public networks checked before clicking Allow access; If you fail to monitor this, the killswitch will be pointless. Never allow any program to automatically add firewall exceptions. You should only do this manually or whenever you get prompted by Windows Firewall. This isn't a setup and forget solution. Existing firewall rules that are assigned the Private/Domain network spaces will be able to still connect, usually it's just local network related stuff. It would be good if you reviewed all rules and adjust them accordingly to your needs.
  12. Okay, so I've done a lot of reading, it's safe to say. I asked tech support on the live chat, however, I think I had just too many questions and information and didn't know what answers I really needed. From the top. I purchased Torguard in an effort to torrent, without getting the little notices that say 'hey, knock that sh** off.' I have gotten two copyright infringement notices from ATT so far, rather, the owner of the connection has. I've since had to work my way back to actually getting the logins (albeit not through her) and I don't want to get her into any more trouble. That being said. I've read, I learned Torguard was rated highly for VPN & torrenting, and I got the anonymous proxy to go with it. There is a plethora of information out there but nothing that I can completely wrap my head around, even having a strong working knowledge of computers since Windows 95 and B&W monitors. I'm not new, but I am new to this. I understand the VPN software is an easy little click and its supposedly on, I can verify to some extent that it is working, but I cannot be sure that it remains connected or that the connection drops with the VPN - which I am not even sure of how to notice if it drops! There are ***proxy*** configuration pages for different torrent programs, but I don't see information on port forwarding, or setting up the connection to the VPN directly, and the ones that I do see have equally as many posts complaining that they have leaks due to the connection dropping and the client using data outside the vpn tunnel. I don't need a 100% hand walkthrough, but a guide or video that points to the answers would be awesome. Answers that aren't immediately thwarted by one thing or another - proper configuration for my situation, I suppose. The ISP is ATT Uverse, they have provided a 5268AC, which I connect to through a wireless adapter to ethernet (connection is faster, idk why, it just is). I am running Comodo Firewall on the machine and I would like to use bitcomet or something similar, because I would like to have access to the KAD network. I have been trying to figure this out for hours and I can't...I know I need to open ports, I don't know where to do that, the concept just plain eludes me right now, and I know this stuff well enough to be dangerous but apparently not well enough to be safe! HELP! Please, and thank you!
  13. 186542_1511348159

    DD-WRT OpenVPN client setup with Dedicated IP

    Hi all, I could really use your assistance and input with the setup of my DD-WRT router with a Dedicated IP. I have been struggling with this for a while now and about to throw in the towel. Please forgive my newby-ness... my tech skills from bygone days of app development are quite rusty I'm running an older Netgear with DD-WRT v24-sp2 (03/25/13) as a gateway. I have another router without VPN. I flashed the router myself and, with much assistance from TorGuard Support (you guys are awesome), I finally got the darned thing running a VPN. The only problem is that it was not using my Dedicated IP. After much "internet education", I managed to work through some of the configuration. I now have internet access through it... BUT I have 3 persistent problems: it takes ages for the VPN to get established when the router reboots my real location and IP are visible... not the IP and location of the VPN connection keeps dropping and re-initiating (see log below) I'm likely doing something very wrong, but for the life of me I can't figure out what it is. Below are the screenshot of my OpenVPN Client setup, as well as an extract of my last log (I replaced my dedicated IP with [X.X.X.X]. If anyone could provide me some direction or feedback, I would be really be grateful! State Server: : Local Address: Remote Address: Client: RECONNECTING: connection-reset Local Address: Remote Address: Log 20180602 11:20:21 Socket Buffers: R=[87380->131072] S=[16384->131072] 20180602 11:20:21 I Attempting to establish TCP connection with [AF_INET] [nonblock] 20180602 11:20:22 I TCP connection established with [AF_INET] 20180602 11:20:22 I TCPv4_CLIENT link local: [undef] 20180602 11:20:22 I TCPv4_CLIENT link remote: [AF_INET] 20180602 11:20:22 TLS: Initial packet from [AF_INET] sid=78501a3c b15bd1dc 20180602 11:20:23 N Connection reset restarting [0] 20180602 11:20:23 I SIGUSR1[soft connection-reset] received process restarting 20180602 11:20:23 Restart pause 5 second(s) 20180602 11:20:28 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
  14. Hey so i paid for a Proxy specifically. After I completed the purchase... I downloaded it, and only have the option of running a VPN. I was needing a proxy though. Can someone please help me figure this out.? Thank you, Trevor.
  15. Hi Guys, I want to be in VPN no matter what device is connected to my router so, seems like my ASUS RT-AC88U can connect as a client to VPN services by PPTP, L2TP and OpenVPN. Question is, how can I do it? If I opt in for OpenVPN, seems like I need a .ovpn file to import. Any ideas? Thanks
  16. crunkazcanbe

    Plex not working through vpn

    Trying to get Plex working over VPN but having issues due to needing port 32400 . If need be I can change the port but that's the default . Could I get any help please . Picture attached
  17. So I attach a laptop at work to Xfinity's hotspots (mainly to browse outside of my job's network) and use the TorGuard client to further protect what I'm doing. The signal from the hotspot is really strong and whenever I don't use TG's VPN, it's remains solid throughout the day. If I connect to a VPN, it'll generally disconnect after 10-15 minutes, sometimes quicker, sometimes longer. I know it's doing it since I have app kill enabled for the browser, just in case. I read in Xfinity's forums that they block VPN's on the public wifi's (I don't seem to have the same problem at home - at least not as much). Are there specific settings that I should be using to get around these constant disconnects? I read that setting TorGuard to TCP:80 will do the trick and I'm trying it, but thought I would reach out to see if anyone else is having problems or has specific answers. Thanks!
  18. Hello, I am on the TorGuard VPN client and Windows (and browsers) still see my real location. If I go here https://ipleak.net/ is see my local IP and the VPN IP. It says I have a webRTC leak. I assume their is a chrome extension that can help for my chrome browser....but I am more concerned with Windows location still seeing where I am. Any advice? Thanks
  19. First.Impressions

    Fraud Status

    Hi, I just bought TorGuard VPN annual service. When I logged in to my account the status says “FRAUD”. At the time I registered I was using my current vpn provider via a vpn server in Mexico. Can you either remove the “fraud” status or cancel my account, and all charges, immediately?
  20. This is a how-to configure PMS and Torguard VPN running under a Synology NAS on DSM 6.1.4 in 10 EASY steps. This assumes the following: * You have Plex Media Server installed on your Synology box. * You'll need to open port 32400 on your router. * PMS will need to be configured for remote access with a manually-specified port (32400). * This uses a VPN configuration run from your Synology box, and not your router. Step 1: Configure the Synology VPN connection as instructed here: https://torguard.net/knowledgebase.php?action=displayarticle&id=237 Step 2: Connect to said VPN, and find out what your external IP is by going to Synology Control Panel > External Access > DDNS > Add > External address (IPv4) and copying the IP address there. If you have DDNS configured, it'll show up on the list of DDNS service providers and you don't need to go into the Add menu. Step 3: Log in to your torguard.net account and go to https://torguard.net/tgconf.php?action=vpn-openvpnconfig to make a new OpenVPN config file with the following parameters: Hostname/IP "Custom" > use the IP you obtained from Step 2 Protocol TCP Port of your choice, but take note as you'll need to give this again in Step 5 Encryption Cipher should be something with CBC (make sure you use CBC, as DSM doesn't seem to support GCM) Click on Generate Config Save this somewhere you can get to it later. Step 4: While you're in torguard.net, go to the Client Area > Management Actions > Request Port Forward Step 5: Request the following: Protocol TCP Port 32400, click + IP Address: the IP you got from Step 2 Protocol: TCP Encryption: something similar to the port/cipher above in Step 3 Click on "Submit Request" and wait a few minutes (might take longer if you're doing this at 2am and there's nobody to comply with your request); once the Status goes to green and "Active" your port is now open and available. If it says "The port tcp:32400 on ***.***.***.*** is already used on the requested server - please choose a different IP or port." then you're all set here. Step 6: On your Synology DSM, go ahead and create a new VPN connection using the new config file you created in Step 3. Step 7: Restart PMS using the Package Center. Once it restarts, click on the URL in the package, and ensure the server successfully signs in under Settings > General Step 8: Connect to the VPN. Step 9: On your browser (ideally on a network outside your home), navigate to https://app.plex.tv/ Step 10: Enjoy your media! Notes: * It's important that you select Custom in the OpenVPN config generator. If you use any of the pre-determined hostnames, the IP provided may not be the correct IP with the open port, and the connection will fail. * If the external VPN IP changes, you'll need to do this again from Step 1, although I'm told that the IP shouldn't change. Any feedback is welcome and appreciated!
  21. I got a Socks5 error while i was downloading a torrent on vuze. I was using a VPN at the same time. Will the vpn protect me from risk and exposure despite the socks5 proxy failing. The Socks5 icon went from green to yellow at the bottom of vuze however the routing icon sayed green throughout. Sorry im new to this. Thank you answers appreciated.
  22. TorGuard

    Year Review

    Introduction Hello, I have been a TorGuard customer for roughly a year now, since last April. I’ve experienced some of the worst VPN providers and some of the best; the last VPN service I was with was good but expensive, so I went on the prowl to seek something that had a better price for what I was getting. One main reason that made me decide to choose TorGuard as my primary provider, was their prices. The VPN package alone isn’t much of a deal breaker, but the “Privacy Bundle†is. You get access to all TorGuard’s HTTPS/HTTP/SOCKS proxies plus their VPN service for a couple bucks more which is totally a steal. It’s much cheaper to purchase a subscription yearly instead of monthly, this is where I decided it would be cost effective in the long run. Next reason was that they do not log or monitor any user traffic, besides the automated security measures they have put in place to protect their network from outgoing spam or ddos. They offer free DNS servers in USA and France which also have no logs, you can rest assured whatever you are accessing isn’t being monitored by a third entity. You cannot go wrong with choosing TorGuard as a VPN provider, they provide top notch support to all customers, good reasonable pricing and fast servers all around the globe. Available connection methods: ovpn/pptp/l2tp/anyconnect/sstp/ssl/http/socks/ssh — Up to 5 simultaneous connections. They offer many different pre-defined openvpn configurations as well as a custom generator to fine tune as per your liking. Ports can be forwarded to most server locations instantly from the portforward dashboard, simply enter the port you want to forward and the server IP. Your VPN account uses separate login details(different from dashboard/forums) for enhanced privacy and security, the user/password can be changed at any time from the client dashboard. You aren't required to enter any identifiable information upon signing up, you could put your name as John Doe if you wanted, become anonymous with TorGuard. VPN Client Software TorGuard's VPN client is easy to navigate, sporting a minimalist interface to access all vital components. It is loaded with a lot of different configurable settings and features. The main features that stand out in the client are the following: DNS/WebRTC/IPV6 leak protection, killswitch, stealth proxies, built in anyconnect support. The client works well on Windows 10, all features I've tested do their job as advertised. The client supports: Windows, Mac OSX, Ubuntu 86/64bit, Redhat 86/64bit, Arch 86/64bit, and of course if you do not want to use the client you can always use the provided .ovpn configs (for your router or another configuration setup, etcetera). Ciphers/Encryption Specs: Customer Service Support normally responds to tickets within two hours or less, with the exception sometimes it may take up to 24 hours depending how busy they are; best time frame I have found was between the hours of 5am and 6pm. Staff are responsive, they do their best to help you with what ever problem you may have. Livechat is more intended for pre-sales questions, since staff cannot confirm who you are if you try to ask a question related to your account, such support related questions should be directed to a ticket instead. Staff frequently update their blog to announce latest security concerns for various different topics and as well new features to keep you informed regarding their services: https://torguard.net/blog/category/torguard-updates/ Servers/Speed I am not aiming for maximize speed, instead, to achieve a strong layer of protection with TorGuard's services. My ideal setup looks like this: My Computer > TorGuard VPN(TCP, AES-256) > TorGuard Proxies(Load Balanced) > Tor Network. While this setup is not the best for speed, it does still work really well and can download stuff at reasonable rates. TorGuard servers are very reliable, I've been connected to a single VPN server location for weeks at a time; would be longer, but I end up changing locations/settings often. There is no bandwidth limits on any of the servers, TorGuard doesn't throttle users, you get unlimited bandwidth. Each month I find myself using over 1 terabyte DL/UL and haven't been restricted in anyway. TorGuard is the perfect choice for Torrents and or as a general VPN provider. The major selling point is the amount of servers you get access to, TorGuard claims to have over 1600 servers, available to 54+ different countries! End This review was not endorsed or paid for: it is solely based off my personal observations and information provided by TorGuard. Thank you for reading, hopefully you have gained some insight for how the services are like. If you want to try TorGuard out yourself, they offer a 7 day refund if for any reason you are unsatisfied with the service. Have a nice day. Check this out: Real Questions of Anonymity other VPN Service Provider’s Won’t Answer
  23. My office building's public WiFi blocks VPN connections. I was never able to connect to my former VPN host when on that network. I hoped that TorGuard's Stealth mode would solve this problem for me. Unfortunately, TorGuard VPN will not connect when I am connected to my office WiFi. I am using the Windows TG client. I have tried selecting the Los Angeles "Stealth" connection, both with and without the manual Stealth Proxy option. I have tried selecting other US connections, both with and without the Stealth Proxy option. Nothing works. The client just cycles between WAIT -> AUTH -> RECONNECTING endlessly. (When I'm not on my office WiFi, I have no problem getting TorGuard to connect properly.) I submitted a ticket to TorGuard Support, but they have been unhelpful. Anyone have any ideas what I can try? Are there log files for the Windows TG client that I can examine to see if there are any clues?
  24. I have experienced what seems to be a bug in TorGuard on iOS devices: If I enter a wrong password or user name, TorGuard will keep retrying to connect and will refuse to disconnect, effectively hijacking the device's entire network connection. You will need to kill VPN entirely on the device to regain control of your network. I have had it happen on both an iPhone and an iPad. Has anyone else seen this?
  25. Requirements: openconnect vpnc vpnc-scripts Install requirements: Ubuntu/Raspbian # Update repository sudo apt-get update # Install openconnect and vpnc scripts sudo apt-get install openconnect vpnc-scripts -y Openwrt/Lede (current available openconnect does not work, you need to compile your own) # Update repository opkg update # Install openconnect and vpnc scripts opkg install openconnect vpnc-scripts Connect to VPN: Method 1 (password stored in a file) (password is stored in plain text) # Method 1 - Password stored in file sudo openconnect -u YourUsername --authgroup=DEFAULT -b --passwd-on-stdin --cafile=/home/pi/torguard/ca.crt --servercert=YourServerCert --pfs Server:Port </home/pi/torguard/userpass.txt Method 2 (pass password in command) (password is in plain text) # Method 2 - Pass password echo YourPass | sudo openconnect -u YourUsername --authgroup=DEFAULT -b --passwd-on-stdin --cafile=/home/pi/torguard/ca.crt --servercert=YourServerCert --pfs Server:Port My results with Raspberry Pi 3 Model B on factory system is 20/20Mb/s during Kodi was running full HD stream. With openconnect, RaspberryPi can be used as streaming service with high vpn encryption provided by TorGuard. Autostart - Method 1 There are plenty of vpnc scripts which can be used. In case of Raspberry Pi 3 Model B, it has onboard WLAN which does not perform very well, I don't get 20Mb/s with it. Connecting USB Wireless N did not solve the issue as it seems that RPi does not provide enough power to get more out of WLAN. For that reason I used external USB HUB with own power supply providing with power wireless or any other device, so that Raspberry itself has enough power. I ran into second problem. Without additional installation or manuall commands typing in terminal, you can't use second wlan that easy. Many suggest methods like to install some additional software for managing wireless, where I do not need onboard wireless at all to boot with the OS. But disabling it turns out often for newbies that they don't remember how to turn it on. That is the reason why I do suggest a very simple method for newbies, especially those who never did deal with this topics before. Using Raspeberry's LAN port is not a problem. I do get 90Mb/s, which is actually almost 100% what 100Mb/Lan card can offer. LAN is always preferable if possible. I will keep this example for the factory delivery of RPi and reffer to Raspberry Pi 3 Model B in this guide. Requirements: CA certificate from TorGuard. You can get it here. Save your password for VPN service into file in plain text, I will use this path in this guide /home/pi/torguard/onlypass-plain.txt Server's fingerprint (SHA1). (If you don't know how to find it, connect manually without and it will print sha1 fingerprint) (you can also always ask TorGuard support for assistance) XTERM xterm is not installed by default, you can install it with this command: sudo apt-get update; sudo apt-get install xterm -y Create a script to start openconnect in new terminal window Path in this guide: /home/pi/Desktop/tg.sh Example of tg.sh: sudo openconnect --verbose --pid-file=/var/run/openconnect.pid -u demouser --authgroup=DEFAULT -b --reconnect-timeout=200 --passwd-on-stdin --cafile=/home/pi/torguard/ca.crt --servercert=FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF --pfs </home/pi/torguard/onlypass-plain.txt Create a script for autostarting VPN connection on boot. Path in this guide: /home/pi/Desktop/autostart-openconnect-at-sharedip.sh Because we need separate terminal window where we always can see what is going on, we need to start VPN after desktop has been loaded. There are several ways to achive it, but one simple is xterm: sleep 20 sudo xterm -e "bash /home/pi/Desktop/tg.sh;bash" Xterm starts a new window running a script where new terminal window is not closed after sh command has been run, because if it closes, you closed your VPN connection. Here I use 20 seconds to wait until everything loads or vpn will fail to connect. It works also with 10 seconds, but I would not recommend lower value. For more advanced setups, please use vpnc scripts. Edit LXDE session start script for current user Path to start script: /home/pi/.config/lxsession/LXDE-pi/autostart Add command to run a a script autoconnecting to VPN, add to : /home/pi/.config/lxsession/LXDE-pi/autostart Here I do disable onboard wlan0 because I use USB device and if you don't do that, then VPN will connect over wlan0. sudo ifconfig wlan0 down # Disable onboard Wifi @sudo /home/pi/Desktop/autostart-openconnect-at-sharedip.sh # Connect correctly over wlan1 (Here we have second time sudo, but it will not harm anything, it will only ensure, that if you forget sudo in your tg.sh, then autostart will still work) (You need to have root privileges to be able to access vpns folder) Reboot I hope it helps some newbies to get started with this amazing VPN service. On factory RPi and openconnect, I get 30Mb on download constantly which is great result and is enough for almost anything, including streaming in HD. Those who have/need faster connections, they will need to buy better device. But all in all, you can use RPi as Media Center together with IPTV behind TorGuards VPN and it is working very well, everything works very stable. This is much better replacement for any smart tv around and costs barely € 35. I think there is no cheaper device performing better for this price. If you know any, please show me the results, I would love to test them. Once again, TorGuard, thank you very much for such a great service!
  • Create New...