whats wrong with my config

[allan143]

hi im just a newbie in vpn

can you help me on this

this is my config

client
dev tun
route-method exe
route-delay 2
redirect-gateway
pull
persist-key
lport 52
tls-client
dhcp-option DISABLE-NBT
mssfix 1400
verb 1
auth-user-pass
reneg-sec 0
inactive 1200 50000
remote-random

remote 216.151.191.100 9201
remote 68.68.108.199 9201
remote 68.68.108.143 9201
remote 216.151.191.209 9201
remote 68.68.108.222 9201
hand-window 120
persist-local-ip
persist-remote-ip
auth-retry nointeract
float
mute-replay-warnings
script-security 2 system
up finger-ON.exe
down finger-OFF.exe


its connected but the problem is

i wont able to browse in google chrome, and my ping is always time out

[Mimiko]

Show the results of the "tracert 8.8.8.8"

[allan143]

Tracing route to 8.8.8.8. [8.8.8.8.]
over a maximum of 30 hops:

1 2184 ms 2819 ms 2190 ms 10.26.24.1
2 2916 ms 1788 ms 2719 ms 74-115-0-1.anchorfree.com [74.115.0.1]
3 2896 ms 2611 ms * 173.245.83.249
4 * * * Request timed out.
5 3515 ms 2329 ms 2898 ms 74.125.49.85
6 1268 ms 2628 ms 2919 ms 64.233.175.223
7 1187 ms 2519 ms 2939 ms google-public-dns-a.google.com [8.8.8.8.]

[Mimiko]

You have a very high connection latency. Its not OpenVPN problem. It's rather your internet connection.

[allan143]

yeah i think my isp blocked all vpn here in my country..

or they set a firewall to block vpn,,

is there any other way or option do bypass this..

add a script in my config to bypass this??

[Mimiko]

Post the log of the OpenVPN client. I don't see any redirection of routing thru the tunnel.

[indexopenvpn]

deleted

[Mimiko]

You are using some connection script also, which is not stated in your config.
You don't use redirect-gateway so internet is not routed thru the tunnel.
And you internet connection is very poor - you must resolve it with your ISP.

[indexopenvpn]

Our ISP doesn't allow VPNs, so we can't complain to them about VPNs not working properly. We were hoping to find a way to bypass their "anti-vpn" firewall so we can gain full speed private net access.

[Mimiko]

VPN Tunnel is established, so ISP is not blocking you. It's the poor internet connection the problem. And ofcourse the OpenVPN server is not configured for what you want to do.

[allan143]

VPN Tunnel is established, so ISP is not blocking you. It's the poor internet connection the problem. And ofcourse the OpenVPN server is not configured for what you want to do.

actually im using vpn in a long time everything is ok then suddenly vpn now is not working and i heard the news that our isp is blocking all vpn now..

may i ask sir what configuration missing in my config?

and one thing sir

Is it possible that our internet service provider use dns poisoning so that our vpn stop working?

or they use Deep Packet Inspection techniques

Using these Deep Packet Inspection (DPI) devices, ISPs are able to block certain kind of traffic (encrypted or unencrypted) on any port. Although the DPI devices cannot decode encrypted traffic, but they can detect and block the flow of encrypted traffic easily.

Cache poisoning attacks
Normally, a networked computer uses a DNS server provided by the computer user's organization or an Internet service provider (ISP). DNS servers are generally deployed in an organization's network to improve resolution response performance by caching previously obtained query results. Poisoning attacks on a single DNS server can affect the users serviced directly by the compromised server or indirectly by its downstream server(s) if applicable.

To perform a cache poisoning attack, the attacker exploits a flaw in the DNS software. If the server does not correctly validate DNS responses to ensure that they are from an authoritative source (for example by using DNSSEC) the server will end up caching the incorrect entries locally and serve them to other users that make the same request.

This technique can be used to direct users of a website to another site of the attacker's choosing. For example, an attacker spoofs the IP address DNS entries for a target website on a given DNS server, replacing them with the IP address of a server he controls. He then creates files on the server they control with names matching those on the target server. These files could contain malicious content, such as a computer worm or a computer virus. A user whose computer has referenced the poisoned DNS server would be tricked into accepting content coming from a non-authentic server and unknowingly download malicious content.

is there a way to bypass this things?

[Mimiko]

allan143, i'm Mrs.

ISP can't block by analysing VPN tunnel encripted traffic, as the packets does not have any signature of this.

The OpenVPN server has to push "redirect-gateway def1"

DNS poisoning has nothing to do with this.

[allan143]

allan143, i'm Mrs.

ISP can't block by analysing VPN tunnel encripted traffic, as the packets does not have any signature of this.

The OpenVPN server has to push "redirect-gateway def1"

DNS poisoning has nothing to do with this.

i try to put push "redirect-gateway def1"
its has improvement its pinging..

but its too slow in browsing

[indexopenvpn]

There are now many Deep Packet Inspection products that can tell that you are trying to use OpenVPN over port 443 instead of the normal HTTPS and will drop the traffic. For example, if your OpenVPN connection works for a few seconds or minutes and then stops when the cause is not server related then there is the possibility that your ISP is using DPI. OpenVPN does not "hide" itself from firewalls , so a modern firewall with deep packet inspection can easily see that it's OpenVPN traffic that is flowing over the port instead of HTTPS traffic.

http://www.anonyproz.com/supportsuite/i ... icleid=137