Astrill Application:OpenVPN Features: Difference between revisions
No edit summary |
|||
(11 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
== Site Filter == | == Site Filter == | ||
'''Site Filter''' is one of the OpenVPN features that will give you options which sites you want to go through VPN. | '''Site Filter''' is one of the OpenVPN features that will give you options which sites you want to go through VPN. | ||
Line 5: | Line 6: | ||
[[File:Openvpn_site-filter.jpg]] | [[File:Openvpn_site-filter.jpg|border]] | ||
Line 16: | Line 17: | ||
=== Tunnel all sites === | === Tunnel all sites === | ||
This mode will allow all sites to go through VPN and is best for your privacy protection. This mode is more secure among other options since all sites are encrypted and protected. | This mode will allow all sites to go through VPN and is best for your privacy protection. This mode is more secure among other options since all sites are encrypted and protected. | ||
Line 21: | Line 23: | ||
[[File:Openvpn_site-filter-tunnel_all.jpg]] | [[File:Openvpn_site-filter-tunnel_all.jpg|border]] | ||
Line 29: | Line 31: | ||
# Click '''OK''', now all sites will go through VPN even the local sites. | # Click '''OK''', now all sites will go through VPN even the local sites. | ||
=== Tunnel only | |||
=== Tunnel only these sites === | |||
This mode will allow you to specify the only sites that you wish to tunnel through VPN. You will have to specify a list of IP addresses(one per line). You can use IP blocks in CIDR format as well, e.g. 12.13.14.0/24. | This mode will allow you to specify the only sites that you wish to tunnel through VPN. You will have to specify a list of IP addresses(one per line). You can use IP blocks in CIDR format as well, e.g. 12.13.14.0/24. | ||
Line 35: | Line 40: | ||
[[File:Openvpn_tunnelonly.jpg]] | [[File:Openvpn_tunnelonly.jpg|border]] | ||
Line 44: | Line 49: | ||
# Click '''OK''' to save. | # Click '''OK''' to save. | ||
# A message box will appear that you need to disconnect from the server, click '''OK'''. This message is shown if you're currently connected to a server, otherwise no such message will show. | # A message box will appear that you need to disconnect from the server, click '''OK'''. This message is shown if you're currently connected to a server, otherwise no such message will show. | ||
=== Exclude these sites === | === Exclude these sites === | ||
This mode will allow you to specify the sites that you do not want to tunnel through VPN. You will have to specify a list of IP addresses(one per line as well). You can use IP blocks in CIDR format as well, e.g. 12.13.14.0/24. | This mode will allow you to specify the sites that you do not want to tunnel through VPN. You will have to specify a list of IP addresses(one per line as well). You can use IP blocks in CIDR format as well, e.g. 12.13.14.0/24. | ||
[[File:Openvpn exclude-these.jpg]] | [[File:Openvpn exclude-these.jpg|border]] | ||
Line 59: | Line 67: | ||
# Click '''OK''' to save. | # Click '''OK''' to save. | ||
# A message box will appear that you need to disconnect from the server, click '''OK'''. This message is shown if you're currently connected to a server, otherwise no such message will show. | # A message box will appear that you need to disconnect from the server, click '''OK'''. This message is shown if you're currently connected to a server, otherwise no such message will show. | ||
=== Only International sites === | === Only International sites === | ||
This mode will allow you to unlock geo-locked contents, for example streaming TV, and all local sites will load directly thus their speed will not be affected. | This mode will allow you to unlock geo-locked contents, for example streaming TV, and all local sites will load directly thus their speed will not be affected. | ||
[[File:Openvpn_only-international.jpg]] | [[File:Openvpn_only-international.jpg|border]] | ||
Line 73: | Line 84: | ||
# Click '''OK''' to save. | # Click '''OK''' to save. | ||
# A message box will appear that you need to disconnect from the server, click '''OK'''. This message is shown if you're currently connected to a server, otherwise no such message will show. | # A message box will appear that you need to disconnect from the server, click '''OK'''. This message is shown if you're currently connected to a server, otherwise no such message will show. | ||
=== Unblock sites === | === Unblock sites === | ||
If you are located in China, use this mode to tunnel only blocked sites through VPN. All other sites will go directly. | If you are located in China, use this mode to tunnel only blocked sites through VPN. All other sites will go directly. | ||
[[File:Openvpn_unblock-sites.jpg]] | [[File:Openvpn_unblock-sites.jpg|border]] | ||
Line 88: | Line 102: | ||
# Click '''OK''' to save. | # Click '''OK''' to save. | ||
# A message box will appear that you need to disconnect from the server, click '''OK'''. This message is shown if you're currently connected to a server, otherwise no such message will show. | # A message box will appear that you need to disconnect from the server, click '''OK'''. This message is shown if you're currently connected to a server, otherwise no such message will show. | ||
== Application Filter == | == Application Filter == | ||
'''Application Filter''' is one of the '''OpenVPN features''' that will give you options which applications you want to go through VPN. | |||
[[File:Openvpn_app-filter.jpg]] | |||
[[File:Openvpn_app-filter.jpg|border]] | |||
Line 107: | Line 124: | ||
=== Tunnel all apps === | === Tunnel all apps === | ||
This mode will allow all applications to go through VPN and is best for your privacy protection. This mode is more secure among other options since all applications are protected. | This mode will allow all applications to go through VPN and is best for your privacy protection. This mode is more secure among other options since all applications are protected. | ||
Line 112: | Line 130: | ||
[[File:Tunnel-all-apps.jpg]] | [[File:Tunnel-all-apps.jpg|border]] | ||
Line 119: | Line 137: | ||
# By default it is set to '''Tunnel all apps''' mode. | # By default it is set to '''Tunnel all apps''' mode. | ||
# Click '''OK''', now all applications will go through VPN. | # Click '''OK''', now all applications will go through VPN. | ||
=== Tunnel only these apps === | === Tunnel only these apps === | ||
Line 126: | Line 146: | ||
[[File:Openvpn_tunnel-only-apps2.jpg]] | [[File:Openvpn_tunnel-only-apps2.jpg|border]] | ||
Line 135: | Line 155: | ||
# Click '''OK''' to save. | # Click '''OK''' to save. | ||
# A message box will appear that you need to disconnect from the server, click '''OK'''. This message is shown if you're currently connected to a server, otherwise no such message will show. | # A message box will appear that you need to disconnect from the server, click '''OK'''. This message is shown if you're currently connected to a server, otherwise no such message will show. | ||
=== Exclude these apps === | === Exclude these apps === | ||
'''Exclude these apps''', this mode will allow you to exclude selected application/s to go through VPN. | '''Exclude these apps''', this mode will allow you to exclude selected application/s to go through VPN. | ||
[[File:Openvpn exclude-these-apps.jpg|border]] | |||
[[File:Openvpn exclude-these-apps.jpg]] | |||
Line 148: | Line 170: | ||
# To choose '''Exclude these apps''' mode, go to '''SETTINGS''' menu then choose '''Application Filter'''. | # To choose '''Exclude these apps''' mode, go to '''SETTINGS''' menu then choose '''Application Filter'''. | ||
# Click the drop down arrow to show the other '''Application filter modes''' | # Click the drop down arrow to show the other '''Application filter modes''' and choose '''Exclude these apps'''. | ||
# Click the '''Add''' or '''+''' button and select a program that you want to exclude (Example: Skype). | # Click the '''Add''' or '''+''' button and select a program that you want to exclude (Example: Skype). | ||
# To remove from the list, highlight the app or choose the app and click the "<b>x</b>" button. | # To remove from the list, highlight the app or choose the app and click the "<b>x</b>" button. | ||
Line 156: | Line 177: | ||
---- | ---- | ||
'''Note : | '''Note :''' | ||
'''''Application Filter doesn't support UDP protocol. So you need to use the program which support TCP or use Site Filter for filtering such programs.''''' | '''''Application Filter doesn't support UDP protocol. So you need to use the program which support TCP or use Site Filter for filtering such programs.''''' | ||
== Port Forward == | == Port Forward == | ||
This function forwards a port from VPN IP(external IP) to your computer. This is useful for Bittorent download programs. | This function forwards a port from VPN IP(external IP) to your computer. This is useful for Bittorent download programs. | ||
Line 166: | Line 190: | ||
[[File:Openvpn_port-forwarding.jpg]] | [[File:Openvpn_port-forwarding.jpg|border]] | ||
Line 181: | Line 205: | ||
'''''Only starred servers from the servers list supports port forwarding and P2P applications.''''' | '''''Only starred servers from the servers list supports port forwarding and P2P applications.''''' | ||
== DNS Options == | == DNS Options == | ||
'''DNS Options''' is one of the OpenVPN features that will give you options which DNS servers you want to use when connected to VPN. We always recommend using Astrill DNS for best performance and privacy protection. | '''DNS Options''' is one of the OpenVPN features that will give you options which DNS servers you want to use when connected to VPN. We always recommend using Astrill DNS for best performance and privacy protection. | ||
Line 188: | Line 215: | ||
[[File:Openvpn_dns-option.jpg]] | [[File:Openvpn_dns-option.jpg|border]] | ||
Line 203: | Line 230: | ||
== App Guard == | == App Guard == | ||
'''App Guard''' is a new feature of the OpenVPN (also available in StealthVPN). This feature that will allow you to block application/s when VPN is not connected. No need to mess up with windows firewall (if you're using Windows). | '''App Guard''' is a new feature of the OpenVPN (also available in StealthVPN). This feature that will allow you to block application/s when VPN is not connected. No need to mess up with windows firewall (if you're using Windows). | ||
Line 208: | Line 236: | ||
[[File:Openvpn_app-guard3.jpg]] | [[File:Openvpn_app-guard3.jpg|border]] | ||
Line 218: | Line 245: | ||
# For example, Utorrent is added from the list. If VPN is off, utorrent is blocked. | # For example, Utorrent is added from the list. If VPN is off, utorrent is blocked. | ||
# Click '''OK''' to save after adding/removing app from the list. | # Click '''OK''' to save after adding/removing app from the list. | ||
---- | |||
'''Note :''' | |||
'''''This feature is available since Windows Vista only or newer. It's not possible on Windows XP as it's missing necessary firewall APIs.''''' | |||
== OpenVPN Options == | == OpenVPN Options == | ||
'''OpenVPN Options''' feature will allow you to choose OpenVPN mode whether UDP or TCP mode and connection port for better speed and stability. | |||
[[File:Openvpn options-new.jpg|border]] | |||
# Click on '''SETTINGS''' menu then choose '''OpenVPN Options'''. | |||
# By default, OpenVPN mode is set to '''Fast (UDP)'''. Fast UDP is preferred and the fastest. However, if you are unable to connect or connection is slow or unstable, you can select '''Reliable (TCP)''' mode. | |||
# By default, '''Port''' is set to '''443''' in Fast (UDP) mode. | |||
# By default, '''MTU''' value is set to '''1446'''. '''MSS Size''' is only enabled in Fast (UDP) mode. You can hover your pointer over the default value of MTU to read more info and the recommended values. | |||
# '''Encryption''' is to '''Default'''. Default value is optimized for security and speed. Other options are Blowfish, AES, CAST and CAMELLIA. None of these algorithms is cracked up to date, you can use the one you trust most. | |||
# Click on the drop down arrow on Mode to show other OpenVPN modes. You can try selecting '''Reliable (TCP)''' mode. | |||
# By default, '''Port''' is set to '''8292''' in Reliable (TCP) mode. You can choose other port by clicking on the drop down arrow. | |||
# By default, '''MTU''' is diabled in TCP mode. | |||
# A message box will appear that you need to disconnect and reconnect from the server for changes to take effect, click '''OK'''. This message is shown if you're currently connected to a server, otherwise no such message will show. | |||
== Privacy Settings == | |||
# | Astrill protects your privacy and prevents your ISP from monitoring and controlling your online communications and browsing activity. You can use the additional features below for additional privacy and protection. | ||
# | |||
# | |||
# | |||
# | [[File:Openvpn_privacy.jpg|border]] | ||
# | |||
# Click on '''SETTINGS''' menu then choose '''Privacy...'''. | |||
# '''Internet Kill Switch''' - Normally Astrill OPenVPN/StealthVPN will reconnect if connection dropped. In case if it doesn't and if this option is enabled, internet conenction will be blocked. You will be prompted to restore internet connection. | |||
# Click | # '''Clear Flash Cookies''' - This clear flash cookies whenever you connect to VPN. '''Flash cookies''' can track your real location and they cannot be deleted by user easily. Astrill can do it for you. | ||
# '''Clear Cookies''' - Clear browser cookies (Firefox, Internet Explorer, Safari) whenever you connect to VPN. Cookies are used to remember web site settings and can track you across web sites, so for privacy it's good to clear them frequently. Clearing cookies will log you off from all web sites. | |||
# '''Fix DNS leak''' - This prevents Windows to leak DNS requests over unencrypted connection. If this option is not enabled, your ISP or anyone monitoring your internet connection can view and poison DNS. | |||
# '''Fix IPv6 leak''' - If your ISP provides IPv6, your IPv6 address will be leaked as Astrill VPN tunnels only IPv4. In the future, we will support IPv6 as well. In the meantime, you can enable here IPv6 to prevent IP leak. | |||
# '''Fix WebRTC IP leak''' - Even when you connect to OpenVPN, your real IP may be leaked through WebRTC API which is implemented in firefox and chrome. Enable this fix to prevent IP leak. | |||
# Click '''OK''' to save changes. |
Latest revision as of 03:38, 7 September 2017
Site Filter
Site Filter is one of the OpenVPN features that will give you options which sites you want to go through VPN.
- Site Filter feature is under the Settings Menu.
- Once you click on the Site Filter feature, you will see it is set to "Tunnel all sites" mode as default.
- Site Filter modes, click on the drop down arrow button to show the Site Filter modes.
Tunnel all sites
This mode will allow all sites to go through VPN and is best for your privacy protection. This mode is more secure among other options since all sites are encrypted and protected.
- To choose Tunnel all sites mode, go to SETTINGS menu then choose Site Filter.
- By default it is set to Tunnel all sites mode.
- Click OK, now all sites will go through VPN even the local sites.
Tunnel only these sites
This mode will allow you to specify the only sites that you wish to tunnel through VPN. You will have to specify a list of IP addresses(one per line). You can use IP blocks in CIDR format as well, e.g. 12.13.14.0/24.
- To choose Tunnel only these sites mode, go to SETTINGS menu then choose Site Filter.
- Click the drop down arrow to show the other Site filter modes.
- Choose Tunnel only these sites.
- Specify the list of IP addresses that you wish to tunnel through VPN (Shown IP from the image is just an example).
- Click OK to save.
- A message box will appear that you need to disconnect from the server, click OK. This message is shown if you're currently connected to a server, otherwise no such message will show.
Exclude these sites
This mode will allow you to specify the sites that you do not want to tunnel through VPN. You will have to specify a list of IP addresses(one per line as well). You can use IP blocks in CIDR format as well, e.g. 12.13.14.0/24.
- To choose Exclude these sites mode, go to SETTINGS menu then choose Site Filter.
- Click the drop down arrow to show the other Site filter modes.
- Choose Exclude these sites.
- Specify the list of IP addresses that you wish to exclude through VPN (Shown IP from the image is just an example).
- Click OK to save.
- A message box will appear that you need to disconnect from the server, click OK. This message is shown if you're currently connected to a server, otherwise no such message will show.
Only International sites
This mode will allow you to unlock geo-locked contents, for example streaming TV, and all local sites will load directly thus their speed will not be affected.
- To choose Only international sites mode, go to SETTINGS menu then choose Site Filter.
- Click the drop down arrow to show the other Site filter modes.
- Choose Only international sites.
- Click OK to save.
- A message box will appear that you need to disconnect from the server, click OK. This message is shown if you're currently connected to a server, otherwise no such message will show.
Unblock sites
If you are located in China, use this mode to tunnel only blocked sites through VPN. All other sites will go directly.
- To choose Tunnel only these sites mode, go to SETTINGS menu then choose Site Filter.
- Click the drop down arrow to show the other Site filter modes.
- Choose Unblock sites.
- Specify the list of IP addresses that you wish to tunnel through VPN (Shown IP from the image is just an example).
- Click OK to save.
- A message box will appear that you need to disconnect from the server, click OK. This message is shown if you're currently connected to a server, otherwise no such message will show.
Application Filter
Application Filter is one of the OpenVPN features that will give you options which applications you want to go through VPN.
- Application Filter feature is under the Settings Menu.
- Once you click on the Application Filter feature, you will see it is set to "Tunnel all apps" mode as default.
- Application Filter modes, click on the drop down arrow button to show the Application Filter modes.
Tunnel all apps
This mode will allow all applications to go through VPN and is best for your privacy protection. This mode is more secure among other options since all applications are protected.
- To choose Tunnel all apps mode, go to SETTINGS menu then choose Application Filter.
- By default it is set to Tunnel all apps mode.
- Click OK, now all applications will go through VPN.
Tunnel only these apps
This mode will allow you to specify the only application/s you wish to go through VPN.
- To choose Tunnel only these apps mode, go to SETTINGS menu then choose Application Filter.
- Click the drop down arrow to show the other Application filter modes and then choose Tunnel only these apps.
- Click the Add or + button and select a program that you want to tunnel (Example: Skype).
- To remove from the list, highlight the app or choose the app and click the "x" button.
- Click OK to save.
- A message box will appear that you need to disconnect from the server, click OK. This message is shown if you're currently connected to a server, otherwise no such message will show.
Exclude these apps
Exclude these apps, this mode will allow you to exclude selected application/s to go through VPN.
- To choose Exclude these apps mode, go to SETTINGS menu then choose Application Filter.
- Click the drop down arrow to show the other Application filter modes and choose Exclude these apps.
- Click the Add or + button and select a program that you want to exclude (Example: Skype).
- To remove from the list, highlight the app or choose the app and click the "x" button.
- Click OK to save.
- A message box will appear that you need to disconnect from the server, click OK. This message is shown if you're currently connected to a server, otherwise no such message will show.
Note :
Application Filter doesn't support UDP protocol. So you need to use the program which support TCP or use Site Filter for filtering such programs.
Port Forward
This function forwards a port from VPN IP(external IP) to your computer. This is useful for Bittorent download programs.
- Click on SETTINGS menu then choose Port Forward.
- By default, Port Forward is not enabled.
- Tick the Enable Port Forwarding box to enable this feature.
- A specific port will be assigned to you automatically once enabled.
- Click OK to save changes.
Note :
Only starred servers from the servers list supports port forwarding and P2P applications.
DNS Options
DNS Options is one of the OpenVPN features that will give you options which DNS servers you want to use when connected to VPN. We always recommend using Astrill DNS for best performance and privacy protection.
- Click on SETTINGS menu then choose DNS Options....
- By default, it is set to Astrill DNS as recommended.
- Click the drop down arrow to show the other DNS servers available.
- You can try using Google DNS for example.
- Once Google DNS is selected, it will automatically set DNS 1 and DNS 2 to google dns.
- Click OK to save.
App Guard
App Guard is a new feature of the OpenVPN (also available in StealthVPN). This feature that will allow you to block application/s when VPN is not connected. No need to mess up with windows firewall (if you're using Windows).
- Click on SETTINGS menu then choose App Guard....
- Click the Add or + button and select a program that you want to block if vpn is off.
- To remove from the list, highlight the app or choose the app and click the "x" button.
- For example, Utorrent is added from the list. If VPN is off, utorrent is blocked.
- Click OK to save after adding/removing app from the list.
Note :
This feature is available since Windows Vista only or newer. It's not possible on Windows XP as it's missing necessary firewall APIs.
OpenVPN Options
OpenVPN Options feature will allow you to choose OpenVPN mode whether UDP or TCP mode and connection port for better speed and stability.
- Click on SETTINGS menu then choose OpenVPN Options.
- By default, OpenVPN mode is set to Fast (UDP). Fast UDP is preferred and the fastest. However, if you are unable to connect or connection is slow or unstable, you can select Reliable (TCP) mode.
- By default, Port is set to 443 in Fast (UDP) mode.
- By default, MTU value is set to 1446. MSS Size is only enabled in Fast (UDP) mode. You can hover your pointer over the default value of MTU to read more info and the recommended values.
- Encryption is to Default. Default value is optimized for security and speed. Other options are Blowfish, AES, CAST and CAMELLIA. None of these algorithms is cracked up to date, you can use the one you trust most.
- Click on the drop down arrow on Mode to show other OpenVPN modes. You can try selecting Reliable (TCP) mode.
- By default, Port is set to 8292 in Reliable (TCP) mode. You can choose other port by clicking on the drop down arrow.
- By default, MTU is diabled in TCP mode.
- A message box will appear that you need to disconnect and reconnect from the server for changes to take effect, click OK. This message is shown if you're currently connected to a server, otherwise no such message will show.
Privacy Settings
Astrill protects your privacy and prevents your ISP from monitoring and controlling your online communications and browsing activity. You can use the additional features below for additional privacy and protection.
- Click on SETTINGS menu then choose Privacy....
- Internet Kill Switch - Normally Astrill OPenVPN/StealthVPN will reconnect if connection dropped. In case if it doesn't and if this option is enabled, internet conenction will be blocked. You will be prompted to restore internet connection.
- Clear Flash Cookies - This clear flash cookies whenever you connect to VPN. Flash cookies can track your real location and they cannot be deleted by user easily. Astrill can do it for you.
- Clear Cookies - Clear browser cookies (Firefox, Internet Explorer, Safari) whenever you connect to VPN. Cookies are used to remember web site settings and can track you across web sites, so for privacy it's good to clear them frequently. Clearing cookies will log you off from all web sites.
- Fix DNS leak - This prevents Windows to leak DNS requests over unencrypted connection. If this option is not enabled, your ISP or anyone monitoring your internet connection can view and poison DNS.
- Fix IPv6 leak - If your ISP provides IPv6, your IPv6 address will be leaked as Astrill VPN tunnels only IPv4. In the future, we will support IPv6 as well. In the meantime, you can enable here IPv6 to prevent IP leak.
- Fix WebRTC IP leak - Even when you connect to OpenVPN, your real IP may be leaked through WebRTC API which is implemented in firefox and chrome. Enable this fix to prevent IP leak.
- Click OK to save changes.