Astrill Application:OpenVPN Features: Difference between revisions

From Astrill Wiki
Jump to navigation Jump to search
No edit summary
No edit summary
 
(64 intermediate revisions by the same user not shown)
Line 1: Line 1:
== Site Filter ==
== Site Filter ==
<b>Site Filter</b> is one of the OpenVPN features that will give you options which sites you want to go through VPN. Note that you have to be in Expert mode to see the additional features under your Settings menu, see how to switch to [http://wiki.astrill.com/index.php/Astrill_Application:UI_explained Expert mode].




[[File:Site_filter.jpg|Site Filter]] [[File:Site_filter_default.jpg|Site Filter Default]] [[File:Site_filter_options.jpg|Site Filter Options]]
'''Site Filter''' is one of the OpenVPN features that will give you options which sites you want to go through VPN.




# <b>Site Filter</b> feature is under the <b>Settings</b> Menu.
 
# Once you click on the <b>Site Filter</b> feature, you will see it is set to "<b>Tunnel all sites</b>" mode as default.
[[File:Openvpn_site-filter.jpg|border]]
# <b>Site Filter modes</b>, click on the drop down arrow button to show the Site Filter modes.  
 
 
 
# '''Site Filter''' feature is under the '''Settings''' Menu.
# Once you click on the '''Site Filter''' feature, you will see it is set to '''"Tunnel all sites"''' mode as default.
# '''Site Filter modes''', click on the drop down arrow button to show the Site Filter modes.


   
   


=== Tunnel all sites ===
=== Tunnel all sites ===
This mode will allow all sites to go through VPN and is best for your privacy protection. This mode is more secure among other options since all sites are encrypted and protected.
This mode will allow all sites to go through VPN and is best for your privacy protection. This mode is more secure among other options since all sites are encrypted and protected.




[[File:Site_filter.jpg|Site Filter]] [[File:Tunnel_all_sites.jpg|Tunnel all sites]]
 
[[File:Openvpn_site-filter-tunnel_all.jpg|border]]
 
 
 
# To choose '''Tunnel all sites''' mode, go to '''SETTINGS''' menu then choose '''Site Filter'''.
# By default it is set to '''Tunnel all sites mode'''.
# Click '''OK''', now all sites will go through VPN even the local sites.




# To choose <b>Tunnel all sites</b> mode, go to <b>Settings</b> menu then choose <b>Site Filter</b>.
# By default it is set to <b>Tunnel all sites mode</b>.
# Click <b>OK</b>, now all sites will go through VPN even the local sites.


=== Tunnel only these sites ===




=== Tunnel only those sites ===
This mode will allow you to specify the only sites that you wish to tunnel through VPN. You will have to specify a list of IP addresses(one per line). You can use IP blocks in CIDR format as well, e.g. 12.13.14.0/24.
This mode will allow you to specify the only sites that you wish to tunnel through VPN. You will have to specify a list of IP addresses(one per line). You can use IP blocks in CIDR format as well, e.g. 12.13.14.0/24.




[[File:Site_filter.jpg|Site Filter]] [[File:Tunnel_only_these_sites.jpg]] [[File:Tunnel_only_these_sites_sample.jpg]]


[[File:Openvpn_tunnelonly.jpg|border]]


[[File:Disconnect_from_server.jpg]]


# To choose '''Tunnel only these sites''' mode, go to '''SETTINGS''' menu then choose '''Site Filter'''.
# Click the drop down arrow to show the other '''Site filter modes'''.
# Choose '''Tunnel only these sites'''.
# Specify the list of '''IP addresses''' that you wish to tunnel through VPN (Shown IP from the image is just an example).
# Click '''OK''' to save.
# A message box will appear that you need to disconnect from the server, click '''OK'''. This message is shown if you're currently connected to a server, otherwise no such message will show.


# To choose <b>Tunnel only these sites mode</b>, go to <b>Settings</b> menu then choose <b>Site Filter</b>.
# Click the drop down arrow to show the other <b>Site filter modes</b>.
# Choose <b>Tunnel only these sites</b>.
# Specify the list of <b>IP addresses</b> that you wish to tunnel through VPN. Shown example is the IP address of facebook.
# Click <b>OK</b>.
# A message box will appear that you need to disconnect from the server, click <b>OK</b>.


=== Exclude these sites ===




=== Exclude these sites ===
This mode will allow you to specify the sites that you do not want to tunnel through VPN. You will have to specify a list of IP addresses(one per line as well). You can use IP blocks in CIDR format as well, e.g. 12.13.14.0/24.
This mode will allow you to specify the sites that you do not want to tunnel through VPN. You will have to specify a list of IP addresses(one per line as well). You can use IP blocks in CIDR format as well, e.g. 12.13.14.0/24.




[[File:Site_filter.jpg|Site Filter]] [[File:Exclude_these_sites.jpg]] [[File:Exclude_these_sites_sample.jpg]]
[[File:Openvpn exclude-these.jpg|border]]




[[File:Disconnect_from_server2.jpg]]
# To choose '''Exclude these sites''' mode, go to '''SETTINGS''' menu then choose '''Site Filter'''.
# Click the drop down arrow to show the other '''Site filter modes'''.
# Choose '''Exclude these sites'''.
# Specify the list of '''IP addresses''' that you wish to exclude through VPN (Shown IP from the image is just an example).
# Click '''OK''' to save.
# A message box will appear that you need to disconnect from the server, click '''OK'''. This message is shown if you're currently connected to a server, otherwise no such message will show.




# To choose <b>Exclude these sites mode</b>, go to <b>Settings</b> menu then choose <b>Site Filter</b>.
# Click the drop down arrow to show the other <b>Site filter modes</b>.
# Choose <b>Exclude these sites</b>.
# Specify the list of <b>IP addresses</b> that you wish not to tunnel through VPN.
# Click <b>OK</b>.
# A message box will appear that you need to disconnect from the server, click <b>OK</b>.


=== Only International sites ===




=== Only International sites ===
This mode will allow you to unlock geo-locked contents, for example streaming TV, and all local sites will load directly thus their speed will not be affected.
This mode will allow you to unlock geo-locked contents, for example streaming TV, and all local sites will load directly thus their speed will not be affected.




[[File:Site_filter.jpg|Site Filter]] [[File:Only_international_sites.jpg]] [[File:Only_international_sites2.jpg]]
[[File:Openvpn_only-international.jpg|border]]
 


# To choose '''Only international sites mode''', go to '''SETTINGS''' menu then choose '''Site Filter'''.
# Click the drop down arrow to show the other '''Site filter modes'''.
# Choose '''Only international sites'''.
# Click '''OK''' to save.
# A message box will appear that you need to disconnect from the server, click '''OK'''. This message is shown if you're currently connected to a server, otherwise no such message will show.


[[File:Disconnect_from_server3.jpg]]




# To choose <b>Only international sites mode</b>, go to <b>Settings</b> menu then choose <b>Site Filter</b>.
=== Unblock sites ===
# Click the drop down arrow to show the other <b>Site filter modes</b>.
# Choose <b>Only international sites</b>.
# Click <b>OK</b>.
# A message box will appear that you need to disconnect from the server, click <b>OK</b>.




=== Unblock sites ===
If you are located in China, use this mode to tunnel only blocked sites through VPN. All other sites will go directly.
If you are located in China, use this mode to tunnel only blocked sites through VPN. All other sites will go directly.




[[File:Site_filter.jpg|Site Filter]] [[File:Unblock_sites.jpg]] [[File:Unblock_sites_sample.jpg]]
[[File:Openvpn_unblock-sites.jpg|border]]




[[File:Disconnect_from_server4.jpg]]
# To choose '''Tunnel only these sites''' mode, go to '''SETTINGS''' menu then choose '''Site Filter'''.
# Click the drop down arrow to show the other '''Site filter modes'''.
# Choose '''Unblock sites'''.
# Specify the list of '''IP addresses''' that you wish to tunnel through VPN (Shown IP from the image is just an example).
# Click '''OK''' to save.
# A message box will appear that you need to disconnect from the server, click '''OK'''. This message is shown if you're currently connected to a server, otherwise no such message will show.




# To choose <b>Unblock sites mode</b>, go to <b>Settings</b> menu then choose <b>Site Filter</b>.
# Click the drop down arrow to show the other <b>Site filter modes</b>.
# Choose <b>Unblock sites</b>.
# Specify the list of <b>IP addresses</b> that you wish to tunnel through VPN. Shown example is the IP address of facebook.
# Click <b>OK</b>.
# A message box will appear that you need to disconnect from the server, click OK.


== Application Filter ==
== Application Filter ==


<b>Application Filter</b> is one of the OpenVPN features that will give you options which applications you want to go through VPN. Note that you have to be in Expert mode to see the additional features under your Settings menu, see how to switch to [http://wiki.astrill.com/index.php/Astrill_Application:UI_explained Expert mode].
 
'''Application Filter''' is one of the '''OpenVPN features''' that will give you options which applications you want to go through VPN.  




[[File:Application_filter.jpg|Application Filter]] [[File:Application_filter_default.jpg|Application Filter Default]] [[File:Application_filter_modes.jpg|Application Filter Modes]]
 
[[File:Openvpn_app-filter.jpg|border]]
 
 
 
# '''Application Filter''' feature is under the '''Settings''' Menu.
# Once you click on the '''Application Filter''' feature, you will see it is set to '''"Tunnel all apps"''' mode as default.
# '''Application Filter''' modes, click on the drop down arrow button to show the Application Filter modes.




# <b>Application Filter</b> feature is under the <b>Settings</b> Menu.
# Once you click on the <b>Application Filter</b> feature, you will see it is set to "<b>Tunnel all apps</b>" mode as default.
# <b>Application Filter</b> modes, click on the drop down arrow button to show the Application Filter modes.




=== Tunnel all apps ===
=== Tunnel all apps ===


This mode will allow all applications to go through VPN and is best for your privacy protection. This mode is more secure among other options since all applications are protected.
This mode will allow all applications to go through VPN and is best for your privacy protection. This mode is more secure among other options since all applications are protected.




[[File:Application_filter.jpg|Application Filter]] [[File:Tunnell_all_apps.jpg|Tunnel all apps]]
 
[[File:Tunnel-all-apps.jpg|border]]
 




# To choose <b>Tunnel all apps mode</b>, go to <b>Settings</b> menu then choose <b>Application Filter</b>.
# To choose '''Tunnel all apps mode''', go to '''SETTINGS''' menu then choose '''Application Filter'''.
# By default it is set to <b>Tunnel all apps</b> mode.
# By default it is set to '''Tunnel all apps''' mode.
# Click <b>OK</b>, now all applications will go through VPN.
# Click '''OK''', now all applications will go through VPN.




Line 130: Line 146:




[[File:only.jpg]] [[File:only1.jpg]]
[[File:Openvpn_tunnel-only-apps2.jpg|border]]
 
 
# To choose '''Tunnel only these apps''' mode, go to '''SETTINGS''' menu then choose '''Application Filter'''.
# Click the drop down arrow to show the other '''Application filter modes''' and then choose '''Tunnel only these apps'''.
# Click the '''Add''' or '''+''' button and select a program that you want to tunnel (Example: Skype).
# To remove from the list, highlight the app or choose the app and click the "<b>x</b>" button.
# Click '''OK''' to save.
# A message box will appear that you need to disconnect from the server, click '''OK'''. This message is shown if you're currently connected to a server, otherwise no such message will show.




# Click the drop down arrow and select <b>Tunnel only these apps</b>.
# Click the <b>Add</b> button and select a program that you want to tunnel (Example: Skype).
# To remove from the list, highlight the program and click the "<b>x</b>" button.
# Click <b>OK</b>.


=== Exclude these apps ===
=== Exclude these apps ===


<b>Exclude these apps</b>, this mode will allow you to exclude selected application/s to go through VPN.


'''Exclude these apps''', this mode will allow you to exclude selected application/s to go through VPN.


[[File:exclude1.jpg]] [[File:Exclude2.jpg]]


[[File:Openvpn exclude-these-apps.jpg|border]]
# To choose '''Exclude these apps''' mode, go to '''SETTINGS''' menu then choose '''Application Filter'''.
# Click the drop down arrow to show the other '''Application filter modes''' and choose '''Exclude these apps'''.
# Click the '''Add''' or '''+''' button and select a program that you want to exclude (Example: Skype).
# To remove from the list, highlight the app or choose the app and click the "<b>x</b>" button.
# Click '''OK''' to save.
# A message box will appear that you need to disconnect from the server, click '''OK'''. This message is shown if you're currently connected to a server, otherwise no such message will show.
----
'''Note :'''
'''''Application Filter doesn't support UDP protocol. So you need to use the program which support TCP or use Site Filter for filtering such programs.'''''




# Click the drop down arrow and select <b>Exclude these apps</b>.
# Click the <b>Add</b> button and select a program that you want to tunnel (Example: Skype).
# To remove from the list, highlight the program and click the "<b>x</b>" button.
# Click <b>OK</b>.


== Port Forward ==
== Port Forward ==


This function forwards a port from VPN IP(external IP) to your computer. This is useful for Bittorent download programs.
 
This function forwards a port from VPN IP(external IP) to your computer. This is useful for Bittorent download programs.  




[[File:Example1.jpg]] [[File:Example2.jpg]] [[File:Example3.jpg]]


[[File:Openvpn_port-forwarding.jpg|border]]




# Click <b>Help</b> >> <b>Switch to Expert</b>.
# Click <b>Settings</b> >> <b>Port Forwarding</b> options.
# Tick the <b>Enable Port Forwarding</b> box (A specific ports will be assigned to you).
# Click <b>OK</b>.


== Web Cache ==
# Click on '''SETTINGS''' menu then choose '''Port Forward'''.
# By default, '''Port Forward''' is not enabled.
# Tick the '''Enable Port Forwarding''' box to enable this feature.
# A specific port will be assigned to you automatically once enabled.
# Click '''OK''' to save changes.


<b>Web Caching</b> is used to speed up web surfing by keeping static web files on your hard disk.


----
'''Note :'''


[[File:webcache1.jpg]] [[File:webcache2.jpg]] [[File:webcache3.jpg]]
'''''Only starred servers from the servers list supports port forwarding and P2P applications.'''''






# Click <b>Help</b> >> <b>Switch to expert</b>.
== DNS Options ==
# Click <b>Settings</b> >> Web Cache options.
 
# Tick <b>Enable Web Caching</b> box.
 
# For the fastest surfing, select Max level. In case you receive outdated pages, lowering caching level will fix it.
'''DNS Options''' is one of the OpenVPN features that will give you options which DNS servers you want to use when connected to VPN. We always recommend using Astrill DNS for best performance and privacy protection.
# This is the folder where cached files will be stored.
 
# How many days cached will be kept.
 
# How much memory to use for caching files.
 
# Specify list of sites you wish to exclude from caching.
[[File:Openvpn_dns-option.jpg|border]]
# Specify list of sites you wish to block (for example ads).
 
# Delete cached files permanently.
 
# Click OK.
 
 
# Click on '''SETTINGS''' menu then choose '''DNS Options...'''.
# By default, it is set to '''Astrill DNS''' as recommended.
# Click the drop down arrow to show the other DNS servers available.
# You can try using '''Google DNS''' for example.
# Once '''Google DNS''' is selected, it will automatically set '''DNS 1''' and '''DNS 2''' to google dns.
# Click '''OK''' to save.
 
 
 
== App Guard ==
 
 
'''App Guard''' is a new feature of the OpenVPN (also available in StealthVPN). This feature that will allow you to block application/s when VPN is not connected. No need to mess up with windows firewall (if you're using Windows).
 
 
 
[[File:Openvpn_app-guard3.jpg|border]]
 
 
 
# Click on '''SETTINGS''' menu then choose '''App Guard...'''.
# Click the '''Add''' or '''+''' button and select a program that you want to block if vpn is off.
# To remove from the list, highlight the app or choose the app and click the "<b>x</b>" button.
# For example, Utorrent is added from the list. If VPN is off, utorrent is blocked.
# Click '''OK''' to save after adding/removing app from the list.
 
 
----
'''Note :'''
 
'''''This feature is available since Windows Vista only or newer. It's not possible on Windows XP as it's missing necessary firewall APIs.'''''
 
 


== OpenVPN Options ==
== OpenVPN Options ==
This OpenVPN features will allow you to choose OpenVPN mode whether UDP or TCP mode and connection port for better speed and stability.




[[File:OpenVPN_Options.jpg|OpenVPN Options]] [[File:OpenVPN_Options_default.jpg|OpenVPN Options Default]]
'''OpenVPN Options''' feature will allow you to choose OpenVPN mode whether UDP or TCP mode and connection port for better speed and stability.
 
 
 
[[File:Openvpn options-new.jpg|border]]
 
 
# Click on '''SETTINGS''' menu then choose '''OpenVPN Options'''.
# By default, OpenVPN mode is set to '''Fast (UDP)'''. Fast UDP is preferred and the fastest. However, if you are unable to connect or connection is slow or unstable, you can select '''Reliable (TCP)''' mode.
# By default, '''Port''' is set to '''443''' in Fast (UDP) mode.
# By default, '''MTU''' value is set to '''1446'''. '''MSS Size''' is only enabled in Fast (UDP) mode. You can hover your pointer over the default value of MTU to read more info and the recommended values.
# '''Encryption''' is to '''Default'''. Default value is optimized for security and speed. Other options are Blowfish, AES, CAST and CAMELLIA. None of these algorithms is cracked up to date, you can use the one you trust most.
# Click on the drop down arrow on Mode to show other OpenVPN modes. You can try selecting '''Reliable (TCP)''' mode.
# By default, '''Port''' is set to '''8292''' in Reliable (TCP) mode. You can choose other port by clicking on the drop down arrow.
# By default, '''MTU''' is diabled in TCP mode.
# A message box will appear that you need to disconnect and reconnect from the server for changes to take effect, click '''OK'''. This message is shown if you're currently connected to a server, otherwise no such message will show.
 
 
 
== Privacy Settings ==
 
 
Astrill protects your privacy and prevents your ISP from monitoring and controlling your online communications and browsing activity. You can use the additional features below for additional privacy and protection.
 


[[File:OpenVPN_modes.jpg|OpenVPN modes]] [[File:OpenVPN_Stealth.jpg]]


[[File:Disconnect_from_server5.jpg]]
[[File:Openvpn_privacy.jpg|border]]




# <b>OpenVPN Options</b> is under the <b>Settings</b> menu.
# Click on '''SETTINGS''' menu then choose '''Privacy...'''.
# By default, OpenVPN mode is set to <b>Fast (UDP)</b>.
# '''Internet Kill Switch''' - Normally Astrill OPenVPN/StealthVPN will reconnect if connection dropped. In case if it doesn't and if this option is enabled, internet conenction will be blocked. You will be prompted to restore internet connection.
# By default, <b>the Connection Port</b> is set to <b>8292</b>.
# '''Clear Flash Cookies''' - This clear flash cookies whenever you connect to VPN. '''Flash cookies''' can track your real location and they cannot be deleted by user easily. Astrill can do it for you.
# By default, the <b>MSS size</b> value is set to <b>1400</b>. <b>MSS Size</b> is only enabled in Fast (UDP) mode. If you have problem with connection speed, you can lower it's value to 1300 or 1200.
# '''Clear Cookies''' - Clear browser cookies (Firefox, Internet Explorer, Safari) whenever you connect to VPN. Cookies are used to remember web site settings and can track you across web sites, so for privacy it's good to clear them frequently. Clearing cookies will log you off from all web sites.
# By default, the <b>Keep connection alive</b> check box is unchecked. You can check this box if you want to keep the connection with VPN server alive. You can use this option only if you experience frequent disconnection.
# '''Fix DNS leak''' - This prevents Windows to leak DNS requests over unencrypted connection. If this option is not enabled, your ISP or anyone monitoring your internet connection can view and poison DNS.
# Click on the drop down arrow on Mode to show other OpenVPN modes. It has <b>Fast (UDP)</b>, <b>Reliable (TCP)</b> and <b>Stealth (TCP) mode</b>.
# '''Fix IPv6 leak''' - If your ISP provides IPv6, your IPv6 address will be leaked as Astrill VPN tunnels only IPv4. In the future, we will support IPv6 as well. In the meantime, you can enable here IPv6 to prevent IP leak.
# For stability, you can choose Stealth (TCP) mode.
# '''Fix WebRTC IP leak''' - Even when you connect to OpenVPN, your real IP may be leaked through WebRTC API which is implemented in firefox and chrome. Enable this fix to prevent IP leak.
# Set the <b>Connection Port</b> to <b>443</b>.
# Click '''OK''' to save changes.
# You will notice that the MSS Size box will be disabled if you choose any (Reliable or Stealth) TCP mode.
# Click <b>OK</b>.
# Click <b>OK</b>, you have to disconnect from the server and then reconnect for the changes to take effect.

Latest revision as of 03:38, 7 September 2017

Site Filter

Site Filter is one of the OpenVPN features that will give you options which sites you want to go through VPN.


Openvpn site-filter.jpg


  1. Site Filter feature is under the Settings Menu.
  2. Once you click on the Site Filter feature, you will see it is set to "Tunnel all sites" mode as default.
  3. Site Filter modes, click on the drop down arrow button to show the Site Filter modes.


Tunnel all sites

This mode will allow all sites to go through VPN and is best for your privacy protection. This mode is more secure among other options since all sites are encrypted and protected.


Openvpn site-filter-tunnel all.jpg


  1. To choose Tunnel all sites mode, go to SETTINGS menu then choose Site Filter.
  2. By default it is set to Tunnel all sites mode.
  3. Click OK, now all sites will go through VPN even the local sites.


Tunnel only these sites

This mode will allow you to specify the only sites that you wish to tunnel through VPN. You will have to specify a list of IP addresses(one per line). You can use IP blocks in CIDR format as well, e.g. 12.13.14.0/24.


Openvpn tunnelonly.jpg


  1. To choose Tunnel only these sites mode, go to SETTINGS menu then choose Site Filter.
  2. Click the drop down arrow to show the other Site filter modes.
  3. Choose Tunnel only these sites.
  4. Specify the list of IP addresses that you wish to tunnel through VPN (Shown IP from the image is just an example).
  5. Click OK to save.
  6. A message box will appear that you need to disconnect from the server, click OK. This message is shown if you're currently connected to a server, otherwise no such message will show.


Exclude these sites

This mode will allow you to specify the sites that you do not want to tunnel through VPN. You will have to specify a list of IP addresses(one per line as well). You can use IP blocks in CIDR format as well, e.g. 12.13.14.0/24.


Openvpn exclude-these.jpg


  1. To choose Exclude these sites mode, go to SETTINGS menu then choose Site Filter.
  2. Click the drop down arrow to show the other Site filter modes.
  3. Choose Exclude these sites.
  4. Specify the list of IP addresses that you wish to exclude through VPN (Shown IP from the image is just an example).
  5. Click OK to save.
  6. A message box will appear that you need to disconnect from the server, click OK. This message is shown if you're currently connected to a server, otherwise no such message will show.


Only International sites

This mode will allow you to unlock geo-locked contents, for example streaming TV, and all local sites will load directly thus their speed will not be affected.


Openvpn only-international.jpg


  1. To choose Only international sites mode, go to SETTINGS menu then choose Site Filter.
  2. Click the drop down arrow to show the other Site filter modes.
  3. Choose Only international sites.
  4. Click OK to save.
  5. A message box will appear that you need to disconnect from the server, click OK. This message is shown if you're currently connected to a server, otherwise no such message will show.


Unblock sites

If you are located in China, use this mode to tunnel only blocked sites through VPN. All other sites will go directly.


Openvpn unblock-sites.jpg


  1. To choose Tunnel only these sites mode, go to SETTINGS menu then choose Site Filter.
  2. Click the drop down arrow to show the other Site filter modes.
  3. Choose Unblock sites.
  4. Specify the list of IP addresses that you wish to tunnel through VPN (Shown IP from the image is just an example).
  5. Click OK to save.
  6. A message box will appear that you need to disconnect from the server, click OK. This message is shown if you're currently connected to a server, otherwise no such message will show.


Application Filter

Application Filter is one of the OpenVPN features that will give you options which applications you want to go through VPN.


Openvpn app-filter.jpg


  1. Application Filter feature is under the Settings Menu.
  2. Once you click on the Application Filter feature, you will see it is set to "Tunnel all apps" mode as default.
  3. Application Filter modes, click on the drop down arrow button to show the Application Filter modes.



Tunnel all apps

This mode will allow all applications to go through VPN and is best for your privacy protection. This mode is more secure among other options since all applications are protected.


Tunnel-all-apps.jpg


  1. To choose Tunnel all apps mode, go to SETTINGS menu then choose Application Filter.
  2. By default it is set to Tunnel all apps mode.
  3. Click OK, now all applications will go through VPN.


Tunnel only these apps

This mode will allow you to specify the only application/s you wish to go through VPN.


Openvpn tunnel-only-apps2.jpg


  1. To choose Tunnel only these apps mode, go to SETTINGS menu then choose Application Filter.
  2. Click the drop down arrow to show the other Application filter modes and then choose Tunnel only these apps.
  3. Click the Add or + button and select a program that you want to tunnel (Example: Skype).
  4. To remove from the list, highlight the app or choose the app and click the "x" button.
  5. Click OK to save.
  6. A message box will appear that you need to disconnect from the server, click OK. This message is shown if you're currently connected to a server, otherwise no such message will show.


Exclude these apps

Exclude these apps, this mode will allow you to exclude selected application/s to go through VPN.


Openvpn exclude-these-apps.jpg



  1. To choose Exclude these apps mode, go to SETTINGS menu then choose Application Filter.
  2. Click the drop down arrow to show the other Application filter modes and choose Exclude these apps.
  3. Click the Add or + button and select a program that you want to exclude (Example: Skype).
  4. To remove from the list, highlight the app or choose the app and click the "x" button.
  5. Click OK to save.
  6. A message box will appear that you need to disconnect from the server, click OK. This message is shown if you're currently connected to a server, otherwise no such message will show.

Note :

Application Filter doesn't support UDP protocol. So you need to use the program which support TCP or use Site Filter for filtering such programs.


Port Forward

This function forwards a port from VPN IP(external IP) to your computer. This is useful for Bittorent download programs.


Openvpn port-forwarding.jpg


  1. Click on SETTINGS menu then choose Port Forward.
  2. By default, Port Forward is not enabled.
  3. Tick the Enable Port Forwarding box to enable this feature.
  4. A specific port will be assigned to you automatically once enabled.
  5. Click OK to save changes.



Note :

Only starred servers from the servers list supports port forwarding and P2P applications.


DNS Options

DNS Options is one of the OpenVPN features that will give you options which DNS servers you want to use when connected to VPN. We always recommend using Astrill DNS for best performance and privacy protection.


Openvpn dns-option.jpg



  1. Click on SETTINGS menu then choose DNS Options....
  2. By default, it is set to Astrill DNS as recommended.
  3. Click the drop down arrow to show the other DNS servers available.
  4. You can try using Google DNS for example.
  5. Once Google DNS is selected, it will automatically set DNS 1 and DNS 2 to google dns.
  6. Click OK to save.


App Guard

App Guard is a new feature of the OpenVPN (also available in StealthVPN). This feature that will allow you to block application/s when VPN is not connected. No need to mess up with windows firewall (if you're using Windows).


Openvpn app-guard3.jpg


  1. Click on SETTINGS menu then choose App Guard....
  2. Click the Add or + button and select a program that you want to block if vpn is off.
  3. To remove from the list, highlight the app or choose the app and click the "x" button.
  4. For example, Utorrent is added from the list. If VPN is off, utorrent is blocked.
  5. Click OK to save after adding/removing app from the list.



Note :

This feature is available since Windows Vista only or newer. It's not possible on Windows XP as it's missing necessary firewall APIs.


OpenVPN Options

OpenVPN Options feature will allow you to choose OpenVPN mode whether UDP or TCP mode and connection port for better speed and stability.


Openvpn options-new.jpg


  1. Click on SETTINGS menu then choose OpenVPN Options.
  2. By default, OpenVPN mode is set to Fast (UDP). Fast UDP is preferred and the fastest. However, if you are unable to connect or connection is slow or unstable, you can select Reliable (TCP) mode.
  3. By default, Port is set to 443 in Fast (UDP) mode.
  4. By default, MTU value is set to 1446. MSS Size is only enabled in Fast (UDP) mode. You can hover your pointer over the default value of MTU to read more info and the recommended values.
  5. Encryption is to Default. Default value is optimized for security and speed. Other options are Blowfish, AES, CAST and CAMELLIA. None of these algorithms is cracked up to date, you can use the one you trust most.
  6. Click on the drop down arrow on Mode to show other OpenVPN modes. You can try selecting Reliable (TCP) mode.
  7. By default, Port is set to 8292 in Reliable (TCP) mode. You can choose other port by clicking on the drop down arrow.
  8. By default, MTU is diabled in TCP mode.
  9. A message box will appear that you need to disconnect and reconnect from the server for changes to take effect, click OK. This message is shown if you're currently connected to a server, otherwise no such message will show.


Privacy Settings

Astrill protects your privacy and prevents your ISP from monitoring and controlling your online communications and browsing activity. You can use the additional features below for additional privacy and protection.


Openvpn privacy.jpg


  1. Click on SETTINGS menu then choose Privacy....
  2. Internet Kill Switch - Normally Astrill OPenVPN/StealthVPN will reconnect if connection dropped. In case if it doesn't and if this option is enabled, internet conenction will be blocked. You will be prompted to restore internet connection.
  3. Clear Flash Cookies - This clear flash cookies whenever you connect to VPN. Flash cookies can track your real location and they cannot be deleted by user easily. Astrill can do it for you.
  4. Clear Cookies - Clear browser cookies (Firefox, Internet Explorer, Safari) whenever you connect to VPN. Cookies are used to remember web site settings and can track you across web sites, so for privacy it's good to clear them frequently. Clearing cookies will log you off from all web sites.
  5. Fix DNS leak - This prevents Windows to leak DNS requests over unencrypted connection. If this option is not enabled, your ISP or anyone monitoring your internet connection can view and poison DNS.
  6. Fix IPv6 leak - If your ISP provides IPv6, your IPv6 address will be leaked as Astrill VPN tunnels only IPv4. In the future, we will support IPv6 as well. In the meantime, you can enable here IPv6 to prevent IP leak.
  7. Fix WebRTC IP leak - Even when you connect to OpenVPN, your real IP may be leaked through WebRTC API which is implemented in firefox and chrome. Enable this fix to prevent IP leak.
  8. Click OK to save changes.