Yes, you have to encrypt. It's not possible to connect to our service without encryption. What you're looking for is more of a basic proxy, which we don't offer. The reason we don't offer weaker (or no) encryption for those who want faster speeds is because that opens up everyone to downgrade attacks where people wanting the most secure option could be forced by a malicious person to use whatever the weakest algorithm is. It's basically the whole "only as strong as it's weakest link" concept.BillShannonA wrote: ↑ Do I have to encrypt? Is it even possible not to encrypt? Is it good enough to hide who/where I am, or do I need to hide what I am doing as well? Can I install a less stringent encryption?
Edit the OpenVPN config file (.ovpn), find the four lines that start with "remote", they'll have "443" near the end of each of them.BillShannonA wrote: ↑ How do I switch the UDP port to 53?
Just change 443 to 53 to use that port instead.
The ed25519 configs will probably give you the best speeds, but they do require at least OpenSSL 1.1.1 and OpenVPN 2.4.3.BillShannonA wrote: ↑ I do not know what version of OpenVPN I am using? Is this found on the Edgerouter or somewhere else? And if I am using OpenVPN 2.5, which config do you recommend... ecc, ed25519, or ed448.
The OpenVPN 2.5 requirement was just if you wanted to switch to the Poly1305-Chacha20 cipher.
If you are using OpenVPN 2.5, you can do that by editing the config and changing the line "cipher AES-256-GCM" to "cipher CHACHA20-POLY1305"
See above. AES-NI is a feature in most modern CPUs that lets the processor do AES related functions faster.BillShannonA wrote: ↑ I could not find out if Edgerouter X supports AES-NI instruction. I know not what it is. I did a search for it on the Ubiquiti site. Could not find "AES-NI." I sent them a support ticket to find out if it does or not. Where do I change the cipher?
Just try it out locally on your computer first (OpenVPN too). That will give you a baseline that you can use for bandwidth you expect to get.BillShannonA wrote: ↑ I am not going to try WireGuard, but thanks for that suggestion. It took me long enough to get it to work with OpenVPN.
Vegas does have less users on it usually. If you chose the balancer configs it wouldn't ensure you connect to a US server. Most of our customers don't want to connect to US servers, so the only way to do that is to manually choose the US configs.BillShannonA wrote: ↑ I am in Denver, CO. The only server in Mountain Time Zone is Las Vegas. I picked Chicago because it was close to Wisconsin and I like the Green Bay Packers. Shall I try Las Vegas? Can I choose one of the balanced configs and insure that I am getting a USA server.