Astrill Application:OpenVPN Features

From Astrill Wiki
Jump to navigation Jump to search

Site Filter

Site Filter is one of the OpenVPN features that will give you options which sites you want to go through VPN.


Openvpn site-filter.jpg


  1. Site Filter feature is under the Settings Menu.
  2. Once you click on the Site Filter feature, you will see it is set to "Tunnel all sites" mode as default.
  3. Site Filter modes, click on the drop down arrow button to show the Site Filter modes.


Tunnel all sites

This mode will allow all sites to go through VPN and is best for your privacy protection. This mode is more secure among other options since all sites are encrypted and protected.


Openvpn site-filter-tunnel all.jpg


  1. To choose Tunnel all sites mode, go to SETTINGS menu then choose Site Filter.
  2. By default it is set to Tunnel all sites mode.
  3. Click OK, now all sites will go through VPN even the local sites.


Tunnel only these sites

This mode will allow you to specify the only sites that you wish to tunnel through VPN. You will have to specify a list of IP addresses(one per line). You can use IP blocks in CIDR format as well, e.g. 12.13.14.0/24.


Openvpn tunnelonly.jpg


  1. To choose Tunnel only these sites mode, go to SETTINGS menu then choose Site Filter.
  2. Click the drop down arrow to show the other Site filter modes.
  3. Choose Tunnel only these sites.
  4. Specify the list of IP addresses that you wish to tunnel through VPN (Shown IP from the image is just an example).
  5. Click OK to save.
  6. A message box will appear that you need to disconnect from the server, click OK. This message is shown if you're currently connected to a server, otherwise no such message will show.


Exclude these sites

This mode will allow you to specify the sites that you do not want to tunnel through VPN. You will have to specify a list of IP addresses(one per line as well). You can use IP blocks in CIDR format as well, e.g. 12.13.14.0/24.


Openvpn exclude-these.jpg


  1. To choose Exclude these sites mode, go to SETTINGS menu then choose Site Filter.
  2. Click the drop down arrow to show the other Site filter modes.
  3. Choose Exclude these sites.
  4. Specify the list of IP addresses that you wish to exclude through VPN (Shown IP from the image is just an example).
  5. Click OK to save.
  6. A message box will appear that you need to disconnect from the server, click OK. This message is shown if you're currently connected to a server, otherwise no such message will show.


Only International sites

This mode will allow you to unlock geo-locked contents, for example streaming TV, and all local sites will load directly thus their speed will not be affected.


Openvpn only-international.jpg


  1. To choose Only international sites mode, go to SETTINGS menu then choose Site Filter.
  2. Click the drop down arrow to show the other Site filter modes.
  3. Choose Only international sites.
  4. Click OK to save.
  5. A message box will appear that you need to disconnect from the server, click OK. This message is shown if you're currently connected to a server, otherwise no such message will show.


Unblock sites

If you are located in China, use this mode to tunnel only blocked sites through VPN. All other sites will go directly.


Openvpn unblock-sites.jpg


  1. To choose Tunnel only these sites mode, go to SETTINGS menu then choose Site Filter.
  2. Click the drop down arrow to show the other Site filter modes.
  3. Choose Unblock sites.
  4. Specify the list of IP addresses that you wish to tunnel through VPN (Shown IP from the image is just an example).
  5. Click OK to save.
  6. A message box will appear that you need to disconnect from the server, click OK. This message is shown if you're currently connected to a server, otherwise no such message will show.


Application Filter

Application Filter is one of the OpenVPN features that will give you options which applications you want to go through VPN.


Openvpn app-filter.jpg


  1. Application Filter feature is under the Settings Menu.
  2. Once you click on the Application Filter feature, you will see it is set to "Tunnel all apps" mode as default.
  3. Application Filter modes, click on the drop down arrow button to show the Application Filter modes.



Tunnel all apps

This mode will allow all applications to go through VPN and is best for your privacy protection. This mode is more secure among other options since all applications are protected.


Tunnel-all-apps.jpg


  1. To choose Tunnel all apps mode, go to SETTINGS menu then choose Application Filter.
  2. By default it is set to Tunnel all apps mode.
  3. Click OK, now all applications will go through VPN.


Tunnel only these apps

This mode will allow you to specify the only application/s you wish to go through VPN.


Openvpn tunnel-only-apps2.jpg


  1. To choose Tunnel only these apps mode, go to SETTINGS menu then choose Application Filter.
  2. Click the drop down arrow to show the other Application filter modes and then choose Tunnel only these apps.
  3. Click the Add or + button and select a program that you want to tunnel (Example: Skype).
  4. To remove from the list, highlight the app or choose the app and click the "x" button.
  5. Click OK to save.
  6. A message box will appear that you need to disconnect from the server, click OK. This message is shown if you're currently connected to a server, otherwise no such message will show.


Exclude these apps

Exclude these apps, this mode will allow you to exclude selected application/s to go through VPN.


Openvpn exclude-these-apps.jpg



  1. To choose Exclude these apps mode, go to SETTINGS menu then choose Application Filter.
  2. Click the drop down arrow to show the other Application filter modes and choose Exclude these apps.
  3. Click the Add or + button and select a program that you want to exclude (Example: Skype).
  4. To remove from the list, highlight the app or choose the app and click the "x" button.
  5. Click OK to save.
  6. A message box will appear that you need to disconnect from the server, click OK. This message is shown if you're currently connected to a server, otherwise no such message will show.

Note :

Application Filter doesn't support UDP protocol. So you need to use the program which support TCP or use Site Filter for filtering such programs.


Port Forward

This function forwards a port from VPN IP(external IP) to your computer. This is useful for Bittorent download programs.


Openvpn port-forwarding.jpg


  1. Click on SETTINGS menu then choose Port Forward.
  2. By default, Port Forward is not enabled.
  3. Tick the Enable Port Forwarding box to enable this feature.
  4. A specific port will be assigned to you automatically once enabled.
  5. Click OK to save changes.


Note :

Only starred servers from the servers list supports port forwarding and P2P applications.


DNS Options

DNS Options is one of the OpenVPN features that will give you options which DNS servers you want to use when connected to VPN. We always recommend using Astrill DNS for best performance and privacy protection.


Openvpn dns-option.jpg



  1. Click on SETTINGS menu then choose DNS Options....
  2. By default, it is set to Astrill DNS as recommended.
  3. Click the drop down arrow to show the other DNS servers available.
  4. You can try using Google DNS for example.
  5. Once Google DNS is selected, it will automatically set DNS 1 and DNS 2 to google dns.
  6. Click OK to save.


App Guard

App Guard is a new feature of the OpenVPN (also available in StealthVPN). This feature that will allow you to block application/s when VPN is not connected. No need to mess up with windows firewall (if you're using Windows).


Openvpn app-guard3.jpg


  1. Click on SETTINGS menu then choose App Guard....
  2. Click the Add or + button and select a program that you want to block if vpn is off.
  3. To remove from the list, highlight the app or choose the app and click the "x" button.
  4. For example, Utorrent is added from the list. If VPN is off, utorrent is blocked.
  5. Click OK to save after adding/removing app from the list.


Note :

This feature is available since Windows Vista only or newer. It's not possible on Windows XP as it's missing necessary firewall APIs.


OpenVPN Options

OpenVPN Options feature will allow you to choose OpenVPN mode whether UDP or TCP mode and connection port for better speed and stability.


Openvpn options-new.jpg


  1. Click on SETTINGS menu then choose OpenVPN Options.
  2. By default, OpenVPN mode is set to Fast (UDP). Fast UDP is preferred and the fastest. However, if you are unable to connect or connection is slow or unstable, you can select Reliable (TCP) mode.
  3. By default, Port is set to 443 in Fast (UDP) mode.
  4. By default, MTU value is set to 1446. MSS Size is only enabled in Fast (UDP) mode. You can hover your pointer over the default value of MTU to read more info and the recommended values.
  5. Encryption is to Default. Default value is optimized for security and speed. Other options are Blowfish, AES, CAST and CAMELLIA. None of these algorithms is cracked up to date, you can use the one you trust most.
  6. Click on the drop down arrow on Mode to show other OpenVPN modes. You can try selecting Reliable (TCP) mode.
  7. By default, Port is set to 8292 in Reliable (TCP) mode. You can choose other port by clicking on the drop down arrow.
  8. By default, MTU is diabled in TCP mode.
  9. A message box will appear that you need to disconnect and reconnect from the server for changes to take effect, click OK. This message is shown if you're currently connected to a server, otherwise no such message will show.


Privacy Settings

Astrill protects your privacy and prevents your ISP from monitoring and controlling your online communications and browsing activity. You can use the additional features below for additional privacy and protection.


Openvpn privacy.jpg


  1. Click on SETTINGS menu then choose Privacy....
  2. Internet Kill Switch - Normally Astrill OPenVPN/StealthVPN will reconnect if connection dropped. In case if it doesn't and if this option is enabled, internet conenction will be blocked. You will be prompted to restore internet connection.
  3. Clear Flash Cookies - This clear flash cookies whenever you connect to VPN. Flash cookies can track your real location and they cannot be deleted by user easily. Astrill can do it for you.
  4. Clear Cookies - Clear browser cookies (Firefox, Internet Explorer, Safari) whenever you connect to VPN. Cookies are used to remember web site settings and can track you across web sites, so for privacy it's good to clear them frequently. Clearing cookies will log you off from all web sites.
  5. Fix DNS leak - This prevents Windows to leak DNS requests over unencrypted connection. If this option is not enabled, your ISP or anyone monitoring your internet connection can view and poison DNS.
  6. Fix IPv6 leak - If your ISP provides IPv6, your IPv6 address will be leaked as Astrill VPN tunnels only IPv4. In the future, we will support IPv6 as well. In the meantime, you can enable here IPv6 to prevent IP leak.
  7. Fix WebRTC IP leak - Even when you connect to OpenVPN, your real IP may be leaked through WebRTC API which is implemented in firefox and chrome. Enable this fix to prevent IP leak.
  8. Click OK to save changes.
Retrieved from "https://www.astrill.com/wiki/index.php?title=Astrill_Application:OpenVPN_Features&oldid=4306"