Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit here or GitHub Ξ
Ξ If you're looking for tutorials/guides, check out the new https://cryptostorm.is/#section6 Ξ

widget v3

Post a reply

:
In an effort to prevent automatic submissions, we require that you enter the letters that are written in red.
Smilies
:D :) ;) :( :o :shock: :? 8-) :lol: :x :P :oops: :cry: :evil: :twisted: :roll: :!: :?: :idea: :arrow: :| :mrgreen: :geek: :ugeek: :angel: :clap: :crazy: :eh: :lolno: :problem: :shh: :shifty: :sick: :silent: :think: :thumbdown: :thumbup: :wave: :wtf: :yawn:

BBCode is ON
[img] is ON
[flash] is OFF
[url] is ON
Smilies are ON

Topic review
   

If you wish to attach one or more files enter the details below.

Expand view Topic review: widget v3

Re: widget v3

Post by marzametal » Fri Oct 19, 2018 9:18 am

I still get blocking of outside dns even after unticking the relevant option and adding it to custom.conf. How to remove this option?

Also the dns proxy is clashing with dns crypt. The widget turns dns crypt off now after a warning.

I disappear for a month and everything is changed! Wow.

Re: widget v3

Post by Moonlight » Fri Oct 19, 2018 7:09 am

@DF

1. ipconfig /flushdns

2. Followed all your instructions and still getting the error message.

Have another machine (same win 10 build initially) and no error message.

As I can connect, I won't take your time any further, I will look into it when I'll rebuild it i.e. clean install of win 10.

Thank you for your time! :thumbup: :)

Re: widget v3

Post by df » Thu Oct 18, 2018 6:01 am

@Moonlght
v3.32 should fix a DNS issue that happened whenever people had several network adapters with ambiguous names, or more than one TAP adapter, or a oddly named TAP adapter.

It's possible that one of the last versions permanently changed your DNS settings even when the widget is closed, which might be the cause of that 1.1.1.1 message.
I'd recommend making sure your DNS settings for your main network adapter are set to whatever they should be.
See http://solverbase.com/w/Windows_10:_Cha ... NS_Servers for instructions, just replace Google's 8.8.8.8 in their example with "Obtain DNS server address automatically" or whatever static IP you normally use for your non-VPN DNS.

Re: widget v3

Post by Moonlght » Thu Oct 18, 2018 4:29 am

Feedback for 3.32.0.219

Win 10 Pro x64 OS Build 17763.55

Installed 3.32.0.219 on top of 3.31.0.218 and it's all working :

all security options checked
ECC default
choice of exit nodes available
no error messages

On a side note (minor), getting the message do I wish to set the DNS to 1.1.1.1 always come up even though it's already set to that (checked it again just after appearance of the message).

Thank you! :)

Re: widget v3

Post by Guest » Fri Oct 12, 2018 5:29 am

Win 10 Pro x64 OS Build 17763.55 (previously 17763.1)

3.30.0.217 was working yesterday but stopped today, even with all security options unchecked.

Went back to 3.18.0.201 (not clean install), and connected immediately.

Downloaded 3.31.0.218, installed it on top and it's all working :

all security options checked
ECC default
choice of exit nodes available
no "Error: Cannot resolve voodoo-windows-isleofman,cstorm,pw:" message

On a side note (minor), getting the message do I wish to set the DNS to 1.1.1.1 always come up even though it's already set to that (checked it again just after appearance of the message).

Thank you! :)

Re: widget v3

Post by Moonlight » Wed Oct 10, 2018 3:35 am

@DF

Win 10 Pro x64 OS Build 17763.55 (previously 17763.1)

Re-installed 3.30.0.217 again on top of 3.18.0.201

All working now :

all security options checked
ECC default
choice of exit nodes (more added?) available again
no "Error: Cannot resolve voodoo-windows-isleofman,cstorm,pw:" message

Thank you! :)

Re: widget v3

Post by auto123412 » Wed Oct 10, 2018 3:30 am

Hi, I am also having issues after upgrading to 3.30.
I can only connect to "Global Random" as any other nodes only attempts a connection but then nothing , ends in not connected.

I have tried turning all the security features off but it makes no difference...

When I manage to connect to Global Random, no dns is available.. Or at least no dns lookup works . not even for cryptostorm.is.

Where can I get ahold of v3.18 to attempt a downgrade until the issues have been solved?

Re: widget v3

Post by df » Tue Oct 09, 2018 9:46 am

@Moonlight
See https://cryptostorm.is/new
We've changed some things around, and got rid of the voodoo instances (for now).
3.30.0.217 includes all these changes though. I'd suggest trying to disable different things in the security tab to see if any of those are causing issues (the killswitch, dnscrypt, etc.)

Re: widget v3

Post by Moonlight » Tue Oct 09, 2018 4:51 am

Hi,

Win 10 Pro x64 OS Build 17763.1

CS widget 3.30.0.217

Feedback

1.

Cannot connect with ECC default checked (all other options in security tab are checked as well).

Tried the 3 different ECC options and cannot connect either.

Unchecked the ECC option and still cannot connect.

No error message, just displaying not connected.

Tried Switzerland, Germany (both), Sweden and Canada West.

2.

Went back to 3.18.0.201 (after complete uninstall of 3.30.0.217)

Can connect but option to select exit node (Switzerland and Canada West) is no longer working - do not think it's related to latest win10 update (3 Oct) as I had the option yesterday for Switzerland (a quickly disappearing message says something about skipping IP as there is only one?).

Also now when I exit from the security tab, I get the following message : Error: Cannot resolve voodoo-windows-isleofman,cstorm,pw:

On a side note, a few days ago the 185... Switzerland exit node disappeared, it was a good one as I was not prompted for a captcha for several sites compared to the current 81.17.31.38. Less captcha with 81.17.31.40 yesterday, but still.

Thank you.

Re: widget v3

Post by Sakura » Mon Aug 13, 2018 4:42 pm

It seem that my reply wasn't posted. I try to post again.

I'd use the bundled DNScrypt-proxy, but it seems to work only when connected to the VPN service. I can't configure anything on it and even though dnscrypt-proxy.exe is running in the background when the client is started (but only then), still my ISP's DNS servers are used. Even if I start the dnscrypt-proxy.exe manually, still sometimes it canges the DNS server, sometimes it doesn't.
So, unless there is a solution to use the bundled DNScrypt-proxy when not connected to the service (that would be optimal), I'm better off with the official proxy. The problem is, that when I update the CS client, it asks to turn off the installed DNScrypt-proxy, and then I can't just re-enable it, I have to reinstall it.

Re: widget v3

Post by df » Tue Aug 07, 2018 5:35 am

@Sakura
The CS widget uses a bundled DNScrypt-proxy to protect pre-connect DNS. If you'd prefer to use your own DNSCrypt setup, simply disable ours by going to Options -> Security and uncheck the "Enable DNSCrypt" box.

If you'd like to use our DNSCrypt servers, https://raw.githubusercontent.com/crypt ... proxy.toml has a list that's compatible with the latest DNSCrypt-proxy v2.
If you're still using DNSCrypt-proxy v1, the list you should use is @ https://raw.githubusercontent.com/crypt ... olvers.csv

Some of ours are included in the official DNSCrypt resolvers list @ https://dnscrypt.info/public-servers , but they don't keep it as up to date as ours is.

Re: widget v3

Post by Sakura » Mon Aug 06, 2018 6:16 pm

I'm not sure if this is the most relevant topic to come up with this issue, but: every time I update the CS widget it screws up my DNScrypt-proxy. I need to reinstall it, otherwise no adresses resolve. This turns a simple update into quite a hassle. Especially since DNScrypt-proxy is hard to configure but after that it needs no maintanace, so by the time I need to reinstall it I forget how to configure it and have the relearn the whole thing.
I've seen that the CS widget has a DNScrypt-proxy too, and I'd gladly use that, but it can't be configured at all, and when I don't connect to the VPN my ISP-s DNS server will be used.

Is there any way to make the widget not conflict with the proxy or to have it's own proxy a better use?

Re: widget v3

Post by df » Sun Jul 22, 2018 3:09 am

Forgot to update this thread with info on the latest build.

Fixed a GUI issue some had when running Windows at a non-default scaling setting.
It would cause the progress bar to overlap a little bit with the "Connect" button.
In the Options window the "Block intrusive ads/trackers" wouldn't be visible to the user.

Some people complained that the previous version would open an extra cmd.exe
The reason for that is that OpenVPN 2.4.6 now requires a password to be specified for the management interface, which the widget opens on 127.0.0.1
Previously, the widget was doing a simple

Code: Select all

echo $management_password | csvpn.exe --config-options
to start OpenVPN.
That echo command is why the extra cmd.exe was being created and left open.
Now, the management password is stored in a temporary file in the "user" folder, so an extra cmd.exe isn't left in the process list.
And that management password is changed on every connect for added security.

I also modified the LZMA2 compression configuration for the installer, which seems to make all the AV false positives go away. But from now on, I'll scan the latest installer @ virustotal.com and jotti.org just to make sure there's not any false positives before I release it.

Re: widget v3

Post by marzametal » Sat Jul 07, 2018 4:55 pm

I have noticed that all relevant DNS addresses relating to the specific node you are connecting to have to be reachable to prevent the user being asked if they want to go to 1.1.1.1

I found this out because I use a DNS Proxy, and since for this example, USA SOUTH has 3 DNS addresses, if two are commented out in my proxy configuration file, and the widget references one of the commented DNS addresses,then it throws that option.

So, to prevent the 1.1.1.1 reference, for those who use a DNS Proxy such as Acrylic, uncomment all DNS addresses relating to the node you want, and then post-connection comment out the ones that were not used by widget.

Also, for those who use Acrylic (not sure how this would be done for other DNS Proxy software), I now have two entries that bypass 127.0.0.1 and go straight to the DNS Server (on router have CS DNS entries)... without these two entries, every time I click on the UPDATE button for node list, it would time out, and when the latest widget would resolve on connection, it would also time out... just for those who are interested :)
NAME1=cryptostorm.nu
NAME2=cstorm.pw

Thanks for adding the extra information on the whitelist df... makes things easier!
Keep up the good work!

I knew I was doing something wrong!
"10.5.0.2-10.5.255.254,10.44.0.2-10.44.255.254,10.66.0.2-10.66.255.254,10.84.0.2-10.84.255.254,10.86.0.2-10.86.255.254,10.88.0.2-10.88.255.254,10.92.0.2-10.92.255.254" this is what it looks like at the moment for an outbound rule hahaha

Re: widget v3

Post by df » Sat Jul 07, 2018 3:20 pm

@RubRiches
RubRiches wrote:Huh, that is weird. I ran Malware bytes and my system is ok.
No worries though I was able to download the new version and now I am stuck on the progress bar while connecting.

This is where it is stuck:
Sat Jul 07 07:52:09 2018 us=54756 [cryptostorm server] Peer Connection Initiated with [AF_INET]213.163.64.210:5060
Sat Jul 07 07:52:10 2018 us=150762 SENT CONTROL [cryptostorm server]: 'PUSH_REQUEST' (status=1)


Tried unchecking ECC instance, then DNS leak etc... but no good.
Please see if there is something I need to do.

One more request can you guys improve the widget as such that I don't have to exit the widget to go to Options while it is trying to connect.


Yea, the malware bytes scan means it was just a false positive.
For your progress bar issue, is csvpn.exe running? Open up the task manager and go to the processes tab to see.
If it is, check with cryptostorm.is/test to see if your IP changed.
If not, or if csvpn.exe isn't running, then something else is most likely closing csvpn.exe (That's OpenVPN).
Try adding to both Malware Bytes and Windows Defender an exclusion for the folder C:\Program Files (x86)\Cryptostorm Client\

As for your last request, that design is intentional. Allowing the user to change options while connecting can cause leaks or other unexpected results. The only way to prevent those issues would be to create more CPU threads that constantly check for option changes, which would make the widget's overall CPU utilization a lot higher than it needs to be. Instead, I choose to simply disable the options button while connecting/connected.

@marzametal
marzametal wrote:Would it be safe to assume that the above means if I choose a random node to connect to in the widget, then all nodes will be attempted to be pre-resolved... and if I choose one specific node from the dropdown, then just that one will be pre-resolved?

If you choose "Global random", it just resolves "windows-balancer.cstorm.pw" (or .cryptostorm.nu, i forget).
If you choose a specific node, it only resolves that one.
Basically, it does the exact thing OpenVPN would have done, only now that it pre-resolves it allows me to check for common DNS errors. Once the pre-resolve is done, it gives OpenVPN the IP you pick.

The only time all the hosts (balancers and nodes) are resolved is whenever you enable the killswitch, since that's now necessary due to those new servers with the bigger IP pools.

Re: widget v3

Post by df » Sat Jul 07, 2018 2:39 pm

@marzametal
Each VPN instance uses a different 10.x.0.0/16 B-class, mostly because if I used the same B-class (or C-class) for multiple instances, two different clients might be assigned the same 10.x.x.x IP.
There's a check in place to prevent that from happening per-instance, but not per-server, so each instance gets it's own B-class.

On the older servers that only have 4 VPN IPs, there's 6 instances:
win TCP, ECC TCP, linux TCP, win UDP, ECC UDP, linux UDP
On those servers, I generally stick to networks:
10.33.0.0/16 for linux UDP
10.34.0.0/16 for linux TCP
10.44.0.0/16 for win UDP
10.45.0.0/16 for win TCP
10.54.0.0/16 for ECC UDP
10.55.0.0/16 for ECC TCP

On the newer servers that have large(ish) IP pools assigned to them (currently: frankfurt, paris, england, romania, ussouth, and switzerland), I'll usually start at 10.60.0.0/16 and increment it by one per IP.
But some of those servers (frankfurt, paris, and romania) are using new IP pools plus the above ranges, because
those three weren't new servers, they were just old ones I bought more IPs for.
Doing it that way on those three servers meant I could setup the new instances without disturbing the VPN sessions of people who were connected to the old instances.
For england, ussouth, and switzerland, they were new servers so I didn't have to bother with working around old instances. So for those 3, they only use 10.60.0.0/16 and onward (highest atm being 10.149.0.0/16).

Some time in the near future there might be more 10.x.0.0/16 networks used when other things get added (new instances for obfuscation protocols, wireguard [if they ever release a stable branch of that], etc.)

As for your firewall rules against 10.0.0.0/8, the only reason to do that would be to prevent your machine from accessing other things in your LAN (if your LAN is also in 10.0.0.0/8), since the networks listed in RFC1918 (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) can't reach the internet.

If you're using a local firewall on the same machine you'll be connecting to cryptostorm with, you should keep in mind that the CS 10.0.0.0/8 traffic is only going out on the tunnel interface/adapter. The interface/adapter for your internet connection (eth0 in Linux, "Ethernet" in Windows, etc.) will only see traffic from you to the public/internet CS VPN IP.
Knowing that, you could add an exception to the local firewall so that only the tunnel interface can reach 10.0.0.0/8 (Usually tun0 in Linux, or whatever the TAP network adapter name is in Windows).
That way you can still prevent your machine from accessing the rest of your LAN by blocking access to 10.0.0.0/8 on your other non-tunnel interfaces/adapters.

If your firewall is on the network's router, and you're connecting to cryptostorm using a machine behind that router, it won't be seeing your traffic to the CS 10.0.0.0/8 network since that'll already be encrypted by the time it reaches your router.
So for that setup, you should be using the public CS IPs for a killswitch. You could even setup a rule based on source IP, for when you only want to do a killswitch for one or specific machines on your network.

If you're doing both the killswitch and connecting to cryptostorm on your router, then the stuff I said the paragraph before the last one would apply.

EDIT:
And yes, cryptostorm.nu is still @ 212.83.185.245, and the widget still uses that to check for nodelist updates.
And if using an external killswitch, with the new IP pools, you can't just use the balancer's DNS anymore since not all IPs are listed there.
You could do what the widget does and load all the hosts from https://cryptostorm.nu/nodelist3.txt (I.e., `awk -F: '{print $NF}' nodelist3.txt`), then resolve them, then add those IPs to your firewall.
FYI: If you add a hostname to an iptables rule, it'll add all the IPs that hostname resolves to.
If you don't wanna do that, https://cryptostorm.is/whitelist also has a list of all the possible exit IPs.

Regarding your question about the server names, I've gone ahead and updated https://cryptostorm.is/whitelist to also include the region in the comments, next to the server name:

Code: Select all

csis@cryptostorm.is [~/www]# grep ^\# whitelist
#onyx / paris
#cf-i / cryptofree
#alors / paris
#tagus / lisbon
#jord / switzerland
#skana / canadawest
#goo / useast (New York City, NY)
#windy / usnorth (Chicago, IL)
#resurgens / ussouth (Atlanta, GA) - will be removed in August 2018, replaced with "resurg"
#rugby / england
#ham - canadaeast
#silver - uswest (Las Vegas, NV)
#riga - latvia
#rotte - netherlands
#warsaw - poland
#stadi - finland
#warlock - dusseldorf
#brabant - netherlands
#stakaya - uswest (Seattle, WA)
#dc - useast (Washington, D.C.)
#lax - uswest (Los Angeles, CA)
#blocko - denmark
#gambit - rome
#zuna - frankfurt
#voodoo - isle of man
#voodoo - romania
#voodoo - russia
#sallad - ussouth (Dallas, TX)
#balaur - romania
#resurg - ussouth (Atlanta, GA)
#zur - switzerland

Re: widget v3

Post by marzametal » Sat Jul 07, 2018 11:17 am

don't worry about the updating node list issue... I went a bit spastic during a copy and paste and ruined a rule!

By the way, I've noticed when it connects now...
Sat Jul 07 00:57:18 2018 us=108037 C:\Windows\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.84.0.1

How often does the 10.84.0.1 change?
In the past 3 connections, I've seen it go from 10.84 to 10.88 and then 10.94...

No big deal, just means I gotta broaden the rules haha

Re: widget v3

Post by marzametal » Sat Jul 07, 2018 9:36 am

"The widget now "pre-resolves" the host you're connecting to"

Would it be safe to assume that the above means if I choose a random node to connect to in the widget, then all nodes will be attempted to be pre-resolved... and if I choose one specific node from the dropdown, then just that one will be pre-resolved?

Also, is there any documentation that shows me which country the server names relate to? eg: brabant, blocko, etc...

With the new additions to the widget, have to sorta' redesign my firewall rules to accomodate. Just trying to get enough info to work with... thanks in advance!

UPDATE:
What is the IP address that is referenced when I want to update node list?
Not sure is cryptostorm.nu is down? Just saw this post from @df "about node list"
Is it still 212.83.185.245

Re: widget v3

Post by RubRiches » Sat Jul 07, 2018 7:33 am

df wrote:@RubRiches
It's just a false positive. The CS widget installer randomly gets caught up in their database because it uses the same compression (LZ4) as some trojans.
I use a local win7 VM for widget dev, and the only thing installed on it is the stuff needed for widget dev (Perl, Notepad++, etc.).
I do file integrity checks on that stuff to make sure when I downloaded them they weren't MiTM'd.
The widget installer's hashes were generated on that local VM, and they're checked on the remote VM I use to build the widget, and then they're checked a final time when they're put up on the website.

So it's highly unlikely that something as simple as "Win32/Fuery.B!cl" is going to find it's way into the widget installer (unless your system is already infected :P).
http://deletespywares.blogspot.com/2017 ... rybcl.html -

For instance, it can enter your machine when you click on a malicious link, provided on YouTube, Facebook, Skype, visit a phishing web portal, put infected removable media drive onto your machine, etc. Besides, it is also known that Trojan: Win32/Fuery.B!cl has been spread through Java vulnerabilities and Adobe Flash

Yea, I'm not using/doing any of that crap on any of the VMs or servers.

Anyways, I'll do what I did last time this happened: send M$ a false positive report so they'll remove it.

EDIT:
I just tested with Windows Defender on win7 and win10 with updated databases, they didn't find anything in the latest installer.



Huh, that is weird. I ran Malware bytes and my system is ok.
No worries though I was able to download the new version and now I am stuck on the progress bar while connecting.

This is where it is stuck:
Sat Jul 07 07:52:09 2018 us=54756 [cryptostorm server] Peer Connection Initiated with [AF_INET]213.163.64.210:5060
Sat Jul 07 07:52:10 2018 us=150762 SENT CONTROL [cryptostorm server]: 'PUSH_REQUEST' (status=1)


Tried unchecking ECC instance, then DNS leak etc... but no good.
Please see if there is something I need to do.

One more request can you guys improve the widget as such that I don't have to exit the widget to go to Options while it is trying to connect.

Thank @df

Re: widget v3

Post by df » Fri Jul 06, 2018 6:22 am

@RubRiches
It's just a false positive. The CS widget installer randomly gets caught up in their database because it uses the same compression (LZ4) as some trojans.
I use a local win7 VM for widget dev, and the only thing installed on it is the stuff needed for widget dev (Perl, Notepad++, etc.).
I do file integrity checks on that stuff to make sure when I downloaded them they weren't MiTM'd.
The widget installer's hashes were generated on that local VM, and they're checked on the remote VM I use to build the widget, and then they're checked a final time when they're put up on the website.

So it's highly unlikely that something as simple as "Win32/Fuery.B!cl" is going to find it's way into the widget installer (unless your system is already infected :P).
http://deletespywares.blogspot.com/2017 ... rybcl.html -

For instance, it can enter your machine when you click on a malicious link, provided on YouTube, Facebook, Skype, visit a phishing web portal, put infected removable media drive onto your machine, etc. Besides, it is also known that Trojan: Win32/Fuery.B!cl has been spread through Java vulnerabilities and Adobe Flash

Yea, I'm not using/doing any of that crap on any of the VMs or servers.

Anyways, I'll do what I did last time this happened: send M$ a false positive report so they'll remove it.

EDIT:
I just tested with Windows Defender on win7 and win10 with updated databases, they didn't find anything in the latest installer.

Re: widget v3

Post by RubRiches » Fri Jul 06, 2018 4:51 am

Hey Guys,
Windows defender detected a Trojan and blocks the download.
Trojan detected is Trojan:Win32/Fuery.B!cl and Severity level is High. Please check and update.

Did some research and this looks like a Trojan.

Re: widget v3

Post by df » Thu Jul 05, 2018 6:57 pm

Err, make that version 3.17.0.220.

In version 3.16, a minor bug caused the widget to not remember your node selection choice when the widget starts (it kept defaulting to "Global random").
I also added some new text when DNS fails with the killswitch enabled, because some people were enabling the kill switch without enabling DNSCrypt or setting their system/network's DNS to a CS one, which of course would be blocked by the killswitch to prevent DNS leaks during pre-connect.
Now it'll explain that they need to use our DNS or enable DNSCrypt, otherwise the killswitch won't allow DNS out.

Also upgraded dnscrypt-proxy to the latest v2.0.15.

Re: widget v3

Post by df » Wed Jul 04, 2018 3:57 pm

New version 3.16.0.220 is out, available at https://cryptostorm.is/cryptostorm_setup.exe

In this version, almost all of the DNS related code was rewritten to automatically address a lot of the previous issues people were having.
The widget now "pre-resolves" the host you're connecting to. One reason for this is that it allows the widget to detect (and fix) common DNS related issues, such as a firewall blocking DNS or DNS not being set correctly before the widget runs.
If the system's default DNS isn't working correctly, the widget will first try to use DNSCrypt (if it's not already enabled, and only after asking the user if that's okay). If that fails, the final fix is to switch to Cloudflare's 1.1.1.1 DNS server (again, only after asking the user if that's okay).

Another reason for the pre-resolving is that it's needed for the new feature "Let me choose my exit IP", available under Options -> Connecting.
When you select that option, a window will pop up when you connect to a node, and if that node has more than one IP associated with it (most do), it'll let you choose which one to use.
It also includes a "Remember my choice" option so that it'll automatically choose that IP next time you connect, useful for those with the "Automatically connect" option enabled.
If you want the widget to forget one of your IP choices (or all of them), you can also do that under Options -> Connecting. If you have any IPs remembered, a drop down list will appear there with all the IPs you've saved, and under that a "Forget" button.

Another new feature is that TrackerSmacker ("TS"), our DNS-based ad/tracker blocking service, is now optional. It's enabled by default in the new widget, but if you want to disable it you can now do so under Options -> Security. More info @ https://cryptostorm.is/ts

Although not specifically a widget feature, we now allow port forwarding as well. Details on that are available at https://cryptostorm.is/portfwd

Re: widget v3

Post by crimghost » Thu Mar 22, 2018 3:01 am

That's a no on both. It works fine as long as DNSCrypt is disabled. I hope I can resolve this though.
I like DNSCrypt and appreciate your help and the time you have taken developing the widget and all of it's features for us. I'm looking forward to seeing what else is coming. I just bought another 1yr token today. :)

Re: widget v3

Post by df » Tue Mar 20, 2018 9:40 pm

@crimghost
When you first open the widget or when you exit settings, does DNS get set to 127.0.0.1 even if the DNSCrypt option is disabled?

Re: widget v3

Post by crimghost » Fri Mar 16, 2018 11:55 am

It no longer changes my DNS to 127.0.0.1 when I exit the widget, but it still changes it to that when I first open the widget every time and once I exit settings to go back to the main screen of the widget. Also, the random port checkbox must be selected every time the widget is opened. It will not stay selected once the widget is closed then reopened.

Re: widget v3

Post by df » Tue Mar 06, 2018 8:08 pm

New widget build released just now, v3.13.
Those of you on v3.12, you should get a prompt informing you of the new version then asking you if you want to upgrade.
For anyone else not already using the widget (or using < v3.12), it's available at https://cryptostorm.is/cryptostorm_setup.exe with hashes @ https://cryptostorm.is/cryptostorm_setup.exe.txt

Included in this latest widget is access to the new ECC (Elliptic-Curve Cryptography) instances, which use the strongest available crypto OpenVPN 2.4.x has to offer. You can turn on this feature by going to Options -> Security and selecting the "Use ECC instances" checkbox. Only for 64 bit Windows, since these features require OpenVPN 2.4.x, which has dropped support for 32 bit Windows.
The server/CA certificate for these instances is also using EC, which means smaller key size with better (or equivalent) crypto, which generally means better speeds.
More info about these instances can be found at https://github.com/cryptostorm/cryptost ... master/ecc
and if you want to learn more about the specific configuration directives used, there's comments on almost every line of each of those configs explaining them.

Also included is a killswitch! You can turn it on under Options -> Security then clicking "Enable killswitch".
It'll turn on when you press the Back button to go back to the main window.
It uses Windows firewall to block everything except our VPN server IPs and our DNS IPs, so if your internet disconnects or your connection to the VPN is severed, you won't leak anything to the internet.
Of course, since this is Windows, I would still recommend using an external device to implement your own killswitch on your router/firewall, since it's known that Microsoft has the ability to remove firewall rules remotely.

The other changes are mostly bug fixes, such as better handling of DNS settings when switching to/from dnscrypt-proxy. This should fix the problem people were having where DNS was getting left at 127.0.0.1 after exiting the widget.

Source code is up at https://github.com/cryptostorm/cstorm_w ... /client.pl if anyone's interested.

Re: widget v3

Post by crimghost » Tue Jan 30, 2018 11:14 pm

Also, "network reset" in windows 10 Network and Internet settings no longer repairs the issue, for me. It has in the past though so some may want to try it. Just open network and internet settings scroll all the way to the bottom and there it is. The system will reboot and may or may not fix your issues.

Re: widget v3

Post by crimghost » Tue Jan 30, 2018 8:53 am

The same thing is happening to me that Moonlight is describing. "Obtain DNS server automatically" must be set manually back every time I disconnect or get disconnected from cryptostorm before I can reconnect to the internet or to cryptostorm. Sometimes the widget leaves the DNS that it set from DNScrypt. Sometimes it's 127.0.0.1.
It's been like this for me since the last big build update to Windows 10 64 bit

Re: widget v3

Post by Moonlight » Mon Jan 29, 2018 11:35 am

Hi,

Win 10 Pro OS Build 16299.192

CS widget 3.12

Feedback

1.

DNS set to 185.60.147.77 (Switzerland)

Clicking connect getting error message within the widget:

Cannot resolve windows-switzerland-cryptostorm.net:443 (No such host is known. )
This usually means something is wrong with your DNS settings.

Also not getting immediately another windows with the error message:

Error: Cannot resolve windows-switzerland.cstorm.pw

While the widget is still open with the error message, I go the DNS settings which are now 127.0.0.1. I change them to Obtain DNS server address automatically, and click connect again, and it is now connecting.

Had I exited the widget after the error message and then change the DNS to Obtain DNS server address automatically, I would get the same error connection message.

This happens every morning (after overnight shutdown of the PC and modem) since the change over from the Narwhal widget. When the PC and modem are shutdown during the day (for a couple of hours), no issue reconnecting.

Don't know if and how this issue can be fixed.

Suggestion

2. When I lose connection I am not getting immediately (it is taking a long time and it does not come on top) on top of everything another windows with the error message (like for the Narwhal widget):

Error: Cannot resolve windows-switzerland.cstorm.pw

I become aware of the lost connection because pages are no longer loading and the small widget icon in the taskbar has discreetly become red.

Would appreciate if this issue can be looked into and possibly resolved with the next release.

Thank you.

Re: widget v3

Post by BonusWavePilot » Fri Dec 29, 2017 7:55 am

New client seems to be working pretty well!

It does still tend to crash if you put the PC to sleep while it is running though. (Win 7 laptop) That isn't a huge issue in itself, as the old version used to fairly reliably die or get confused when sleeping too. Fair enough - if it is disconnected for a while the VPN connection is bound to drop. What *is* more of an issue is that it fails open now.

So if I restore my lappie from sleep, the client is minimised in the taskbar and refuses to be restored, I am no longer connected to the VPN, and (unprotected) Internet access is working. Previously when the client had a connection error, it would also break Internet access in general until it was closed.

Re: widget v3

Post by carsol » Fri Dec 29, 2017 1:53 am

and after downloading a new version (3.12) it works again :-)

Re: widget v3

Post by carsol » Wed Dec 27, 2017 5:00 pm

redman wrote:i opened cryptostorm a couple of days ago and it asked and performed an update. Since then I have not been able to connect, it hangs at the point "Logging into the darknet". I have uninstall and reinstalled with no luck. I have also removed OpenVPN and halted the AV software during the re-installation. How do I get the logs to see what is causing the issue as area where the logs are usually visible is black. I am running Windows 10 32 bit version.
Screen.PNG


This is exactly where it al stops for me :-(
(but i try the paid servers)

Re: widget v3

Post by redman » Wed Dec 27, 2017 4:35 am

i opened cryptostorm a couple of days ago and it asked and performed an update. Since then I have not been able to connect, it hangs at the point "Logging into the darknet". I have uninstall and reinstalled with no luck. I have also removed OpenVPN and halted the AV software during the re-installation. How do I get the logs to see what is causing the issue as area where the logs are usually visible is black. I am running Windows 10 32 bit version.
Screen.PNG

Re: widget v3

Post by DpFH » Mon Nov 06, 2017 3:51 pm

noticed this too but unsure of your present OS type...
This happens if you are also running another DNScrypt instance.

with simplednscrypt (windoze) you will just need to re-select your earlier dnscrypt enabled servers from the dropdown menu.
And to re-select the adapters for which dnscrypt has temporarily changed ie the TAP/tun adapters and LAN adapter

Then, if other nameserver values still remain ,
you only have to remove-and-reinstall the DNSCrypt service.

through a few mouse clicks (and there is no need to uninstall/reinstall the present dnscrypt software you are using).

If the service is up and listening on the correct ports

Primary nameserver ---------> 127.0.0.1 (port 53) and

sec. nameserver #2 -------------------> 127.0.0.2


the gui is easiest route if unsure about terminal based commands.

Those with only the dnscrypt-proxy service installed have to type the stuff via the console/terminal method. Or restart the service under "Services"

Next you could try :

/nslookup cryptostorm.is

to determine the current resolvers

Re: widget v3

Post by LazyAss » Fri Nov 03, 2017 9:58 pm

Is there an "undo" batch file or instructions anywhere?

It seems this version of the launcher can leave you with strange DNS settings after it's uninstalled, even if you deselect dnscrypt before uninstalling it.

Presumably it tweaks other settings as well that aren't properly reset to defaults.

Re: widget v3

Post by saenta » Tue Oct 10, 2017 12:18 pm

Hey, just joined cryptostorm last weak, I've a question, will there be a client based on opoenvpn 2.4?
Also how are plans going for an android client?
Thanks!
It's pretty awesome what a great service with many good Ideas you build!
Realy looking forward what you will create in the future!
Thanks!

Re: widget v3

Post by JTD121 » Mon Aug 14, 2017 5:40 am

@df, Y'know, I don't know what the issue was, but I restarted this specific laptop and just tried again, and it worked without a hitch.

Previously I made sure the client.exe and csvpn EXEs weren't running, so maybe it was pending OS updates?

Since we're on the subject, any updates past 3.0.0.72?

Re: widget v3

Post by df » Sat Aug 12, 2017 5:37 pm

@JTD121
Do you get that error when running cryptostorm_setup.exe? If so, you should exit the widget before you begin the installation. Windows can't overwrite client.exe if it's already running. Although, the installation should detect if the widget is already running and ask if it's okay to close it before attempting to overwrite it.

Re: widget v3

Post by JTD121 » Sat Aug 12, 2017 4:36 pm

So just looking for an update, and it looks like I can't upgrade the client? Even running as admin on Windows 8.1 gives me the following error:

Image

Of course, watching that file, it gets created, and what looks like a temp file, and then this error pops up. So something is trying to change the client.exe before this happens.

Any ideas?

Re: widget v3

Post by df » Tue Jul 18, 2017 12:45 am

@ATurtle
If anyone is still using XP, they clearly don't care about security.
You could argue that Microsoft updates doesn't equate to security (which is accurate), but since XP hasn't received security patches for several years now, using it under any pretense is just plain dumb.
Maybe in a system/VM that's offline, or behind such a restrictive firewall that nothing's possible... but then what's the point?

Re: widget v3

Post by ATurtle » Mon Jul 17, 2017 11:55 pm

Glad to see that XP is finally being killed off by providers!

Re: widget v3

Post by rwilcher » Sat Jun 24, 2017 5:30 am

Thank you very much.

Re: widget v3

Post by df » Thu Jun 22, 2017 12:20 am

@rwilcher
The latest one is always at https://cryptostorm.is/cryptostorm_setup.exe

Re: widget v3

Post by rwilcher » Wed Jun 21, 2017 5:22 pm

What is the correct v3 widget I should get ? Confusing.

Re: widget v3

Post by df » Mon Jun 19, 2017 12:41 am

Just built a new widget v3.0.0.72 that includes code that now saves that connect timeout value (Under "Options" -> "Connecting") so it's remembered on restart.

Also OpenVPN/OpenSSL binaries/libraries upgraded to 2.3.16/1.0.2l.

Latest hashes for https://cryptostorm.is/cryptostorm_setup.exe -
crc32: 6fe993a6
md4: 2c09931daadb7ac8e88401422364c0ea
md5: 47a1d8d88fbe1c9b8655669af25f65a9
ripemd160: 0d233cd5f3c4842c772df06f2ebb4d42eccf93d0
sha1: b87c4cf014e70b8eabb462d2330388f9f87ce4a8
sha256: f9cabb029ea14a30feff44a33ed2ec8b73f9508d5840eb0bb495b7ab6bf4e083
sha384: ded51f638c8cef40a9a2ea268360d90ef213e6bf049a5aa5e427f027bc867ea2e65e767a332d9a564110b168903bab00
sha512: 3b6f4e4c14880f77dd980edcd9bbb414d83ed183a8dce91c9801858d6cedc53ceea1acb39bb567fa4f0b0e8ae3aded3f03858790d6efdd3805a7a9f687a828e0
wpool512: e407fe382d3f31d3189b0f237feb41a6541e7be1e5f1dfbfa75d6baedeae1ff815af2d32f2a3a8f6b5c16ddee18926443a5364e0d096150682bf9c1179aa4342


@KungFuChe
XP is no longer supported. Anyone still on XP will have to stay on the older v2.22, which won't receive any new updates, unless some horribly vulnerable issue is discovered in the openvpn/openssl that version uses.
It's usually a bad idea to provide backwards compatibility for an OS version that stopped receiving security updates several years ago.
I do plan on doing more tests regarding the different ways internet can be disconnected and how to detect it so the widget responds accordingly.
Same goes for the different CPU features and architectures, and the systray issues that seem to vary by Windows version.

Re: widget v3

Post by rwilcher » Mon Jun 05, 2017 12:17 am

I have been running v3 for 3 days now. Have seen no instability
under Windows 10. Works like a champ so far.

Re: widget v3

Post by KungFuChe » Sun May 14, 2017 11:37 am

UPDATE: a cable fault was determined to be the cause of hang at splash screen (need to trap PHY errors)

Also noticed some state corruption related to suspend/resume. Observed the following issues:

- widget appears in tray but connection is not routed through VPN
- widget disappears from tray but VPN connnection still active
- widget crashes on exit request and clearnet connectivity is not restored (but can reconnect to VPN if widget is relaunched)

+ Suggest testing for OS/CPU compatibility

(example: dont install latest TAP driver on XP/POSready, dont install binaries with SSE2 instructions on unsupported CPU)

PS - forum says you can edit your posts but edit button does not appear at the next login

launch & resume bugs

Post by KungFuChe » Fri May 05, 2017 3:52 pm

some good progress is being made on the widget here but i see a major issue on some 32 bit platforms:

client.exe hangs at splash screen with high CPU load
(the initial window with the controls does not appear)
then it constantly retries some I/O read operation - looks like it might involve a call to mswsock.dll (WSPStartup)
this produces a memory leak: client.exe allocates +1 MB every 2 seconds until system halts
nothing related is seen in event log

not really looking for old platform support - just pointing out that v2 was working so if you are going to fail now lets make a clean exit

on other platforms where it works, i see some issues with suspend / resume:
upon resuming client.exe is still running and it appears in tray
- but nothing happens when you click on it (and https://cryptostorm.is/test fails)
so the user must manually test connectivity every time the machine wakes
need some way to fail safe (= no access without VPN)

Re: widget v3

Post by Elf » Wed Apr 26, 2017 3:06 am

Is it possible to get a comprehensive comparative of issues that the windows widged is supposed to fixes and features added that might not exist or lack on linux/mac osx with other clients?

Im a recent CS user on OSX with tunnelblick and as relative novice I would like to be informed if I can try to improve things on my side? Already disables ipv6 altogether :p

thanks

Re: widget v3

Post by dabb » Tue Apr 25, 2017 12:04 am

Currently using Tunnelblick and dropped by to make a little prayer for a mac/linux port of widget :) Much love x

Re: widget v3

Post by df » Mon Apr 17, 2017 9:25 am

@justintime
Just as parityboy said, Windows requires more effort to make things more secure/anonymous.
It's non-trivial to run DNSCrypt along with OpenVPN while also blocking DNS, WebRTC/STUN/ICE, and IPv6 leaks in Windows.
On Linux, it is trivial. Plus, most of the issues that the Windows Widget fixes don't even exist in Linux.

@parityboy
MD5 and SHA1 are considered broken, but in order for someone to perform a collision (like if they were able to manipulate the cryptostorm_setup.exe file and wanted to get past integrity checks), they would have to cause the other hashes to change too (md5 collision would change the sha1 and sha512 hashes, sha1 collision would change the md5 and sha512 hashes, etc.). That's why you should check all 3 hashes.
Even so, here's the sha256 hash of the last build (v3.0.0.71): d93e388f90b8177f3dcc16365e25c575f1be64df7a6a1b9caca13bbae87f1733

The only reason I'm still including SHA1 and MD5 hashes is that there's a lot of free products (like https://www.microsoft.com/en-us/downloa ... x?id=11533 ) that only does MD5 and SHA1, and a lot of people are probably using one of those programs.

If anyone out there is using one of those programs that only supports MD5 or SHA1, try out https://sourceforge.net/projects/simplehasher/
It's free and supports a lot more ciphers (more than I've provided for the .exe actually), and is pretty easy to use.

Re: widget v3

Post by parityboy » Sun Apr 16, 2017 2:40 am

@justintime

Most Linux users know enough to handle their security issues in terms of firewalls, leaks etc. Not only that, but also consider that those security features are in the widget because...Windows. However, you do have a point: as desktop Linux becomes more popular, that popularity will be represented by users who are not as familiar with Linux and network security as us *nix heads are.

Re: widget v3

Post by justintime » Sun Apr 16, 2017 1:50 am

I'm a bit shocked/surprised that there is ONLY a windows widget version. CS has always prided itself on being as secure as possible, and I don't understand why that wouldn't include Unix? The windows widget has many added security features...

But anyone who is REALLY concerned with security, is either running it on Linux, or on their router which means they cannot take advantage of any of these extra security enhancements.

I left CS a year ago, waiting for this to be released, but it still hasn't happened yet :(

It just feels wrong on so many levels.

Re: widget v3

Post by parityboy » Fri Apr 14, 2017 10:21 pm

@df

Why are you still posting MD5 signatures for the widget? Would it not be better to deprecate it and replace it with SHA-256, if you still want to provide 3 hashes?

Just a thought. :)

Re: widget v3

Post by JTD121 » Thu Apr 13, 2017 3:42 pm

Great update! Installing now!

Re: widget v3

Post by Khariz » Thu Apr 13, 2017 9:30 am

Nice update! Thanks.

Re: widget v3

Post by df » Thu Apr 13, 2017 9:28 am

New widget build out, v3.0.0.71
hashes:

md5: 6bf40dd09b2b7851849e5630e24f7121
sha1: 747e75eaaa623f5dcbbd6ed22430d4f5235989ee
sha512: 31bb34f65c73788e7f5149c295f649ad5b6ca6b07f2d113891bf64d2007efdee648473a127ff7bb868314b4e5e2c340fc028aaa81babee3d11d402440518843f

Up at the usual places, https://cryptostorm.is/cryptostorm_setup.exe and https://b.unni.es/cryptostorm_setup.exe

The main feature in this build is better closing of the openvpn process, so your session counter will decrease instantly when you disconnect or exit.
In all the previous builds it was doing an 'unclean' kill of that process, which meant the server didn't recognize your disconnect until the server-side openvpn timed out the connection, which takes 2 minutes.
Now it should happen instantly, so no more auth failures when you quickly disconnect/reconnect.

The other feature is in Options -> Connecting, you can now specify that 60 second connect timeout to something a little higher if you need more than 60 seconds to connect (like if on bad WiFi).

Re: widget v3

Post by JTD121 » Thu Mar 30, 2017 4:51 pm

@crimghost, you should come along into the IRC Support channel. We lurk and talk about random stuff, sometimes actually support new users such as yourself :)

Re: widget v3

Post by crimghost » Thu Mar 30, 2017 8:35 am

Well, I fixed it.
Windows Settings, Network & Internet, in the Status tab all the way at the bottom click "Network reset". It auto reboots the system and then after that it was fixed.
Sorry for the confusion, and for cluttering your thread here when the problem was on my end.

PS I ended up buying a 1 year token with CS. Very impressive service. Nothing else came close after extensive research and testing.

Re: widget v3

Post by crimghost » Wed Mar 29, 2017 12:46 pm

Some other weird things about it:
My connection to the internet works if I also go down a digit as well. So, if I changed ***.**.147.76 to ***.**.147.75 That change also repairs the connection. So one digit either up or down makes it work

When I use the v3 client to connect at the end I get the green bar that says I'm connected and no errors are reported even though I cannot browse the internet with any standard browser. Firefox, Microsoft Edge, Brave Browser all don't work. Tor Browser however, does work even before any changes are made by me manually to the Primary DNS IP address.

The only thing that I've installed recently was mullvad's windows client, in order to compare VPN services. That has since been completely uninstalled and the system has been rebooted, and the problem remains.

Re: widget v3

Post by df » Wed Mar 29, 2017 3:45 am

@Khariz
The widget does manually set the DNS if DNSCrypt is enabled. Everything else is done via TAP, but there might be some code still in there that's leftover from before --block-outside-dns was implemented into OpenVPN, back when the widget had to do the DNS leak blocks itself.

@crimghost
That is very weird. There's nothing in the code that does any sort of math against any DNSCrypt server IP, and the DNS server IP you get when you connect is pushed directly from the server...
You sure you're not running any other software that might be modifying your DNS settings?

Re: widget v3

Post by Khariz » Wed Mar 29, 2017 3:25 am

I find that exceptionally weird considering the fact that the widget should not be manually setting the DNS IP to the actual servers IP address anyway, it should be sending it to the tap adapter gateway. I wonder if some setting is being pushed differently from the servers than it used to be.

Re: widget v3

Post by crimghost » Wed Mar 29, 2017 3:03 am

I've run into a problem where when I connect to Cryptostorm service, no matter which server I connect to, the v3 client sets my preferred DNS server 1 digit too low. So my browser cannot connect to the internet until I go into Windows 10 settings and manually increase the final digit on the right 1 digit higher than client v3 sets it automatically.
To be clear if client v3.0.0.67 sets my preferred DNS to ***.**.147.76 I cannot connect until I go in and manually set my preferred DNS to ***.**.147.77 instead. Every server I've tried works fine once I make this change though.

Re: widget v3

Post by Khariz » Mon Feb 20, 2017 6:15 am

It's no big deal for me to click no. I'm only getting disconnected like once a week now that thestuff from that disconnect thread seems to be sorted out.

Re: widget v3

Post by df » Mon Feb 20, 2017 5:59 am

@marzametal
Eh, I haven't been maintaining the previous versions though since these v3 betas were never really intended to be released, at least not until it got out of beta. So each new build is uploaded to the same place, overwriting the previous. The only way to get .66 would be if you already downloaded it and still have it saved, or if I built a new .68 that used ovpn 2.4 instead of 2.3.

Re: widget v3

Post by marzametal » Mon Feb 20, 2017 5:53 am

Khariz wrote:I'm keeping the 2.4 widget. It works great for me on Windows 10. I just keep answering no when it asks me to "upgrade" to 2.3

Maybe you could roll back to .66 which has 2.4... saves you clicking No all the time.

Re: widget v3

Post by Khariz » Mon Feb 20, 2017 4:11 am

I'm keeping the 2.4 widget. It works great for me on Windows 10. I just keep answering no when it asks me to "upgrade" to 2.3

Re: widget v3

Post by df » Mon Feb 20, 2017 4:08 am

@bricus
I'm not sure, it was working fine on my win10 test VM.
Maybe an OpenVPN 2.4 bug that only affects certain configurations?

Re: widget v3

Post by bricus » Sat Feb 11, 2017 9:11 am

V3 is working again, thanks.
If it’s ever known, I’m curious to know why OpenVPN 2.4.0 is/was crashing – even if I won’t understand.

Re: widget v3

Post by astudy » Fri Feb 10, 2017 11:36 pm

I can't explain.....but I just downloaded the v3 widget again and I'm now connected and the screen shot below is showing green. Thanks for all your work and responses. I'm just happy this is finally working.
Image

Re: widget v3

Post by astudy » Fri Feb 10, 2017 10:31 pm

hmm....I downloaded the one just posted and it connected but then I go to my browser to navigate to my email and I'm not connected to the internet at all???

Very strange....I tried the OpenVPN route and the same thing is happening. After connecting to a cryptostorm server I no longer have internet connection.

I've disabled all of my AV programs during the process.

Re: widget v3

Post by df » Fri Feb 10, 2017 8:28 pm

Tested with somebody, and for whatever reason OpenVPN 2.4.0 kept crashing on them.
So I just released v3.0.0.67 that's downgraded to OpenVPN 2.3.14, it'll most likely fix this issue for anyone else still having problems with v3.0.0.66.

Latest v3.0.0.67 @ https://cryptostorm.is/cryptostorm_setup.exe & https://b.unni.es/cryptostorm_setup.exe
md5:
00ad5e5c1d33d40825771d29d000547b
sha1:
54972c1cc4ba0a94057e5a879d480c02abd3b80f
sha512:
0fbf233211a7fe1d086ea59705ccf15b69e6e5e2748866323dc9489f31a24c1bcbea9bc90ab5f5cccfbec6196f172ee06eeeee7bb7eb16c8c09296079a4ce141

Re: widget v3

Post by df » Fri Feb 10, 2017 1:24 pm

It sounds like people had problems with the csvpn.exe (openvpn 2.4.0) that got pushed in the last update.
It worked for me on Win10, but just in case I reuploaded the same openvpn/openssl binaries/libraries that I had locally onto all the servers so that they would get pushed instead.

For those still having this issue, uninstall/reinstall v3.0.0.66 and connect, then accept the update when it pops up and it should upgrade to openvpn 2.4.0 + openssl 1.0.2k just fine.

If you're still getting stuck at "Logging into darknet" even after trying the above, my guess is that you have an AV program running in the background that's deleting csvpn.exe or ossl.exe after it gets downloaded because the action appears to be malicious (granted, it is suspicious for a .exe to get downloaded like that). So if you've got any sort of AV running, add "C:\Program Files (x86)\Cryptostorm Client\" to your exclusion list.

Re: widget v3

Post by bricus » Thu Feb 09, 2017 12:55 am

Thanks for the various responses, and good to know I’m not the only one.
I just tested on Win10, so I have this issue on Win7 and Win10.

Top

cron
Nothing to display.

Login