Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
∞ take a peek at our legendary cryptostorm_is twitter feed if you're into that kind of thing ∞
Ξ we're rolling out voodoo network security across cryptostorm - big things happening, indeed! Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit GitHub Ξ

deepDNS: seamless Tor .onion site access, via cryptostorm

Post a reply

:
In an effort to prevent automatic submissions, we require that you enter the letters that are written in red.
Smilies
:D :) ;) :( :o :shock: :? 8-) :lol: :x :P :oops: :cry: :evil: :twisted: :roll: :!: :?: :idea: :arrow: :| :mrgreen: :geek: :ugeek: :angel: :clap: :crazy: :eh: :lolno: :problem: :shh: :shifty: :sick: :silent: :think: :thumbdown: :thumbup: :wave: :wtf: :yawn:

BBCode is ON
[img] is ON
[flash] is OFF
[url] is ON
Smilies are ON

Topic review
   

If you wish to attach one or more files enter the details below.

Expand view Topic review: deepDNS: seamless Tor .onion site access, via cryptostorm

Re: deepDNS: seamless Tor .onion site access, via cryptostorm

Post by df » Tue Sep 06, 2016 3:30 pm

@vixsomnis

I'm not sure how accurate that forum thread/post is since it was written in 2014, but I'm pretty sure it's referring to our torstorm service provided via https://torstorm.org/ , which is a different thing than our transparent .onion access we provide to VPN clients.

Torstorm is a free service provided for the public, and works the same as any other onion2web service.
You would use it by replacing (using the DuckDuckGo .onion for example) http://3g2upl4pq6kufc4m.onion/ with https://3g2upl4pq6kufc4m.torstorm.org/ etc.
A CS account isn't required to use the torstorm service.
The nginx/lua setup that powers it does a few extra things to help keep users anonymous, like randomly changing everyone's user agent, and automatically removing any JS code that looks like it's trying to exploit the WebRTC vuln, no logging, and some other stuff that I'm probably forgetting.

It's different than the transparent .onion access CS provides, which is a feature that we don't really have a name for.
With torstorm, you get access to .onion sites from the clearnet.
With the transparent .onion feature, the request goes from you to the Tor instance running on the VPN server via the VPN tunnel, which means it doesn't involve the clearnet.
It's a little more secure/anonymous than using Tor directly on your own system (much faster too), but it does require a degree of trust towards CS because it puts us in a position where we could monitor your .onion traffic if we chose to (we never will, but there's no way for us to prove that we're not doing that).

If a customer doesn't want to use the service but still needs to access a .onion site while on CS, using Tor Browser would be the easiest way.
The transparent .onion feature uses what's basically DNS hijacking in order to redirect all .onion hosts to an IP in the 10.99.0.0/16 range (set by our server-side Tor's "VirtualAddrNetworkIPv4 10.99.0.0/16").
So as long as you set Tor Browser (or whichever browser you use) to send DNS requests to the socks server your Tor instance is running, then the CS transparent .onion feature will be unable to see your DNS request and change it to our Tor instance.

John

Post by Smithg4 » Tue Sep 06, 2016 12:24 pm

Nice site. On your blogs extremely interest and i will tell a buddies. gceekbkaekedkdaa

Re: deepDNS: seamless Tor .onion site access, via cryptostorm

Post by vixsomnis » Sun May 17, 2015 11:25 am

This looks useful, but don't you lose a layer of protection without the Tor brower bundle? Fingerprinting? I'm already a NoScript / Privacy Badger / Ghostery user with the obvious IP leaks plugged (WebRTC, IPv6), but there's also the fact that my browser is still unique on https://panopticlick.eff.org/ when I enable javascript, and Javascript is pretty much necessary to use any modern functional website (including some onion sites).

Doesn't seem like there's been a forum discussion on whether having transparent access to onion sites is something that should be this easy to access. Realistically, what kind of security risks are there?

Obviously, this feature is optional and practically impossible to accidentally access, but I just think it bears discussion.


Looks like the forums go deeper than I thought.

https://cryptostorm.org/torstorm/ for anyone who is searching for the threat model analysis and further explanation. Is this stickied?

Re: deepDNS: seamless Tor .onion site access, via cryptostorm

Post by taoeffect » Wed Mar 18, 2015 8:37 am

OK cool, thanks to parityboy I was able to test and verify that your VPN service does indeed seem to run DNSChain and provide .bit resolution.

Great job cryptostorm!

https://twitter.com/okTurtles/status/578037112039038977

Re: deepDNS: seamless Tor .onion site access, via cryptostorm

Post by parityboy » Sun Mar 15, 2015 1:11 am

@taoeffect

The short answer is "no", since cryptofree doesn't offer that service. See your PM for further details. :)

Re: deepDNS: seamless Tor .onion site access, via cryptostorm

Post by taoeffect » Sun Mar 15, 2015 12:55 am

parityboy wrote:@taoeffect

Are you setting a DNS manually? If so, then remove it. Let the OpenVPN server push the correct DNS server IP to you.


Is there a way I can verify that the service is using DNSChain without having to pay for VPN access? If I can verify it, then I can give the cryptostorm_is folks a shoutout from either @okTurtles or @DNSChain.

Re: deepDNS: seamless Tor .onion site access, via cryptostorm

Post by parityboy » Sat Mar 14, 2015 10:49 pm

@taoeffect

Are you setting a DNS manually? If so, then remove it. Let the OpenVPN server push the correct DNS server IP to you.

Re: deepDNS: seamless Tor .onion site access, via cryptostorm

Post by taoeffect » Sat Mar 14, 2015 5:14 am

Sorry folks I thought I would get email replies but either they're not working or I forgot to check "Notify me when a reply is posted".

I'm using OS X, but it shouldn't matter, right? Are these private resolvers that can only be accessed via VPN? I was using some IP address that I saw in a tweet from @cryptostorm_is. How should I test?

Re: deepDNS: seamless Tor .onion site access, via cryptostorm

Post by Tealc » Wed Mar 11, 2015 11:19 pm

@taoeffect

Everything is working just fine in my PC using the CS dns resolvers:-D

Actually almost all opennic dns servers can resolve .bit domains, but the best part of CS is that it can do much more, like .onion and .i2p seamless redirection. Once again thank you for that CS :-D

Re: deepDNS: seamless Tor .onion site access, via cryptostorm

Post by parityboy » Wed Mar 11, 2015 4:23 am

@taoeffect

Which OS are you running? (please say Linux, lol) Seriously though, likely what's happening is that you are not using the DNS resolver on the node you're connected to. Try going to sites such as http://forum.i2p or https://3g2upl4pq6kufc4m.onion, and let us know if you are successful.

Re: deepDNS: seamless Tor .onion site access, via cryptostorm

Post by taoeffect » Tue Mar 10, 2015 11:50 pm

I was just about to tweet how great it is that you folks are exploring blockchain-based tech, but then I tried to use your resolvers and see that they're not resolving .bit domains. Am I missing some instructions somewhere?

“Words do their job, but what I'm doing here says a lot more.”

Post by cryptostorm_team » Sun Feb 15, 2015 8:55 pm

“Words do their job, but what I'm doing here says a lot more.”

goldsworthy1_.jpg

Re: deepdns.dk

Post by Pattern_Juggled » Fri Feb 13, 2015 8:18 pm

parityboy wrote:Just tried this and got nothing. I assume this isn't in production yet?


It's deploying node-by-node; hence more of a rolling schedule until the full network is covered, at which point we'll loop back and fill in this placeholder thread with details. Meanwhile...

https://www.youtube.com/watch?v=avUoUaGdkeA

Cheers,

~ pj

Re: deepdns.dk ~ seamless Tor .onion site access, via cryptostorm

Post by parityboy » Fri Feb 13, 2015 4:34 pm

@thread

Just tried this and got nothing. I assume this isn't in production yet?

http://3g2upl4pq6kufc4m.onion

Post by cryptostorm_dev » Wed Feb 11, 2015 12:16 pm

DuckDuckGo-.png

Re: deepDNS: seamless Tor .onion site access, via cryptostorm

Post by marzametal » Wed Feb 11, 2015 5:42 am

No wonder the onion router would pop up nonstop in peerblock... cheeky bugger! :P

deepDNS: seamless Tor .onion site access, via cryptostorm

Post by cryptostorm_team » Wed Feb 11, 2015 5:16 am

{direct links: deepdns.dk + deepdns.bit + deepdns.net + deepdns.cryptostorm.org + cryptostorm.org/deepdns}

{git repository}

deepDNSlogo-leaves512.png

Top

cron
Nothing to display.

Login