Okay, thanks a lot =)

Well, for me I downloaded a script which is at https://github.com/cryptostorm-dev/cstorm_cryptohaven.science/blob/master/iptables_linux/iptables_cryptostorm.sh. First, I connect to the internet. After I get connected to the internet/cryptostorm, I run the script as root. Then no more DNS leak. Only thing is if you get disconnected, you may have to flush your iptables or just restarting your computer will clear the iptables also. Anything else? I've also downloaded shorewall and although I have not set it up yet, it may work better for the disconnection issue because it is supposed to load and unload iptable configurations with a compile/execute method. I know firewalld does it on the fly, but haven't set that up either so far. It is a more involving process to setup, but probably worth the effort if/when I get around to it.

Edit: I[u] just found a better post than mine from Fermi. Go to https://cryptostorm.org/viewtopic.php?f=32&t=9298. There you will find more about this; although my post is kinda right, he has the solution for making it persistent across bootups. Hope this helped![/u]

Ok, and how do I enable resolution of .onion URls for chromium or firefox?
And can't I manage my DNS resolver to use DeepDNS in order to avoid DNS leaks?

[b]@kapu[/b]

Not that I'm aware of, but the use of DeepDNS should be transparent to you, once connected. You may have to enable resolution of .onion URIs in your browser of choice, but outside of that it [i]should[/i] Just Work.

I'm sorry, but is there a tutorial/doc to see how to use deepDNS on a linuxmint computer?

@vixsomnis

I'm not sure how accurate that forum thread/post is since it was written in 2014, but I'm pretty sure it's referring to our torstorm service provided via https://torstorm.org/ , which is a different thing than our transparent .onion access we provide to VPN clients.

Torstorm is a free service provided for the public, and works the same as any other onion2web service.
You would use it by replacing (using the DuckDuckGo .onion for example) http://3g2upl4pq6kufc4m.onion/ with https://3g2upl4pq6kufc4m.torstorm.org/ etc.
A CS account isn't required to use the torstorm service.
The nginx/lua setup that powers it does a few extra things to help keep users anonymous, like randomly changing everyone's user agent, and automatically removing any JS code that looks like it's trying to exploit the WebRTC vuln, no logging, and some other stuff that I'm probably forgetting.

It's different than the transparent .onion access CS provides, which is a feature that we don't really have a name for.
With torstorm, you get access to .onion sites from the clearnet.
With the transparent .onion feature, the request goes from you to the Tor instance running on the VPN server via the VPN tunnel, which means it doesn't involve the clearnet.
It's a little more secure/anonymous than using Tor directly on your own system (much faster too), but it does require a degree of trust towards CS because it puts us in a position where we could monitor your .onion traffic if we chose to (we never will, but there's no way for us to prove that we're not doing that).

If a customer doesn't want to use the service but still needs to access a .onion site while on CS, using Tor Browser would be the easiest way.
The transparent .onion feature uses what's basically DNS hijacking in order to redirect all .onion hosts to an IP in the 10.99.0.0/16 range (set by our server-side Tor's "VirtualAddrNetworkIPv4 10.99.0.0/16").
So as long as you set Tor Browser (or whichever browser you use) to send DNS requests to the socks server your Tor instance is running, then the CS transparent .onion feature will be unable to see your DNS request and change it to our Tor instance.

Nice site. On your blogs extremely interest and i will tell a buddies. gceekbkaekedkdaa

[s]This looks useful, but don't you lose a layer of protection without the Tor brower bundle? Fingerprinting? I'm already a NoScript / Privacy Badger / Ghostery user with the obvious IP leaks plugged (WebRTC, IPv6), but there's also the fact that my browser is still unique on [url]https://panopticlick.eff.org/[/url] when I enable javascript, and Javascript is pretty much necessary to use any modern functional website (including some onion sites).

Doesn't seem like there's been a forum discussion on whether having transparent access to onion sites is something that should be this easy to access. Realistically, what kind of security risks are there?

Obviously, this feature is optional and practically impossible to accidentally access, but I just think it bears discussion.[/s]

Looks like the forums go deeper than I thought.

[url]https://cryptostorm.org/torstorm/[/url] for anyone who is searching for the threat model analysis and further explanation. Is this stickied?

OK cool, thanks to parityboy I was able to test and verify that your VPN service does indeed seem to run DNSChain and provide .bit resolution.

Great job cryptostorm!

https://twitter.com/okTurtles/status/578037112039038977

[b]@taoeffect[/b]

The short answer is "no", since cryptofree doesn't offer that service. See your PM for further details. :)

[quote="parityboy"][b]@taoeffect[/b]

Are you setting a DNS manually? If so, then remove it. Let the OpenVPN server push the correct DNS server IP to you.[/quote]

Is there a way I can verify that the service is using DNSChain without having to pay for VPN access? If I can verify it, then I can give the cryptostorm_is folks a shoutout from either @okTurtles or @DNSChain.

[b]@taoeffect[/b]

Are you setting a DNS manually? If so, then remove it. Let the OpenVPN server push the correct DNS server IP to you.

Sorry folks I thought I would get email replies but either they're not working or I forgot to check "Notify me when a reply is posted".

I'm using OS X, but it shouldn't matter, right? Are these private resolvers that can only be accessed via VPN? I was using some IP address that I saw in a tweet from @cryptostorm_is. How should I test?

@taoeffect

Everything is working just fine in my PC using the CS dns resolvers:-D

Actually almost all opennic dns servers can resolve .bit domains, but the best part of CS is that it can do much more, like .onion and .i2p seamless redirection. Once again thank you for that CS :-D

[b]@taoeffect[/b]

Which OS are you running? (please say Linux, lol) Seriously though, likely what's happening is that you are not using the DNS resolver on the node you're connected to. Try going to sites such as http://forum.i2p or https://3g2upl4pq6kufc4m.onion, and let us know if you are successful.

I was just about to tweet how great it is that you folks are exploring blockchain-based tech, but then I tried to use your resolvers and see that they're not resolving .bit domains. Am I missing some instructions somewhere?

[size=153][i]“Words do their job, but what I'm doing here says a lot more.”[/i][/size]
[list][sub]~ [url=https://twitter.com/GoldsworthyAndy/status/185440397009489920]Andy Goldsworthy[/url][/sub][/list]

[attachment=0]goldsworthy1_.jpg[/attachment]

[quote="parityboy"]Just tried this and got nothing. I assume this isn't in production yet?[/quote]

It's deploying node-by-node; hence more of a rolling schedule until the full network is covered, at which point we'll loop back and fill in this placeholder thread with details. Meanwhile...

[youtube]https://www.youtube.com/watch?v=avUoUaGdkeA[/youtube]

Cheers,

~ pj

[b]@thread[/b]

Just tried this and got nothing. I assume this isn't in production yet?

[attachment=0]DuckDuckGo-.png[/attachment]

No wonder the onion router would pop up nonstop in peerblock... cheeky bugger! :P

[i]{direct links: [b]deepdns.dk[/b] + [b]deepdns.bit[/b] + [b]deepdns.net[/b] + [b]deepdns.cryptostorm.org[/b] + [b]cryptostorm.org/deepdns[/b]}[/i]

[url=https://github.com/cryptostorm/deepDNS]{git repository}[/url]

[attachment=0]deepDNSlogo-leaves512.png[/attachment]