Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
∞ take a peek at our legendary cryptostorm_is twitter feed if you're into that kind of thing ∞
Ξ we're rolling out voodoo network security across cryptostorm - big things happening, indeed! Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit GitHub Ξ
Ξ We've updated our CA certificate. All members need to be using the latest ones by Dec 22. See this page for more infoΞ

Search found 33 matches

by Lignus
Mon Nov 10, 2014 3:18 pm
Forum: cryptofree: no-cost cryptostorm network access
Topic: cryptofree conf's - alpha 1.4 for linux
Replies: 20
Views: 28992

Re: cryptofree conf's - alpha 1.4 for linux

Are you handing out a generic password to Beta testers for this conf, or would a hashed token allow access? It is pretty much like token access as it exists with the exception that it will accept any value(other than NULL) as a valid token. You can use your existing token without issue and it will ...
by Lignus
Mon Nov 10, 2014 3:36 am
Forum: cryptofree: no-cost cryptostorm network access
Topic: cryptofree conf's - alpha 1.4 for linux
Replies: 20
Views: 28992

Re: cryptofree conf's - alpha 1.4 for linux

Unreliable old Speedtest giving false results for the burst, it seems. However, it does appear someone confused bytes for bits on the caps.

Image

Traffic graph seems to confirm it. (Note: OS X double counts the traffic because of the architecture)
by Lignus
Sun Nov 09, 2014 7:07 pm
Forum: cryptofree: no-cost cryptostorm network access
Topic: cryptofree conf's - alpha 1.4 for linux
Replies: 20
Views: 28992

Re: cryptofree conf's - alpha 1.4 for linux

connection speeds per-session are capped at 256kb downstream & 128kb upstream. This part is not working. I'm mostly limited to 1.5-2Mbps, but I'm seeing spikes up to 5-9Mbps(10/1 connection). IP_ADDRESS TEST_DATE TIME_ZONE DOWNLOAD_MEGABITS UPLOAD_MEGABITS LATENCY_MS SERVER_NAME 212.129.34.154 ...
by Lignus
Sun Nov 09, 2014 10:57 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: how is cryptostorm different?
Replies: 3
Views: 6945

Re: how is cryptostorm different?

CryptoStorm in a nutshell: CryptoStorm is different from other "privacy services" in that we do not know and do not want to know who you are and have purposefully designed our network to make figuring out who you are nigh impossible. In addition, because we use per session transient keys w...
by Lignus
Sun Nov 09, 2014 10:38 am
Forum: stormlink - cryptostorm's secure "entry node" gateway [cryptostorm.org/stormlink]
Topic: stormlink: the "cryptostorm router" thread...
Replies: 15
Views: 54433

Re: stormlink: the "cryptostorm router" thread...

It could be argued that, given the relative ease of ensuring wifi-carried packet streams are encrypted locally as compared to the plaintext nature of wired LANs tech, a decision should be made to require wifi-based (and WPA-2 encrypted) local connectivity for any stormlink-ish device... deprecating...
by Lignus
Sat Nov 08, 2014 4:02 pm
Forum: cryptofree: no-cost cryptostorm network access
Topic: cryptofree conf's - alpha 1.4 for linux
Replies: 20
Views: 28992

Re: cryptofree conf's - alpha 1.4 for linux

Are you handing out a generic password to Beta testers for this conf, or would a hashed token allow access? It is pretty much like token access as it exists with the exception that it will accept any value(other than NULL) as a valid token. You can use your existing token without issue and it will ...
by Lignus
Thu Apr 24, 2014 5:20 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: cryptostorm's Post-Heartbleed Certificate Upgrade Trajector
Replies: 85
Views: 115226

Re: cryptostorm's Post-Heartbleed Certificate Upgrade Trajec

But it seams like your just pretending there's no real problem- while waxing lyrical about how great your service is, and how open and honest you are. My sincere apologies for the counter-productive venom in my last post, and any in this, but it's shocking to me that your not handling this in a mor...
by Lignus
Fri Jan 17, 2014 10:08 pm
Forum: member support & tech assistance
Topic: BLACKLISTING - Websites that block CryptoStorm IPs
Replies: 57
Views: 54288

Re: BLACKLISTING - Websites that block CryptoStorm IPs

⋅  Site: http://www.gbatemp.net ⋅  Node: Montreal - 70.38.46.226 Looks like they have a policy of blocking all known VPNs and TOR, which is pretty dumb. UNSOLVABLE! EDIT by DesuStrike: It is indeed blocked on all CryptoStorm-IPs I can use. They also explicitly state that there w...
by Lignus
Sun Jan 12, 2014 8:04 pm
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: client config for cryptostorm: general discussion & bughunt
Replies: 57
Views: 60021

Re: cryptostorm: client config discussions, bugs, requests,

These were checked against 8.8.8.8 Fair enough. Google's DNS system has become somewhat canonical in recent years, although server-side we do not use them as their fooprint within the United States of NSAmerica is just a bit too impossible to ignore at this point. Neither do I, at least not since I...
by Lignus
Sun Jan 12, 2014 4:50 pm
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: client config for cryptostorm: general discussion & bughunt
Replies: 57
Views: 60021

Re: cryptostorm: client config discussions, bugs, requests,

Ran some DNS checks, the .nu domain had either not propagated or has not been updated. In addition, it looks like one of the .net ones was overloked: Begin Report raw-montreal.cryptostorm.net Name: raw-montreal.cryptostorm.net Addresses: 198.50.119.172 70.38.46.224 raw-montreal.cryptostorm.org Name:...
by Lignus
Sun Jan 12, 2014 3:38 pm
Forum: cryptostorm reborn: voodoo networking, stormtokens, PostVPN exotic netsecurity
Topic: Why the entry IP is the same as the exit one
Replies: 4
Views: 12268

Re: Why the entry IP is the same as the exit one

Correlation attack is pretty low on the list of threats when using a service such as this. Something like Cryptostorm should be one of multiple hops when performing any activity you would rather not have tied to you personally. If Cryptostorm is your first and last hop, you are probably doing other ...
by Lignus
Sun Jan 12, 2014 12:31 am
Forum: general chat, suggestions, industry news
Topic: Skirting Geo-Location Identification from the inside.
Replies: 7
Views: 9132

Re: Skirting Geo-Location Identification from the inside.

While there are ways to accomplish what you are asking, I am not going to assist anyone in accomplishing said task. Punching a hole for even one site is really, really, really, really, really, really, really, really, really, really bad. It opens you up for all kinds of tracking attacks. That said, t...
by Lignus
Tue Dec 31, 2013 2:28 am
Forum: general chat, suggestions, industry news
Topic: NSA talk by Jacob Appelbaum, it is worse than we imagined.
Replies: 1
Views: 8495

NSA talk by Jacob Appelbaum, it is worse than we imagined.

Ever single one of you should watch this talk. https://www.youtube.com/watch?v=b0w36GAyZIA My comments: I'm not too terribly surprised by any of this, yes, even the stuff at the end. Then again, the stuff at the end enters my knowledge domain. Video was a nice trick, I didn't think they would be abl...
by Lignus
Sat Dec 14, 2013 11:24 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: cryptostorm exitnode clusters: listing+requests+roadmap
Replies: 93
Views: 78648

Re: Montréal exitnode cluster upgrade

This is vastly different than traditionally is the case with "VPN services" - for example, we've seen 300+ megabit/second throughput on a box with dual processors (older procs, too) and CPU utilization not go over 20%. Ever. But, with cryptostorm's crypto suite selection choosing vastly m...
by Lignus
Fri Dec 13, 2013 7:29 am
Forum: general chat, suggestions, industry news
Topic: Privacy online: most of us are doing it wrong! {tutorial}
Replies: 15
Views: 31038

Re: Privacy online: most of us are doing it wrong! {tutorial

Great video and great points in his talk. We do have one point of disagreement(VPN/TOR layering order), but I think that he would be more likely to agree with me given the changes in VPN models now available(sort of, what CS is doing needs to spread to more countries). I spent most of the afternoon ...
by Lignus
Mon Nov 25, 2013 1:31 am
Forum: guides, HOWTOs & tutorials
Topic: HOWTO: leak protection with iptables
Replies: 8
Views: 11452

Re: HOWTO: leak protection with iptables

You know how to make a man insecure about his config even though he was confident with it before. But still I am pretty sure you mean this little piece of configuration. Right?[/attachment] Exactly that place. Now, since you are using a local client to connect you are still vulnerable to DNS leaks ...
by Lignus
Sun Nov 24, 2013 8:05 pm
Forum: guides, HOWTOs & tutorials
Topic: HOWTO: leak protection with iptables
Replies: 8
Views: 11452

Re: IPTables - Leak Protection and automatic Reconnect

I have not seen any issued with reconnects, I have purposely caused disconnects in various ways (rebooted ISP router, killed the uplink from the ISP router to the switch, moved device from one ISP to another while keeping power on) and have not once seen any issued not directly related to CS tweakin...
by Lignus
Sun Nov 24, 2013 5:21 pm
Forum: guides, HOWTOs & tutorials
Topic: HOWTO: leak protection with iptables
Replies: 8
Views: 11452

HOWTO: leak protection with iptables

Desu: Try the following: iptables -A INPUT -i wan_interface_name_here -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT iptables -A OUTPUT -i wan_interface_name_here -d 70.38.46.226 -j ACCEPT You are still going to have DNS leaks upon disconnects unless you change the DD-WRT to assign DNS servers...
by Lignus
Fri Nov 22, 2013 12:13 pm
Forum: guides, HOWTOs & tutorials
Topic: HOWTO: DD-WRT Routers
Replies: 71
Views: 111279

Re: HOWTO: DD-WRT Routers

Marza, I have to ask. Just what router was the wireless one you replaced? Most routers are supported by OpenWrt/DD-WRT. You can likely bring that wireless router back into service and disabling wireless is trivial(just remove the kmod). With a proper IPtables setup, leakblock is pointless because yo...
by Lignus
Thu Nov 14, 2013 1:25 pm
Forum: general chat, suggestions, industry news
Topic: Privacy online: most of us are doing it wrong! {tutorial}
Replies: 15
Views: 31038

Re: Privacy online: most of us are doing it wrong! {tutorial

good to know. tor through tor was just a thought and I figured I would ask because while I at first think its has its pros, it has cons to, that I may not see sometimes. On a related matter, I've seen many state to use Tor and then VPN through tor. Now you are unable to use .onion addresses unless ...
by Lignus
Tue Nov 12, 2013 6:36 pm
Forum: member support & tech assistance
Topic: issue with IPs in 70.38.*.* subnet? | RESOLVED
Replies: 12
Views: 9550

Re: issue with IPs in 70.38.*.* subnet?

Same here. Looks to be a routing issue: Tracing route to 70.38.71.12 over a maximum of 30 hops 1 1 ms 1 ms 1 ms 10.13.37.1 2 99 ms 97 ms 99 ms 10.77.77.1 3 70.38.46.226 reports: Destination host unreachable. Trace complete. traceroute to 70.38.71.12 (70.38.71.12), 30 hops max, 38 byte packets 1 10.7...
by Lignus
Tue Nov 12, 2013 6:19 pm
Forum: general chat, suggestions, industry news
Topic: Privacy online: most of us are doing it wrong! {tutorial}
Replies: 15
Views: 31038

Re: Privacy online: most of us are doing it wrong! {tutorial

what's your thoughts on VPN > tor > tor? TOR + TOR serves little purpose. Compromising your identity over one layer of TOR means they can easily traverse the second layer. To add to this, neither you nor the destination end of your TOR session know how many hops to get to the center of the onion. Y...
by Lignus
Thu Nov 07, 2013 8:09 am
Forum: independent cryptostorm token resellers, & tokens 101
Topic: THEORY: Network Tokens as a currency
Replies: 9
Views: 16982

Re: THEORY: Network Tokens as a currency

Wouldn't work. No way to validate token without using it, therefore starting the countdown. Besides, with central issue and validation, you face inflationary risks on the part of the issuing authority. Recommended reading to help understand currency, money, banking, etc. (Yes, I'm an Austrian): what...
by Lignus
Thu Nov 07, 2013 7:50 am
Forum: guides, HOWTOs & tutorials
Topic: HOWTO: OpenWRT Routers
Replies: 19
Views: 39708

HOWTO: OpenWRT Routers

{direct link: openwrt.cryptostorm.org } note : this configuration will also block all IPv6 network traffic at the router level, to protect against out-of tunnel information transmission. OK, not quite a "how-to" - more of a "mostly already preconfigured for you." I did this setu...
by Lignus
Thu Nov 07, 2013 3:47 am
Forum: general chat, suggestions, industry news
Topic: Privacy online: most of us are doing it wrong! {tutorial}
Replies: 15
Views: 31038

Re: Privacy online: most of us are doing it wrong! {tutorial

First off after the possibly backdoors in truecrypt with bad prng, crypto use, or password left in memory, is it at all plausible for HDD encryption by GPG/PGP? as there may be no way now, but could there be? Also, whether network bridges stand up to any type of security, you could utilize ADHD Lin...
by Lignus
Tue Nov 05, 2013 5:13 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: cryptostorm & port forwarding - questions & info
Replies: 47
Views: 43719

Re: new network and port forwarding

I should clarify that this was under MacOS. The Windows client may behave differently. It may also only affect those using an Apple router(AirPort Extreme, AirPort Express, Time Capsule).
by Lignus
Mon Nov 04, 2013 8:23 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: cryptostorm & port forwarding - questions & info
Replies: 47
Views: 43719

Re: new network and port forwarding

It is an issue with uTorrent. I haven't been using the VPN (waiting for the widget) and have been having dramas with the connection icon and port forwarding. The port is forwarded, but the proggie says it is not, as does the test. It isn't the VPN, other people on other forums have been sooking abo...
by Lignus
Mon Nov 04, 2013 1:53 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: [ARCHIVE] HOWTO: Mac/OSX connects via Tunnelblick
Replies: 20
Views: 20934

Re: HOWTO: Mac connects | Tunnelblick

The first thing I checked is what version of OpenVPN it was using. I am happy to report that it is 2.3.2 as of June 2013( TB 3.3beta54 ). The latest stable includes these updates and the latest beta (needed for 10.9) Here is my how-to, written while setting it up for the first time on 10.9: ⋅&n...
by Lignus
Sun Nov 03, 2013 3:51 pm
Forum: DeepDNS.net - cryptostorm's no-compromise DNS resolver framework
Topic: cryptostorm running DNS resolvers in-house? Discussion...
Replies: 13
Views: 16332

Re: cryptostorm running DNS resolvers in-house? Discussion..

Here is a thought of how to reasonably securely get DNS into your network: Steal it from someone else's network. Not quite as crazy as it sounds. One machine VPNs into another provider's network that runs a heavy ratio of users behind a single IP and pull DNS through their network. You just tumbled ...
by Lignus
Sun Nov 03, 2013 3:06 pm
Forum: general chat, suggestions, industry news
Topic: Privacy online: most of us are doing it wrong! {tutorial}
Replies: 15
Views: 31038

Re: Privacy online: most of us are doing it wrong! {tutorial

PJ, not even concerned in the least. My original post was sloppy and the formatting needed fixing. If you notice, I followed your stylistic lead in formatting the rest of the posts. To add to that, the third post you see there was originally a paragraph with maybe ten sentences. As you can now clear...
by Lignus
Sat Nov 02, 2013 1:25 pm
Forum: general chat, suggestions, industry news
Topic: Privacy online: most of us are doing it wrong! {tutorial}
Replies: 15
Views: 31038

Re: Privacy online: most of us are doing it wrong! {tutorial

(Rewrite from memory about identity separation and operational security, with additions) Behavioral OpSec is the one thing that even the most cautious get wrong from time to time. The thing to remember is that you get exactly zero free passes when it comes to violating your own OpSec. Identity Sepa...
by Lignus
Sat Nov 02, 2013 11:47 am
Forum: general chat, suggestions, industry news
Topic: Privacy online: most of us are doing it wrong! {tutorial}
Replies: 15
Views: 31038

Re: Privacy online: most of us are doing it wrong! {tutorial

My original post seems to have suffered truncation during editing, fortunately I have a copy of all except the closing paragraph. Unfortunately, that was probably the best part of the whole post. To continue my previous post, with edits: What is the solution to this? Linux is really your only option...
by Lignus
Sat Nov 02, 2013 5:34 am
Forum: general chat, suggestions, industry news
Topic: Privacy online: most of us are doing it wrong! {tutorial}
Replies: 15
Views: 31038

Privacy online: most of us are doing it wrong! {tutorial}

Mods : This post is very much a cross-domain of how-to's, attack vectors, and behavioral OPSEC. Where it really belongs here, I do not know. Feel free to move it to a more appropriate sub-forum. {minor formatting edits made, title updated, tweet posted, & thread set to 'global' status across th...

Go to advanced search

Nothing to display.

Login