Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit here or GitHub Ξ
Ξ If you're looking for tutorials/guides, check out the new https://cryptostorm.is/#section6 Ξ

Search found 377 matches

by df
Sat Nov 17, 2018 12:10 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 206
Views: 665207

Re: widget v3

@Moonlight It might be that a previous widget version caused your DNS to be set to something invalid (like 127.0.0.1 even when the widget's not running). So when this version first starts, it remembers whatever DNS settings you have on launch so that it can restore that if the program crashes. If th...
by df
Fri Nov 16, 2018 2:42 pm
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 206
Views: 665207

Re: widget v3

@Brucie Try rebooting your system. There's a weird TAP adapter bug outside of the scope of our widget that causes the existing adapter to go into a strange read-only state. I wasn't able to reproduce it on win7, but I did get a win10 system do end up like that. For me, after rebooting it worked corr...
by df
Fri Nov 16, 2018 6:15 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 206
Views: 665207

Re: widget v3

@Brucie Oh god damnit. You're right, I just tested on a Vista VM and it still did the TAP loop thing. Pretty sure I know what the problem is though. Apparently M$ thought it was a good idea to change the way simple IF statements work in batch files across different Windows versions. Either that or i...
by df
Fri Nov 16, 2018 2:39 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 206
Views: 665207

Re: widget v3

@Moonlight Ah, there's the damn problem. The killswitch adds the VPN IPs all in one line using netsh advfirewall, but there's a character limit in the command prompt. The VPN IPs including the balancer IPs brings the total to > 600, so it hits that character limit and that cmd spits out an error. Se...
by df
Wed Nov 14, 2018 8:41 am
Forum: member support & tech assistance
Topic: Problems configuring on Reborn OS (Arch Linux)
Replies: 5
Views: 1235

Re: Problems configuring on Reborn OS (Arch Linux)

See the updated commands @ https://cryptostorm.is/nix
Turns out on some non-Ubuntu distros NM adds the file extension '.nmconnection' for the configs in /etc/NetworkManager/system-connections/
So the commands have been updated to check for that
by df
Wed Nov 14, 2018 8:35 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 206
Views: 665207

Re: widget v3

@marzametal The blocking of outside DNS issue should be fixed now in the latest version that's up now. The dns proxy thing is clashing with dnscrypt-proxy because the widget is bundled with it's own dnscrypt-proxy. I renamed the one the widget comes with to cs-dnsc-p.exe so that when it checks the p...
by df
Tue Nov 13, 2018 11:04 pm
Forum: cryptofree: no-cost cryptostorm network access
Topic: Pass few days can connect with all configs windows and android but pages timeout
Replies: 3
Views: 802

Re: Pass few days can connect with all configs windows and android but pages timeout

That was our mistake. We were adding a new feature that lets people connect to our ECC instances on ports outside of 5060, but when adding the iptables rules they accidentally got added twice on the cryptofree server.
That error has been fixed, so cryptofree should work correctly for everyone now.
by df
Sat Nov 10, 2018 9:30 pm
Forum: member support & tech assistance
Topic: ECC port 5060?
Replies: 3
Views: 7165

Re: ECC port 5060?

Yay! I was able to implement network-wide the thing I mentioned in the previous post. So now ECC is no longer restricted to port 5060. The range of ports that'll work now are: RSA UDP = 1-29999 RSA TCP = 1-5060,5063-29999 ECC UDP = 1-5060,5063-29999 ECC TCP = 1-5060,5063-29999 Ed25519 is still 5061 ...
by df
Sat Nov 10, 2018 9:21 pm
Forum: member support & tech assistance
Topic: [Exits] England Node Not Passing Any Traffic
Replies: 16
Views: 6083

Re: [Exits] England Node Not Passing Any Traffic

@parityboy The Spain node was removed a while back, but I wasn't sure if the removal was going to be permanent or temporary, so temporarily I pointed the Spain DNS to Portugal. Turns out the removal was permanent, but for a few months I forgot that the Spain DNS & configs still existed. When I r...
by df
Mon Nov 05, 2018 12:27 pm
Forum: member support & tech assistance
Topic: Ubuntu > vpn connect : nm-openvpn[11295]: Exiting due to fatal error
Replies: 3
Views: 824

Re: Ubuntu > vpn connect : nm-openvpn[11295]: Exiting due to fatal error

Yep, gotta wait until https://gitlab.gnome.org/GNOME/NetworkManager-openvpn adds support for --tls-crypt and --compress, then gotta wait for the Ubuntu repos to update to that version of NetworkManager-openvpn
by df
Mon Nov 05, 2018 12:20 pm
Forum: member support & tech assistance
Topic: The network with few opened outside ports. How2 connect to OVPN servers?
Replies: 5
Views: 1468

Re: The network with few opened outside ports. How2 connect to OVPN servers?

@Scarface See email Also, when I scan login.ovip.icq.com for those ports from an unfiltered system I see something different: 80/tcp open http 443/tcp open https 465/tcp closed smtps 3128/tcp closed squid-http 8080/tcp closed http-proxy Most likely that means your ISP is blocking ports 465 and 8080,...
by df
Wed Oct 31, 2018 1:08 pm
Forum: member support & tech assistance
Topic: tcp vs udp configs, which one?
Replies: 1
Views: 8939

Re: tcp vs udp configs, which one?

UDP is always preferred over TCP when used with OpenVPN. The reliability that TCP offers that UDP doesn't isn't relevant in this context since most of your pre-encrypted traffic will already be using TCP (WWW, email, etc.), so any retransmitting of packets or integrity checking would be done at the ...
by df
Wed Oct 31, 2018 1:01 pm
Forum: member support & tech assistance
Topic: MacOS enabling TS on all configs
Replies: 1
Views: 8734

Re: MacOS enabling TS on all configs

The command on https://cryptostorm.is/ts should work on MacOS as well. Pretty sure Mac comes with sed... sed -e's/#dhcp-option.*/dhcp-option DNS 10.31.33.7/' -i *.ovpn The command would need to be entered while you're in the same directory that has all of your .ovpn configs you downloaded from our w...
by df
Wed Oct 31, 2018 12:59 pm
Forum: member support & tech assistance
Topic: How to obfuscate VPN usage from ISP in restricted countries?
Replies: 2
Views: 2938

Re: How to obfuscate VPN usage from ISP in restricted countries?

Yep, the ECC instances use OpenVPN's --tls-crypt option, which encrypts the TLS handshake and most of the initial OpenVPN handshake packets. But our list of server IPs is public, so it wouldn't be too difficult for someone to block all of those. Most restrictive countries don't though, simply becaus...
by df
Wed Oct 31, 2018 12:51 pm
Forum: member support & tech assistance
Topic: dd-wrt configuration, can't connect
Replies: 42
Views: 14155

Re: dd-wrt configuration, can't connect

I recently helped out another customer who was having issues with DD-WRT, so I'll copy/paste the solution here if anyone else has the same problems: I loaded up DD-WRT from https://download1.dd-wrt.com/dd-wrtv2/downloads/betas/2018/10-19-2018-r37442/x86/dd-wrt_public_vga.image onto a VM so I can tes...
by df
Wed Oct 31, 2018 12:35 pm
Forum: member support & tech assistance
Topic: Problems configuring on Reborn OS (Arch Linux)
Replies: 5
Views: 1235

Re: Problems configuring on Reborn OS (Arch Linux)

In your first post, the problem is that you're issuing a multiline set of commands as a single command. If you want to do that, semi colons would need to be added in the right places, I.e.: CSTOKEN=CsTok-enGvX-F4b4a-j7CED;for conf in `ls *.ovpn|sed -e's/.ovpn//'`;do sed "/\[vpn\]/a username=$CS...
by df
Wed Oct 31, 2018 12:30 pm
Forum: cryptostorm reborn: voodoo networking, stormtokens, PostVPN exotic netsecurity
Topic: tunnelling cryptosorm session thru SSL tunnel
Replies: 12
Views: 34390

Re: tunnelling cryptosorm session thru SSL tunnel

@Lan That's something I'm working on at the moment, offering ECC on other ports outside of 5060. I'm pretty sure I've figured out a way to do ECC & RSA instances on the same IP both on ports 1-29999 (excluding 30000-65535 since that's reserved for port forwarding). For UDP, the iptables u32 modu...
by df
Wed Oct 31, 2018 12:20 pm
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: The CryptoStorm Speed Test Thread
Replies: 76
Views: 136570

Re: The CryptoStorm Speed Test Thread

@blurb With the Wireguard option it probably would be, but I wouldn't trust a VPS for anything that requires a high level of security. Since it's a VM, you have no way of verifying the security of the system running the VM. Whatever security measures you do (firewall, grsecurity, FDE, strong passwor...
by df
Tue Oct 30, 2018 6:18 pm
Forum: member support & tech assistance
Topic: [VyOS] VyOS Complains That ca.crt Is Invalid
Replies: 9
Views: 5166

Re: [VyOS] VyOS Complains That ca.crt Is Invalid

That's the one for the legacy RSA instances, so should have worked. Whatever, VyOS sounds like shit anyways. Their team clearly doesn't understand how PKI works, or they're just lazy, since they're asking for stuff that would never be used client-side. Ignoring that, it doesn't look good when instal...
by df
Mon Oct 29, 2018 6:16 pm
Forum: guides, HOWTOs & tutorials
Topic: ASUS router stock firmware OpenVPN working.
Replies: 7
Views: 12311

Re: ASUS router stock firmware OpenVPN working.

My ASUS router also runs Asuswrt-Merlin version 384.7 The HTML for the VPN settings page does indeed have a max length of 255, but if you enter anything that long it'll just revert back to whatever shorter username was previously there (if any). The solution that worked for me was to disable "U...
by df
Mon Oct 29, 2018 5:51 pm
Forum: member support & tech assistance
Topic: [VyOS] VyOS Complains That ca.crt Is Invalid
Replies: 9
Views: 5166

Re: [VyOS] VyOS Complains That ca.crt Is Invalid

What does `cat /config/auth/openvpn/cs/ca.crt` show? Also, when those network changes went into effect Oct 8, the new RSA instances now use the same CA certificate as the ECC ones (the 521-bit curve secp521r1). That curve should work on some pretty old versions since support for it was added to Open...
by df
Mon Oct 29, 2018 9:08 am
Forum: member support & tech assistance
Topic: dd-wrt configuration, can't connect
Replies: 42
Views: 14155

Re: dd-wrt configuration, can't connect

Can't remember when exactly it was, might have been as far back as January of 2018, but these days the England server is 10gbps
by df
Sat Oct 27, 2018 8:47 am
Forum: member support & tech assistance
Topic: [Exits] England Node Not Passing Any Traffic
Replies: 16
Views: 6083

Re: [Exits] England Node Not Passing Any Traffic

@parityboy Could be kernel related, Portugal does still have one built in 2017. It's just odd that the new UDP RSA and legacy TCP RSA works fine, it's only legacy UDP RSA that's showing this behavior. It'also odd that everything's using the same OpenVPN/OpenSSL version and same sysctl params, and th...
by df
Fri Oct 26, 2018 4:28 pm
Forum: member support & tech assistance
Topic: [SOLVED] Port Forwarding On Legacy Nodes: Broken?
Replies: 6
Views: 1124

[SOLVED] Re: Port Forwarding On Legacy Nodes: Broken?

I can't telnet to it, but the port fwding rules are there: DNAT tcp -- 0.0.0.0/0 128.127.104.111 tcp dpt:45886 to:10.66.216.32:45886 DNAT udp -- 0.0.0.0/0 128.127.104.111 udp dpt:45886 to:10.66.216.32:45886 Are you sure you've got something listening on port 45886 on your system? It would need to be...
by df
Fri Oct 26, 2018 1:39 am
Forum: member support & tech assistance
Topic: New configuration files - my setup issues
Replies: 3
Views: 2577

Re: New configuration files - my setup issues

That was my bad. After the upgrade I completely forgot to update https://cryptostorm.is/whitelist , which is what cryptostorm.is/test and the thing on the main site uses. It was updated shortly after the upgrade though, so all the IPs are in there. Not sure where you're getting 2368 IPs though, mayb...
by df
Fri Oct 26, 2018 1:34 am
Forum: member support & tech assistance
Topic: [Exits] England Node Not Passing Any Traffic
Replies: 16
Views: 6083

Re: [Exits] England Node Not Passing Any Traffic

Ah, I see where I fucked up. Server-side, 5.101.149.6 is the legacy *nix instance and 5.101.149.7 is the legacy win/ecc instance, but in the DNS windows-england.* resolves to 5.101.149.6 and linux-england.* resolve to 5.101.149.7. So I accidentally switched the two. Just fixed that, so should be goo...
by df
Fri Oct 26, 2018 1:01 am
Forum: member support & tech assistance
Topic: Probs with new configs in Ubuntu
Replies: 22
Views: 5391

Re: Probs with new configs in Ubuntu

Error: failed to import 'Balancer_UDP.ovpn': configuration error: unsupported blob/xml element (line 120). That usually means you downloaded the HTML version of the config from Github and not the raw version. I.e., don't save the config from https://github.com/cryptostorm/cryptostorm_client_configu...
by df
Fri Oct 26, 2018 12:58 am
Forum: member support & tech assistance
Topic: [SOLVED] Port Forwarding On Legacy Nodes: Broken?
Replies: 6
Views: 1124

[SOLVED] Re: Port Forwarding On Legacy Nodes: Broken?

That's odd, they should still work. Only node that had port fwding broken is the new Hong Kong one because I forgot to put the port fwding scripts there :x Just uploaded/configured them though, so it should work there now. Can you connect to a node and let me know what node you're on, then enable po...
by df
Wed Oct 24, 2018 6:04 am
Forum: member support & tech assistance
Topic: What happened to the VOODOO Config Files + 'Master.zip' Download URL??
Replies: 1
Views: 2223

Re: What happened to the VOODOO Config Files + 'Master.zip' Download URL??

We did get rid of Voodoo simply because it was a hassle to maintain, and it was too expensive. The VPSes used were relatively cheap, but VPS bandwidth tends to be very expensive and/or limited. Back when we had an Iceland VPS, almost every month it would go over the limit, so we had to pay overage c...
by df
Thu Oct 18, 2018 6:01 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 206
Views: 665207

Re: widget v3

@Moonlght v3.32 should fix a DNS issue that happened whenever people had several network adapters with ambiguous names, or more than one TAP adapter, or a oddly named TAP adapter. It's possible that one of the last versions permanently changed your DNS settings even when the widget is closed, which ...
by df
Tue Oct 09, 2018 9:46 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 206
Views: 665207

Re: widget v3

@Moonlight See https://cryptostorm.is/new We've changed some things around, and got rid of the voodoo instances (for now). 3.30.0.217 includes all these changes though. I'd suggest trying to disable different things in the security tab to see if any of those are causing issues (the killswitch, dnscr...
by df
Tue Oct 09, 2018 1:44 am
Forum: member support & tech assistance
Topic: ECC port 5060?
Replies: 3
Views: 7165

Re: ECC port 5060?

The ECC instances and the new Ed25519 and Ed448 instances use ports 5060, 5061, and 5062. The reason for this was as parityboy said, the non-ECC instances are already using other ports. Only way for us to offer ECC on other ports would be to buy twice (or rather, 3 times) as many IP addresses as we ...
by df
Sat Sep 29, 2018 5:23 am
Forum: member support & tech assistance
Topic: [VyOS] VyOS Complains That ca.crt Is Invalid
Replies: 9
Views: 5166

Re: [VyOS] VyOS Complains That ca.crt Is Invalid

OpenVPN 2.3.4 is from 2014, but it does work with our RSA/standard instances (i.e., anything but ECC). I recently tested 2.3.2 and it works fine. But I'm confused about how your setup is supposed to work. With OpenVPN in client mode, the PKI only requires the CA certificate to be present client-side...
by df
Fri Sep 28, 2018 8:19 pm
Forum: general chat, suggestions, industry news
Topic: Come on guys, get your shit together
Replies: 10
Views: 13257

Re: Come on guys, get your shit together

@someguy All the servers are up and responding correctly: [root@onyx ~]# ./ping windows-balancer.cstorm.pw 443 UDP OpenVPN is UP on 212.129.1.241:443 and responded in 34 ms UDP OpenVPN is UP on 89.163.214.184:443 and responded in 14 ms UDP OpenVPN is UP on 108.62.5.174:443 and responded in 147 ms UD...
by df
Fri Aug 17, 2018 9:38 am
Forum: general chat, suggestions, industry news
Topic: Strange 'lifetime' VPN offers
Replies: 6
Views: 14156

Re: Strange 'lifetime' VPN offers

@DudeOfLondon There's nothing to worry about. The reason I started doing that cheap lifetime discount was mainly to apologize for not being able to provide a secondary card processor when Stripe arbitrarily suspended our account. The plan is to change the lifetime token price back to something highe...
by df
Mon Aug 13, 2018 4:34 pm
Forum: member support & tech assistance
Topic: Cryptostorm client can't connect to the darknet
Replies: 21
Views: 22064

Re: Cryptostorm client can't connect to the darknet

@Sakura I tested both on a normal browser while on a random US CS node, they both seem to be loading correctly. Could be that the second .onion didn't resolve once, so your browser or OS cached the NXDOMAIN (the DNS result you normally get from your DNS server for hostnames that don't exist). But wh...
by df
Tue Aug 07, 2018 6:48 am
Forum: member support & tech assistance
Topic: Cryptostorm client can't connect to the darknet
Replies: 21
Views: 22064

Re: Cryptostorm client can't connect to the darknet

@Sakura There were two servers that didn't have Tor running, which obviously is needed for the transparent .onion thing to work. I started Tor on both of them and checked .onion resolution, it should be good now. Also checked all the other DNS servers using the Perl script @ https://cryptostorm.is/c...
by df
Tue Aug 07, 2018 5:35 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 206
Views: 665207

Re: widget v3

@Sakura The CS widget uses a bundled DNScrypt-proxy to protect pre-connect DNS. If you'd prefer to use your own DNSCrypt setup, simply disable ours by going to Options -> Security and uncheck the "Enable DNSCrypt" box. If you'd like to use our DNSCrypt servers, https://raw.githubuserconten...
by df
Mon Aug 06, 2018 2:27 am
Forum: general chat, suggestions, industry news
Topic: Even if vpn doesn't log, what is preventing data centers from not logging?
Replies: 2
Views: 7367

Re: Even if vpn doesn't log, what is preventing data centers from not logging?

We try to choose data centers that are known to respect customer privacy, but without physical access to the data center we can't verify their claims (and even if they aren't logging, their upstream provider could be). That's why end to end encryption is important, even if you're using a VPN. If you...
by df
Mon Aug 06, 2018 2:11 am
Forum: stormlink - cryptostorm's secure "entry node" gateway [cryptostorm.org/stormlink]
Topic: stormlink: the "cryptostorm router" thread...
Replies: 17
Views: 103463

Re: stormlink: the "cryptostorm router" thread...

@marzametal The CS stormlink idea kinda fizzled out. Most decent routers today make it easy enough to install OpenVPN (if it's not already installed) and connect to CS, so we stopped developing ours. Plus it just didn't seem like a viable business plan because most of our customers don't want to pro...
by df
Mon Aug 06, 2018 1:55 am
Forum: member support & tech assistance
Topic: [DNS] Domains Not Resolving On Certain Exit Nodes
Replies: 17
Views: 19030

Re: [DNS] Domains Not Resolving On Certain Exit Nodes

[root@onyx ~]# host linux-useast.cryptostorm.org ;; Truncated, retrying in TCP mode. linux-useast.cryptostorm.org has address 192.158.233.221 linux-useast.cryptostorm.org has address 155.254.31.46 linux-useast.cryptostorm.org has address 192.158.232.124 linux-useast.cryptostorm.org has address 192....
by df
Sun Aug 05, 2018 11:49 am
Forum: member support & tech assistance
Topic: Cryptostorm client can't connect to the darknet
Replies: 21
Views: 22064

Re: Cryptostorm client can't connect to the darknet

Oh that's the problem. You're using port 64496. Ports 30000 and up are now reserved for our port forwarding feature. I guess I forgot to add something to the widget that forces the user to stay in ports 1-29999, I'll do that next widget build. So just tell the widget to use any other port that's 299...
by df
Sun Aug 05, 2018 1:30 am
Forum: member support & tech assistance
Topic: Cryptostorm client can't connect to the darknet
Replies: 21
Views: 22064

Re: Cryptostorm client can't connect to the darknet

@Sakura That definitely shouldn't be happening, especially the IP leak. I need more information though to help, such as which version of Windows are you using, and are you using any AV software or another VPN provider's software, and logs from the widget's window would help too. Also are you in a co...
by df
Fri Aug 03, 2018 2:50 am
Forum: guides, HOWTOs & tutorials
Topic: HOWTO: Linux connections to cryptostorm
Replies: 51
Views: 81760

Re: HOWTO: Linux connections to cryptostorm

@sottovoce I guess I could have explained things in more detail, but I was trying to go for the shortest amount of words since people tend to not read tutorials in full if it uses too many words. At the top of https://cryptostorm.is/nix - Terminal is the recommended method, because Network Manager h...
by df
Fri Aug 03, 2018 2:18 am
Forum: member support & tech assistance
Topic: [DNS] Domains Not Resolving On Certain Exit Nodes
Replies: 17
Views: 19030

Re: [DNS] Domains Not Resolving On Certain Exit Nodes

@sottovoce What error are you getting? I just checked all the UDP IPs on port 443 for USEast and they seem responsive: [root@onyx ~]# ./ping windows-useast.cstorm.pw 443 UDP OpenVPN is UP on 192.158.232.121:443 and responded in 87 ms UDP OpenVPN is UP on 192.158.233.194:443 and responded in 87 ms UD...
by df
Sun Jul 22, 2018 3:09 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 206
Views: 665207

Re: widget v3

Forgot to update this thread with info on the latest build. Fixed a GUI issue some had when running Windows at a non-default scaling setting. It would cause the progress bar to overlap a little bit with the "Connect" button. In the Options window the "Block intrusive ads/trackers"...
by df
Sun Jul 15, 2018 12:39 am
Forum: general chat, suggestions, industry news
Topic: Cryptostorm goes unmentioned -- What a shame!!!
Replies: 3
Views: 8038

Re: Cryptostorm goes unmentioned -- What a shame!!!

@FoodMaven
Routers are included on https://cryptostorm.is/#section6
what.png


Not sure what you mean by "Weird place for a reply", I'm replying to a post in your thread.
That's kinda how forum communication works.
by df
Fri Jul 13, 2018 4:40 pm
Forum: general chat, suggestions, industry news
Topic: Come on guys, get your shit together
Replies: 10
Views: 13257

Re: Come on guys, get your shit together

@patrickjburt That seems to be the way things are going, people trust a VPN provider more than their ISP. Personally, I wouldn't choose PureVPN if I were to go with a non-cryptostorm VPN. Any VPN that supports PPTP clearly doesn't care about security - https://en.wikipedia.org/wiki/Point-to-Point_Tu...
by df
Thu Jul 12, 2018 4:13 pm
Forum: member support & tech assistance
Topic: https://whoer.net Request for comments
Replies: 9
Views: 13838

Re: https://whoer.net Request for comments

I don't think it's got anything to do with CS. My guess is that whoer.net populates those Zone and Local fields from a GeoIP database that doesn't have 64.42.181.0/24 listed. According to https://www.iplocation.net/ , EurekAPI doesn't have the long/lat for the IP (but it does the ISP). The other Geo...
by df
Thu Jul 12, 2018 6:27 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: cryptostormusersguidev2 <-- feedback & guidance requested
Replies: 11
Views: 144224

Re: cryptostormusersguidev2 <-- feedback & guidance requested

FYI, this guide is probably outdated since it was written in 2015.
The latest guides/tutorials are up at https://cryptostorm.is/#section6
by df
Thu Jul 12, 2018 6:03 am
Forum: general chat, suggestions, industry news
Topic: Cryptostorm goes unmentioned -- What a shame!!!
Replies: 3
Views: 8038

Re: Cryptostorm goes unmentioned -- What a shame!!!

Uh, cryptostorm doesn't leak. As parityboy explained in https://cryptostorm.org/viewtopic.php?f=32&t=9568&p=18351#p18351 , your problem was that your device was set to proxy through opera-mini.net after tunneling through cryptostorm. Connecting to a VPN won't change your browser's proxy sett...
by df
Wed Jul 11, 2018 6:01 pm
Forum: member support & tech assistance
Topic: All vpn detected as proxy
Replies: 5
Views: 9467

Re: All vpn detected as proxy

@marzametal Oh yea, voodoo nodes would probably show up as no ports open. If the scan was more thorough it would show TCP/UDP port 443 open, since on voodoo exit IPs that's the only thing open. But if you scan the entry IP for that voodoo node (the thing you connect to), it would show all ports as o...
by df
Sat Jul 07, 2018 3:20 pm
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 206
Views: 665207

Re: widget v3

@RubRiches Huh, that is weird. I ran Malware bytes and my system is ok. No worries though I was able to download the new version and now I am stuck on the progress bar while connecting. This is where it is stuck: Sat Jul 07 07:52:09 2018 us=54756 [cryptostorm server] Peer Connection Initiated with [...
by df
Sat Jul 07, 2018 2:39 pm
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 206
Views: 665207

Re: widget v3

@marzametal Each VPN instance uses a different 10.x.0.0/16 B-class, mostly because if I used the same B-class (or C-class) for multiple instances, two different clients might be assigned the same 10.x.x.x IP. There's a check in place to prevent that from happening per-instance, but not per-server, s...
by df
Sat Jul 07, 2018 12:30 am
Forum: member support & tech assistance
Topic: Cryptostorm client can't connect to the darknet
Replies: 21
Views: 22064

Re: Cryptostorm client can't connect to the darknet

Oops, right you are. But actually, now there's a v3.17.0.220. The latest version fixed a minor bug in 3.16.0.220 where the node selection wasn't properly saved, so on every start it kept defaulting to "Global random". Also added more informative text for when someone connects with the kill...
by df
Fri Jul 06, 2018 6:22 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 206
Views: 665207

Re: widget v3

@RubRiches It's just a false positive. The CS widget installer randomly gets caught up in their database because it uses the same compression (LZ4) as some trojans. I use a local win7 VM for widget dev, and the only thing installed on it is the stuff needed for widget dev (Perl, Notepad++, etc.). I ...
by df
Thu Jul 05, 2018 6:57 pm
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 206
Views: 665207

Re: widget v3

Err, make that version 3.17.0.220. In version 3.16, a minor bug caused the widget to not remember your node selection choice when the widget starts (it kept defaulting to "Global random"). I also added some new text when DNS fails with the killswitch enabled, because some people were enabl...
by df
Wed Jul 04, 2018 3:57 pm
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 206
Views: 665207

Re: widget v3

New version 3.16.0.220 is out, available at https://cryptostorm.is/cryptostorm_setup.exe In this version, almost all of the DNS related code was rewritten to automatically address a lot of the previous issues people were having. The widget now "pre-resolves" the host you're connecting to. ...
by df
Wed Jul 04, 2018 3:47 pm
Forum: stormphone - the "cryptostorm phone" project [cryptostorm.org/stormphone]
Topic: Android/iPhone tutorials
Replies: 0
Views: 15444

Android/iPhone tutorials

The downloads page on the main site has been updated to include tutorials for Android and iOS, as well as all the other operating systems people commonly connect to cryptostorm with:
https://cryptostorm.is/#section6
by df
Wed Jul 04, 2018 3:45 pm
Forum: general chat, suggestions, industry news
Topic: For some Ubuntu versions, you may need to add this to your OpenVPN config in order to prevent DNS leaks
Replies: 5
Views: 10399

Re: For some Ubuntu versions, you may need to add this to your OpenVPN config in order to prevent DNS leaks

Old post, I'm sure you've figured out the problem by now, but if not: That "for x" line was meant to be executed at the command line, not pasted into your text editor (nano). If you can edit the config with nano, you can add the three lines from there: script-security 2 up /etc/openvpn/upd...
by df
Wed Jul 04, 2018 3:43 pm
Forum: general chat, suggestions, industry news
Topic: Come on guys, get your shit together
Replies: 10
Views: 13257

Re: Come on guys, get your shit together

The main page has been updated again with some new info, and (i think) most importantly, https://cryptostorm.is/#section6 has been updated to include dedicated tutorial pages for most systems. This way, people who are just trying to connect to cryptostorm don't have to navigate through this messy fo...
by df
Wed Jul 04, 2018 3:37 pm
Forum: general chat, suggestions, industry news
Topic: DNSCrypt is Dead - Long live DNSCrypt
Replies: 2
Views: 8282

Re: DNSCrypt is Dead - Long live DNSCrypt

The v3 widget made the switch to DNSCrypt v2 as of a couple of versions ago (3.13, i think)
by df
Wed Jul 04, 2018 3:35 pm
Forum: general chat, suggestions, industry news
Topic: Strange 'lifetime' VPN offers
Replies: 6
Views: 14156

Re: Strange 'lifetime' VPN offers

A lot of other VPN providers don't actually enforce connection/session limits, they just claim that the limits are there.
For those providers, if someone had a lifetime token/account/certificate/whatever, they could easily resell it several times to different people without any of them noticing.
by df
Wed Jul 04, 2018 3:33 pm
Forum: general chat, suggestions, industry news
Topic: Stripe BTC Payment Not So Anonymous
Replies: 4
Views: 11664

Re: Stripe BTC Payment Not So Anonymous

Even without the problems mentioned in this first post, it takes a lot of effort for you to make your transactions anonymous when dealing with Bitcoin.

A better method is to use our CoinPayments.net payment option, since they allow a lot more privacy-minded coins like Monero or Verge.
by df
Wed Jul 04, 2018 3:30 pm
Forum: general chat, suggestions, industry news
Topic: Darknet versions of cryptostorm sites
Replies: 1
Views: 11827

Re: Darknet versions of cryptostorm sites

Old post, but for those still coming here, most of our sites are also accessible as a Tor Hidden Service: http://stormgm7blbk7odd.onion - for cryptostorm.is http://bcwd7odqqxs62afg.onion - for cryptostorm.is http://cstorm5dzz7vgmvo.onion - for cryptostorm.org http://a64r6szrpegnggoj.onion - for cryp...
by df
Wed Jul 04, 2018 3:21 pm
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: cryptostorm configs
Replies: 1
Views: 10633

Re: cryptostorm configs

If you're looking for a tutorial on connecting to cryptostorm via Android, there's a new dedicated page for that @ https://cryptostorm.is/android
(includes screenshots and everything :-E)
by df
Wed Jul 04, 2018 3:20 pm
Forum: cryptostorm reborn: voodoo networking, stormtokens, PostVPN exotic netsecurity
Topic: tunnelling cryptosorm session thru SSL tunnel
Replies: 12
Views: 34390

Re: tunnelling cryptosorm session thru SSL tunnel

@Guest
We are planning to add stunnel some time in the near future.
For now, most DPI can be bypassed by simply using our ECC instances, since they don't disclose the OpenVPN handshake whenever you connect (thanks to --tls-crypt)
by df
Wed Jul 04, 2018 2:55 pm
Forum: member support & tech assistance
Topic: All vpn detected as proxy
Replies: 5
Views: 9467

Re: All vpn detected as proxy

whoer.net detects proxies by simply checking if you have a port open that's commonly used by a proxy (80, 1080, 1723, etc. etc.). All of the cryptostorm VPN servers will appear to have all TCP and UDP ports open. We use two iptables rules (one for UDP, one for TCP) to forward all ports to the VPN in...
by df
Wed Jul 04, 2018 2:51 pm
Forum: member support & tech assistance
Topic: Paris Server Error - FRAG_TEST not implemented
Replies: 1
Views: 6771

Re: Paris Server Error - FRAG_TEST not implemented

I removed your screenshot because near the bottom it had what might be your real IP. As for the error you were getting, it was most likely caused by us accidentally leaving --mssfix 1400 in some of the newer TCP configs on some of the servers (like France). I've updated and restarted the OpenVPN ins...
by df
Wed Jul 04, 2018 1:52 pm
Forum: member support & tech assistance
Topic: Cryptostorm client can't connect to the darknet
Replies: 21
Views: 22064

Re: Cryptostorm client can't connect to the darknet

@Guest There's a new version 3.15.0.220 of the widget that might include a fix for whatever issue you were having. Also, we now have a Windows tutorial that includes instructions for connecting with OpenVPN GUI - https://cryptostorm.is/windows#ovpngui (cancel the widget download that starts automati...
by df
Wed Jul 04, 2018 1:49 pm
Forum: member support & tech assistance
Topic: cryptostorm freezes sometimes when disconnecting
Replies: 8
Views: 13086

Re: cryptostorm freezes sometimes when disconnecting

This issue should be fixed in the latest widget that's on the website (and being pushed if you've got "Check for updates" selected in options), it's version 3.16.0.220. I'll update the widget thread in a minute with more info on the new features in the latest version: https://cryptostorm.o...

Go to advanced search

Nothing to display.

Login