Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit here or GitHub Ξ
Ξ If you're looking for tutorials/guides, check out the new https://cryptostorm.is/#section6 Ξ

Search found 340 matches

by df
Mon Aug 13, 2018 4:34 pm
Forum: member support & tech assistance
Topic: Cryptostorm client can't connect to the darknet
Replies: 17
Views: 5328

Re: Cryptostorm client can't connect to the darknet

@Sakura I tested both on a normal browser while on a random US CS node, they both seem to be loading correctly. Could be that the second .onion didn't resolve once, so your browser or OS cached the NXDOMAIN (the DNS result you normally get from your DNS server for hostnames that don't exist). But wh...
by df
Tue Aug 07, 2018 6:48 am
Forum: member support & tech assistance
Topic: Cryptostorm client can't connect to the darknet
Replies: 17
Views: 5328

Re: Cryptostorm client can't connect to the darknet

@Sakura There were two servers that didn't have Tor running, which obviously is needed for the transparent .onion thing to work. I started Tor on both of them and checked .onion resolution, it should be good now. Also checked all the other DNS servers using the Perl script @ https://cryptostorm.is/c...
by df
Tue Aug 07, 2018 5:35 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 188
Views: 254877

Re: widget v3

@Sakura The CS widget uses a bundled DNScrypt-proxy to protect pre-connect DNS. If you'd prefer to use your own DNSCrypt setup, simply disable ours by going to Options -> Security and uncheck the "Enable DNSCrypt" box. If you'd like to use our DNSCrypt servers, https://raw.githubuserconten...
by df
Mon Aug 06, 2018 2:27 am
Forum: general chat, suggestions, industry news
Topic: Even if vpn doesn't log, what is preventing data centers from not logging?
Replies: 1
Views: 786

Re: Even if vpn doesn't log, what is preventing data centers from not logging?

We try to choose data centers that are known to respect customer privacy, but without physical access to the data center we can't verify their claims (and even if they aren't logging, their upstream provider could be). That's why end to end encryption is important, even if you're using a VPN. If you...
by df
Mon Aug 06, 2018 2:11 am
Forum: stormlink - cryptostorm's secure "entry node" gateway [cryptostorm.org/stormlink]
Topic: stormlink: the "cryptostorm router" thread...
Replies: 17
Views: 67780

Re: stormlink: the "cryptostorm router" thread...

@marzametal The CS stormlink idea kinda fizzled out. Most decent routers today make it easy enough to install OpenVPN (if it's not already installed) and connect to CS, so we stopped developing ours. Plus it just didn't seem like a viable business plan because most of our customers don't want to pro...
by df
Mon Aug 06, 2018 1:55 am
Forum: member support & tech assistance
Topic: [DNS] Domains Not Resolving On Certain Exit Nodes
Replies: 17
Views: 8317

Re: [DNS] Domains Not Resolving On Certain Exit Nodes

[root@onyx ~]# host linux-useast.cryptostorm.org ;; Truncated, retrying in TCP mode. linux-useast.cryptostorm.org has address 192.158.233.221 linux-useast.cryptostorm.org has address 155.254.31.46 linux-useast.cryptostorm.org has address 192.158.232.124 linux-useast.cryptostorm.org has address 192....
by df
Sun Aug 05, 2018 11:49 am
Forum: member support & tech assistance
Topic: Cryptostorm client can't connect to the darknet
Replies: 17
Views: 5328

Re: Cryptostorm client can't connect to the darknet

Oh that's the problem. You're using port 64496. Ports 30000 and up are now reserved for our port forwarding feature. I guess I forgot to add something to the widget that forces the user to stay in ports 1-29999, I'll do that next widget build. So just tell the widget to use any other port that's 299...
by df
Sun Aug 05, 2018 1:30 am
Forum: member support & tech assistance
Topic: Cryptostorm client can't connect to the darknet
Replies: 17
Views: 5328

Re: Cryptostorm client can't connect to the darknet

@Sakura That definitely shouldn't be happening, especially the IP leak. I need more information though to help, such as which version of Windows are you using, and are you using any AV software or another VPN provider's software, and logs from the widget's window would help too. Also are you in a co...
by df
Fri Aug 03, 2018 2:50 am
Forum: guides, HOWTOs & tutorials
Topic: HOWTO: Linux connections to cryptostorm
Replies: 51
Views: 59566

Re: HOWTO: Linux connections to cryptostorm

@sottovoce I guess I could have explained things in more detail, but I was trying to go for the shortest amount of words since people tend to not read tutorials in full if it uses too many words. At the top of https://cryptostorm.is/nix - Terminal is the recommended method, because Network Manager h...
by df
Fri Aug 03, 2018 2:18 am
Forum: member support & tech assistance
Topic: [DNS] Domains Not Resolving On Certain Exit Nodes
Replies: 17
Views: 8317

Re: [DNS] Domains Not Resolving On Certain Exit Nodes

@sottovoce What error are you getting? I just checked all the UDP IPs on port 443 for USEast and they seem responsive: [root@onyx ~]# ./ping windows-useast.cstorm.pw 443 UDP OpenVPN is UP on 192.158.232.121:443 and responded in 87 ms UDP OpenVPN is UP on 192.158.233.194:443 and responded in 87 ms UD...
by df
Sun Jul 22, 2018 3:09 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 188
Views: 254877

Re: widget v3

Forgot to update this thread with info on the latest build. Fixed a GUI issue some had when running Windows at a non-default scaling setting. It would cause the progress bar to overlap a little bit with the "Connect" button. In the Options window the "Block intrusive ads/trackers"...
by df
Sun Jul 15, 2018 12:39 am
Forum: general chat, suggestions, industry news
Topic: Cryptostorm goes unmentioned -- What a shame!!!
Replies: 3
Views: 1945

Re: Cryptostorm goes unmentioned -- What a shame!!!

@FoodMaven
Routers are included on https://cryptostorm.is/#section6
what.png


Not sure what you mean by "Weird place for a reply", I'm replying to a post in your thread.
That's kinda how forum communication works.
by df
Fri Jul 13, 2018 4:40 pm
Forum: general chat, suggestions, industry news
Topic: Come on guys, get your shit together
Replies: 9
Views: 5089

Re: Come on guys, get your shit together

@patrickjburt That seems to be the way things are going, people trust a VPN provider more than their ISP. Personally, I wouldn't choose PureVPN if I were to go with a non-cryptostorm VPN. Any VPN that supports PPTP clearly doesn't care about security - https://en.wikipedia.org/wiki/Point-to-Point_Tu...
by df
Thu Jul 12, 2018 4:13 pm
Forum: member support & tech assistance
Topic: https://whoer.net Request for comments
Replies: 9
Views: 5328

Re: https://whoer.net Request for comments

I don't think it's got anything to do with CS. My guess is that whoer.net populates those Zone and Local fields from a GeoIP database that doesn't have 64.42.181.0/24 listed. According to https://www.iplocation.net/ , EurekAPI doesn't have the long/lat for the IP (but it does the ISP). The other Geo...
by df
Thu Jul 12, 2018 6:27 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: cryptostormusersguidev2 <-- feedback & guidance requested
Replies: 11
Views: 99315

Re: cryptostormusersguidev2 <-- feedback & guidance requested

FYI, this guide is probably outdated since it was written in 2015.
The latest guides/tutorials are up at https://cryptostorm.is/#section6
by df
Thu Jul 12, 2018 6:03 am
Forum: general chat, suggestions, industry news
Topic: Cryptostorm goes unmentioned -- What a shame!!!
Replies: 3
Views: 1945

Re: Cryptostorm goes unmentioned -- What a shame!!!

Uh, cryptostorm doesn't leak. As parityboy explained in https://cryptostorm.org/viewtopic.php?f=32&t=9568&p=18351#p18351 , your problem was that your device was set to proxy through opera-mini.net after tunneling through cryptostorm. Connecting to a VPN won't change your browser's proxy sett...
by df
Wed Jul 11, 2018 6:01 pm
Forum: member support & tech assistance
Topic: All vpn detected as proxy
Replies: 5
Views: 2258

Re: All vpn detected as proxy

@marzametal Oh yea, voodoo nodes would probably show up as no ports open. If the scan was more thorough it would show TCP/UDP port 443 open, since on voodoo exit IPs that's the only thing open. But if you scan the entry IP for that voodoo node (the thing you connect to), it would show all ports as o...
by df
Sat Jul 07, 2018 3:20 pm
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 188
Views: 254877

Re: widget v3

@RubRiches Huh, that is weird. I ran Malware bytes and my system is ok. No worries though I was able to download the new version and now I am stuck on the progress bar while connecting. This is where it is stuck: Sat Jul 07 07:52:09 2018 us=54756 [cryptostorm server] Peer Connection Initiated with [...
by df
Sat Jul 07, 2018 2:39 pm
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 188
Views: 254877

Re: widget v3

@marzametal Each VPN instance uses a different 10.x.0.0/16 B-class, mostly because if I used the same B-class (or C-class) for multiple instances, two different clients might be assigned the same 10.x.x.x IP. There's a check in place to prevent that from happening per-instance, but not per-server, s...
by df
Sat Jul 07, 2018 12:30 am
Forum: member support & tech assistance
Topic: Cryptostorm client can't connect to the darknet
Replies: 17
Views: 5328

Re: Cryptostorm client can't connect to the darknet

Oops, right you are. But actually, now there's a v3.17.0.220. The latest version fixed a minor bug in 3.16.0.220 where the node selection wasn't properly saved, so on every start it kept defaulting to "Global random". Also added more informative text for when someone connects with the kill...
by df
Fri Jul 06, 2018 6:22 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 188
Views: 254877

Re: widget v3

@RubRiches It's just a false positive. The CS widget installer randomly gets caught up in their database because it uses the same compression (LZ4) as some trojans. I use a local win7 VM for widget dev, and the only thing installed on it is the stuff needed for widget dev (Perl, Notepad++, etc.). I ...
by df
Thu Jul 05, 2018 6:57 pm
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 188
Views: 254877

Re: widget v3

Err, make that version 3.17.0.220. In version 3.16, a minor bug caused the widget to not remember your node selection choice when the widget starts (it kept defaulting to "Global random"). I also added some new text when DNS fails with the killswitch enabled, because some people were enabl...
by df
Wed Jul 04, 2018 3:57 pm
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 188
Views: 254877

Re: widget v3

New version 3.16.0.220 is out, available at https://cryptostorm.is/cryptostorm_setup.exe In this version, almost all of the DNS related code was rewritten to automatically address a lot of the previous issues people were having. The widget now "pre-resolves" the host you're connecting to. ...
by df
Wed Jul 04, 2018 3:47 pm
Forum: stormphone - the "cryptostorm phone" project [cryptostorm.org/stormphone]
Topic: Android/iPhone tutorials
Replies: 0
Views: 2849

Android/iPhone tutorials

The downloads page on the main site has been updated to include tutorials for Android and iOS, as well as all the other operating systems people commonly connect to cryptostorm with:
https://cryptostorm.is/#section6
by df
Wed Jul 04, 2018 3:45 pm
Forum: general chat, suggestions, industry news
Topic: For some Ubuntu versions, you may need to add this to your OpenVPN config in order to prevent DNS leaks
Replies: 7
Views: 3903

Re: For some Ubuntu versions, you may need to add this to your OpenVPN config in order to prevent DNS leaks

Old post, I'm sure you've figured out the problem by now, but if not: That "for x" line was meant to be executed at the command line, not pasted into your text editor (nano). If you can edit the config with nano, you can add the three lines from there: script-security 2 up /etc/openvpn/upd...
by df
Wed Jul 04, 2018 3:43 pm
Forum: general chat, suggestions, industry news
Topic: Come on guys, get your shit together
Replies: 9
Views: 5089

Re: Come on guys, get your shit together

The main page has been updated again with some new info, and (i think) most importantly, https://cryptostorm.is/#section6 has been updated to include dedicated tutorial pages for most systems. This way, people who are just trying to connect to cryptostorm don't have to navigate through this messy fo...
by df
Wed Jul 04, 2018 3:37 pm
Forum: general chat, suggestions, industry news
Topic: DNSCrypt is Dead - Long live DNSCrypt
Replies: 2
Views: 3126

Re: DNSCrypt is Dead - Long live DNSCrypt

The v3 widget made the switch to DNSCrypt v2 as of a couple of versions ago (3.13, i think)
by df
Wed Jul 04, 2018 3:35 pm
Forum: general chat, suggestions, industry news
Topic: Strange 'lifetime' VPN offers
Replies: 4
Views: 6517

Re: Strange 'lifetime' VPN offers

A lot of other VPN providers don't actually enforce connection/session limits, they just claim that the limits are there.
For those providers, if someone had a lifetime token/account/certificate/whatever, they could easily resell it several times to different people without any of them noticing.
by df
Wed Jul 04, 2018 3:33 pm
Forum: general chat, suggestions, industry news
Topic: Stripe BTC Payment Not So Anonymous
Replies: 4
Views: 6445

Re: Stripe BTC Payment Not So Anonymous

Even without the problems mentioned in this first post, it takes a lot of effort for you to make your transactions anonymous when dealing with Bitcoin.

A better method is to use our CoinPayments.net payment option, since they allow a lot more privacy-minded coins like Monero or Verge.
by df
Wed Jul 04, 2018 3:30 pm
Forum: general chat, suggestions, industry news
Topic: Darknet versions of cryptostorm sites
Replies: 1
Views: 6751

Re: Darknet versions of cryptostorm sites

Old post, but for those still coming here, most of our sites are also accessible as a Tor Hidden Service: http://stormgm7blbk7odd.onion - for cryptostorm.is http://bcwd7odqqxs62afg.onion - for cryptostorm.is http://cstorm5dzz7vgmvo.onion - for cryptostorm.org http://a64r6szrpegnggoj.onion - for cryp...
by df
Wed Jul 04, 2018 3:21 pm
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: cryptostorm configs
Replies: 1
Views: 5457

Re: cryptostorm configs

If you're looking for a tutorial on connecting to cryptostorm via Android, there's a new dedicated page for that @ https://cryptostorm.is/android
(includes screenshots and everything :-E)
by df
Wed Jul 04, 2018 3:20 pm
Forum: cryptostorm reborn: voodoo networking, stormtokens, PostVPN exotic netsecurity
Topic: tunnelling cryptosorm session thru SSL tunnel
Replies: 10
Views: 18762

Re: tunnelling cryptosorm session thru SSL tunnel

@Guest
We are planning to add stunnel some time in the near future.
For now, most DPI can be bypassed by simply using our ECC instances, since they don't disclose the OpenVPN handshake whenever you connect (thanks to --tls-crypt)
by df
Wed Jul 04, 2018 2:55 pm
Forum: member support & tech assistance
Topic: All vpn detected as proxy
Replies: 5
Views: 2258

Re: All vpn detected as proxy

whoer.net detects proxies by simply checking if you have a port open that's commonly used by a proxy (80, 1080, 1723, etc. etc.). All of the cryptostorm VPN servers will appear to have all TCP and UDP ports open. We use two iptables rules (one for UDP, one for TCP) to forward all ports to the VPN in...
by df
Wed Jul 04, 2018 2:51 pm
Forum: member support & tech assistance
Topic: Paris Server Error - FRAG_TEST not implemented
Replies: 1
Views: 1608

Re: Paris Server Error - FRAG_TEST not implemented

I removed your screenshot because near the bottom it had what might be your real IP. As for the error you were getting, it was most likely caused by us accidentally leaving --mssfix 1400 in some of the newer TCP configs on some of the servers (like France). I've updated and restarted the OpenVPN ins...
by df
Wed Jul 04, 2018 1:52 pm
Forum: member support & tech assistance
Topic: Cryptostorm client can't connect to the darknet
Replies: 17
Views: 5328

Re: Cryptostorm client can't connect to the darknet

@Guest There's a new version 3.15.0.220 of the widget that might include a fix for whatever issue you were having. Also, we now have a Windows tutorial that includes instructions for connecting with OpenVPN GUI - https://cryptostorm.is/windows#ovpngui (cancel the widget download that starts automati...
by df
Wed Jul 04, 2018 1:49 pm
Forum: member support & tech assistance
Topic: cryptostorm freezes sometimes when disconnecting
Replies: 8
Views: 4989

Re: cryptostorm freezes sometimes when disconnecting

This issue should be fixed in the latest widget that's on the website (and being pushed if you've got "Check for updates" selected in options), it's version 3.16.0.220. I'll update the widget thread in a minute with more info on the new features in the latest version: https://cryptostorm.o...
by df
Wed Jul 04, 2018 1:45 pm
Forum: member support & tech assistance
Topic: How to Achieve complete privacy and security?
Replies: 3
Views: 2824

Re: How to Achieve complete privacy and security?

@Guest
We don't keep connection/traffic logs, see https://cryptostorm.is/privacy
by df
Wed Jul 04, 2018 1:44 pm
Forum: member support & tech assistance
Topic: Old piece of crap
Replies: 2
Views: 1323

Re: Old piece of crap

There's a new widget version out now that might fix whatever problem you've been having. And in the last several versions, Windows 10 was tested thoroughly, so it's definitely supported. In most cases, it's an AV or some other program that's removing OpenVPN itself (csvpn.exe) or doing something to ...
by df
Wed Jul 04, 2018 1:31 pm
Forum: member support & tech assistance
Topic: Why was Stripe disabled?
Replies: 5
Views: 1527

Re: Why was Stripe disabled?

Stripe dropped us as customers because "it appears we're doing business with people residing in Iran", and Stripe is a US company so they don't want to get caught up in those US/Iran sanctions. I tried to explain to them that cryptostorm would most likely be excluded from those sanctions b...
by df
Wed Jul 04, 2018 5:31 am
Forum: DeepDNS.net - cryptostorm's no-compromise DNS resolver framework
Topic: TrackerSmacker: adware/crapware-blocking done right
Replies: 67
Views: 98830

Re: TrackerSmacker: adware/crapware-blocking done right

@jasonbourne
TS isn't gone, it's just disabled by default now. https://cryptostorm.is/ts
If you're not a paying customer, you can also use it when connected to our free service - https://cryptostorm.is/cryptofree
by df
Sun Jul 01, 2018 10:21 am
Forum: DeepDNS.net - cryptostorm's no-compromise DNS resolver framework
Topic: TrackerSmacker: adware/crapware-blocking done right
Replies: 67
Views: 98830

Re: TrackerSmacker: adware/crapware-blocking done right

TS is now disabled by default. See the note at very bottom of the client configs on GitHub or https://cryptostorm.is/configs/ - # uncomment the line below to enable TrackerSmacker, # our DNS-based intrusive ad/tracker blocking service #dhcp-option DNS 10.31.33.7 So to use TS, just remove that # char...
by df
Tue Jun 26, 2018 3:44 pm
Forum: guides, HOWTOs & tutorials
Topic: ASUS router stock firmware OpenVPN working.
Replies: 1
Views: 5186

Re: ASUS router stock firmware OpenVPN working.

A quick side note, the Asuswrt-Merlin firmware available at https://asuswrt.lostrealm.ca/ supports most ASUS routers and includes a newer version of OpenVPN (plus a bunch of other neat features). The HTML used for the username field has a max of 255 characters, so no need to modify anything if you'r...
by df
Mon Jun 18, 2018 3:38 am
Forum: member support & tech assistance
Topic: List of IP addresses for nodes
Replies: 1
Views: 1667

Re: List of IP addresses for nodes

We've recently added several iptables-based load balancers to the DNS based linux-balancer.cryptostorm.net (and windows-balancer.cryptostorm.net), but haven't yet announced it anywhere. The reason for this new type of balancer is that we've ordered a lot more IPs for several of the servers to give p...
by df
Sat Jun 09, 2018 12:52 am
Forum: DeepDNS.net - cryptostorm's no-compromise DNS resolver framework
Topic: TrackerSmacker: adware/crapware-blocking done right
Replies: 67
Views: 98830

Re: TrackerSmacker: adware/crapware-blocking done right

@cumpsd Old response, but I'll leave this here for anyone else. If you want to use different DNS servers while on the VPN, you'll need to add to your client config: pull-filter ignore "dhcp-option DNS" pull-filter ignore "block-outside-dns" For widget users, you can add the above...
by df
Sat Jun 02, 2018 7:33 am
Forum: member support & tech assistance
Topic: [DNS] Domains Not Resolving On Certain Exit Nodes
Replies: 17
Views: 8317

Re: [DNS] Domains Not Resolving On Certain Exit Nodes

@parityboy
dunno either. I just added force.com to the whitelist and updated England.
Frankfurt isn't using TS, so it's not blocking anything. Probably got cached on your system.
by df
Wed May 30, 2018 4:52 am
Forum: member support & tech assistance
Topic: [DNS] Domains Not Resolving On Certain Exit Nodes
Replies: 17
Views: 8317

Re: [DNS] Domains Not Resolving On Certain Exit Nodes

@parityboy Yea. First one pushed would be the primary, second one pushed would be the secondary, etc. In my test, when I added "dhcp-option DNS 10.31.33.7" to my client config, it set that as the primary DNS and the one pushed by the OpenVPN server as the secondary DNS. If had a regular/de...
by df
Sat May 26, 2018 10:15 pm
Forum: member support & tech assistance
Topic: [DNS] Domains Not Resolving On Certain Exit Nodes
Replies: 17
Views: 8317

Re: [DNS] Domains Not Resolving On Certain Exit Nodes

@parityboy Yea, plus doing this with LUA/pdns means all DNS requests would have to pass through that LUA script, which would decrease performance. The password option does sound easier for clients, even with the required instance restart. The only thing I haven't decided yet is do I make TS the defa...
by df
Fri May 25, 2018 6:37 pm
Forum: member support & tech assistance
Topic: [DNS] Domains Not Resolving On Certain Exit Nodes
Replies: 17
Views: 8317

Re: [DNS] Domains Not Resolving On Certain Exit Nodes

@parityboy That's one method I was thinking of, the only problem is that doing it that way requires all the server-side OpenVPN's to be restarted so that I can change --auth-user-pass-verify from via-env to via-file, or change --script-security 2 to 3. Another idea I was considering is using pdns-re...
by df
Fri May 25, 2018 6:30 pm
Forum: member support & tech assistance
Topic: OpenVPN Preserving recently used remote address
Replies: 6
Views: 3722

Re: OpenVPN Preserving recently used remote address

I can't seem to recreate this issue: root@oldbox:~/cryptostorm_client_configuration_files-master/ecc# openvpn CS-ECC-frankfurt_udp.ovpn 2>&1|grep -E "Preserving|cryptostorm.*Peer|Initiali" Fri May 25 07:51:20 2018 us=154000 TCP/UDP: Preserving recently used remote address: [AF_INET]84....
by df
Fri May 25, 2018 6:16 pm
Forum: member support & tech assistance
Topic: New openVPN ECC config files
Replies: 5
Views: 4388

Re: New openVPN ECC config files

@parityboy I agree, they will be around for a long time to come, but eventually we have to drop support for the oldest configurations. Backwards compatibility is understandable to a degree, but once it starts hindering the security/progress of the whole network, it's time to make changes (like how w...
by df
Wed May 23, 2018 11:37 pm
Forum: member support & tech assistance
Topic: Voodoo Dead?
Replies: 2
Views: 3300

Re: Voodoo Dead?

The voodoo nodes are up, but the UDP instances have been having strange problems for some time now. We're not sure if it's ISP manipulation or a simple configuration mistake. It could be the former for at least the Russia node since they started blocking VPNs. At any rate, TCP voodoo still seems to ...
by df
Wed May 23, 2018 11:29 pm
Forum: member support & tech assistance
Topic: New openVPN ECC config files
Replies: 5
Views: 4388

Re: New openVPN ECC config files

@parityboy I decided not to use "linux-" because eventually we'll probably be ditching the whole linux/windows separation and switching completely to ECC. Plus this way linux clients connecting to ECC will get to use the Windows IPs they normally don't get to use. We haven't yet switched t...
by df
Wed May 23, 2018 11:15 pm
Forum: member support & tech assistance
Topic: https://whoer.net Request for comments
Replies: 9
Views: 5328

Re: https://whoer.net Request for comments

Their browser identifications look legit, but some of the other data isn't accurate. I'm on one of the CS US South nodes at the moment and whoer.net is saying I have no ports open. That's not true, because every CS exit node IP will appear to have all TCP/UDP ports open. This isn't a security risk, ...
by df
Wed May 23, 2018 11:04 pm
Forum: member support & tech assistance
Topic: How to Test DNSCrypt?
Replies: 2
Views: 3122

Re: How to Test DNSCrypt?

@kingping1 The VPN encrypts all traffic once you're connected to the VPN. But before you connect, your system will resolve the DNS entries for CS nodes (i.e., windows-balancer.cryptostorm.nu, or windows-paris.cryptostorm.nu, etc. etc.) Since that normally happens using the very-easy-to-manipulate DN...
by df
Wed May 23, 2018 10:58 pm
Forum: member support & tech assistance
Topic: [DNS] Domains Not Resolving On Certain Exit Nodes
Replies: 17
Views: 8317

Re: [DNS] Domains Not Resolving On Certain Exit Nodes

This is due to the TrackerSmacker DNS-based anti-invasive/malicious ads/tracking that's running on about half of the DeepDNS servers. The ones that have TS enabled are using https://github.com/notracking/hosts-blocklists If a legitimate or popular enough site ends up in that list, we can add an excl...
by df
Wed May 23, 2018 10:48 pm
Forum: member support & tech assistance
Topic: OpenVPN Preserving recently used remote address
Replies: 6
Views: 3722

Re: OpenVPN Preserving recently used remote address

This might be a bug in the OpenVPN implementation of --persist-tun IIRC, --persist-tun shouldn't affect configs that point at specific nodes (like Paris/Portugal), but it might affect configs that use the balancers. You could try telling your OpenVPN to ignore the server pushed --persist-tun by addi...
by df
Wed May 23, 2018 10:37 pm
Forum: general chat, suggestions, industry news
Topic: PGP Fail (14May2018)
Replies: 4
Views: 4934

Re: PGP Fail (14May2018)

https://www.mailvelope.com/en/blog/impl ... mailvelope
"Mailvelope is not affected by those critical vulnerabilities".
I use Mailvelope :-)
by df
Tue Apr 24, 2018 8:05 am
Forum: general chat, suggestions, industry news
Topic: Blocked/missing dns entries
Replies: 1
Views: 2321

Re: Blocked/missing dns entries

We use https://github.com/notracking/hosts-blocklists to provide the ad/tracker blocking, and sometimes legit sites get caught in it. One way to bypass the ad blocking is to use any of the DeepDNS servers that don't have it enabled: # for x in `host public.deepdns.net|grep addr|awk '{print $NF}'`;do...
by df
Sun Apr 22, 2018 4:00 am
Forum: member support & tech assistance
Topic: Internet is broken after the update v3.13
Replies: 64
Views: 13332

Re: Internet is broken after the update v3.13

@Guest
Late response, but we were having random stability issues with curvedns (it was constantly crashing), so I decided to finally ditch it and move powerdns-recursor (another part of DeepDNS) to the internet-facing side of things.
All servers appear to be resolving everything correctly now.
by df
Wed Apr 04, 2018 4:19 am
Forum: member support & tech assistance
Topic: Internet is broken after the update v3.13
Replies: 64
Views: 13332

Re: Internet is broken after the update v3.13

@rwilcher
That happened in one of my tests, but I'm pretty sure it was caused by me manually messing around with some firewall/DNS settings.
To reset the Windows firewall back to it's default, run as Administrator:
netsh advfirewall reset
by df
Wed Apr 04, 2018 12:32 am
Forum: member support & tech assistance
Topic: Internet is broken after the update v3.13
Replies: 64
Views: 13332

Re: Internet is broken after the update v3.13

@parityboy
I temporarily pointed the DNS for the Spanish node to the Portugal one, since the Spanish node is still offline.
Once the Spanish node is back up I'll change the DNS back.
by df
Thu Mar 29, 2018 7:00 am
Forum: member support & tech assistance
Topic: Internet is broken after the update v3.13
Replies: 64
Views: 13332

Re: Internet is broken after the update v3.13

@RubRiches Both Netherlands servers and both France servers are working correctly. It could be that the new widget is remembering and restoring your current DNS settings, which might be set incorrectly because of a previous widget. If that's the case, try resetting your DNS to "Obtain DNS serve...
by df
Thu Mar 29, 2018 2:17 am
Forum: member support & tech assistance
Topic: Internet is broken after the update v3.13
Replies: 64
Views: 13332

Re: Internet is broken after the update v3.13

@Frustrated Try redownloading the widget. The latest build is 3.15.0.186 (You can see the build by going into widget options). Also, 3 nodes are still offline: The NY one, the Dusseldorf one, and the Spain one. I'm still waiting for a response from their datacenters before anything can be done about...
by df
Wed Mar 28, 2018 9:48 am
Forum: member support & tech assistance
Topic: Internet is broken after the update v3.13
Replies: 64
Views: 13332

Re: Internet is broken after the update v3.13

@spotshot and everyone else I'm pretty sure I got all the bugs that were causing these issues (and then some). Update to v3.15 at https://b.unni.es/cryptostorm_setup.exe Some browsers will cache that .exe even though the server tells them not to, so if the download window doesn't say that the file i...
by df
Sun Mar 25, 2018 3:35 pm
Forum: member support & tech assistance
Topic: Internet is broken after the update v3.13
Replies: 64
Views: 13332

Re: Internet is broken after the update v3.13

@TMcKenna It sounds like you're missing "C:\Program Files (x86)\Cryptostorm Client\bin\dnscrypt-proxy.exe" Check and make sure that file is there. Also, when installing these test widget versions, it's usually a good idea to uninstall the old one first. They all included dnscrypt-proxy.exe...
by df
Sun Mar 25, 2018 12:32 am
Forum: member support & tech assistance
Topic: Internet is broken after the update v3.13
Replies: 64
Views: 13332

Re: Internet is broken after the update v3.13

@docsomeday Are you getting DNS errors or something else? Also, try the latest build of 3.14 from https://b.unni.es/cryptostorm_setup.exe it includes a dnscrypt-proxy fix for a bug I most likely introduced while trying to fix what I thought was a widget bug, but turned out to be a server-side bug. E...
by df
Sat Mar 24, 2018 11:49 pm
Forum: member support & tech assistance
Topic: Internet is broken after the update v3.13
Replies: 64
Views: 13332

Re: Internet is broken after the update v3.13

@φ+ Try now. I think I finally figured out the problem. pdns-recursor is part of DeepDNS, and it's used to send regular DNS to the root DNS servers and other DNS (.onion/.i2p/etc.) to their respective daemons/servers. Problem was, pdns-recursor was locking up on random syscalls, which kept the DNS p...
by df
Sat Mar 24, 2018 5:25 am
Forum: member support & tech assistance
Topic: Internet is broken after the update v3.13
Replies: 64
Views: 13332

Re: Internet is broken after the update v3.13

Anyone still having this issue, please try v3.14 from https://b.unni.es/cryptostorm_setup.exe and let me know if you still see the problem. I updated the code that checks to see if you're connected so that it's more accurate, which I think will help out those who were having their DNS left to 127.0....
by df
Tue Mar 20, 2018 9:40 pm
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 188
Views: 254877

Re: widget v3

@crimghost
When you first open the widget or when you exit settings, does DNS get set to 127.0.0.1 even if the DNSCrypt option is disabled?

Go to advanced search

Nothing to display.

Login