Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
∞ take a peek at our legendary cryptostorm_is twitter feed if you're into that kind of thing ∞
Ξ we're rolling out voodoo network security across cryptostorm - big things happening, indeed! Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit GitHub Ξ
Ξ We've updated our CA certificate. All members need to be using the latest ones by Dec 22. See this page for more infoΞ

Search found 293 matches

by df
Mon Jun 18, 2018 3:38 am
Forum: member support & tech assistance
Topic: List of IP addresses for nodes
Replies: 1
Views: 452

Re: List of IP addresses for nodes

We've recently added several iptables-based load balancers to the DNS based linux-balancer.cryptostorm.net (and windows-balancer.cryptostorm.net), but haven't yet announced it anywhere. The reason for this new type of balancer is that we've ordered a lot more IPs for several of the servers to give p...
by df
Sat Jun 09, 2018 12:52 am
Forum: DeepDNS.net - cryptostorm's no-compromise DNS resolver framework
Topic: TrackerSmacker: adware/crapware-blocking done right
Replies: 62
Views: 76136

Re: TrackerSmacker: adware/crapware-blocking done right

@cumpsd Old response, but I'll leave this here for anyone else. If you want to use different DNS servers while on the VPN, you'll need to add to your client config: pull-filter ignore "dhcp-option DNS" pull-filter ignore "block-outside-dns" For widget users, you can add the above...
by df
Sat Jun 02, 2018 7:33 am
Forum: member support & tech assistance
Topic: [DNS] Domains Not Resolving On Certain Exit Nodes
Replies: 11
Views: 4394

Re: [DNS] Domains Not Resolving On Certain Exit Nodes

@parityboy
dunno either. I just added force.com to the whitelist and updated England.
Frankfurt isn't using TS, so it's not blocking anything. Probably got cached on your system.
by df
Wed May 30, 2018 4:52 am
Forum: member support & tech assistance
Topic: [DNS] Domains Not Resolving On Certain Exit Nodes
Replies: 11
Views: 4394

Re: [DNS] Domains Not Resolving On Certain Exit Nodes

@parityboy Yea. First one pushed would be the primary, second one pushed would be the secondary, etc. In my test, when I added "dhcp-option DNS 10.31.33.7" to my client config, it set that as the primary DNS and the one pushed by the OpenVPN server as the secondary DNS. If had a regular/de...
by df
Sat May 26, 2018 10:15 pm
Forum: member support & tech assistance
Topic: [DNS] Domains Not Resolving On Certain Exit Nodes
Replies: 11
Views: 4394

Re: [DNS] Domains Not Resolving On Certain Exit Nodes

@parityboy Yea, plus doing this with LUA/pdns means all DNS requests would have to pass through that LUA script, which would decrease performance. The password option does sound easier for clients, even with the required instance restart. The only thing I haven't decided yet is do I make TS the defa...
by df
Fri May 25, 2018 6:37 pm
Forum: member support & tech assistance
Topic: [DNS] Domains Not Resolving On Certain Exit Nodes
Replies: 11
Views: 4394

Re: [DNS] Domains Not Resolving On Certain Exit Nodes

@parityboy That's one method I was thinking of, the only problem is that doing it that way requires all the server-side OpenVPN's to be restarted so that I can change --auth-user-pass-verify from via-env to via-file, or change --script-security 2 to 3. Another idea I was considering is using pdns-re...
by df
Fri May 25, 2018 6:30 pm
Forum: member support & tech assistance
Topic: OpenVPN Preserving recently used remote address
Replies: 6
Views: 1963

Re: OpenVPN Preserving recently used remote address

I can't seem to recreate this issue: root@oldbox:~/cryptostorm_client_configuration_files-master/ecc# openvpn CS-ECC-frankfurt_udp.ovpn 2>&1|grep -E "Preserving|cryptostorm.*Peer|Initiali" Fri May 25 07:51:20 2018 us=154000 TCP/UDP: Preserving recently used remote address: [AF_INET]84....
by df
Fri May 25, 2018 6:16 pm
Forum: member support & tech assistance
Topic: New openVPN ECC config files
Replies: 5
Views: 2509

Re: New openVPN ECC config files

@parityboy I agree, they will be around for a long time to come, but eventually we have to drop support for the oldest configurations. Backwards compatibility is understandable to a degree, but once it starts hindering the security/progress of the whole network, it's time to make changes (like how w...
by df
Wed May 23, 2018 11:37 pm
Forum: member support & tech assistance
Topic: Voodoo Dead?
Replies: 2
Views: 2017

Re: Voodoo Dead?

The voodoo nodes are up, but the UDP instances have been having strange problems for some time now. We're not sure if it's ISP manipulation or a simple configuration mistake. It could be the former for at least the Russia node since they started blocking VPNs. At any rate, TCP voodoo still seems to ...
by df
Wed May 23, 2018 11:29 pm
Forum: member support & tech assistance
Topic: New openVPN ECC config files
Replies: 5
Views: 2509

Re: New openVPN ECC config files

@parityboy I decided not to use "linux-" because eventually we'll probably be ditching the whole linux/windows separation and switching completely to ECC. Plus this way linux clients connecting to ECC will get to use the Windows IPs they normally don't get to use. We haven't yet switched t...
by df
Wed May 23, 2018 11:15 pm
Forum: member support & tech assistance
Topic: https://whoer.net Request for comments
Replies: 5
Views: 2489

Re: https://whoer.net Request for comments

Their browser identifications look legit, but some of the other data isn't accurate. I'm on one of the CS US South nodes at the moment and whoer.net is saying I have no ports open. That's not true, because every CS exit node IP will appear to have all TCP/UDP ports open. This isn't a security risk, ...
by df
Wed May 23, 2018 11:04 pm
Forum: member support & tech assistance
Topic: How to Test DNSCrypt?
Replies: 2
Views: 1604

Re: How to Test DNSCrypt?

@kingping1 The VPN encrypts all traffic once you're connected to the VPN. But before you connect, your system will resolve the DNS entries for CS nodes (i.e., windows-balancer.cryptostorm.nu, or windows-paris.cryptostorm.nu, etc. etc.) Since that normally happens using the very-easy-to-manipulate DN...
by df
Wed May 23, 2018 10:58 pm
Forum: member support & tech assistance
Topic: [DNS] Domains Not Resolving On Certain Exit Nodes
Replies: 11
Views: 4394

Re: [DNS] Domains Not Resolving On Certain Exit Nodes

This is due to the TrackerSmacker DNS-based anti-invasive/malicious ads/tracking that's running on about half of the DeepDNS servers. The ones that have TS enabled are using https://github.com/notracking/hosts-blocklists If a legitimate or popular enough site ends up in that list, we can add an excl...
by df
Wed May 23, 2018 10:48 pm
Forum: member support & tech assistance
Topic: OpenVPN Preserving recently used remote address
Replies: 6
Views: 1963

Re: OpenVPN Preserving recently used remote address

This might be a bug in the OpenVPN implementation of --persist-tun IIRC, --persist-tun shouldn't affect configs that point at specific nodes (like Paris/Portugal), but it might affect configs that use the balancers. You could try telling your OpenVPN to ignore the server pushed --persist-tun by addi...
by df
Wed May 23, 2018 10:37 pm
Forum: general chat, suggestions, industry news
Topic: PGP Fail (14May2018)
Replies: 4
Views: 2826

Re: PGP Fail (14May2018)

https://www.mailvelope.com/en/blog/impl ... mailvelope
"Mailvelope is not affected by those critical vulnerabilities".
I use Mailvelope :-)
by df
Tue Apr 24, 2018 8:05 am
Forum: general chat, suggestions, industry news
Topic: Blocked/missing dns entries
Replies: 1
Views: 1186

Re: Blocked/missing dns entries

We use https://github.com/notracking/hosts-blocklists to provide the ad/tracker blocking, and sometimes legit sites get caught in it. One way to bypass the ad blocking is to use any of the DeepDNS servers that don't have it enabled: # for x in `host public.deepdns.net|grep addr|awk '{print $NF}'`;do...
by df
Sun Apr 22, 2018 4:00 am
Forum: member support & tech assistance
Topic: Internet is broken after the update v3.13
Replies: 64
Views: 8867

Re: Internet is broken after the update v3.13

@Guest
Late response, but we were having random stability issues with curvedns (it was constantly crashing), so I decided to finally ditch it and move powerdns-recursor (another part of DeepDNS) to the internet-facing side of things.
All servers appear to be resolving everything correctly now.
by df
Wed Apr 04, 2018 4:19 am
Forum: member support & tech assistance
Topic: Internet is broken after the update v3.13
Replies: 64
Views: 8867

Re: Internet is broken after the update v3.13

@rwilcher
That happened in one of my tests, but I'm pretty sure it was caused by me manually messing around with some firewall/DNS settings.
To reset the Windows firewall back to it's default, run as Administrator:
netsh advfirewall reset
by df
Wed Apr 04, 2018 12:32 am
Forum: member support & tech assistance
Topic: Internet is broken after the update v3.13
Replies: 64
Views: 8867

Re: Internet is broken after the update v3.13

@parityboy
I temporarily pointed the DNS for the Spanish node to the Portugal one, since the Spanish node is still offline.
Once the Spanish node is back up I'll change the DNS back.
by df
Thu Mar 29, 2018 7:00 am
Forum: member support & tech assistance
Topic: Internet is broken after the update v3.13
Replies: 64
Views: 8867

Re: Internet is broken after the update v3.13

@RubRiches Both Netherlands servers and both France servers are working correctly. It could be that the new widget is remembering and restoring your current DNS settings, which might be set incorrectly because of a previous widget. If that's the case, try resetting your DNS to "Obtain DNS serve...
by df
Thu Mar 29, 2018 2:17 am
Forum: member support & tech assistance
Topic: Internet is broken after the update v3.13
Replies: 64
Views: 8867

Re: Internet is broken after the update v3.13

@Frustrated Try redownloading the widget. The latest build is 3.15.0.186 (You can see the build by going into widget options). Also, 3 nodes are still offline: The NY one, the Dusseldorf one, and the Spain one. I'm still waiting for a response from their datacenters before anything can be done about...
by df
Wed Mar 28, 2018 9:48 am
Forum: member support & tech assistance
Topic: Internet is broken after the update v3.13
Replies: 64
Views: 8867

Re: Internet is broken after the update v3.13

@spotshot and everyone else I'm pretty sure I got all the bugs that were causing these issues (and then some). Update to v3.15 at https://b.unni.es/cryptostorm_setup.exe Some browsers will cache that .exe even though the server tells them not to, so if the download window doesn't say that the file i...
by df
Sun Mar 25, 2018 3:35 pm
Forum: member support & tech assistance
Topic: Internet is broken after the update v3.13
Replies: 64
Views: 8867

Re: Internet is broken after the update v3.13

@TMcKenna It sounds like you're missing "C:\Program Files (x86)\Cryptostorm Client\bin\dnscrypt-proxy.exe" Check and make sure that file is there. Also, when installing these test widget versions, it's usually a good idea to uninstall the old one first. They all included dnscrypt-proxy.exe...
by df
Sun Mar 25, 2018 12:32 am
Forum: member support & tech assistance
Topic: Internet is broken after the update v3.13
Replies: 64
Views: 8867

Re: Internet is broken after the update v3.13

@docsomeday Are you getting DNS errors or something else? Also, try the latest build of 3.14 from https://b.unni.es/cryptostorm_setup.exe it includes a dnscrypt-proxy fix for a bug I most likely introduced while trying to fix what I thought was a widget bug, but turned out to be a server-side bug. E...
by df
Sat Mar 24, 2018 11:49 pm
Forum: member support & tech assistance
Topic: Internet is broken after the update v3.13
Replies: 64
Views: 8867

Re: Internet is broken after the update v3.13

@φ+ Try now. I think I finally figured out the problem. pdns-recursor is part of DeepDNS, and it's used to send regular DNS to the root DNS servers and other DNS (.onion/.i2p/etc.) to their respective daemons/servers. Problem was, pdns-recursor was locking up on random syscalls, which kept the DNS p...
by df
Sat Mar 24, 2018 5:25 am
Forum: member support & tech assistance
Topic: Internet is broken after the update v3.13
Replies: 64
Views: 8867

Re: Internet is broken after the update v3.13

Anyone still having this issue, please try v3.14 from https://b.unni.es/cryptostorm_setup.exe and let me know if you still see the problem. I updated the code that checks to see if you're connected so that it's more accurate, which I think will help out those who were having their DNS left to 127.0....
by df
Tue Mar 20, 2018 9:40 pm
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 174
Views: 207288

Re: widget v3

@crimghost
When you first open the widget or when you exit settings, does DNS get set to 127.0.0.1 even if the DNSCrypt option is disabled?
by df
Fri Mar 16, 2018 9:53 pm
Forum: member support & tech assistance
Topic: Internet is broken after the update v3.13
Replies: 64
Views: 8867

Re: Internet is broken after the update v3.13

@marzametal Yea, custom.conf was removed from the v3.13 on the main cs.is website. The one on https://b.unni.es/cryptostorm_setup.exe has custom.conf and is still v3.13, I just didn't change the version numbers when I re-added custom.conf, because I first wanted to test it out so I knew what the pro...
by df
Fri Mar 16, 2018 12:53 am
Forum: member support & tech assistance
Topic: Internet is broken after the update v3.13
Replies: 64
Views: 8867

Re: Internet is broken after the update v3.13

Sounds like DNS is being left at dnscrypt-proxy.exe on 127.0.0.1 for some reason... Try disabling DNSCrypt under Options. The culprit might be the OpenVPN option --block-outside-dns, which is hardcoded into the current widget. If OpenVPN fails to set the DNS to the CS IPs that are pushed by the serv...
by df
Thu Mar 15, 2018 8:45 pm
Forum: member support & tech assistance
Topic: Internet is broken after the update v3.13
Replies: 64
Views: 8867

Re: Internet is broken after the update v3.13

@TMcKenna If you can ping 8.8.8.8, then the internet's working. Try doing nslookup whoami.cryptostorm.is That should respond with the IP that the server sees making the request (i.e., the DNS server your system is set to use). If that fails, then the problem is DNS not getting set correctly. Also, w...
by df
Thu Mar 15, 2018 9:21 am
Forum: member support & tech assistance
Topic: Internet is broken after the update v3.13
Replies: 64
Views: 8867

Re: Internet is broken after the update v3.13

Open up a cmd prompt and try pinging 8.8.8.8, after connecting to CS. If it says "General failure", then Windows Firewall is probably stopping the packets. Could be a bug in the killswitch causing it to enable whenever it's not supposed to. If that's the case, run (as Administrator): netsh...
by df
Thu Mar 15, 2018 5:19 am
Forum: member support & tech assistance
Topic: Internet is broken after the update v3.13
Replies: 64
Views: 8867

Re: Internet is broken after the update v3.13

It sounds like either Windows Defender or some other AV is blocking the widget. I sent Microsoft a false positive complaint and they added the widget's installer to the exclusion list, so updating Windows Defender's definitions should get it working again. If it's another AV, you should add c:\Progr...
by df
Tue Mar 06, 2018 8:08 pm
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 174
Views: 207288

Re: widget v3

New widget build released just now, v3.13. Those of you on v3.12, you should get a prompt informing you of the new version then asking you if you want to upgrade. For anyone else not already using the widget (or using < v3.12), it's available at https://cryptostorm.is/cryptostorm_setup.exe with hash...
by df
Mon Feb 26, 2018 6:08 am
Forum: member support & tech assistance
Topic: Bitcoin payment on Cryptostorm.is
Replies: 6
Views: 4407

Re: Bitcoin payment on Cryptostorm.is

@sysfu
see the other post. Bitpay didn't provide that option, I had to write it in.
by df
Mon Feb 26, 2018 6:07 am
Forum: independent cryptostorm token resellers, & tokens 101
Topic: wallet addresses: darkcoins, dogecoins, litecoins, namecoins, bitcoins
Replies: 8
Views: 28824

Re: wallet addresses: darkcoins, dogecoins, litecoins, namecoins, bitcoins

@sysfu CoinPayments' IPN is slow as hell, so in-browser delivery wasn't an option. Can always use a temporary email address though. I was considering changing the whole email delivery system, where the email would only contain a link to a web page that gives you your token. The page would be burn-af...
by df
Wed Feb 21, 2018 8:58 pm
Forum: member support & tech assistance
Topic: [Help] Debian 9 OpenVPN Network Manager: Cryptostorm randomly disconnects!
Replies: 16
Views: 2924

Re: [Help] Debian 9 OpenVPN Network Manager: Cryptostorm randomly disconnects!

@NeedHelp6969 Regarding Spink, he is no longer associated with CS and hasn't been since early 2015. Contrary to what some online sources say, he is not the founder of CS, just a co-founder along with me and one other person who is also no longer involved with the project. We decided to start CS rega...
by df
Mon Feb 19, 2018 9:16 am
Forum: general chat, suggestions, industry news
Topic: Come on guys, get your shit together
Replies: 6
Views: 2940

Re: Come on guys, get your shit together

Resellers list is only a subforum Yea, that's so anyone can become a reseller if they want, and post about it there. resellers.cryptostorm.org just redirects to subforum, and gives invalid https certificate error That's a leftover mistake from our former staff member, PJ. He thought subdomains look...
by df
Wed Feb 14, 2018 9:06 pm
Forum: member support & tech assistance
Topic: [CRITICAL] Website not giving SHA512 that passes tokenizer check
Replies: 5
Views: 1916

Re: [CRITICAL] Website not giving SHA512 that passes tokenizer check

@parityboy
I tested it too, seems to be working. You sure you're not loading from cache? CTRL+F5 to reload.
As for the "Your token..." hint, I don't remember it ever disappearing when you click on it, but I could add that... done.
by df
Mon Feb 12, 2018 4:42 pm
Forum: member support & tech assistance
Topic: [CRITICAL] Website not giving SHA512 that passes tokenizer check
Replies: 5
Views: 1916

Re: [CRITICAL] Website not giving SHA512 that passes tokenizer check

Whoops. Right you are.
I reused some of the sha512 calc popup's HTML for parts of the new payment method code, forgot to change the <label> id's.
Should be good now.
by df
Thu Feb 08, 2018 12:43 am
Forum: member support & tech assistance
Topic: Bitcoin payment on Cryptostorm.is
Replies: 6
Views: 4407

Re: Bitcoin payment on Cryptostorm.is

See https://cryptostorm.is/#section5 We've switched back to BitPay for Bitcoin payments, and also added support for the following altcoins via coinpayments.net - Bitcoin, Bitcoin Cash, BlackCoin, Dash, DigiByte, Dogecoin, Ether Classic, Ether, GameCredits, Litecoin, PotCoin, Vertcoin, Monero, and Zc...
by df
Mon Jan 29, 2018 10:17 am
Forum: member support & tech assistance
Topic: Bitcoin payment on Cryptostorm.is
Replies: 6
Views: 4407

Re: Bitcoin payment on Cryptostorm.is

Yep, they emailed us about that a few days ago. We'll be switching back to BitPay soon. Also going to add support for some other coins via CoinPayments.net.
by df
Wed Dec 27, 2017 3:19 pm
Forum: general chat, suggestions, industry news
Topic: Concerns for distribution of CA cert
Replies: 1
Views: 1622

Re: Concerns for distribution of CA cert

The new CA certificate was signed using the same private key that the old certificate was signed with, in a way that allowed us to accept clients using either the old or new CA certificate. That is, until Dec 22 came around, causing a fatal error for anyone still using the old certificate. That mean...
by df
Fri Dec 08, 2017 4:54 pm
Forum: member support & tech assistance
Topic: Very low data transfer speeds fix
Replies: 4
Views: 2257

Re: Very low data transfer speeds fix

Have you tried TCP or one of the voodoo servers?
by df
Thu Dec 07, 2017 6:50 pm
Forum: general chat, suggestions, industry news
Topic: Get the password of any WiFi network
Replies: 8
Views: 9288

Re: Get the password of any WiFi network

@smarttony25
The original poster chose that topic name to attract attention to their magical program that allegedly hacks any WiFi network, which of course was just a trojan.
by df
Tue Nov 14, 2017 11:36 am
Forum: DeepDNS.net - cryptostorm's no-compromise DNS resolver framework
Topic: deepDNS: seamless Tor .onion site access, via cryptostorm
Replies: 24
Views: 108716

Re: deepDNS: seamless Tor .onion site access, via cryptostorm

@bricus
Firefox also needs 'network.dns.blockDotOnion' set to 'false'
by df
Sat Nov 11, 2017 9:49 pm
Forum: member support & tech assistance
Topic: Two random questions...
Replies: 2
Views: 2752

Re: Two random questions...

Whoer's results are incorrect. All our VPN instance IPs have always had every TCP and UDP port open, yet Whoer reports some open and some closed at different times. It's also an inaccurate scan, because they assume that if we have port 3218 or 8080 open then it's an open proxy. Each of our VPN insta...
by df
Mon Oct 16, 2017 5:43 pm
Forum: cryptofree: no-cost cryptostorm network access
Topic: cryptofree.me: kernel hardening via grsec & service excision
Replies: 2
Views: 20900

Re: cryptofree.me: kernel hardening via grsec & service excision

@anon5
We're still using the last public grsec patch for 4.9.24.
If any upcoming kernels fix any vulnerabilities that apply to us, or if a new kernel feature looks useful to us, then I'll consider the minipli fork.
For now, we're keeping 4.9.24 with a minimal number of features enabled.
by df
Wed Oct 11, 2017 12:34 am
Forum: general chat, suggestions, industry news
Topic: Split Tunneling
Replies: 27
Views: 24335

Re: Split Tunneling

Old thread, but I didn't see any actual commands here, so I thought I'd add some :-) In this network setup, 192.168.1.1 is the gateway IP for your LAN. As an IP to exclude from the VPN, I'll use http://ifconfig.co/'s IP, which is currently 188.113.88.193. On Windows, after connecting to the VPN, vis...
by df
Thu Oct 05, 2017 4:52 am
Forum: member support & tech assistance
Topic: authentication failed...
Replies: 6
Views: 4871

Re: authentication failed...

Problem was physical hard drive issues on the NL node @ nforce.com (185.107.80.85 + 185.107.80.86).
Waiting for them to finish replacing that drive then I'll reinstall the system.
by df
Mon Sep 18, 2017 5:00 pm
Forum: general chat, suggestions, industry news
Topic: My connection script
Replies: 3
Views: 5038

Re: My connection script

@c_2212 ./connect.sh: line 100: dig: command not found That script uses the `dig` command to resolve hostnames, and your system either doesn't have it installed, or it's not in a location that's listed in the $PATH environment variable. Here's a modified version that includes some code to check for ...
by df
Mon Sep 18, 2017 4:21 pm
Forum: general chat, suggestions, industry news
Topic: Several suggestions to improve this service
Replies: 9
Views: 10787

Re: Several suggestions to improve this service

@KungFuChe I understand what you're saying. I've seen those cards in stores before. Some of them are reloadable, some are not. For the ones that aren't, if you only want 1 year worth of CS, you'd have to get a $60 or higher card since most of them only do increments of $10, $25, $50, or $100. I can'...
by df
Mon Sep 18, 2017 4:13 pm
Forum: general chat, suggestions, industry news
Topic: This forum is silly.
Replies: 1
Views: 4889

Re: This forum is silly.

Password reset emails don't contain your password. Those are encrypted in the database, so that would be impossible to do. The password you're referring to that is included in the reset email is a temporary one that's randomly generated. If interception is a concern, any time you reset your password...
by df
Mon Sep 18, 2017 3:55 pm
Forum: general chat, suggestions, industry news
Topic: [Request] Send Encrypted Token Emails
Replies: 2
Views: 5104

Re: [Request] Send Encrypted Token Emails

I would like to implement this, but the problem is that a lot of people create PGP keys tied to their email address just to test out PGP, without actually using it. If tokenbot were to send an encrypted email to them, they might not still have the key/password needed to decrypt it. Plus, there could...
by df
Mon Sep 18, 2017 3:41 pm
Forum: general chat, suggestions, industry news
Topic: [Request] Add QR Code To Token Delivery
Replies: 5
Views: 6167

Re: [Request] Add QR Code To Token Delivery

The reason we've never gotten around to implementing this is because the QR code would have to point to something, and without a protocol handler in the official OpenVPN app that we recommend, it wouldn't be possible to do a type of scan -> "preload token into app" thing. So the only way I...
by df
Mon Sep 18, 2017 3:26 pm
Forum: general chat, suggestions, industry news
Topic: DNS correlation.. is it possible?
Replies: 1
Views: 3849

Re: DNS correlation.. is it possible?

If you're using DNSCrypt to connect to the DeepDNS servers, then your DNS is encrypted between you and us. So no, it wouldn't be possible to correlate the websites you've visited against your DNSCrypt traffic. If you're just using our DeepDNS servers as plain DNS servers, then yes, it would be possi...
by df
Mon Sep 18, 2017 3:23 pm
Forum: general chat, suggestions, industry news
Topic: [Suggestion] Support WireGuard
Replies: 6
Views: 6147

Re: [Suggestion] Support WireGuard

We do have a test wireguard instance up on a Romanian server, but it's unlikely that we'll provide public access to it anytime soon.

Main reason being, as the wireguard website puts it, "WireGuard is not yet complete. You should not rely on this code."
by df
Mon Sep 18, 2017 3:13 pm
Forum: general chat, suggestions, industry news
Topic: SSL cert problems with cryptostorm sites
Replies: 3
Views: 5185

Re: SSL cert problems with cryptostorm sites

That's an old issue left over from a former admin who liked to use sub-domains instead of /directories just because it "looked cooler" to him, even though I told him from the beginning not to use them. As a result, a lot of places outside of CS have links to old http://whatever.cryptostorm...
by df
Sat Aug 12, 2017 5:37 pm
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 174
Views: 207288

Re: widget v3

@JTD121 Do you get that error when running cryptostorm_setup.exe? If so, you should exit the widget before you begin the installation. Windows can't overwrite client.exe if it's already running. Although, the installation should detect if the widget is already running and ask if it's okay to close i...
by df
Tue Jul 18, 2017 12:45 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 174
Views: 207288

Re: widget v3

@ATurtle If anyone is still using XP, they clearly don't care about security. You could argue that Microsoft updates doesn't equate to security (which is accurate), but since XP hasn't received security patches for several years now, using it under any pretense is just plain dumb. Maybe in a system/...
by df
Thu Jun 22, 2017 12:20 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 174
Views: 207288

Re: widget v3

@rwilcher
The latest one is always at https://cryptostorm.is/cryptostorm_setup.exe
by df
Mon Jun 19, 2017 12:41 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 174
Views: 207288

Re: widget v3

Just built a new widget v3.0.0.72 that includes code that now saves that connect timeout value (Under "Options" -> "Connecting") so it's remembered on restart. Also OpenVPN/OpenSSL binaries/libraries upgraded to 2.3.16/1.0.2l. Latest hashes for https://cryptostorm.is/cryptostorm_...
by df
Mon Apr 17, 2017 9:25 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 174
Views: 207288

Re: widget v3

@justintime Just as parityboy said, Windows requires more effort to make things more secure/anonymous. It's non-trivial to run DNSCrypt along with OpenVPN while also blocking DNS, WebRTC/STUN/ICE, and IPv6 leaks in Windows. On Linux, it is trivial. Plus, most of the issues that the Windows Widget fi...
by df
Sun Apr 16, 2017 12:15 pm
Forum: member support & tech assistance
Topic: Torstorm
Replies: 12
Views: 7198

Re: Torstorm

@kapu
Don't manually set your DNS, let OpenVPN handle it.
If you're on CS but you set your DNS to an IP different than what's pushed by the server, the transparent .onion/.i2p/etc. thing won't work.
by df
Thu Apr 13, 2017 9:35 am
Forum: member support & tech assistance
Topic: Can't Authenticate On Any Node
Replies: 21
Views: 8542

Re: Can't Authenticate On Any Node

FYI, there's a new v3 widget build that includes a fix for Windows users having max session issues, it's up @ https://cryptostorm.is/cryptostorm_setup.exe and the hashes are @ https://cryptostorm.org/viewtopic.php?f=37&t=8955&p=17274#p17274 For the last two people using Linux, make sure that...
by df
Thu Apr 13, 2017 9:28 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 174
Views: 207288

Re: widget v3

New widget build out, v3.0.0.71 hashes: md5: 6bf40dd09b2b7851849e5630e24f7121 sha1: 747e75eaaa623f5dcbbd6ed22430d4f5235989ee sha512: 31bb34f65c73788e7f5149c295f649ad5b6ca6b07f2d113891bf64d2007efdee648473a127ff7bb868314b4e5e2c340fc028aaa81babee3d11d402440518843f Up at the usual places, https://crypto...
by df
Wed Mar 29, 2017 3:45 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 174
Views: 207288

Re: widget v3

@Khariz The widget does manually set the DNS if DNSCrypt is enabled. Everything else is done via TAP, but there might be some code still in there that's leftover from before --block-outside-dns was implemented into OpenVPN, back when the widget had to do the DNS leak blocks itself. @crimghost That i...
by df
Sun Feb 26, 2017 10:23 am
Forum: guides, HOWTOs & tutorials
Topic: HOWTO: iOS Connection Guide
Replies: 44
Views: 40830

Re: HOWTO: iOS Connection Guide

@Khariz If you've got console access, try `ping`ing or doing an `nslookup` against whatever .onion you're trying to access. The .onion should resolve to something in 10.99.0.0/16, and you could also try using whatever command-line downloader iOS uses (curl, wget, lynx, fetch, etc.) to see if that wi...
by df
Wed Feb 22, 2017 1:46 am
Forum: cryptofree: no-cost cryptostorm network access
Topic: cryptofree howto Linux: Fedora 25 OpenVPN using gnome
Replies: 1
Views: 3963

Re: cryptofree howto Linux: Fedora 25 OpenVPN using gnome

@DataAllTogther I edited your post to remove the old/defunct "cryptokens.ca" host. Also edited that configs post you referred to that contained some old configs. For future reference, never use the configs on the forum. There's a lot of old posts here containing configs, and most of the po...
by df
Tue Feb 21, 2017 5:44 am
Forum: cryptostorm reborn: voodoo networking, stormtokens, PostVPN exotic netsecurity
Topic: Obfsproxy and IP Modulation
Replies: 5
Views: 6357

Re: Obfsproxy and IP Modulation

@Khariz The US obfsproxy IP has been having issues (won't connect, but pingable; listening correctly on the server-side), possibly due to a firewall at the datacenter. So I just put up another obfsproxy instance on obfs-windows-romania.cstorm.pw . It's in the v3 nodelist, so just click the update bu...
by df
Mon Feb 20, 2017 5:59 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 174
Views: 207288

Re: widget v3

@marzametal Eh, I haven't been maintaining the previous versions though since these v3 betas were never really intended to be released, at least not until it got out of beta. So each new build is uploaded to the same place, overwriting the previous. The only way to get .66 would be if you already do...
by df
Mon Feb 20, 2017 4:08 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 174
Views: 207288

Re: widget v3

@bricus
I'm not sure, it was working fine on my win10 test VM.
Maybe an OpenVPN 2.4 bug that only affects certain configurations?
by df
Tue Feb 14, 2017 1:59 am
Forum: general chat, suggestions, industry news
Topic: Several suggestions to improve this service
Replies: 9
Views: 10787

Re: Several suggestions to improve this service

@dsagg Yea, "We may share information with: Law enforcement, Financial Supervision Authorities, government officials, or other third parties when: we are compelled to do so by a subpoena, court order or similar legal procedures. we need to do so to comply with law. we believe in good faith that...
by df
Fri Feb 10, 2017 8:28 pm
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 174
Views: 207288

Re: widget v3

Tested with somebody, and for whatever reason OpenVPN 2.4.0 kept crashing on them. So I just released v3.0.0.67 that's downgraded to OpenVPN 2.3.14, it'll most likely fix this issue for anyone else still having problems with v3.0.0.66. Latest v3.0.0.67 @ https://cryptostorm.is/cryptostorm_setup.exe ...
by df
Fri Feb 10, 2017 1:24 pm
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 174
Views: 207288

Re: widget v3

It sounds like people had problems with the csvpn.exe (openvpn 2.4.0) that got pushed in the last update. It worked for me on Win10, but just in case I reuploaded the same openvpn/openssl binaries/libraries that I had locally onto all the servers so that they would get pushed instead. For those stil...

Go to advanced search

Nothing to display.

Login