Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit here or GitHub Ξ
Ξ If you're looking for tutorials/guides, check out the new https://cryptostorm.is/#section6 Ξ

Search found 386 matches

by df
Fri Feb 22, 2019 3:44 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 216
Views: 905783

Re: widget v3

v3.42 is up now. Fixed a few bugs in v3.40 where the widget would crash on disconnect, and sometimes on exit. Switched from using slow as hell `netsh` commands for changing the system's DNS to much faster registry changes. Removed the TLS version GUI option since it'll now default to TLSv1.3, unless...
by df
Sat Feb 16, 2019 10:54 pm
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 216
Views: 905783

Re: widget v3

@Stan That's a bugfix for previous widget versions that would sometimes set DNS to 127.0.0.1 even when the widget's dnscrypt-proxy isn't running. You shouldn't need to run your own dnscrypt-proxy anyways, the widget includes it. If you want to use your own dnscrypt servers instead of ours, edit the ...
by df
Thu Feb 14, 2019 7:56 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 216
Views: 905783

Re: widget v3

Just released v3.40, it's up on the main website now. It includes a new "Advanced" tab under Options that allows you to change a few defaults that might help in certain network setups (--route-method, --ip-win32, binding to a specific network adapter or IP, switching between TLSv1.2 and TLSv1.3). Al...
by df
Tue Jan 29, 2019 4:37 am
Forum: member support & tech assistance
Topic: Error when attempting to buy token using Monero
Replies: 1
Views: 1240

Re: Error when attempting to buy token using Monero

Sounds like you're probably using a browser addon like NoScript that's preventing the checkout page from working correctly.
Disable it, or add *.coinpayments.net to your whitelist, then try again.
by df
Mon Jan 21, 2019 3:52 am
Forum: crypto, VPN & security news
Topic: [BleepingComputer] VORACLE Attack Can Recover HTTP Data From VPN Connections
Replies: 5
Views: 13165

Re: [BleepingComputer] VORACLE Attack Can Recover HTTP Data From VPN Connections

Ah, that's right. In the ancient 2013 post @ https://cryptostorm.org/viewtopic.php?f=38&t=5981 PJ describes in his round-about way something that sounds an awful lot like VORACLE, which was the reason we've (almost) always had compression disabled. IIRC, back then we had a mixture of "comp-lzo no" i...
by df
Mon Jan 21, 2019 3:12 am
Forum: member support & tech assistance
Topic: OVP Android Issues
Replies: 4
Views: 2253

Re: OVP Android Issues

I just talked to someone else who had this same issue, they also were using the app from Google's Play Store. The problem ended up being that Google Play Store has v0.7.5 of the app, which uses OpenSSL 1.1.0h, and the Ed25519/Ed448 configs require at least OpenSSL 1.1.1. F-Droid has version 0.7.6, w...
by df
Wed Jan 09, 2019 11:27 pm
Forum: member support & tech assistance
Topic: ISP blocking all other DNS
Replies: 4
Views: 4258

Re: ISP blocking all other DNS

@Moonlight
Yes, all of the nodes are running a DNSCrypt server. With the widget, all you need to do is enable the DNSCrypt option, it'll start in the background and your DNS settings will be changed to point to that DNSCrypt instance.
by df
Wed Jan 09, 2019 10:40 pm
Forum: cryptofree: no-cost cryptostorm network access
Topic: windows xp
Replies: 1
Views: 16232

Re: windows xp

We no longer offer any official support for Windows XP since Microsoft stopped supporting XP in April of 2014, and OpenVPN themselves stopped supporting it early last year. In 2017, Microsoft did release security patches for the vulnerability the WannaCry ransomware exploited, but that was a major v...
by df
Wed Jan 09, 2019 10:16 pm
Forum: member support & tech assistance
Topic: Can't connect following Windows Defender Update
Replies: 1
Views: 1481

Re: Can't connect following Windows Defender Update

I just updated my Windows 10 Home VM to the latest, and updated Windows Defender to the latest (threat definition version: 1.283.2606.0), and I'm not seeing anything about the CS widget being detected, nor is any new firewall rules blocking it.... But then again, Microsoft doesn't use a single datab...
by df
Thu Jan 03, 2019 9:03 pm
Forum: crypto, VPN & security news
Topic: [BleepingComputer] VORACLE Attack Can Recover HTTP Data From VPN Connections
Replies: 5
Views: 13165

Re: [BleepingComputer] VORACLE Attack Can Recover HTTP Data From VPN Connections

@parityboy
No, it's always been enabled, at least until Oct of last year
by df
Thu Jan 03, 2019 8:44 pm
Forum: member support & tech assistance
Topic: block outside dns
Replies: 3
Views: 6472

Re: block outside dns

I'm sure you already have, but if not, you need to upgrade to the latest v3.36 widget. It fixes most DNS issues. The --block-outside-dns option is now pushed from the server if you connect from Windows (either via the widget or OpenVPN GUI). To tell your client to ignore that pushed setting, in the ...
by df
Thu Jan 03, 2019 8:24 pm
Forum: member support & tech assistance
Topic: OVP Android Issues
Replies: 4
Views: 2253

Re: OVP Android Issues

I haven't heard of anything like this happening, but my suggestion would be to make sure you're using the latest OpenVPN for Android app from http://plaisthos.de/android/ics-openvpn-latest-stable.apk Other than that, check the logs and see if anything unusual is there (or post it here and we'll look...
by df
Thu Jan 03, 2019 8:22 pm
Forum: member support & tech assistance
Topic: ISP blocking all other DNS
Replies: 4
Views: 4258

Re: ISP blocking all other DNS

FYI, even when you're using our DNS servers, it's still regular DNS, which is very easy to manipulate or block entirely.
To bypass anything like that, use our DNSCrypt servers instead. Most DNS blocking methods won't block that since it's TCP port 443, and it doesn't look anything like DNS.
by df
Thu Jan 03, 2019 7:37 pm
Forum: general chat, suggestions, industry news
Topic: wrong repository link in tutorial
Replies: 3
Views: 4306

Re: wrong repository link in tutorial

I just posted an update in that other thread. Basically, those commands will only work if your distro branch/version is listed at https://build.openvpn.net/debian/openvpn/stable/dists/
by df
Thu Jan 03, 2019 7:35 pm
Forum: guides, HOWTOs & tutorials
Topic: HOWTO: OpenWRT Routers
Replies: 22
Views: 68593

Re: HOWTO: OpenWRT Routers

@FoodMaven You need to change the "auth-user-password" line in /etc/openvpn/cstorm_linux-lisbon_udp.ovpn to point to a file containing your token (or it's hash) on the first line, and any random text on the second line. Otherwise it'll try to prompt you for the user/pass, but since you're not runnin...
by df
Thu Jan 03, 2019 7:30 pm
Forum: member support & tech assistance
Topic: TorrentIP
Replies: 3
Views: 1993

Re: TorrentIP

I guess any of the styles at https://www.phpbb.com/customise/db/styl ... _styles-12 would work (just the ones that say "3.2.5"), but I'm not sure how to go about switching the styles on a per-user basis (via the UCP)
by df
Thu Jan 03, 2019 7:18 pm
Forum: guides, HOWTOs & tutorials
Topic: HOWTO: OpenWRT Routers
Replies: 22
Views: 68593

Re: HOWTO: OpenWRT Routers

Notice the time/date stamp in the original post of this thread, it was started way back in 2013, so there's some outdated things here. But at the very top of the page (and every other page here), there's the notice "Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit ...
by df
Thu Jan 03, 2019 7:08 pm
Forum: member support & tech assistance
Topic: Linux Mint 19 repository OpenVPN does not have a Release file
Replies: 5
Views: 13618

Re: Linux Mint 19 repository OpenVPN does not have a Release file

Keep in mind that both the Network Manager and Terminal instructions on https://cryptostorm.is/nix were intended for Ubuntu. They'll work on a few other Debian based distros, but not ones that aren't up to date or have their own version/branch names (such as Linux Mint). Here's a simple(ish) script ...
by df
Wed Jan 02, 2019 12:47 am
Forum: member support & tech assistance
Topic: TorrentIP
Replies: 3
Views: 1993

Re: TorrentIP

Yep, it was broken. Should be good now though. We were working on the main web server during New Year's since people were more likely to be out celebrating, and because there were some things that desperately needed upgrading. Now it's running the latest Apache/PHP, and this forum was upgraded to th...
by df
Sat Dec 29, 2018 1:23 am
Forum: cryptofree: no-cost cryptostorm network access
Topic: Download CryptoStorm FREE (Client), W7, 32-Bit
Replies: 1
Views: 2391

Re: Download CryptoStorm FREE (Client), W7, 32-Bit

The free client is the same as the paid client. See the instructions at https://cryptostorm.is/cryptofree (the last paragraph has the info you need)
by df
Fri Nov 30, 2018 7:04 am
Forum: member support & tech assistance
Topic: Problems configuring on Reborn OS (Arch Linux)
Replies: 32
Views: 18016

Re: Problems configuring on Reborn OS (Arch Linux)

yea. the configs normally have 4 "remote" lines, like in Balancer_UDP.ovpn it would have: remote balancer.cstorm.is 443 udp remote balancer.cstorm.net 443 udp remote balancer.cryptostorm.ch 443 udp remote balancer.cryptostorm.pw 443 udp delete all but one, and change the hostname to whoami.cryptosto...
by df
Fri Nov 30, 2018 6:24 am
Forum: member support & tech assistance
Topic: Problems configuring on Reborn OS (Arch Linux)
Replies: 32
Views: 18016

Re: Problems configuring on Reborn OS (Arch Linux)

So with 1.1.1.1 the only thing in your resolv.conf, you get cannot resolve errors with OpenVPN? heh, I've got an idea. change the remote lines in the OpenVPN config so that you're connecting to the hostname whoami.cryptostorm.is it'll fail, but it'll tell you what DNS is actually being used at the t...
by df
Fri Nov 30, 2018 5:35 am
Forum: member support & tech assistance
Topic: Problems configuring on Reborn OS (Arch Linux)
Replies: 32
Views: 18016

Re: Problems configuring on Reborn OS (Arch Linux)

"I uninstalled in the package manager", but did you install using that "VPN Manager" shortcut that runs /usr/bin/vpn-manager.sh? That thing was buggy as hell, I run it just ffs and selected PIA, it got stuck in a loop. Anyways, how are you running OpenVPN? Just a plain `openvpn --config Balancer_UDP...
by df
Fri Nov 30, 2018 4:21 am
Forum: member support & tech assistance
Topic: Problems configuring on Reborn OS (Arch Linux)
Replies: 32
Views: 18016

Re: Problems configuring on Reborn OS (Arch Linux)

I just tested with a clean Reborn OS install, it resolves it fine. Are you sure when you uninstalled that killswitch it really was uninstalled?
Could be some iptables rules leftover blocking the DNS, or maybe something else you did changed the cryptostorm OpenVPN config?
by df
Fri Nov 30, 2018 4:04 am
Forum: member support & tech assistance
Topic: Problems configuring on Reborn OS (Arch Linux)
Replies: 32
Views: 18016

Re: Problems configuring on Reborn OS (Arch Linux)

yea, that's cloudflare alright... and when you do `host sweden.cstorm.is` does it return 27 IPs?
by df
Fri Nov 30, 2018 2:43 am
Forum: member support & tech assistance
Topic: Problems configuring on Reborn OS (Arch Linux)
Replies: 32
Views: 18016

Re: Problems configuring on Reborn OS (Arch Linux)

try it without the 1.1.1.1
by df
Fri Nov 30, 2018 1:33 am
Forum: member support & tech assistance
Topic: Problems configuring on Reborn OS (Arch Linux)
Replies: 32
Views: 18016

Re: Problems configuring on Reborn OS (Arch Linux)

Both the `host` command and OpenVPN use the DNS settings that are in /etc/resolv.conf Can't think of any reason why `host` would work but openvpn wouldn't... But check that file anyways to see what's in it. If it's got 'nameserver 127.0.1.1' then you're probably using a local dnsmasq server, which i...
by df
Thu Nov 29, 2018 5:08 pm
Forum: member support & tech assistance
Topic: Problems configuring on Reborn OS (Arch Linux)
Replies: 32
Views: 18016

Re: Problems configuring on Reborn OS (Arch Linux)

when you do `host sweden.cryptostorm.ch` does it resolve?
by df
Tue Nov 27, 2018 3:54 am
Forum: cryptostorm reborn: voodoo networking, stormtokens, PostVPN exotic netsecurity
Topic: voodoo.network: topological & routing discussions
Replies: 9
Views: 18441

Re: voodoo.network: alpha token batch, official release

@privangle
Yea, similar to Tor relay chains.
And yes, VPNs can be attacked. Anything online can be attacked (and probably is being attacked), and a lot of offline stuff too.

Voodoo is something the CS-team invented, but it does use existing networking technologies, just in an unusual way :-)
by df
Mon Nov 26, 2018 1:31 am
Forum: member support & tech assistance
Topic: Problems configuring on Reborn OS (Arch Linux)
Replies: 32
Views: 18016

Re: Problems configuring on Reborn OS (Arch Linux)

Sun Nov 25 14:10:49 2018 us=888128 RESOLVE: Cannot resolve host address: sweden.cryptostorm.ch:5062 (System error) Sun Nov 25 14:10:54 2018 us=890652 RESOLVE: Cannot resolve host address: sweden.cryptostorm.ch:5062 (System error) Sun Nov 25 14:10:59 2018 us=893612 RESOLVE: Cannot resolve host addres...
by df
Wed Nov 21, 2018 4:19 am
Forum: member support & tech assistance
Topic: Probs with new configs in Ubuntu
Replies: 28
Views: 15872

Re: Probs with new configs in Ubuntu

@deadbeef I dunno if it's true on Buster, but I have seen some other distros do this weird thing where the openssl they install is one version, but the shared libraries used by programs like openvpn is another. If `openssl version` says 1.1.1, but `openvpn --version` says openssl 1.0.2o, then that c...
by df
Wed Nov 21, 2018 3:28 am
Forum: member support & tech assistance
Topic: Probs with new configs in Ubuntu
Replies: 28
Views: 15872

Re: Probs with new configs in Ubuntu

@deadbeef I don't think Debian or Ubuntu has OpenSSL 1.1.1 in their repos yet. Try installing OpenVPN and OpenSSL from source. As root, this should do it: cd /usr/src/ apt install -y build-essential zlib1g-dev liblz4-dev liblzo2-dev wget http://www.openssl.org/source/openssl-1.1.1.tar.gz;tar zxf ope...
by df
Sat Nov 17, 2018 6:31 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 216
Views: 905783

Re: widget v3

@Moonlight Try Frankfurt again. Someone else was having issues too, turns out something between their PC and the frankfurt server was mucking around with IP headers just enough to make our port striping v2 thing to not work. So I added some extra rules to check for that. If it works for you too, the...
by df
Sat Nov 17, 2018 12:10 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 216
Views: 905783

Re: widget v3

@Moonlight It might be that a previous widget version caused your DNS to be set to something invalid (like 127.0.0.1 even when the widget's not running). So when this version first starts, it remembers whatever DNS settings you have on launch so that it can restore that if the program crashes. If th...
by df
Fri Nov 16, 2018 2:42 pm
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 216
Views: 905783

Re: widget v3

@Brucie Try rebooting your system. There's a weird TAP adapter bug outside of the scope of our widget that causes the existing adapter to go into a strange read-only state. I wasn't able to reproduce it on win7, but I did get a win10 system do end up like that. For me, after rebooting it worked corr...
by df
Fri Nov 16, 2018 6:15 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 216
Views: 905783

Re: widget v3

@Brucie Oh god damnit. You're right, I just tested on a Vista VM and it still did the TAP loop thing. Pretty sure I know what the problem is though. Apparently M$ thought it was a good idea to change the way simple IF statements work in batch files across different Windows versions. Either that or i...
by df
Fri Nov 16, 2018 2:39 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 216
Views: 905783

Re: widget v3

@Moonlight Ah, there's the damn problem. The killswitch adds the VPN IPs all in one line using netsh advfirewall, but there's a character limit in the command prompt. The VPN IPs including the balancer IPs brings the total to > 600, so it hits that character limit and that cmd spits out an error. Se...
by df
Wed Nov 14, 2018 8:41 am
Forum: member support & tech assistance
Topic: Problems configuring on Reborn OS (Arch Linux)
Replies: 32
Views: 18016

Re: Problems configuring on Reborn OS (Arch Linux)

See the updated commands @ https://cryptostorm.is/nix
Turns out on some non-Ubuntu distros NM adds the file extension '.nmconnection' for the configs in /etc/NetworkManager/system-connections/
So the commands have been updated to check for that
by df
Wed Nov 14, 2018 8:35 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 216
Views: 905783

Re: widget v3

@marzametal The blocking of outside DNS issue should be fixed now in the latest version that's up now. The dns proxy thing is clashing with dnscrypt-proxy because the widget is bundled with it's own dnscrypt-proxy. I renamed the one the widget comes with to cs-dnsc-p.exe so that when it checks the p...
by df
Tue Nov 13, 2018 11:04 pm
Forum: cryptofree: no-cost cryptostorm network access
Topic: Pass few days can connect with all configs windows and android but pages timeout
Replies: 3
Views: 8220

Re: Pass few days can connect with all configs windows and android but pages timeout

That was our mistake. We were adding a new feature that lets people connect to our ECC instances on ports outside of 5060, but when adding the iptables rules they accidentally got added twice on the cryptofree server.
That error has been fixed, so cryptofree should work correctly for everyone now.
by df
Sat Nov 10, 2018 9:30 pm
Forum: member support & tech assistance
Topic: ECC port 5060?
Replies: 3
Views: 10849

Re: ECC port 5060?

Yay! I was able to implement network-wide the thing I mentioned in the previous post. So now ECC is no longer restricted to port 5060. The range of ports that'll work now are: RSA UDP = 1-29999 RSA TCP = 1-5060,5063-29999 ECC UDP = 1-5060,5063-29999 ECC TCP = 1-5060,5063-29999 Ed25519 is still 5061 ...
by df
Sat Nov 10, 2018 9:21 pm
Forum: member support & tech assistance
Topic: [Exits] England Node Not Passing Any Traffic
Replies: 16
Views: 12602

Re: [Exits] England Node Not Passing Any Traffic

@parityboy The Spain node was removed a while back, but I wasn't sure if the removal was going to be permanent or temporary, so temporarily I pointed the Spain DNS to Portugal. Turns out the removal was permanent, but for a few months I forgot that the Spain DNS & configs still existed. When I reali...
by df
Mon Nov 05, 2018 12:27 pm
Forum: member support & tech assistance
Topic: Ubuntu > vpn connect : nm-openvpn[11295]: Exiting due to fatal error
Replies: 3
Views: 3664

Re: Ubuntu > vpn connect : nm-openvpn[11295]: Exiting due to fatal error

Yep, gotta wait until https://gitlab.gnome.org/GNOME/NetworkManager-openvpn adds support for --tls-crypt and --compress, then gotta wait for the Ubuntu repos to update to that version of NetworkManager-openvpn
by df
Mon Nov 05, 2018 12:20 pm
Forum: member support & tech assistance
Topic: The network with few opened outside ports. How2 connect to OVPN servers?
Replies: 5
Views: 5379

Re: The network with few opened outside ports. How2 connect to OVPN servers?

@Scarface See email Also, when I scan login.ovip.icq.com for those ports from an unfiltered system I see something different: 80/tcp open http 443/tcp open https 465/tcp closed smtps 3128/tcp closed squid-http 8080/tcp closed http-proxy Most likely that means your ISP is blocking ports 465 and 8080,...
by df
Wed Oct 31, 2018 1:08 pm
Forum: member support & tech assistance
Topic: tcp vs udp configs, which one?
Replies: 2
Views: 12852

Re: tcp vs udp configs, which one?

UDP is always preferred over TCP when used with OpenVPN. The reliability that TCP offers that UDP doesn't isn't relevant in this context since most of your pre-encrypted traffic will already be using TCP (WWW, email, etc.), so any retransmitting of packets or integrity checking would be done at the ...
by df
Wed Oct 31, 2018 1:01 pm
Forum: member support & tech assistance
Topic: MacOS enabling TS on all configs
Replies: 1
Views: 11651

Re: MacOS enabling TS on all configs

The command on https://cryptostorm.is/ts should work on MacOS as well. Pretty sure Mac comes with sed... sed -e's/#dhcp-option.*/dhcp-option DNS 10.31.33.7/' -i *.ovpn The command would need to be entered while you're in the same directory that has all of your .ovpn configs you downloaded from our w...
by df
Wed Oct 31, 2018 12:59 pm
Forum: member support & tech assistance
Topic: How to obfuscate VPN usage from ISP in restricted countries?
Replies: 2
Views: 5865

Re: How to obfuscate VPN usage from ISP in restricted countries?

Yep, the ECC instances use OpenVPN's --tls-crypt option, which encrypts the TLS handshake and most of the initial OpenVPN handshake packets. But our list of server IPs is public, so it wouldn't be too difficult for someone to block all of those. Most restrictive countries don't though, simply becaus...
by df
Wed Oct 31, 2018 12:51 pm
Forum: member support & tech assistance
Topic: dd-wrt configuration, can't connect
Replies: 42
Views: 20737

Re: dd-wrt configuration, can't connect

I recently helped out another customer who was having issues with DD-WRT, so I'll copy/paste the solution here if anyone else has the same problems: I loaded up DD-WRT from https://download1.dd-wrt.com/dd-wrtv2/downloads/betas/2018/10-19-2018-r37442/x86/dd-wrt_public_vga.image onto a VM so I can tes...
by df
Wed Oct 31, 2018 12:35 pm
Forum: member support & tech assistance
Topic: Problems configuring on Reborn OS (Arch Linux)
Replies: 32
Views: 18016

Re: Problems configuring on Reborn OS (Arch Linux)

In your first post, the problem is that you're issuing a multiline set of commands as a single command. If you want to do that, semi colons would need to be added in the right places, I.e.: CSTOKEN=CsTok-enGvX-F4b4a-j7CED;for conf in `ls *.ovpn|sed -e's/.ovpn//'`;do sed "/\[vpn\]/a username=$CSTOKEN...
by df
Wed Oct 31, 2018 12:30 pm
Forum: cryptostorm reborn: voodoo networking, stormtokens, PostVPN exotic netsecurity
Topic: tunnelling cryptosorm session thru SSL tunnel
Replies: 12
Views: 50949

Re: tunnelling cryptosorm session thru SSL tunnel

@Lan That's something I'm working on at the moment, offering ECC on other ports outside of 5060. I'm pretty sure I've figured out a way to do ECC & RSA instances on the same IP both on ports 1-29999 (excluding 30000-65535 since that's reserved for port forwarding). For UDP, the iptables u32 module i...
by df
Wed Oct 31, 2018 12:20 pm
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: The CryptoStorm Speed Test Thread
Replies: 77
Views: 156061

Re: The CryptoStorm Speed Test Thread

@blurb With the Wireguard option it probably would be, but I wouldn't trust a VPS for anything that requires a high level of security. Since it's a VM, you have no way of verifying the security of the system running the VM. Whatever security measures you do (firewall, grsecurity, FDE, strong passwor...
by df
Tue Oct 30, 2018 6:18 pm
Forum: member support & tech assistance
Topic: [VyOS] VyOS Complains That ca.crt Is Invalid
Replies: 9
Views: 9852

Re: [VyOS] VyOS Complains That ca.crt Is Invalid

That's the one for the legacy RSA instances, so should have worked. Whatever, VyOS sounds like shit anyways. Their team clearly doesn't understand how PKI works, or they're just lazy, since they're asking for stuff that would never be used client-side. Ignoring that, it doesn't look good when instal...
by df
Mon Oct 29, 2018 6:16 pm
Forum: guides, HOWTOs & tutorials
Topic: ASUS router stock firmware OpenVPN working.
Replies: 7
Views: 16947

Re: ASUS router stock firmware OpenVPN working.

My ASUS router also runs Asuswrt-Merlin version 384.7 The HTML for the VPN settings page does indeed have a max length of 255, but if you enter anything that long it'll just revert back to whatever shorter username was previously there (if any). The solution that worked for me was to disable "Userna...
by df
Mon Oct 29, 2018 5:51 pm
Forum: member support & tech assistance
Topic: [VyOS] VyOS Complains That ca.crt Is Invalid
Replies: 9
Views: 9852

Re: [VyOS] VyOS Complains That ca.crt Is Invalid

What does `cat /config/auth/openvpn/cs/ca.crt` show? Also, when those network changes went into effect Oct 8, the new RSA instances now use the same CA certificate as the ECC ones (the 521-bit curve secp521r1). That curve should work on some pretty old versions since support for it was added to Open...
by df
Mon Oct 29, 2018 9:08 am
Forum: member support & tech assistance
Topic: dd-wrt configuration, can't connect
Replies: 42
Views: 20737

Re: dd-wrt configuration, can't connect

Can't remember when exactly it was, might have been as far back as January of 2018, but these days the England server is 10gbps
by df
Sat Oct 27, 2018 8:47 am
Forum: member support & tech assistance
Topic: [Exits] England Node Not Passing Any Traffic
Replies: 16
Views: 12602

Re: [Exits] England Node Not Passing Any Traffic

@parityboy Could be kernel related, Portugal does still have one built in 2017. It's just odd that the new UDP RSA and legacy TCP RSA works fine, it's only legacy UDP RSA that's showing this behavior. It'also odd that everything's using the same OpenVPN/OpenSSL version and same sysctl params, and th...
by df
Fri Oct 26, 2018 4:28 pm
Forum: member support & tech assistance
Topic: [SOLVED] Port Forwarding On Legacy Nodes: Broken?
Replies: 6
Views: 4843

[SOLVED] Re: Port Forwarding On Legacy Nodes: Broken?

I can't telnet to it, but the port fwding rules are there: DNAT tcp -- 0.0.0.0/0 128.127.104.111 tcp dpt:45886 to:10.66.216.32:45886 DNAT udp -- 0.0.0.0/0 128.127.104.111 udp dpt:45886 to:10.66.216.32:45886 Are you sure you've got something listening on port 45886 on your system? It would need to be...
by df
Fri Oct 26, 2018 1:39 am
Forum: member support & tech assistance
Topic: New configuration files - my setup issues
Replies: 3
Views: 6030

Re: New configuration files - my setup issues

That was my bad. After the upgrade I completely forgot to update https://cryptostorm.is/whitelist , which is what cryptostorm.is/test and the thing on the main site uses. It was updated shortly after the upgrade though, so all the IPs are in there. Not sure where you're getting 2368 IPs though, mayb...
by df
Fri Oct 26, 2018 1:34 am
Forum: member support & tech assistance
Topic: [Exits] England Node Not Passing Any Traffic
Replies: 16
Views: 12602

Re: [Exits] England Node Not Passing Any Traffic

Ah, I see where I fucked up. Server-side, 5.101.149.6 is the legacy *nix instance and 5.101.149.7 is the legacy win/ecc instance, but in the DNS windows-england.* resolves to 5.101.149.6 and linux-england.* resolve to 5.101.149.7. So I accidentally switched the two. Just fixed that, so should be goo...
by df
Fri Oct 26, 2018 1:01 am
Forum: member support & tech assistance
Topic: Probs with new configs in Ubuntu
Replies: 28
Views: 15872

Re: Probs with new configs in Ubuntu

Error: failed to import 'Balancer_UDP.ovpn': configuration error: unsupported blob/xml element (line 120). That usually means you downloaded the HTML version of the config from Github and not the raw version. I.e., don't save the config from https://github.com/cryptostorm/cryptostorm_client_configu...
by df
Fri Oct 26, 2018 12:58 am
Forum: member support & tech assistance
Topic: [SOLVED] Port Forwarding On Legacy Nodes: Broken?
Replies: 6
Views: 4843

[SOLVED] Re: Port Forwarding On Legacy Nodes: Broken?

That's odd, they should still work. Only node that had port fwding broken is the new Hong Kong one because I forgot to put the port fwding scripts there :x Just uploaded/configured them though, so it should work there now. Can you connect to a node and let me know what node you're on, then enable po...
by df
Wed Oct 24, 2018 6:04 am
Forum: member support & tech assistance
Topic: What happened to the VOODOO Config Files + 'Master.zip' Download URL??
Replies: 1
Views: 4904

Re: What happened to the VOODOO Config Files + 'Master.zip' Download URL??

We did get rid of Voodoo simply because it was a hassle to maintain, and it was too expensive. The VPSes used were relatively cheap, but VPS bandwidth tends to be very expensive and/or limited. Back when we had an Iceland VPS, almost every month it would go over the limit, so we had to pay overage c...
by df
Thu Oct 18, 2018 6:01 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 216
Views: 905783

Re: widget v3

@Moonlght v3.32 should fix a DNS issue that happened whenever people had several network adapters with ambiguous names, or more than one TAP adapter, or a oddly named TAP adapter. It's possible that one of the last versions permanently changed your DNS settings even when the widget is closed, which ...
by df
Tue Oct 09, 2018 9:46 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 216
Views: 905783

Re: widget v3

@Moonlight See https://cryptostorm.is/new We've changed some things around, and got rid of the voodoo instances (for now). 3.30.0.217 includes all these changes though. I'd suggest trying to disable different things in the security tab to see if any of those are causing issues (the killswitch, dnscr...
by df
Tue Oct 09, 2018 1:44 am
Forum: member support & tech assistance
Topic: ECC port 5060?
Replies: 3
Views: 10849

Re: ECC port 5060?

The ECC instances and the new Ed25519 and Ed448 instances use ports 5060, 5061, and 5062. The reason for this was as parityboy said, the non-ECC instances are already using other ports. Only way for us to offer ECC on other ports would be to buy twice (or rather, 3 times) as many IP addresses as we ...
by df
Sat Sep 29, 2018 5:23 am
Forum: member support & tech assistance
Topic: [VyOS] VyOS Complains That ca.crt Is Invalid
Replies: 9
Views: 9852

Re: [VyOS] VyOS Complains That ca.crt Is Invalid

OpenVPN 2.3.4 is from 2014, but it does work with our RSA/standard instances (i.e., anything but ECC). I recently tested 2.3.2 and it works fine. But I'm confused about how your setup is supposed to work. With OpenVPN in client mode, the PKI only requires the CA certificate to be present client-side...
by df
Fri Sep 28, 2018 8:19 pm
Forum: general chat, suggestions, industry news
Topic: Come on guys, get your shit together
Replies: 10
Views: 17994

Re: Come on guys, get your shit together

@someguy All the servers are up and responding correctly: [root@onyx ~]# ./ping windows-balancer.cstorm.pw 443 UDP OpenVPN is UP on 212.129.1.241:443 and responded in 34 ms UDP OpenVPN is UP on 89.163.214.184:443 and responded in 14 ms UDP OpenVPN is UP on 108.62.5.174:443 and responded in 147 ms UD...
by df
Fri Aug 17, 2018 9:38 am
Forum: general chat, suggestions, industry news
Topic: Strange 'lifetime' VPN offers
Replies: 6
Views: 18067

Re: Strange 'lifetime' VPN offers

@DudeOfLondon There's nothing to worry about. The reason I started doing that cheap lifetime discount was mainly to apologize for not being able to provide a secondary card processor when Stripe arbitrarily suspended our account. The plan is to change the lifetime token price back to something highe...
by df
Mon Aug 13, 2018 4:34 pm
Forum: member support & tech assistance
Topic: Cryptostorm client can't connect to the darknet
Replies: 21
Views: 28645

Re: Cryptostorm client can't connect to the darknet

@Sakura I tested both on a normal browser while on a random US CS node, they both seem to be loading correctly. Could be that the second .onion didn't resolve once, so your browser or OS cached the NXDOMAIN (the DNS result you normally get from your DNS server for hostnames that don't exist). But wh...
by df
Tue Aug 07, 2018 6:48 am
Forum: member support & tech assistance
Topic: Cryptostorm client can't connect to the darknet
Replies: 21
Views: 28645

Re: Cryptostorm client can't connect to the darknet

@Sakura There were two servers that didn't have Tor running, which obviously is needed for the transparent .onion thing to work. I started Tor on both of them and checked .onion resolution, it should be good now. Also checked all the other DNS servers using the Perl script @ https://cryptostorm.is/c...
by df
Tue Aug 07, 2018 5:35 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 216
Views: 905783

Re: widget v3

@Sakura The CS widget uses a bundled DNScrypt-proxy to protect pre-connect DNS. If you'd prefer to use your own DNSCrypt setup, simply disable ours by going to Options -> Security and uncheck the "Enable DNSCrypt" box. If you'd like to use our DNSCrypt servers, https://raw.githubusercontent.com/cryp...
by df
Mon Aug 06, 2018 2:27 am
Forum: general chat, suggestions, industry news
Topic: Even if vpn doesn't log, what is preventing data centers from not logging?
Replies: 2
Views: 10431

Re: Even if vpn doesn't log, what is preventing data centers from not logging?

We try to choose data centers that are known to respect customer privacy, but without physical access to the data center we can't verify their claims (and even if they aren't logging, their upstream provider could be). That's why end to end encryption is important, even if you're using a VPN. If you...
by df
Sun Aug 05, 2018 11:49 am
Forum: member support & tech assistance
Topic: Cryptostorm client can't connect to the darknet
Replies: 21
Views: 28645

Re: Cryptostorm client can't connect to the darknet

Oh that's the problem. You're using port 64496. Ports 30000 and up are now reserved for our port forwarding feature. I guess I forgot to add something to the widget that forces the user to stay in ports 1-29999, I'll do that next widget build. So just tell the widget to use any other port that's 299...