Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit here or GitHub Ξ
Ξ If you're looking for tutorials/guides, check out the new https://cryptostorm.is/#section6 Ξ

Search found 341 matches

by df
Wed Mar 16, 2016 4:41 am
Forum: DeepDNS.net - cryptostorm's no-compromise DNS resolver framework
Topic: TrackerSmacker: adware/crapware-blocking done right
Replies: 67
Views: 100349

Re: TrackerSmacker: adware/crapware-blocking done right

https://newsletter.askleo.com/what-is-c ... weber-com/ - it sounds like an actual click tracker, but not one of the evil ones (the kind that do hidden/malicious tracking). So I'll add that too.
by df
Wed Mar 16, 2016 4:04 am
Forum: DeepDNS.net - cryptostorm's no-compromise DNS resolver framework
Topic: TrackerSmacker: adware/crapware-blocking done right
Replies: 67
Views: 100349

Re: TrackerSmacker: adware/crapware-blocking done right

dist.nuget.org canonical name = db16.wpc.azureedge.net. db16.wpc.azureedge.net canonical name = cs1.wpc.v0cdn.net. Name: cs1.wpc.v0cdn.net Address: 0.0.0.0 Looks like cs1.wpc.v0cdn.net is in the blacklist due to some trackyness (probably by something besides nuget.org). Added it to the whitelist, sh...
by df
Mon Feb 29, 2016 1:42 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: Can't connect to your favorite node? look here
Replies: 14
Views: 20168

Re: Can't connect to your favorite node? look here

Guest: I just removed the rules that caused the current snort alerts, a lot of them were clearly false positives (only 2 or 3 looked like legitimate attacks).

try apt-get now.
by df
Sat Feb 27, 2016 2:07 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 188
Views: 281818

Re: widget v3

The option worked fine in my widget tests, but I noticed that even when it's enabled win8.1 will still leak IPv6 DNS since there's really no way to turn that off without something like those .dll's (which I haven't tested yet).
by df
Fri Feb 26, 2016 11:51 pm
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 188
Views: 281818

Re: widget v3

from that github page - "Functionality of this plugin is integrated into OpenVPN 2.3.9, just use --block-outside-dns". v3 will use the latest OpenVPN and block-outside-dns :-P in my tests it seemed to be working, but i haven't yet tested v3 on win10. if it's still leaking, i'll throw that ...
by df
Fri Feb 05, 2016 12:11 pm
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: 宮本 Tokyo (Japan) exitnode cluster | anchor node = miyamoto 宮本
Replies: 37
Views: 48694

Re: 宮本 Tokyo (Japan) exitnode cluster | anchor node = miyamoto 宮本

@timusan I thought PJ posted somewhere here on the forum some time last year whenever the Japanese node went down. Guess not :/ The Japan node was purchased via OneProvider, who bought it from a DC in Japan (I forget which one). As with any other node, the DC receives DMCA (or whatever) notices, the...
by df
Fri Feb 05, 2016 11:53 am
Forum: cryptostorm reborn: voodoo networking, stormtokens, PostVPN exotic netsecurity
Topic: voodoo.network: topological & routing discussions
Replies: 9
Views: 9848

Re: voodoo.network: alpha token batch, official release

@privangle The lifetime token is called an "aleph". In this forum post PJ was calling the first voodoo tokens "alpha" as in "the first ones". Yea, that is confusing. Poor choice of terms I guess :-P Anywho, the only documentation on "voodoo" is what you find o...
by df
Fri Jan 29, 2016 11:48 pm
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 188
Views: 281818

Re: widget v3

Yea, windows only. I might port it to linux/mac when i'm done tho.
by df
Fri Jan 29, 2016 9:13 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 188
Views: 281818

widget v3

Just to ensure everyone that I (df) didn't fall off the face of the earth, I wanted to give everyone an update on what's coming in v3 of the widget. I wanted to be done with this version on the 1st of 2016, but I kept adding features and fixing new & old bugs etc. that I had to push the release ...
by df
Fri Nov 27, 2015 10:14 pm
Forum: member support & tech assistance
Topic: more open ports to help bypass simple firewalls
Replies: 8
Views: 22985

Re: more open ports to help bypass simple firewalls

mart-e: That's one of the many reasons CS doesn't allow that kind of port forwarding.
So no, CS isn't affected :-)
by df
Mon Nov 23, 2015 11:55 pm
Forum: cryptostorm reborn: voodoo networking, stormtokens, PostVPN exotic netsecurity
Topic: LOCKED: voodoo.network: alpha token batch
Replies: 27
Views: 155506

Re: voodoo.network: alpha token batch, official release

DudeOfLondon: At the moment the exit IP isn't chosen randomly. The current server list is @ https://github.com/cryptostorm/voodoo.network
by df
Fri Nov 06, 2015 2:09 pm
Forum: cryptofree: no-cost cryptostorm network access
Topic: cryptofree howto Ubuntu
Replies: 11
Views: 38856

Re: cryptofree howto Ubuntu

Also, IPv6 leaks have been reported in Linux while using Cryptofree. So a good idea would be to disable that by adding to /etc/sysctl.conf: net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1 net.ipv6.conf.lo.disable_ipv6 = 1 then running the command `sysctl -p`, or by using ip...
by df
Sun Oct 25, 2015 1:23 am
Forum: cryptostorm reborn: voodoo networking, stormtokens, PostVPN exotic netsecurity
Topic: LOCKED: voodoo.network: alpha token batch
Replies: 27
Views: 155506

Re: voodoo.network: alpha token batch, official release

The win .sa IP seems functional to me, but the linux one is acting up. Locally (on the VPS), I can reach the internet using the linux instance IP, but the internet can't reach it unless the connection was related to the outgoing reqeuest. Almost as if .gov.sa or the .sa VPS provider did: iptables -A...
by df
Sat Oct 17, 2015 5:42 am
Forum: cryptostorm reborn: voodoo networking, stormtokens, PostVPN exotic netsecurity
Topic: LOCKED: voodoo.network: alpha token batch
Replies: 27
Views: 155506

Re: voodoo.network: alpha token batch, official release

heh, I've got a hyperv (that's M$) one in Saudi Arabia now. It's @ 5.154.191.28 win, 5.154.191.29 raw if anyone is bored. Just keep in mind that this is a Saudi Arabia exit node, so stuff like porn sites etc. are blocked by the internet.gov.sa entity. I got it mainly just to see how easy it was to b...
by df
Sat Oct 10, 2015 9:04 am
Forum: cryptostorm reborn: voodoo networking, stormtokens, PostVPN exotic netsecurity
Topic: LOCKED: voodoo.network: alpha token batch
Replies: 27
Views: 155506

Re: voodoo.network: alpha token batch, official release

As far as I can tell, the exit VPS needs to be KVM because it requires the ip_gre kernel module. With OpenVZ (probably Xen too, haven't tested) you would need to be able to install the kernel module and setup the GRE tunnel interface on the host (or whatever it's called), which is not likely to happ...
by df
Fri Oct 09, 2015 5:03 am
Forum: cryptostorm reborn: voodoo networking, stormtokens, PostVPN exotic netsecurity
Topic: LOCKED: voodoo.network: alpha token batch
Replies: 27
Views: 155506

Re: voodoo.network: alpha token batch, official release

Not really, as it's easier for someone to just hop on tor after connecting to CS, if they want to. Also tor's way too slow. The production level voodoo nodes will be much faster than they currently are, so speeds will be better than tor :-)
by df
Wed Oct 07, 2015 11:25 pm
Forum: cryptostorm reborn: voodoo networking, stormtokens, PostVPN exotic netsecurity
Topic: LOCKED: voodoo.network: alpha token batch
Replies: 27
Views: 155506

Re: voodoo.network: alpha token batch, official release

The speeds are pretty awful at the moment, maybe even worse than tor. But I suspect that's mainly to do with the horrible speeds of the two test VPSes in Indonesia and Serbia and their distance (and lack of relation in uplinks/IXs to the core). Also because we haven't done much perf tuning yet at th...
by df
Tue Oct 06, 2015 7:46 pm
Forum: cryptostorm reborn: voodoo networking, stormtokens, PostVPN exotic netsecurity
Topic: voodoo.network: topological & routing discussions
Replies: 9
Views: 9848

Re: voodoo.network: alpha token batch, official release

Because of the way the GRE tunnel is setup, it allows the core to use the voodoo node's IP as the exit IP. Pretty sure it's a form of spoofing, but hey, it works :-P EDIT: It's similar to http://wiki.buyvm.net/doku.php/gre_tunnel, although that setup is designed to protect a server from DDoS by usin...
by df
Tue Oct 06, 2015 1:06 pm
Forum: cryptostorm reborn: voodoo networking, stormtokens, PostVPN exotic netsecurity
Topic: voodoo.network: topological & routing discussions
Replies: 9
Views: 9848

Re: voodoo.network: alpha token batch, official release

Still working on it, but it seems stable enough that we'll probably take it out of the testing phase soon. And FYI, the path is actually: User->Core->Voodoo->Core->Internet->Core->Voodoo->Core->User->Taco Bell. Okay maybe I made up that last one.. The whole point of this is to get users more exit IP...
by df
Wed Sep 09, 2015 11:54 pm
Forum: member support & tech assistance
Topic: Narwhal 2.22 windows resizing bug
Replies: 1
Views: 5489

Re: Narwhal 2.22 windows resizing bug

Ah, I vaguely remember there being a subversion of v2.22 that had that bug.
I fixed the bug, but didn't update the version number (cause I'm lazy :P).

Try uninstalling the widget then grabbing a fresh copy from https://cryptostorm.nu/setup.exe or wherever it is on the forum here.
by df
Fri Sep 04, 2015 4:04 pm
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: Good times w/ DMCA monkeys & katstorm.faith (et al.)
Replies: 8
Views: 269423

Re: Good times with DMCA monkeys & https://katstorm.party

No, that service was running on a different server that's now also dead and has since been replaced.
Also I forgot about that service..
Lemme throw it up somewhere else... aaand done.
by df
Fri Sep 04, 2015 1:03 pm
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: Good times w/ DMCA monkeys & katstorm.faith (et al.)
Replies: 8
Views: 269423

Good times w/ DMCA monkeys & katstorm.faith (et al.)

{direct link: cryptostorm.org/katandmouse + cryptostorm.org/katstorm } BLAH BLAH NEW UPDATED SUPER-UPDATE : So there's been quite a bit of back-and-forth, and we got a bit lazy about keeping this thread updated. Here's the tl;dr... 1. we currently have katstorm.faith working properly via a... cleve...
by df
Sat Aug 29, 2015 5:49 am
Forum: general chat, suggestions, industry news
Topic: Sorry for the disconnect ppl, you'll thank me later :-P
Replies: 10
Views: 14115

Re: Sorry for the disconnect ppl, you'll thank me later :-P

Yet Another Update: After talking with pj & graze, I was reminded that the mongo auth() "bug" is indeed a feature. It was a fix implemented by graze very early on when CS first started. The problem was that in the OpenVPN source, the file src/openvpn/misc.h uses the code: # define USER...
by df
Fri Aug 28, 2015 5:39 pm
Forum: general chat, suggestions, industry news
Topic: Sorry for the disconnect ppl, you'll thank me later :-P
Replies: 10
Views: 14115

Re: Sorry for the disconnect ppl, you'll thank me later :-P

Sorry for all the auth fails everyone. Also the IP cryptostorm.is was on was temporarily down due to some abuse complaint nonsense through LeaseWeb. cryptostorm.is is back up on the original IP, and the auth fails should be fixed now. Problem was that when adding the input validations to auth.sh, it...
by df
Fri Aug 28, 2015 10:13 am
Forum: general chat, suggestions, industry news
Topic: Sorry for the disconnect ppl, you'll thank me later :-P
Replies: 10
Views: 14115

Sorry for the disconnect ppl, you'll thank me later :-P

I was adding a small feature to the OpenVPN instances server-side, and I noticed a possible vulnerability in something near what I was editing, then ended up playing with it for the past couple of hours to see if it was really vulnerable... As some of you already know, server-side, our OpenVPN confi...
by df
Wed Aug 19, 2015 1:49 am
Forum: general chat, suggestions, industry news
Topic: IPMagnet f*** up
Replies: 2
Views: 7440

Re: IPMagnet f*** up

Yea that was me. I used a perl script that dynamically adds the GA code to all html/php responses, so I don't have to bother doing it manually. Source code for that perl script is now up @ https://cryptostorm.is/GA.txt and I just modified it so that it excludes the torrentip URL, so no more ads ther...
by df
Mon Aug 03, 2015 6:39 am
Forum: crypto, VPN & security news
Topic: [The Register] VPNs are so insecure you might as well wear a KICK ME sign
Replies: 7
Views: 14429

Re: [The Register] VPNs are so insecure you might as well wear a KICK ME sign

by parityboy » Sun Jul 05, 2015 5:16 am @marzametal Maybe. I think the tardiness in moving to IPv6 is rooted in commercial interest, Of course it is :-P There's been some innovations in IPv4 subnetting that make IPv6 not as necessary as it once was, but it's still a problem for public facing network...
by df
Sun Aug 02, 2015 10:34 pm
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: Forum instability of late
Replies: 4
Views: 11757

Re: Forum instability of late

We could put it in a jail/chroot, but the cPanel problems will continue.
Better to just move it off onto a proper VM.
by df
Sun Aug 02, 2015 9:10 pm
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: Forum instability of late
Replies: 4
Views: 11757

Forum instability of late

Just wanted to reassure everyone that the recent SQL errors some people have noticed on the forum is NOT an attack against the website. The error: Table ‘phpbb_sessions’ is marked as crashed and should be repaired Is caused by a change cPanel made to the MySQL database structure when we moved everyt...
by df
Thu Jul 09, 2015 2:54 pm
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: 宮本 Tokyo (Japan) exitnode cluster | anchor node = miyamoto 宮本
Replies: 37
Views: 48694

Re: 宮本 Tokyo (Japan) exitnode cluster | anchor node = miyamoto 宮本

Err, 124.35.151.85 is a DNS server (DeepDNS), not an exit node. When you connect to the Tokyo exit node, our OpenVPN server tells your OpenVPN client to use the DNS server 124.35.151.85. So if your system isn't using that DNS server, it might be a good idea to set it manually maybe via /etc/resolv.c...
by df
Thu Jul 09, 2015 2:18 pm
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: 宮本 Tokyo (Japan) exitnode cluster | anchor node = miyamoto 宮本
Replies: 37
Views: 48694

Re: 宮本 Tokyo (Japan) exitnode cluster | anchor node = miyamoto 宮本

Main reason to use the DeepDNS IP of the node you're on (for Tokyo, that would be 124.35.151.85) is that without it, you won't have transparent .i2p/.onion/.p2p/.bit/etc. access. Also, some OSes ignore the DeepDNS IP that gets pushed to the client from OpenVPN, which might cause DNS leaks. I haven't...
by df
Thu Jul 09, 2015 2:08 pm
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: 宮本 Tokyo (Japan) exitnode cluster | anchor node = miyamoto 宮本
Replies: 37
Views: 48694

Re: 宮本 Tokyo (Japan) exitnode cluster | anchor node = miyamoto 宮本

All fixed. firewalld was fighting with iptables on the Tokyo node. Killed/removed/disemboweled firewalld, so it's happy again.
by df
Thu Jun 11, 2015 11:55 pm
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: Redundancy in website, email, & IRC infrastructure (etc.)
Replies: 10
Views: 21023

Re: Iceland went down last night, back up now

We haven't noticed any problems with Montreal. Frankfurt's ISP hasn't mentioned any downtime in the links that control our VPN node, and they're pretty good at notifying all customers about every little hiccup going through the server (even for links that have nothing to do with our server). As for ...
by df
Thu Jun 04, 2015 3:20 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: Redundancy in website, email, & IRC infrastructure (etc.)
Replies: 10
Views: 21023

Redundancy in website, email, & IRC infrastructure (etc.)

[i]{merged several related threads into one, for ease of access ~admin}[/i] Our server in Iceland that hosts this forum and cryptostorm.is went down last night, as did the server hosting the Iceland exit node. The remote logs showed no sign of any intrusions or attempts, and after a lengthy email co...
by df
Thu Jun 04, 2015 3:01 am
Forum: member support & tech assistance
Topic: Getting connection timeout
Replies: 17
Views: 13562

Re: Getting connection timeout

You should try adding to your OpenVPN client config file: verb 8 log-append /var/log/openvpn.log (replace /var/log/openvpn.log with wherever you want your openvpn logs to go). And to other people here asking about older versions: It's true, cryptostorm will not work with older OpenVPN/OpenSSL versio...
by df
Wed May 20, 2015 12:04 pm
Forum: member support & tech assistance
Topic: more open ports to help bypass simple firewalls
Replies: 8
Views: 22985

Re: more open ports to help bypass simple firewalls

? Previous post says it works on all the nodes now, not just cryptofree.
by df
Sat May 16, 2015 6:21 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: Fermi's github -This is a git repository containing Cryptostorm related stuff.-
Replies: 7
Views: 17116

Re: Fermi's github -This is a git repository containing Cryptostorm related stuff.-

I'm probably wrong, but I think these lines will allow leaks: iptables -A INPUT -s 192.168.1.0/24 -j ACCEPT -m comment --comment "allow all local traffic" iptables -A OUTPUT -d 192.168.1.0/24 -j ACCEPT -m comment --comment "allow all local traffic" If your router's @ 192.168.1.1 ...
by df
Sat May 16, 2015 4:12 am
Forum: member support & tech assistance
Topic: Getting connection timeout
Replies: 17
Views: 13562

Re: Getting connection timeout

[root@mail dovecot]# host linux-london.cstorm.pw linux-london.cstorm.pw has address 130.180.201.117 works fer me. Also in the last log you posted I see: May 15 23:10:58 localhost nm-openvpn[11826]: AUTH: Received control message: AUTH_FAILED One thing I've noticed is that most OpenVPN versions have ...
by df
Wed May 06, 2015 6:03 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: Iceland went down this morning (it's up now)
Replies: 4
Views: 12400

Re: Iceland went down this morning (it's up now)

Cheese? I like cheese... But yea, deep dns IPs are public. You can use them for anything that's normal DNS. The main thing with those IPs is that if you're on CS, they will automagically translate .i2p and .onion transparently so for people on CS that means transparent .onion and .i2p access (along ...
by df
Wed May 06, 2015 5:59 am
Forum: member support & tech assistance
Topic: Poor d/l speed
Replies: 8
Views: 7085

Re: Poor d/l speed

Heh, yes, there's two Paris nodes. We've also got a secondary cryptofree one. It's operational now, we just can't add it to the DNS pools yet because we need to figure out a smart/good way to migrate the HAF DNS stuff to something better. We'd rather postpone for something secure than just throw som...
by df
Wed May 06, 2015 5:53 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: Linux/RAW IP reference chart
Replies: 13
Views: 23605

Re: Linux/RAW IP reference chart

I think the new thing is our list is always at github. If we (or I) forget to update something here on the forum, the most recent info is always on github.
by df
Fri Apr 10, 2015 3:57 am
Forum: member support & tech assistance
Topic: Poor d/l speed
Replies: 8
Views: 7085

Re: Poor d/l speed

Tealc: yea, sometimes we forget to run the initializing part of the cap feature, or we forget to restart the openvpn processes after applying the caps so existing users might not have been getting capped. The capping code (after creating the flow id part in the initializing script) is: tc filter add...
by df
Mon Apr 06, 2015 10:15 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: Iceland went down this morning (it's up now)
Replies: 4
Views: 12400

Re: Iceland went down this morning (it's up now)

Actually, all the other deep DNS IPs are public just like fenrir's. They're "pushed" yea, but you don't have to be on the VPN to use them. So any of these can also be used: 103.254.153.244 109.71.42.228 198.100.159.249 198.204.245.3 212.129.46.32 212.129.46.86 31.24.34.50 46.165.222.246 76...
by df
Sun Apr 05, 2015 7:28 pm
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: Iceland went down this morning (it's up now)
Replies: 4
Views: 12400

Iceland went down this morning (it's up now)

Iceland went down this morning due to a kernel panic in the kworker process.
We're still looking into the cause behind this crash, but as of now the system is back online and all services there are running normally.
by df
Fri Apr 03, 2015 12:52 am
Forum: member support & tech assistance
Topic: Two devices on the same VPN server are able to reach each other
Replies: 7
Views: 7375

Re: Two devices on the same VPN server are able to reach each other

I just replied to the reddit post about this. Here's a copy/paste: Turns out there's certain configurations that allow this behaviour, even though Cryptostorm doesn't use the 'client-to-client' configuration directive server-side. Possibly a bug in OpenVPN itself, we're not sure. To solve this, we a...
by df
Sat Mar 28, 2015 12:01 am
Forum: general chat, suggestions, industry news
Topic: webRTC browser IP leak fix via Windows Firewall
Replies: 27
Views: 79462

Re: webRTC browser IP leak fix via Windows Firewall

To zim: You're right, it is possible to use any port with a STUN server. Your best protection would be to use noscript to block all javascript, or use a local HTTP proxy like Proxomitron (or Privoxy) along with some scripting that removes any <script></script> blocks that contain the text stun: or t...
by df
Fri Mar 27, 2015 11:41 pm
Forum: member support & tech assistance
Topic: more open ports to help bypass simple firewalls
Replies: 8
Views: 22985

Re: more open ports to help bypass simple firewalls

Yea, it works on every node now (linux and windows instances).
by df
Fri Mar 27, 2015 8:57 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: hardware replacement (hard drive) in process: turing.cryptostorm.net
Replies: 2
Views: 11152

Re: hardware replacement (hard drive) in process: turing.cryptostorm.net

After an epic battle getting this thing back online, it finally is. This was one of those situations where everything that could go wrong, did. Started with the initial physical hard drive problems, then when that was replaced the network cable somehow got unplugged. After that got plugged back in, ...
by df
Tue Mar 24, 2015 8:15 pm
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: hardware replacement (hard drive) in process: turing.cryptostorm.net
Replies: 2
Views: 11152

hardware replacement (hard drive) in process: turing.cryptostorm.net

Just a heads up to everyone, turing is have physical hard drive issues at the moment: ata1.01: exception Emask 0x0 SAct 0x0 SErr 0x0 action 0x0 frozen ata1.01: failed command READ DMA EXT ata1.01: cmd 25/00:20:40:11:94/00:00:30:00:00/f0 tag 0 dma 16384 in res 40/00:01:00:00:00/00:00:00:00:00/10 Emas...
by df
Mon Mar 16, 2015 12:25 am
Forum: general chat, suggestions, industry news
Topic: [CS] No Mention Of I2P Access On Website
Replies: 9
Views: 11299

Re: [CS] No Mention Of I2P Access On Website

Yea, TransPort = tor. The whole concept we're doing is based on the great article/tutorial @ https://grepular.com/Transparent_Access_to_Tor_Hidden_Services . Our implementation is slightly different, but the basic idea is the same. There's also https://grepular.com/Transparent_Access_to_I2P_eepSites...
by df
Sat Mar 14, 2015 5:23 am
Forum: general chat, suggestions, industry news
Topic: [CS] No Mention Of I2P Access On Website
Replies: 9
Views: 11299

Re: [CS] No Mention Of I2P Access On Website

To parityboy: That's basically it. We use pdns-recursor in one part of deepdns so that all .onion requests resolve to the tor DNS server specified by the DNSPort config directive, and the VirtualAddrNetworkIPv4 directive uses 10.99.0.0/16 to resolve .onion's to IPs in that b-class. So when you're on...
by df
Sat Mar 14, 2015 5:09 am
Forum: general chat, suggestions, industry news
Topic: [CS] No Mention Of I2P Access On Website
Replies: 9
Views: 11299

Re: [CS] No Mention Of I2P Access On Website

i2p functionality is enabled on all the nodes, it's just that some of them was recently restarted and it does take a while for them to start working again for all eepsites.
by df
Thu Feb 26, 2015 6:37 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: Linux/RAW IP reference chart
Replies: 13
Views: 23605

Re: Linux/RAW IP reference chart

I just updated the list, replaced the old mishigami IP 167.88.9.27 with the new 198.204.245.2 one, and added the new singapore IP
by df
Thu Jan 15, 2015 6:02 pm
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: cryptostorm.is/goodies - handy cstorm tools & projects & goodies list
Replies: 10
Views: 87086

Re: a directory of useful cryptostorm resources (cryptostorm.is/goodies)

I just modified the original post. Fixed the poodlescan link (needed to replace https with http since that site is http only), and the cryptostorm.nu/webchat link (should be /chat).

Also, I added that OpenVPN pinger and a random password generator.
by df
Sun Jan 11, 2015 2:08 am
Forum: DeepDNS.net - cryptostorm's no-compromise DNS resolver framework
Topic: beta testing of new, in-house DNS resolvers | DNSchain
Replies: 33
Views: 35921

Re: beta testing of new, in-house DNS resolvers | DNSchain

The Google one makes sense though, the default DNS server was set to forward to 8.8.8.8 (Google's public DNS server) for normal DNS traffic.

It's since been changed to ccc.de's 213.73.91.35 though, so if you run the test again you should no longer see anything Google related in the results.
by df
Sun Jan 11, 2015 1:10 am
Forum: DeepDNS.net - cryptostorm's no-compromise DNS resolver framework
Topic: beta testing of new, in-house DNS resolvers | DNSchain
Replies: 33
Views: 35921

Re: beta testing of new, in-house DNS resolvers | DNSchain

Thing is, there's nothing in the configs that would cause or suggest that. When I tested it at grc.com (and when Pattern_Juggled tested it) we both saw the leaked IP as something that's in the b-class of the ccc.de public DNS server that's set in /etc/resolv.conf on the server running dnschain/dnsma...
by df
Sat Jan 10, 2015 1:23 pm
Forum: DeepDNS.net - cryptostorm's no-compromise DNS resolver framework
Topic: beta testing of new, in-house DNS resolvers | DNSchain
Replies: 33
Views: 35921

Re: beta testing of new, in-house DNS resolvers | DNSchain

Trying to figure out where those IPs are coming from in our setup. It's basically just dnsmasq + dnschain. dnsmasq.conf is: listen-address=74.121.182.147 listen-address=167.88.9.30 server=/bit/127.0.0.1#5333 server=/dns/127.0.0.1#5333 server=/eth/127.0.0.1#5333 server=/p2p/127.0.0.1#5333 and .dnscha...
by df
Sun Jan 04, 2015 10:06 pm
Forum: guides, HOWTOs & tutorials
Topic: HOWTO: Kali Linux distro | ONGOING
Replies: 11
Views: 18625

Re: HOWTO: Kali Linux distro | ONGOING

You're probably installing openvpn without specifying --prefix or the openssl version you want it to use, so the correct openvpn is probably in /usr/local/sbin/openvpn (which isn't in your $PATH environment variable). Try this (in /root/): wget --no-check-certificate https://www.openssl.org/source/o...
by df
Wed Dec 17, 2014 11:52 pm
Forum: member support & tech assistance
Topic: more open ports to help bypass simple firewalls
Replies: 8
Views: 22985

more open ports to help bypass simple firewalls

tldr; You can now use any UDP or TCP port to connect to Cryptofree Someone on twitter was asking for more ports to be opened up to help bypass a simple firewall. Instead of creating a new server-side openvpn instance for each port we wanted open, I thought it'd be better to use iptables to forward ...
by df
Mon Dec 08, 2014 4:30 am
Forum: cryptostorm reborn: voodoo networking, stormtokens, PostVPN exotic netsecurity
Topic: torstorm.org: how to use it, discussion, etc.
Replies: 20
Views: 31259

Re: cryptostorm <--> Tor HS/.onion = torstorm.org

Something = a LUA script that does the same thing as tor2web :-)

I forget the exact syntax for Apache, but in nginx it's a simple proxy_pass to get it to access the backend Tor2web server. Apache can do the same thing with a similar directive (google around for "apache reverse proxy").
by df
Mon Dec 08, 2014 2:44 am
Forum: cryptostorm reborn: voodoo networking, stormtokens, PostVPN exotic netsecurity
Topic: torstorm.org: how to use it, discussion, etc.
Replies: 20
Views: 31259

Re: cryptostorm <--> Tor HS/.onion = torstorm.org

We ditched the python Tor2web and went with something else that we can use alongside nginx for more flexibility & stability, and since I strongly suspect hardware problems on torstorm.org, I moved it to a free IP on emerald. Seems fine for the last 12 or so hours. Oh and doing it this way DOES c...
by df
Sat Dec 06, 2014 8:19 am
Forum: cryptostorm reborn: voodoo networking, stormtokens, PostVPN exotic netsecurity
Topic: torstorm.org: how to use it, discussion, etc.
Replies: 20
Views: 31259

Re: cryptostorm <--> Tor HS/.onion = torstorm.org

meh, I suck at filtering. It kinda half works right now, probably non-functional just on gzip encoded sites. But webmasters who want to support torstorm.org or tor2web.org or any other place using tor2web should stop using absolute URLs on their HS pages. That'll mean visitors using one of these tor...
by df
Sat Dec 06, 2014 6:32 am
Forum: cryptostorm reborn: voodoo networking, stormtokens, PostVPN exotic netsecurity
Topic: torstorm.org: how to use it, discussion, etc.
Replies: 20
Views: 31259

Re: cryptostorm <--> Tor HS/.onion = torstorm.org

Yea, the box is back up, went down (along with the IPMI) probably due to hardware issues. After much tweaking it seems functional right now, but while I'm in here, I'm gonna try to use nginx's sub_filter to have it where if a .onion page has any .onion links, it'll automagically replace them with .t...
by df
Mon Nov 03, 2014 12:24 pm
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: forum upgrade to 3.1.1
Replies: 1
Views: 5385

done

Bug is squashed. Forum upgrade complete. On a side note, and just to make everyone happy, I'd like to mention that we took our time upgrading to the latest version mostly because exploitation of all of the known vulnerabilities that were present in the other phpBB version we were using would have ha...
by df
Sat Nov 01, 2014 6:12 am
Forum: cryptofree: no-cost cryptostorm network access
Topic: cryptofree.me: kernel hardening via grsec & service excision
Replies: 2
Views: 26158

cryptofree.me: kernel hardening via grsec & service excision

{direct link: grsec.cryptostorm.org } Here's a status update on the alpha cryptofree server: [root@cf-i ~]# uname -a Linux cf-i 3.17.1-cryptostorm #1 SMP Sat Oct 25 10:15:40 CEST 2014 x86_64 x86_64 x86_64 GNU/Linux On this server, we're running a hardened kernel, most of which consists of the grsec...
by df
Sun Oct 26, 2014 7:58 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: "No logging" - doing it right, cryptostorm-style
Replies: 1
Views: 18400

"No logging" - doing it right, cryptostorm-style

{direct link: https://cryptostorm.org/logging/ } Just wanted to go into detail with our logging compared to how other VPN providers do it... Most VPN providers will claim not to log, even though they do. The few honest ones out there (I've only seen one admit to this) will explain that they can onl...
by df
Sat Oct 18, 2014 2:10 pm
Forum: member support & tech assistance
Topic: OpenWrt TLS problem
Replies: 14
Views: 9864

Re: OpenWrt TLS problem

Works fine on centos and ubuntu. Oh well, get back to getting openvpn/openssl compiling on there first, then worry about iptables :-P

As for me, I'm going to bed. Have fun!

Go to advanced search

Nothing to display.

Login