Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
∞ take a peek at our legendary cryptostorm_is twitter feed if you're into that kind of thing ∞
Ξ we're rolling out voodoo network security across cryptostorm - big things happening, indeed! Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit GitHub Ξ

more open ports to help bypass simple firewalls

Looking for assistance with a cryptostorm connection issue? Post here & we'll help out. Also: if you're not sure where to post, do so here & we'll move things around as needed. Also: for quickest support, email our oddly calm & easygoing support reps at support@cryptostorm.is :)
User avatar

Topic Author
df
Site Admin
Posts: 283
Joined: Thu Jan 01, 1970 5:00 am

more open ports to help bypass simple firewalls

Postby df » Wed Dec 17, 2014 11:52 pm

tldr; You can now use any UDP or TCP port to connect to Cryptofree

Someone on twitter was asking for more ports to be opened up to help bypass a simple firewall.

Instead of creating a new server-side openvpn instance for each port we wanted open, I thought it'd be better to use iptables to forward all ports to the VPN port. So last night we setup the rules on the cryptofree server to test that out. Seems like it's working as expected. Now you can connect to it on any port (TCP or UDP, for both raw/linux and windows).

Keep in mind, the cryptofree server (windows-cryptofree1-a.cryptostorm.net and linux-cryptofree1-a.cryptostorm.net) is the only one that has this feature. After more testing, we'll eventually do the same on all the other nodes.

To connect to the UDP instance, all you need to change in your config file is the port. Any valid port (1-65534) will work, unless your ISP is firewalling that port. To connect to the TCP instance, you need to remove or comment out the "fragment" and the "explicit-exit-notify" config directives since those are only for UDP.

I did 5 or so test connects to random UDP and TCP ports on the windows instance and each connect seemed to work great, so I'm assuming the raw/linux one works fine too. If someone wants to test those out, feel free to, and please post back here letting me know if it was successful.

User avatar

DesuStrike
ForumHelper
Posts: 346
Joined: Thu Oct 24, 2013 2:37 pm

Re: more open ports to help bypass simple firewalls

Postby DesuStrike » Thu Dec 18, 2014 4:58 pm

Even though I never tread on an environment that hostile it blocks even port 443 this certainly is one step towards VPN blocking circumvention. Even though a little one.
home is where the artillery hits

User avatar

Pattern_Juggled
Posts: 1492
Joined: Sun Dec 16, 2012 6:34 am
Contact:

cryptofree: "port striping" to evade firewall blocks

Postby Pattern_Juggled » Thu Jan 08, 2015 5:55 pm

Afaik (I'll confirm with df), this "port striping" feature is now available across all production cryptostorm exitnode clusters & nodes - not just cryptofree. I've been tasked with writing up a security & architectural guide to this new capability, which I will do my best to finish up timely.

Cheers,

    ~ pj

User avatar

Topic Author
df
Site Admin
Posts: 283
Joined: Thu Jan 01, 1970 5:00 am

Re: more open ports to help bypass simple firewalls

Postby df » Fri Mar 27, 2015 11:41 pm

Yea, it works on every node now (linux and windows instances).


010hnoor
Posts: 1
Joined: Sat May 16, 2015 9:40 am

Re: more open ports to help bypass simple firewalls

Postby 010hnoor » Sat May 16, 2015 9:51 am

Keep in mind, the cryptofree server (windows-cryptofree1-a.cryptostorm.net and linux-cryptofree1-a.cryptostorm.net) is the only one that has this feature. After more testing, we'll eventually do the same on all the other nodes.

User avatar

Topic Author
df
Site Admin
Posts: 283
Joined: Thu Jan 01, 1970 5:00 am

Re: more open ports to help bypass simple firewalls

Postby df » Wed May 20, 2015 12:04 pm

? Previous post says it works on all the nodes now, not just cryptofree.


mart-e
Posts: 18
Joined: Thu Jul 02, 2015 5:07 pm

Re: more open ports to help bypass simple firewalls

Postby mart-e » Fri Nov 27, 2015 12:51 pm

Hi,

Have you seen this vulnerability about port-fowarding leading to ip leaks?

IP leak affecting VPN providers with port forwarding

Could CS be affected by it?
Thanks

User avatar

Topic Author
df
Site Admin
Posts: 283
Joined: Thu Jan 01, 1970 5:00 am

Re: more open ports to help bypass simple firewalls

Postby df » Fri Nov 27, 2015 10:14 pm

mart-e: That's one of the many reasons CS doesn't allow that kind of port forwarding.
So no, CS isn't affected :-)


mart-e
Posts: 18
Joined: Thu Jul 02, 2015 5:07 pm

Re: more open ports to help bypass simple firewalls

Postby mart-e » Sat Nov 28, 2015 2:21 am

@df: great news!


Return to “member support & tech assistance”

Who is online

Users browsing this forum: Baidu [Spider] and 15 guests

cron

Login