tldr; You can now use any UDP or TCP port to connect to Cryptofree
Someone on twitter was asking for more ports to be opened up to help bypass a simple firewall.
Instead of creating a new server-side openvpn instance for each port we wanted open, I thought it'd be better to use iptables to forward all ports to the VPN port. So last night we setup the rules on the cryptofree server to test that out. Seems like it's working as expected. Now you can connect to it on any port (TCP or UDP, for both raw/linux and windows).
Keep in mind, the cryptofree server (windows-cryptofree1-a.cryptostorm.net and linux-cryptofree1-a.cryptostorm.net) is the only one that has this feature. After more testing, we'll eventually do the same on all the other nodes.
To connect to the UDP instance, all you need to change in your config file is the port. Any valid port (1-65534) will work, unless your ISP is firewalling that port. To connect to the TCP instance, you need to remove or comment out the "fragment" and the "explicit-exit-notify" config directives since those are only for UDP.
I did 5 or so test connects to random UDP and TCP ports on the windows instance and each connect seemed to work great, so I'm assuming the raw/linux one works fine too. If someone wants to test those out, feel free to, and please post back here letting me know if it was successful.
Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit here or GitHub Ξ
Ξ If you're looking for tutorials/guides, check out the new https://cryptostorm.is/#section6 Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit here or GitHub Ξ
Ξ If you're looking for tutorials/guides, check out the new https://cryptostorm.is/#section6 Ξ
more open ports to help bypass simple firewalls
-
DesuStrike
- ForumHelper
- Posts: 345
- Joined: Thu Oct 24, 2013 2:37 pm
Re: more open ports to help bypass simple firewalls
Even though I never tread on an environment that hostile it blocks even port 443 this certainly is one step towards VPN blocking circumvention. Even though a little one.
home is where the artillery hits
-
Pattern_Juggled
- Posts: 1492
- Joined: Sun Dec 16, 2012 6:34 am
- Contact:
cryptofree: "port striping" to evade firewall blocks
Afaik (I'll confirm with df), this "port striping" feature is now available across all production cryptostorm exitnode clusters & nodes - not just cryptofree. I've been tasked with writing up a security & architectural guide to this new capability, which I will do my best to finish up timely.
Cheers,
Cheers,
- ~ pj
Re: more open ports to help bypass simple firewalls
Yea, it works on every node now (linux and windows instances).
Re: more open ports to help bypass simple firewalls
Keep in mind, the cryptofree server (windows-cryptofree1-a.cryptostorm.net and linux-cryptofree1-a.cryptostorm.net) is the only one that has this feature. After more testing, we'll eventually do the same on all the other nodes.
Re: more open ports to help bypass simple firewalls
? Previous post says it works on all the nodes now, not just cryptofree.
Re: more open ports to help bypass simple firewalls
Hi,
Have you seen this vulnerability about port-fowarding leading to ip leaks?
IP leak affecting VPN providers with port forwarding
Could CS be affected by it?
Thanks
Have you seen this vulnerability about port-fowarding leading to ip leaks?
IP leak affecting VPN providers with port forwarding
Could CS be affected by it?
Thanks
Re: more open ports to help bypass simple firewalls
mart-e: That's one of the many reasons CS doesn't allow that kind of port forwarding.
So no, CS isn't affected :-)
So no, CS isn't affected :-)
Re: more open ports to help bypass simple firewalls
@df: great news!
Return to “member support & tech assistance”
Who is online
Users browsing this forum: No registered users and 11 guests