cryptostorm.is Chat Sitemap Github
Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
∞ take a peek at our legendary cryptostorm_is twitter feed if you're into that kind of thing ∞
Ξ we're rolling out voodoo network security across cryptostorm - big things happening, indeed! Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit GitHub Ξ
Ξ We've updated our CA certificate. All members need to be using the latest ones by Dec 22. See this page for more infoΞ

more open ports to help bypass simple firewalls

Looking for assistance with a cryptostorm connection issue? Post here & we'll help out. Also: if you're not sure where to post, do so here & we'll move things around as needed. Also: for quickest support, email our oddly calm & easygoing support reps at support@cryptostorm.is :)
Post Reply
User avatar

Topic Author
df
Site Admin
Posts: 310
Joined: Thu Jan 01, 1970 5:00 am

more open ports to help bypass simple firewalls

Postby df » Wed Dec 17, 2014 11:52 pm

tldr; You can now use any UDP or TCP port to connect to Cryptofree

Someone on twitter was asking for more ports to be opened up to help bypass a simple firewall.

Instead of creating a new server-side openvpn instance for each port we wanted open, I thought it'd be better to use iptables to forward all ports to the VPN port. So last night we setup the rules on the cryptofree server to test that out. Seems like it's working as expected. Now you can connect to it on any port (TCP or UDP, for both raw/linux and windows).

Keep in mind, the cryptofree server (windows-cryptofree1-a.cryptostorm.net and linux-cryptofree1-a.cryptostorm.net) is the only one that has this feature. After more testing, we'll eventually do the same on all the other nodes.

To connect to the UDP instance, all you need to change in your config file is the port. Any valid port (1-65534) will work, unless your ISP is firewalling that port. To connect to the TCP instance, you need to remove or comment out the "fragment" and the "explicit-exit-notify" config directives since those are only for UDP.

I did 5 or so test connects to random UDP and TCP ports on the windows instance and each connect seemed to work great, so I'm assuming the raw/linux one works fine too. If someone wants to test those out, feel free to, and please post back here letting me know if it was successful.
Top
User avatar

DesuStrike
ForumHelper
Posts: 345
Joined: Thu Oct 24, 2013 2:37 pm

Re: more open ports to help bypass simple firewalls

Postby DesuStrike » Thu Dec 18, 2014 4:58 pm

Even though I never tread on an environment that hostile it blocks even port 443 this certainly is one step towards VPN blocking circumvention. Even though a little one.
home is where the artillery hits
Top
User avatar

Pattern_Juggled
Posts: 1492
Joined: Sun Dec 16, 2012 6:34 am
Contact:
Contact Pattern_Juggled

cryptofree: "port striping" to evade firewall blocks

Postby Pattern_Juggled » Thu Jan 08, 2015 5:55 pm

Afaik (I'll confirm with df), this "port striping" feature is now available across all production cryptostorm exitnode clusters & nodes - not just cryptofree. I've been tasked with writing up a security & architectural guide to this new capability, which I will do my best to finish up timely.

Cheers,

    ~ pj
Top
User avatar

Topic Author
df
Site Admin
Posts: 310
Joined: Thu Jan 01, 1970 5:00 am

Re: more open ports to help bypass simple firewalls

Postby df » Fri Mar 27, 2015 11:41 pm

Yea, it works on every node now (linux and windows instances).
Top

010hnoor
Posts: 1
Joined: Sat May 16, 2015 9:40 am

Re: more open ports to help bypass simple firewalls

Postby 010hnoor » Sat May 16, 2015 9:51 am

Keep in mind, the cryptofree server (windows-cryptofree1-a.cryptostorm.net and linux-cryptofree1-a.cryptostorm.net) is the only one that has this feature. After more testing, we'll eventually do the same on all the other nodes.
Top
User avatar

Topic Author
df
Site Admin
Posts: 310
Joined: Thu Jan 01, 1970 5:00 am

Re: more open ports to help bypass simple firewalls

Postby df » Wed May 20, 2015 12:04 pm

? Previous post says it works on all the nodes now, not just cryptofree.
Top

mart-e
Posts: 18
Joined: Thu Jul 02, 2015 5:07 pm

Re: more open ports to help bypass simple firewalls

Postby mart-e » Fri Nov 27, 2015 12:51 pm

Hi,

Have you seen this vulnerability about port-fowarding leading to ip leaks?

IP leak affecting VPN providers with port forwarding

Could CS be affected by it?
Thanks
Top
User avatar

Topic Author
df
Site Admin
Posts: 310
Joined: Thu Jan 01, 1970 5:00 am

Re: more open ports to help bypass simple firewalls

Postby df » Fri Nov 27, 2015 10:14 pm

mart-e: That's one of the many reasons CS doesn't allow that kind of port forwarding.
So no, CS isn't affected :-)
Top

mart-e
Posts: 18
Joined: Thu Jul 02, 2015 5:07 pm

Re: more open ports to help bypass simple firewalls

Postby mart-e » Sat Nov 28, 2015 2:21 am

@df: great news!
Top
Post Reply

Return to “member support & tech assistance”

Who is online

Users browsing this forum: No registered users and 6 guests


Advanced search
  • You can post new topics in this forum
  • You can reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You can post attachments in this forum

Login