Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
∞ take a peek at our legendary cryptostorm_is twitter feed if you're into that kind of thing ∞
Ξ we're rolling out voodoo network security across cryptostorm - big things happening, indeed! Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit GitHub Ξ

cryptofree ovpn config works but no connection to ANY of the "paid" nodes no matter if via UDP or TCP (details inside)

Looking for assistance with a cryptostorm connection issue? Post here & we'll help out. Also: if you're not sure where to post, do so here & we'll move things around as needed. Also: for quickest support, email our oddly calm & easygoing support reps at support@cryptostorm.is :)

Topic Author
deadhand
Posts: 4
Joined: Sun Feb 21, 2016 10:18 pm

cryptofree ovpn config works but no connection to ANY of the "paid" nodes no matter if via UDP or TCP (details inside)

Postby deadhand » Sun Feb 21, 2016 10:32 pm

greetings and salutations!

atm I'm running linux mint cinnamon 17.1 on this box with openvpn 2.3.2 plus the "plugin" for gnome network manager.
as a first test I imported the ovpn config for cryptofree according to the user guide you thankfully supply somewhere on the forum. downloaded the config file (still: cryptofree) and ca2.crt, imported it via network manager GUI, connected and it all runs smooth. tested n confirmed with your ovpn pinger, all good. besides the fact its the capped free version.
I recently bought a network axx token with 3month validity so I went ahead with importing the ovpn config files for your different locations (st. petersburg, rome, chisinau...) provided on github. after importing I added my hashed token as user name and put some random crap as password/left pw field blank. used the ca2.crt here too. no matter if I try to set up a UDP or TCP connection to ANY of the locations in the supplied config files - including balancer config - I just dont get a connection. just plain nothing is what happens, no matter if via UDP or TCP.
I dont see where this error could originate from..there really aint no big difference in setting up a openvpn connection to cryptofree or one of the non-free locations concerning the actions you have to perform when using the gui. I searched the via GUI and in the config files themselves (with a text editor) for differences to the cryptofree config or obvious errors but besides different server addresses there aint a single thing different. LZO activated as well as MSS (TCP), custom gateway port is 443 every time and encryption is AES-256-cbc for all configs. I dont know where to start troubleshooting as to my mind the only source of error left could be the hashed token (?). but it was hashed properly for every attempt to set up a working connection in the network manager.
I was thinking about joining the cstorm network quite some months cuz I had to learn to take anything coming from vpn selling folks with a grain of salt, especially when it comes to claims about anonymity. but after a lot of reading and discovering your additional voodoo concept (big up!) I finally wanted to give your well-thought approach on vpn/network anonymity a go but end up dead n fucked now :|
any1 able to tell me at what point my stupidity caused/causes all the trouble? any guess concerning source of error? in general vpn connections (l2tp, pptp,ovpn) werent a problem on this box here. used nordvpn (pptp mostly, seldom l2tp), proxy.sh (ovpn) and mullvad (ovpn) without any hassle but could evade dealing with the whole "importing configs" issue in the last two cases cuz mullvad and proxy.sh each provided their own linux connection tool which essentially just connects via mile-long terminal commands while showing the user only an easy2use interface branded with their company's logo.
nuff rant for now. would really be happy if any1 could point me in a presumably right direction cuz using cstorm would've been the last crucial evolutionary step for me as privacy concerned user. especially after having discovered the shortcomings of many other vpn providers when it comes to keeping their users safe n secure.

keep on truckin!


Khariz
Posts: 162
Joined: Sun Jan 17, 2016 7:48 am

Re: cryptofree ovpn config works but no connection to ANY of the "paid" nodes no matter if via UDP or TCP (details insid

Postby Khariz » Mon Feb 22, 2016 8:56 am

Some simple things to check:

1. Do you own a token that isn't expired?

2. Did you hash your token?

3. Are you putting at least one character in for the password?


Topic Author
deadhand
Posts: 4
Joined: Sun Feb 21, 2016 10:18 pm

Re: cryptofree ovpn config works but no connection to ANY of the "paid" nodes no matter if via UDP or TCP (details insid

Postby deadhand » Mon Feb 22, 2016 7:41 pm

yes, token was hashed properly and password field wasnt left blank. when checking my token I got:
Authorized? - true
Still Active? - true
Token length - 90
Days since activated? - 0
Days left before expiration? - 90

how come it still displays zero days "since activated"? is there anything I'm required to do except buying and hashing a token? like mysteriously activating it? I bought it FEB 5th..
any help welcome :|


Khariz
Posts: 162
Joined: Sun Jan 17, 2016 7:48 am

Re: cryptofree ovpn config works but no connection to ANY of the "paid" nodes no matter if via UDP or TCP (details insid

Postby Khariz » Tue Feb 23, 2016 1:16 am

Just for giggles, try logging in with the unhashed token. I had a token once where I had to do that to get the clock running on it, and then it worked just fine after that. See if you can use the raw, unhashed token to log in, if you are comfortable with that. For whatever reason, that worked for me.


Topic Author
deadhand
Posts: 4
Joined: Sun Feb 21, 2016 10:18 pm

Re: cryptofree ovpn config works but no connection to ANY of the "paid" nodes no matter if via UDP or TCP (details insid

Postby deadhand » Wed Feb 24, 2016 7:18 pm

thx a hundred times khariz, that worked like a charm :)
you're the man!


Khariz
Posts: 162
Joined: Sun Jan 17, 2016 7:48 am

Re: cryptofree ovpn config works but no connection to ANY of the "paid" nodes no matter if via UDP or TCP (details insid

Postby Khariz » Wed Feb 24, 2016 9:45 pm

Awesome! Yeah, I have a token that doesn't work hashed too. I think some of the newer tokens, when purchased directly from CS seem "pre-hashed" or something.


bob

Re: cryptofree ovpn config works but no connection to ANY of the "paid" nodes no matter if via UDP or TCP (details insid

Postby bob » Thu Mar 03, 2016 9:11 am

Hmm... is it the usual practice to be given hashed tokens??

i thought this erodes the purpose authentication tokens are used over more traditional login method?

Ofc it is also trivial to bundle the hash routine with the connection client; if for example, the client detects the customer had input the actual token instead of the hashed form. <-- feature request as this way... nothing reaches the nodes unless it is a SHA512 hash output. And no side-channel leaks of auth tokens if computing the hash on a compromised site (javascript sha512).

free service feels pretty decent ! And looking forward to getting more tokens soon

bob

User avatar

parityboy
Site Admin
Posts: 1104
Joined: Wed Feb 05, 2014 3:47 am

Re: cryptofree ovpn config works but no connection to ANY of the "paid" nodes no matter if via UDP or TCP (details insid

Postby parityboy » Thu Mar 03, 2016 6:29 pm

@bob

You raise a good point. The tokens sent to users were never hashed, they were just a string of pure entropy rendered as text. The Windows widget was capable of calculating the SHA-512 hash of these tokens, and using that to authenticate with.

There was chatter a few months back about "voodoo tokens" - perhaps this was a step taken to make life a little easier for users of non-Windows devices?


Khariz
Posts: 162
Joined: Sun Jan 17, 2016 7:48 am

Re: cryptofree ovpn config works but no connection to ANY of the "paid" nodes no matter if via UDP or TCP (details insid

Postby Khariz » Thu Mar 03, 2016 11:58 pm

So, I think I was wrong. My tokens are not pre-hashed. But when you hash them, they don't work. I have to use the raw token for them to work. I think this other guy was experiencing the same issue. They couldn't be pre-hashed because the number of alphanumeric characters is too low. Maybe the built-in SHA512 hasher is broken. I'll try a 3rd party one, and see if that works.

Followup: Okay, so this is interesting. I used the Cryptostorm SHA512 hasher 3 times in a row. The first 2 hashes didn't work, but the 3rd one did. Maybe we just need to find a permutation that the servers will accept.

User avatar

parityboy
Site Admin
Posts: 1104
Joined: Wed Feb 05, 2014 3:47 am

Re: cryptofree ovpn config works but no connection to ANY of the "paid" nodes no matter if via UDP or TCP (details insid

Postby parityboy » Fri Mar 04, 2016 10:24 pm

@Khariz

If you're running a Linux/OSX/BSD variant (or have access to it) open a terminal and type

Code: Select all

echo -n <token goes here> | sha512sum


This will give you a valid token hash to compare against what other hashers do.


Topic Author
deadhand
Posts: 4
Joined: Sun Feb 21, 2016 10:18 pm

Re: cryptofree ovpn config works but no connection to ANY of the "paid" nodes no matter if via UDP or TCP (details insid

Postby deadhand » Fri Mar 11, 2016 4:56 am

just to make it clear:

I followed khariz advice and tried to connect with the unhashed token and after that with the hashed token like I tried before with no success.
the login attempt with the unhashed token seemed to "enable" my token as the clock finally started running on it which it didnt before (90days valid for weeks).
I now log in with the hashed token like cstorm users are supposed to and it works just fine.
just in case my last post created some confusion.

User avatar

df
Site Admin
Posts: 285
Joined: Thu Jan 01, 1970 5:00 am

Re: cryptofree ovpn config works but no connection to ANY of the "paid" nodes no matter if via UDP or TCP (details insid

Postby df » Mon Aug 22, 2016 12:59 am

@Everyone

FYI, the sha512 hash calc on the main website didn't remove spaces or tab characters, which sometimes would be included at the end of the plain token if copy/pasted from an email or webmail client.
The code's been updated to automatically remove it, but some non-printable chars still might be allowed in.
The best method is to use the `echo -n token|sha512sum` command mentioned above, that'll ignore space/tab/whatever.

As for connecting with a plain token, it is allowed but not recommended.
The widget will automatically hash the plaintext token before it leaves your system, but since we couldn't do that for people using OpenVPN GUI or directly at the terminal, we added server-side code that'll hash plaintext tokens if received.
It's somewhat less anonymous, but it's a lot more secure than no VPN access.

And for those having the issue of non-expiring tokens, the backend database has been migrated from mongo to mysql, and those issues have been fixed.
So everything should be stable for everyone now :-)

User avatar

privangle
Posts: 93
Joined: Thu Apr 25, 2013 5:57 am

Re: cryptofree ovpn config works but no connection to ANY of the "paid" nodes no matter if via UDP or TCP (details insid

Postby privangle » Sat Sep 03, 2016 6:22 am

Hi,

since one hour I experience the same propblem:

I was surfing with a "paid connection" as suddenly the traffic stopped. I tried to change the connection, but no one of the 10 pay-connections works.

Until one hour ago, everything worked fine, all nodes.

I have an aleph (lifetime) token which works fine since two or three years (I don't remember exactly). The free connection works, but no one of the "pay-connections" does. I didn't change anything on my system.

My system is a Linux with the newest updates, latest kernel etc.

What could that be?

Khariz wrote:Just for giggles, try logging in with the unhashed token

I tried that, without success.

Could that perhaps be a bug which makes that lifetime tokens "expire"?

Here is the verb 4 log, connection launched on console:

Code: Select all

openvpn --config swiss2.conf
Sat Sep  3 03:12:34 2016 us=933057 Current Parameter Settings:                                                 
Sat Sep  3 03:12:34 2016 us=933124   config = 'swiss2.conf'                                                   
Sat Sep  3 03:12:34 2016 us=933136   mode = 0                                                                 
Sat Sep  3 03:12:34 2016 us=933144 NOTE: --mute triggered...                                                   
Sat Sep  3 03:12:34 2016 us=933162 321 variation(s) on previous 3 message(s) suppressed by --mute             
Sat Sep  3 03:12:34 2016 us=933172 OpenVPN 2.3.2 x86_64-suse-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [eurephia] [MH] [IPv6] built on May 31 2013                                                                             
Sat Sep  3 03:12:34 2016 us=933621 LZO compression initialized                                                 
Sat Sep  3 03:12:34 2016 us=933701 Control Channel MTU parms [ L:1602 D:138 EF:38 EB:0 ET:0 EL:0 ]             
Sat Sep  3 03:12:34 2016 us=933756 Socket Buffers: R=[212992->131072] S=[212992->131072]                       
Sat Sep  3 03:12:35 2016 us=10077 Data Channel MTU parms [ L:1602 D:1400 EF:102 EB:135 ET:0 EL:0 AF:3/1 ]     
Sat Sep  3 03:12:35 2016 us=10126 Local Options String: 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-client'                                 
Sat Sep  3 03:12:35 2016 us=10138 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-server'                       
Sat Sep  3 03:12:35 2016 us=10163 Local Options hash (VER=V4): '9c102b00'
Sat Sep  3 03:12:35 2016 us=10177 Expected Remote Options hash (VER=V4): 'aaa173e3'
Sat Sep  3 03:12:35 2016 us=10196 UDPv4 link local: [undef]
Sat Sep  3 03:12:35 2016 us=10211 UDPv4 link remote: [AF_INET]185.60.147.79:443
Sat Sep  3 03:12:35 2016 us=55145 TLS: Initial packet from [AF_INET]185.60.147.79:443, sid=48c6a2d5 ede30653
Sat Sep  3 03:12:35 2016 us=55248 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sat Sep  3 03:12:35 2016 us=120808 VERIFY OK: depth=1, C=CA, ST=QC, L=Montreal, O=Katana Holdings Limite /  cryptostorm_darknet, OU=Tech Ops, CN=cryptostorm_is, emailAddress=certadmin@cryptostorm.is
Sat Sep  3 03:12:35 2016 us=121073 VERIFY OK: nsCertType=SERVER
Sat Sep  3 03:12:35 2016 us=121085 VERIFY OK: depth=0, C=CA, ST=QC, L=Montreal, O=Katana Holdings Limite /  cryptostorm_darknet, OU=Tech Ops, CN=server, emailAddress=certadmin@cryptostorm.is
Sat Sep  3 03:12:35 2016 us=444378 NOTE: --mute triggered...
Sat Sep  3 03:12:35 2016 us=444489 5 variation(s) on previous 3 message(s) suppressed by --mute
Sat Sep  3 03:12:35 2016 us=444500 [server] Peer Connection Initiated with [AF_INET]185.60.147.79:443
Sat Sep  3 03:12:37 2016 us=878541 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sat Sep  3 03:12:37 2016 us=921198 AUTH: Received control message: AUTH_FAILED
Sat Sep  3 03:12:37 2016 us=921240 SIGTERM received, sending exit notification to peer
Sat Sep  3 03:12:40 2016 us=355979 TCP/UDP: Closing socket
Sat Sep  3 03:12:40 2016 us=356050 SIGTERM[soft,exit-with-notification] received, process exiting

Thank you for reading.

User avatar

df
Site Admin
Posts: 285
Joined: Thu Jan 01, 1970 5:00 am

Re: cryptofree ovpn config works but no connection to ANY of the "paid" nodes no matter if via UDP or TCP (details insid

Postby df » Sat Sep 03, 2016 7:08 am

@privangle
try now. I was modding something in the auth script that was causing temporary auth fails for valid tokens.
should be all good now.

User avatar

privangle
Posts: 93
Joined: Thu Apr 25, 2013 5:57 am

Re: cryptofree ovpn config works but no connection to ANY of the "paid" nodes no matter if via UDP or TCP (details insid

Postby privangle » Sat Sep 03, 2016 11:12 am

hello df,

I tried now, it worked fine for some seconds and 5 nodes;
half a minute later it didn't work again.



Return to “member support & tech assistance”

Who is online

Users browsing this forum: Boorbun21, Luh0GKC and 32 guests

Login