Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
∞ take a peek at our legendary cryptostorm_is twitter feed if you're into that kind of thing ∞
Ξ we're rolling out voodoo network security across cryptostorm - big things happening, indeed! Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit GitHub Ξ
Ξ We've updated our CA certificate. All members need to be using the latest ones by Dec 22. See this page for more infoΞ

HOWTO: manual editing of widget exitnode preferences

Looking for a bit more than customer support, and want to learn more about what cryptostorm is , what we've been announcing lately, and how the cryptostorm network makes the magic? This is a great place to start, so make yourself at home!
User avatar

Topic Author
Graze
Posts: 247
Joined: Mon Dec 17, 2012 2:37 am
Contact:

HOWTO: manual editing of widget exitnode preferences

Postby Graze » Tue Jan 07, 2014 5:36 pm

Manually changing your exitnode in the version 0.9 Windows network access widget is simple enough to be quite accessible, but has a few tricks to it that can be frustrating if you haven't already worked them out. Or, you can just read this guide and you'll know :-)

Basically, all you have to do is edit the config file and save it. Sounds easy, right?

But on Windows, there's a bit of an issue because you need to be an administrator to edit stuff that is deemed high risk, and fair enough, I guess, as your network config is high risk. No worries, all you need to learn is the "run as Administrator" thing. This of course assumes that you are an administrator on the box (and if you've been able to run the client previously, you are.)

So, do this:

1) Go to Windows Start menu (sorry Windows 8 folks, I dunno what the equiv is before v8.1) and type "notepad" in as below:
1.png



2) Right click on it and select the Run as Administrator
2.png



Yay. Actually, that's the hard part. Now, basically, it's just an issue with using notepad to open the vpn.conf file (which is typically here:
    C:\Program Files (x86)\Cryptostorm Client\bin\user
3.png


Once you open it, edit it, probably all you will want to change is the exitnode (i.e. "remote") line, here:
4.png


Be sure to save the file. If you have issues saving the file, try disconnecting from the VPN.

Restart the VPN, and you should be using your prefered exitnode.

That's it!

Thanks!

~ G
------------------------
My avatar is pretty much what I look like. ;) <-- ...actually true, says pj
WebMonkey, Foilhat, cstorm evangelnomitron.
Twitter: @grazestorm.
For any time sensitive help requests, best to email the fine bots in support@cryptostorm.is or via Bitmessage at BM-NBjJaLNBwWiwZeQF5BMLYqarawbgycwJ ;)

User avatar

DesuStrike
ForumHelper
Posts: 345
Joined: Thu Oct 24, 2013 2:37 pm

Re: Manually changing your exitnode in the Cryptostorm Clien

Postby DesuStrike » Tue Jan 07, 2014 5:58 pm

I see you hide your porn by renaming the file type to *.txt and thus pretending you just collect interesting literature named "cute bunnies chew on big carrots". The big file size obviously stems from the rich contents of such literature.
Clever! But real professionals in the field of fapping use the "Invisible" checkbox. This way even the NSA can't find your kinky stuff!

Also very nice guide.
home is where the artillery hits

User avatar

marzametal
Posts: 505
Joined: Mon Aug 05, 2013 11:39 am

Re: Manually changing your exitnode in the Cryptostorm Clien

Postby marzametal » Wed Jan 08, 2014 10:03 am

Nice!

EDIT: Mine was in "C:\Program Files (x86)\Cryptostorm Client\user"

EDIT: The network kept on rediscovering every couple of minutes. Even after discovery was complete, I had no active internet access (browser, email etc...). I followed the above instructions, making sure to Run as Administrator and logged off before making .conf adjustment.


cryptostorm_ops
ForumHelper
Posts: 104
Joined: Wed Jan 16, 2013 9:20 pm
Contact:

windows-{clusterID}.cryptostorm.net hostname mappings

Postby cryptostorm_ops » Wed Jan 08, 2014 4:50 pm

marzametal wrote:EDIT: The network kept on rediscovering every couple of minutes. Even after discovery was complete, I had no active internet access (browser, email etc...). I followed the above instructions, making sure to Run as Administrator and logged off before making .conf adjustment.


You've jumped ahead of our rollout of the new widget-specific server daemons, which is likely why you're getting those reconnects.

Throughout today, we'll be deploying descriptive hostname mappings to best reflect the OS specificity of chosen connections. For example, windows-iceland.cryptostorm.net is in process of mapping to the Windows widget-specific openvpn instance on our new cluster there. Those will be the hostnames you'll want to be putting into the widget's config file, to ensure it points at the daemons server-side with the widget-optimised server configuration settings.

If this all seems a bit fiddly right now, you're right: once all the requisite A records, SNAT, NIC, & iptables rules are settled & validated in production, the end result will be a far more elegant & complexity-free way of pointing specific client instances at exitnode cluster resources specifically optimised for their requirements. Basically, we're wrapping the (somewhat surprising) complexity of implementing all these customised, optimised server-side configuration instances behind an abstracted layer of encapsulating punchdowns. It's a bot of an object-oriented-inspired approach to resource management, and we are confident it'll be a qualitatively better & more elegant process for network members, first and foremost.

In the meantime, the hostnames that'll be widget-specific will be (although these are not fully propagated just yet!):

    windows-montreal.cryptostorm.net
    windows-frankfurt.cryptostorm.net
    windows-iceland.cryptostorm.net
    windows-dynamic.cryptostorm.net


...TLD redundancy, as in the raw config files (.org | .pw | .nu), is being deployed in the 1.0 widget.

Thank you,

~ cryptostorm_ops

User avatar

marzametal
Posts: 505
Joined: Mon Aug 05, 2013 11:39 am

Re: cryptostorm: manual editing of widget exitnode preferenc

Postby marzametal » Thu Jan 09, 2014 2:48 am

Cheers for pointing my blunder out Ops... I jumped on the forum and saw the Graze option, so went with it. My apologies!

User avatar

cryptostorm_team
ForumHelper
Posts: 159
Joined: Sat Mar 02, 2013 12:12 am

Re: cryptostorm: manual editing of widget exitnode preferenc

Postby cryptostorm_team » Mon Jan 13, 2014 4:25 pm

We now have the following Windows-specific remote options available and tested for use in the Widget (or other Windows clients):
    windows-montreal.{TLD option}
    windows-frankfurt.{TLD option}
    windows-iceland.{TLD option}

Additionally, for dynamic selection of exitnode cluster that randomly selects between existing clusters, we've created the following remote option:
    windows-dynamic.{TLD option}

Available TLD mappings - {TLD option} - for all of these selections are at present:
    cryptostorm.net
    cryptostorm.org
    cryptostorm.nu
    cstorm.pw

They can be used interchangeably. Thus, for example, windows-dynamic.cstorm.pw will be an option for dynamic selections.

Finally, to repeat, this entire process is being encapsulated in a pull-down menu in the 1.0 widget build - so if this all seems a bit complex and annoying, the 1.0 version eliminates the drama.

Thank you,

    ~ cryptostorm_team
cryptostorm_team - a shared, team-wide forum account (not a person)
PLEASE DON'T SEND PRIVATE MESSAGES to this account, as we can't guarantee quick replies!
--> feel free to use any of our other contact channels, or post in the support forum
cryptostorm: structurally anonymous, token-based, unlimited ☂ bandwidth, opensource, darknet data security for everyone!
keybase.io validatorsonename.io validatorsPGP key @ MITnetwork statuscryptostorm github
support team bitmessage address: BM-2cTMH8K5JnjbfSALjZtSkRWCLfc3Tr8GBV
support team email: support@cryptostorm.is
live chat support: #cryptostorm

User avatar

marzametal
Posts: 505
Joined: Mon Aug 05, 2013 11:39 am

Re: cryptostorm: manual editing of widget exitnode preferenc

Postby marzametal » Tue Jan 14, 2014 5:23 am

Awesome, I will swap over to the dynamic entry... thanks for everything fellas (and maybe ladies)... lol

User avatar

marzametal
Posts: 505
Joined: Mon Aug 05, 2013 11:39 am

Re: cryptostorm: manual editing of widget exitnode preferenc

Postby marzametal » Thu Jan 16, 2014 5:01 am

Some of the exit node preferences are broken again...

I had it originally set to "windows-dynamic.cstorm.pw" and it popped up with this error...
Thu Jan 16 10:54:06 2014 NOTE: debug verbosity (--verb 7) is enabled but this build lacks debug support.
Thu Jan 16 10:54:06 2014 us=279283 Current Parameter Settings:
Thu Jan 16 10:54:06 2014 us=279283 config = 'vpn.conf'
Thu Jan 16 10:54:06 2014 us=279283 mode = 0
Thu Jan 16 10:54:06 2014 us=279283 NOTE: --mute triggered...
Thu Jan 16 10:54:06 2014 us=279283 OpenVPN 2.3.2 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [IPv6] built on Jun 3 2013
Thu Jan 16 10:54:06 2014 us=794084 LZO compression initialized
Thu Jan 16 10:54:06 2014 us=794084 Control Channel MTU parms [ L:1606 D:138 EF:38 EB:0 ET:0 EL:0 ]
Thu Jan 16 10:54:06 2014 us=825284 Socket Buffers: R=[8192->8192] S=[8192->8192]
Thu Jan 16 10:54:14 2014 us=172897 RESOLVE: Cannot resolve host address: windows-dynamic.cstorm.pw: The requested name is valid, but no data of the requested type was found.

Then I tried "windows-iceland.cstorm.pw", and it popped up with the same error...
So I tried "windows-frankfurt.cstorm.pw" and it successfully connected with internet access...

User avatar

vpnDarknet
Posts: 129
Joined: Thu Feb 27, 2014 2:42 pm
Contact:

Re: HOWTO: manual editing of widget exitnode preferences

Postby vpnDarknet » Thu Apr 03, 2014 11:52 am

Hi guys,
What would you enter for the US exit nodes?
Buy your tokens via vpnDark.net and cryptostorm cannot and does not know anything about users - no link between a token & purchase details
Unofficial Wiki cryptostorm access guide
Ways to talk to me

User avatar

marzametal
Posts: 505
Joined: Mon Aug 05, 2013 11:39 am

Re: HOWTO: manual editing of widget exitnode preferences

Postby marzametal » Fri Apr 04, 2014 5:28 am

vpnDarknet wrote:Hi guys,
What would you enter for the US exit nodes?


Gday...

All the entry varieties for the USA exitnode are in the first post of this thread... UNSAE

User avatar

privangle
Posts: 97
Joined: Thu Apr 25, 2013 5:57 am

Re: HOWTO: manual editing of widget exitnode preferences

Postby privangle » Tue Jul 15, 2014 12:40 am

Hi there,

two weeks ago I installed the windows connection client (client.exe) and in this client there is a choice for an exit node in France. I connected and made a test with https://www.tracemyip.org/, indeed I was connected in France.

But I nowhere find the config file for France, strange. (?!?) I'd like to use the France exit node on a Linux computer.

Does someone knows where to find the config file for the exitnode in France or the adress of an exitnode in France ?
(Or is the existence of a france exitnode a misunderstanding on my part?)

(By the way, I'm not entirely satisfied with this client. Its GUI its well designed, but it keeps my processor on 80 to 90% activity, this is too much. I then tried the openVPN solution which is much more economic in processor use [10% - 15% or so].)

Thank you.

User avatar

parityboy
Site Admin
Posts: 1142
Joined: Wed Feb 05, 2014 3:47 am

Re: HOWTO: manual editing of widget exitnode preferences

Postby parityboy » Tue Jul 15, 2014 4:48 am

@privangle

Download one of the raw config files from here and alter the connection address to the one for "onyx" (FQDN is raw-onyx-1.cryptostorm.net) in the link in my sig. Bear in mind that onyx uses the post-Heartbleed certificates from this zip file.

User avatar

marzametal
Posts: 505
Joined: Mon Aug 05, 2013 11:39 am

Re: HOWTO: manual editing of widget exitnode preferences

Postby marzametal » Tue Jul 15, 2014 7:08 am

privangle wrote:(By the way, I'm not entirely satisfied with this client. Its GUI its well designed, but it keeps my processor on 80 to 90% activity, this is too much. I then tried the openVPN solution which is much more economic in processor use [10% - 15% or so].)

CPU Usage (never exceeded 16%) or CPU Frequency (never dropped below high 90%'s)?

User avatar

privangle
Posts: 97
Joined: Thu Apr 25, 2013 5:57 am

Re: HOWTO: manual editing of widget exitnode preferences

Postby privangle » Tue Jul 15, 2014 1:12 pm

Thank you parityboy, it works fine. :-)

Bear in mind that onyx uses the post-Heartbleed certificates from this zip file (ca2.crt)

Does this apply only for onyx/france or should we use the new certificate for all config files (Canada, Iceland, USA, Frankfurt) ?

P.S. Shouldn't the france config file be added to the other ones ? The france connection is actually "hidden" for linux users.

By then, for everybody: copy the following text in a text editor and save it as cryptostorm_client_raw-france.conf in your cryptostorm directory. You can import this config file into your KDE network manager. See here.

Code: Select all

# this is the cryptostorm.is client settings file, versioning...
# cryptostorm_client_raw-locked1_3.conf

# it is intended for randomised initial selection of geographic exitnode cluster...
# then retention of specific node IP across session restarts within that cluster
# current version of this file can always be found in http://conf.crytostorm.org
# also... FuckTheNSA - for reals


client
dev tun
resolv-retry 16
nobind
float

txqueuelen 486
# expanded packet queue plane, to improve throughput on high-capacity sessions

sndbuf size 1655368
rcvbuf size 1655368
# increase pre-ring packet buffering cache, to improve high-throughput session performance

remote-random
# randomizes selection of connection profile from list below, for redundancy against...
# DNS blacklisting-based session blocking attacks


<connection>
remote raw-onyx-1.cryptostorm.net 443 udp
</connection>

comp-lzo no
# specifies refusal of link-layer compression defaults
# we prefer compression be handled elsewhere in the OSI layers
# see forum for ongoing discussion - https://cryptostorm.org/viewtopic.php?f=38&t=5981

down-pre
# runs client-side "down" script prior to shutdown, to help minimise risk...
# of session termination packet leakage

allow-pull-fqdn
# allows client to pull DNS names from server
# we don't use but may in future leakblock integration

explicit-exit-notify 3
# attempts to notify exit node when client session is terminated
# strengthens MiTM protections for orphan sessions

hand-window 37
# specified duration (in seconds) to wait for the session handshake to complete
# a renegotiation taking longer than this has a problem, & should be aborted

mssfix 1400
# congruent with server-side --fragment directive

auth-user-pass
# passes up, via bootstrapped TLS, SHA512 hashed token value to authenticate to darknet

# auth-retry interact
# 'interact' is an experimental parameter not yet in our production build.

ca ca2.crt
# specification & location of server-verification PKI materials
# for details, see http://pki.cryptostorm.org

<ca>
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgIJAKekpGXxXvhbMA0GCSqGSIb3DQEBCwUAMIG6MQswCQYD
VQQGEwJDQTELMAkGA1UECBMCUUMxETAPBgNVBAcTCE1vbnRyZWFsMTYwNAYDVQQK
FC1LYXRhbmEgSG9sZGluZ3MgTGltaXRlIC8gIGNyeXB0b3N0b3JtX2RhcmtuZXQx
ETAPBgNVBAsTCFRlY2ggT3BzMRcwFQYDVQQDFA5jcnlwdG9zdG9ybV9pczEnMCUG
CSqGSIb3DQEJARYYY2VydGFkbWluQGNyeXB0b3N0b3JtLmlzMB4XDTE0MDQyNTE3
MTAxNVoXDTE3MTIyMjE3MTAxNVowgboxCzAJBgNVBAYTAkNBMQswCQYDVQQIEwJR
QzERMA8GA1UEBxMITW9udHJlYWwxNjA0BgNVBAoULUthdGFuYSBIb2xkaW5ncyBM
aW1pdGUgLyAgY3J5cHRvc3Rvcm1fZGFya25ldDERMA8GA1UECxMIVGVjaCBPcHMx
FzAVBgNVBAMUDmNyeXB0b3N0b3JtX2lzMScwJQYJKoZIhvcNAQkBFhhjZXJ0YWRt
aW5AY3J5cHRvc3Rvcm0uaXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDJaOSYIX/sm+4/OkCgyAPYB/VPjDo9YBc+zznKGxd1F8fAkeqcuPpGNCxMBLOu
mLsBdxLdR2sppK8cu9kYx6g+fBUQtShoOj84Q6+n6F4DqbjsHlLwUy0ulkeQWk1v
vKKkpBViGVFsZ5ODdZ6caJ2UY2C41OACTQdblCqaebsLQvp/VGKTWdh9UsGQ3LaS
Tcxt0PskqpGiWEUeOGG3mKE0KWyvxt6Ox9is9QbDXJOYdklQaPX9yUuII03Gj3xm
+vi6q2vzD5VymOeTMyky7Geatbd2U459Lwzu/g+8V6EQl8qvWrXESX/ZXZvNG8QA
cOXU4ktNBOoZtws6TzknpQF3AgMBAAGjggEjMIIBHzAdBgNVHQ4EFgQUOFjh918z
L4vR8x1q3vkp6npwUSUwge8GA1UdIwSB5zCB5IAUOFjh918zL4vR8x1q3vkp6npw
USWhgcCkgb0wgboxCzAJBgNVBAYTAkNBMQswCQYDVQQIEwJRQzERMA8GA1UEBxMI
TW9udHJlYWwxNjA0BgNVBAoULUthdGFuYSBIb2xkaW5ncyBMaW1pdGUgLyAgY3J5
cHRvc3Rvcm1fZGFya25ldDERMA8GA1UECxMIVGVjaCBPcHMxFzAVBgNVBAMUDmNy
eXB0b3N0b3JtX2lzMScwJQYJKoZIhvcNAQkBFhhjZXJ0YWRtaW5AY3J5cHRvc3Rv
cm0uaXOCCQCnpKRl8V74WzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IB
AQAK6B7AOEqbaYjXoyhXeWK1NjpcCLCuRcwhMSvf+gVfrcMsJ5ySTHg5iR1/LFay
IEGFsOFEpoNkY4H5UqLnBByzFp55nYwqJUmLqa/nfIc0vfiXL5rFZLao0npLrTr/
inF/hecIghLGVDeVcC24uIdgfMr3Z/EXSpUxvFLGE7ELlsnmpYBxm0rf7s9S9wtH
o6PjBpb9iurF7KxDjoXsIgHmYAEnI4+rrArQqn7ny4vgvXE1xfAkFPWR8Ty1ZlxZ
gEyypTkIWhphdHLSdifoOqo83snmCObHgyHG2zo4njXGExQhxS1ywPvZJRt7fhjn
X03mQP3ssBs2YRNR5hR5cMdC
-----END CERTIFICATE-----
</ca>

ns-cert-type server
# requires TLS-level confirmation of categorical state of server-side certificate for MiTM hardening.

auth SHA512
# data channel HMAC generation
# heavy processor load from this parameter, but the benefit is big gains in packet-level...
# integrity checks, & protection against packet injections / MiTM attack vectors

cipher AES-256-CBC
# data channel stream cipher methodology
# we are actively testing CBC alternatives & will deploy once well-tested...
# cipher libraries support our choice - AES-GCM is looking good currently

replay-window 128 30
# settings which determine when to throw out UDP datagrams that are out of order...
# either temporally or via sequence number

tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA
# implements 'perfect forward secrecy' via TLS 1.x & its ephemeral Diffie-Hellman...
# see our forum for extensive discussion of ECDHE v. DHE & tradeoffs wrt ECC curve choice
# http://ecc.cryptostorm.org

tls-client
key-method 2
# specification of entropy source to be used in initial generation of TLS keys as part of session bootstrap

log devnull.txt
verb 5
mute 1
# sets logging verbosity client-side, by default, to zero
# no logs kept locally of connections - this can be changed...
# if you'd like to see more details of connection initiation & negotiation


Return to “cryptostorm in-depth: announcements, how it works, what it is”

Who is online

Users browsing this forum: No registered users and 11 guests

Login