Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
∞ take a peek at our legendary cryptostorm_is twitter feed if you're into that kind of thing ∞
Ξ we're rolling out voodoo network security across cryptostorm - big things happening, indeed! Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit GitHub Ξ

local firewalling w/ cryptostorm: discussion

A core mission of cryptostorm is ensuring consistent, reliable network security with minimal fuss & drama. From DNS-based services like our DeepDNS in-browser native .onion/.i2p site access, through grounbreaking research on IP6 leakblocking, & to firewall-based structures to enable "fail-closed" security, this is where we discuss & develop cryptostorm-style leakblock tech.
User avatar

Topic Author
marzametal
Posts: 504
Joined: Mon Aug 05, 2013 11:39 am

local firewalling w/ cryptostorm: discussion

Postby marzametal » Wed Jan 22, 2014 4:11 am

My modem/router has a firewall and is active. My software firewall is active when I connect to the darknet. Is this considered overkill? I remember a while ago I had issues connecting to the darknet with my software firewall remaining active. But the problem rectified itself, along with a response from CS_Ops saying that all VPN testing on server side is performed with no software firewall activated (Local Windows Firewalling).

Which would be better to disable? (if required/needed at all). I've managed to hit 1MB/s in recent days out of a maximum downstream of 1.8MB/s.

User avatar

cryptostorm_support
ForumHelper
Posts: 296
Joined: Sat Jan 26, 2013 4:31 am
Contact:

Re: cryptostorm: TCP-based fallback for firewalled local net

Postby cryptostorm_support » Fri Jan 24, 2014 6:15 pm

marzametal wrote:My modem/router has a firewall and is active. My software firewall is active when I connect to the darknet. Is this considered overkill? I remember a while ago I had issues connecting to the darknet with my software firewall remaining active. But the problem rectified itself, along with a response from CS_Ops saying that all VPN testing on server side is performed with no software firewall activated (Local Windows Firewalling).

Which would be better to disable? (if required/needed at all). I've managed to hit 1MB/s in recent days out of a maximum downstream of 1.8MB/s.


We've split this out to a separate thread, as it's a good issue and one that comes up quite a bit in conversations with network members.

Because client-side firewalling is so varied, it is very difficult to make accurate general comments regarding what is "correct" or not. Further, the many different types and configurations of local firewalls can - and not uncommonly do - block connections to cryptostorm, or cause serious performance lags once connected.

However, it is not our intent to make blanket "recommendations" such as turning off all client-side firewalling while connected to cryptostorm. Some of our tech team members advocate strongly for this position, and are encouraging us to implement baseline controls network-wide that obviate most of the need for client-side firewalling during cryptostorm sessions. Others on the team are equally adamant that cryptostorm isn't a substitute for local firewalling layers, and shouldn't be presented as such.

In summary, it's very much of an open question - and could benefit from member/community feedback and discussion!

    ~ cryptostorm_support
cryptostorm_support shared support team forum account
PLEASE DON'T SEND PRIVATE MESSAGES with support questions!
--> feel free to use any of our other contact channels, or post in the support forum
cryptostorm: structurally anonymous, token-based, unlimited ☂ bandwidth, opensource, darknet data security for everyone!
keybase.io validatorsonename.io validatorsPGP key @ MITnetwork statuscryptostorm github
support team bitmessage address: BM-2cTMH8K5JnjbfSALjZtSkRWCLfc3Tr8GBV
support team email: support@cryptostorm.is
live chat support: #cryptostorm

User avatar

Topic Author
marzametal
Posts: 504
Joined: Mon Aug 05, 2013 11:39 am

Re: local firewalling w/ cryptostorm: discussion

Postby marzametal » Sat Jan 25, 2014 3:24 am

Cheers :)

User avatar

parityboy
Site Admin
Posts: 1096
Joined: Wed Feb 05, 2014 3:47 am

Re: local firewalling w/ cryptostorm: discussion

Postby parityboy » Mon Feb 10, 2014 2:29 am

@OP

To add to this thread: I would advocate keeping a local firewall in place. I use Linux Mint 14 as opposed to Windows, but I know for a fact that even though KTorrent (KDE BitTorrent client) can be told to use this interface or that, it will fail-open to the clear Ethernet interface if the VPN tunnel drops. This happened a little too often on the old Cryptocloud network, so I set up a firewall to make sure that anything that was not for the local network would either go over the VPN or be dropped.

So far, the CS connection has been up continuously for about a week and hasn't dropped at all (well done to the CS team!! :D), but that's no reason to not have a firewall in place.

User avatar

acid1c
Posts: 49
Joined: Sat Aug 31, 2013 5:42 am

Re: local firewalling w/ cryptostorm: discussion

Postby acid1c » Mon Feb 10, 2014 8:34 am

I have not setup CS setup on my router yet; setup to not connect to anything except CS and no DNS except from CS. I plan on doing that once i obtain an openwrt router.

Once i have that setup i plan on having the openwrt firewall setup, as well as my software firewall setup on my linux machine, with ip blacklisting on for 4bil ips only allowing what i need when i need it.
Bitmessage me with Questions, Help, or ChitChat :) - BM-2cV5BzWc9P7vufQREE8Be4U64GBgRJ3GnT
" Those who do not move, do not notice their chains." -Rosa Luxemburg


Return to “DeepDNS.net - cryptostorm's no-compromise DNS resolver framework”

Who is online

Users browsing this forum: No registered users and 9 guests

cron

Login