Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
∞ take a peek at our legendary cryptostorm_is twitter feed if you're into that kind of thing ∞
Ξ we're rolling out voodoo network security across cryptostorm - big things happening, indeed! Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit GitHub Ξ

cryptofree conf's - alpha 1.4 for linux

cryptofree: full-bore cryptostorm protection... for free! Capped to 1 megabit down / 500kb up, it's a great way to use cryptostorm in a pinch. Play nice & be safe, ok?
User avatar

Topic Author
cryptostorm_team
ForumHelper
Posts: 159
Joined: Sat Mar 02, 2013 12:12 am

cryptofree conf's - alpha 1.4 for linux

Postby cryptostorm_team » Wed Nov 05, 2014 9:07 am

EDIT from df:
The latest configs are now at https://github.com/cryptostorm/cryptost ... tion_files
To make it easier for people, I've updated the attachments of this post to include the cryptofree configs from the GitHub repo above.

note: folks using Tunnelblick for the Mac/OSX will want to ensure they don't include the --log directives that are found in these default/Linux configuration files; we've a separate dedicated thread offering excellent information on connecting to cryptostorm with Tunnelblick, and all the data in that thread work for cryptofree just fine! Our thanks to @nickoutprintln for catching this & letting us know. :thumbup:


Here are the beta testing configuration settings for folks to use with the cryptofree service. A few notes:

    1. Take a look at the pre-launch development thread if you're curious about the backstory and technical architecture of cryptofree.

    2. The OpenVPN configuration files ("config") attached to this post will enable connections from Linux and Mac/OSX computers; with a bit of fiddling it'll work for Android, Unix, and most other platforms as well.

    3. Yes, there's a Windows version of cryptofree - based around our client widget - to be released for beta testing shortly. We released the Linux/Mac side first in order to get early community feedback and guidance; no offence intended to our Windows friends!

    4. Cryptofree's private networking service is identical to full cryptostorm service in all regards - cryptographic suites deployed, server-side configuration, source code edits, logging disablement, and so on - with only one exception: connection speeds per-session are capped at 256kb downstream & 128kb upstream.

    5. Finally, when your client asks you for username/password during the network connection process, you can provide any value... so long as it's not a null character, i.e. nothing at all. Type "foo" or "blah" or whatever makes you happy - just don't type nothing ("nothing" is fine, however ;- ). This is a funky thing with OpenVPN itself, & we'll figure a clever workaround for the full production launch of cryptofree, but for now anything but [null] is a-ok.

Otherwise, please do share your experiences, feedback, and critique of the service so that we can learn and improve over time!

Thanks,

    ~ cryptostorm_team
Attachments
cryptofree_windows-udp.ovpn
(2.58 KiB) Downloaded 96 times
cryptofree_windows-tcp.ovpn
(2.55 KiB) Downloaded 100 times
cryptofree_linux-udp.ovpn
(2.33 KiB) Downloaded 141 times
cryptofree_linux-tcp.ovpn
(2.29 KiB) Downloaded 156 times
cryptofree_android-udp.ovpn
(2.31 KiB) Downloaded 144 times
cryptofree_android-tcp.ovpn
(2.28 KiB) Downloaded 103 times

User avatar

cryptostorm_admin
ForumHelper
Posts: 74
Joined: Tue Jan 01, 2013 5:43 pm
Contact:

raw text

Postby cryptostorm_admin » Wed Nov 05, 2014 9:10 am

Here's the fulltext of the conf, to make public review more efficient:

<EDIT>
Don't use any configs posted on the forum, they're rarely ever updated here.
Always use https://github.com/cryptostorm/cryptost ... tion_files
</EDIT>

User avatar

vpnDarknet
Posts: 129
Joined: Thu Feb 27, 2014 2:42 pm
Contact:

Re: cryptofree conf's - alpha 1.4 for linux

Postby vpnDarknet » Thu Nov 06, 2014 1:04 pm

Great philanthropy, this could change the industry :)

I guess more users per node, turns up the anonymous factor for all?

Are you handing out a generic password to Beta testers for this conf, or would a hashed token allow access?
Buy your tokens via vpnDark.net and cryptostorm cannot and does not know anything about users - no link between a token & purchase details
Unofficial Wiki cryptostorm access guide
Ways to talk to me


Lignus
Posts: 33
Joined: Sat Nov 02, 2013 1:26 am

Re: cryptofree conf's - alpha 1.4 for linux

Postby Lignus » Sat Nov 08, 2014 4:02 pm

vpnDarknet wrote:Are you handing out a generic password to Beta testers for this conf, or would a hashed token allow access?


It is pretty much like token access as it exists with the exception that it will accept any value(other than NULL) as a valid token. You can use your existing token without issue and it will work, just at cryptofree speeds.


mrdude
Posts: 1
Joined: Sat Nov 08, 2014 6:09 pm

Re: cryptofree conf's - alpha 1.4 for linux

Postby mrdude » Sat Nov 08, 2014 6:20 pm

Hello,

I tried to test your cryptofree access on Max OSX with Tunnelblick, but haven't been successful in connecting. The log says the following:

Options error: --txqueuelen not supported on this OS

Could you let me know what I have done wrong? Do I need to edit the conf file to suit my system?

Thanks in advance!

mrdude

User avatar

Fermi
Site Admin
Posts: 218
Joined: Tue Jun 17, 2014 11:42 am

Re: cryptofree conf's - alpha 1.4 for linux

Postby Fermi » Sat Nov 08, 2014 7:22 pm

mrdude,

Please open conf file and delete the line: txqueuelen 686

If there's an issue with logging: devnull, please follow the following thread:
viewtopic.php?f=32&t=6108&p=8740&hilit=tunnelblick+log#p8740

Regards,

/Fermi


Guest

Re: cryptofree conf's - alpha 1.4 for linux

Postby Guest » Sun Nov 09, 2014 6:07 am

Hello Fermi,

Thanks for the quick help! Your instruction solved the problem instantly. I'm connecting from China and so far am seeing very satisfactory speed and responsiveness.

Sorry if this is the wrong place to post this, but do you plan to add to your access plans (whether paid or free) any nodes in Asia (such as Japan, Korea, Hongkong)?

mrdude


Lignus
Posts: 33
Joined: Sat Nov 02, 2013 1:26 am

Re: cryptofree conf's - alpha 1.4 for linux

Postby Lignus » Sun Nov 09, 2014 7:07 pm

cryptostorm_team wrote:connection speeds per-session are capped at 256kb downstream & 128kb upstream.


This part is not working. I'm mostly limited to 1.5-2Mbps, but I'm seeing spikes up to 5-9Mbps(10/1 connection).

Code: Select all

IP_ADDRESS   TEST_DATE   TIME_ZONE   DOWNLOAD_MEGABITS   UPLOAD_MEGABITS   LATENCY_MS   SERVER_NAME
212.129.34.154   11/9/2014 3:37 AM   GMT   1.72   0.67   173   Paris
212.129.34.154   11/9/2014 6:00 AM   GMT   3.06   0.68   174   Paris
212.129.34.154   11/9/2014 6:01 AM   GMT   9.28   0.66   172   Paris
212.129.34.154   11/9/2014 6:02 AM   GMT   6.6   0.61   170   Paris
212.129.34.154   11/9/2014 1:59 PM   GMT   1.75   0.69   184   Gravelines
212.129.34.154   11/9/2014 2:00 PM   GMT   1.79   0.53   182   Gravelines
212.129.34.154   11/9/2014 2:01 PM   GMT   1.79   0.67   176   Paris
212.129.34.154   11/9/2014 2:03 PM   GMT   1.81   0.73   178   Paris

User avatar

cryptostorm_support
ForumHelper
Posts: 296
Joined: Sat Jan 26, 2013 4:31 am
Contact:

Re: cryptofree conf's - alpha 1.4 for linux

Postby cryptostorm_support » Sun Nov 09, 2014 8:00 pm

What tool are you using to test with, Lignus? Many people use speedtest.net, but they were consistently mis-reporting speeds, both upload and download during testing. While we were still fine-tuning the bandwidth caps, actual downloads were kept just above 56k levels, but speedtest.net was reporting speeds anywhere from 1 Mbps to over 130Mbps
cryptostorm_support shared support team forum account
PLEASE DON'T SEND PRIVATE MESSAGES with support questions!
--> feel free to use any of our other contact channels, or post in the support forum
cryptostorm: structurally anonymous, token-based, unlimited ☂ bandwidth, opensource, darknet data security for everyone!
keybase.io validatorsonename.io validatorsPGP key @ MITnetwork statuscryptostorm github
support team bitmessage address: BM-2cTMH8K5JnjbfSALjZtSkRWCLfc3Tr8GBV
support team email: support@cryptostorm.is
live chat support: #cryptostorm

User avatar

cryptostorm_support
ForumHelper
Posts: 296
Joined: Sat Jan 26, 2013 4:31 am
Contact:

Re: cryptofree conf's - alpha 1.4 for linux

Postby cryptostorm_support » Sun Nov 09, 2014 8:07 pm

Guest wrote:Hello Fermi,
Sorry if this is the wrong place to post this, but do you plan to add to your access plans (whether paid or free) any nodes in Asia (such as Japan, Korea, Hongkong)?



An Asian node is something we've been looking at for a decent while now, and it's something we want to (and will) do. I'm not sure the current state of that effort, as it got put on hold while we were attending to cryptofree and getting our Portugal node running as it should (still ongoing as of now).

An Asian node will be coming though, and until we've decided definitively on a geographical location, we're always gladly accepting suggestions and insight.
cryptostorm_support shared support team forum account
PLEASE DON'T SEND PRIVATE MESSAGES with support questions!
--> feel free to use any of our other contact channels, or post in the support forum
cryptostorm: structurally anonymous, token-based, unlimited ☂ bandwidth, opensource, darknet data security for everyone!
keybase.io validatorsonename.io validatorsPGP key @ MITnetwork statuscryptostorm github
support team bitmessage address: BM-2cTMH8K5JnjbfSALjZtSkRWCLfc3Tr8GBV
support team email: support@cryptostorm.is
live chat support: #cryptostorm

User avatar

Fermi
Site Admin
Posts: 218
Joined: Tue Jun 17, 2014 11:42 am

Re: cryptofree conf's - alpha 1.4 for linux

Postby Fermi » Sun Nov 09, 2014 10:54 pm

I did some tests using a public site hosting iperf (located in France).
Results are:

Without Cryptofree connection:
------------------------------------------------------------
Client connecting to test-debit.free.fr, TCP port 5001
TCP window size: 22.9 KByte (default)
------------------------------------------------------------
[ 3] local 192.168.1.204 port 52187 connected with 212.27.42.153 port 5001
[ ID] Interval Transfer Bandwidth
[ 3] 0.0-10.2 sec 11.5 MBytes 9.42 Mbits/sec

With Cryptofree connection:

[root@localhost ~]# iperf -c test-debit.free.fr
------------------------------------------------------------
Client connecting to test-debit.free.fr, TCP port 5001
TCP window size: 20.9 KByte (default)
------------------------------------------------------------
[ 3] local 10.55.0.2 port 59714 connected with 212.27.42.153 port 5001
[ ID] Interval Transfer Bandwidth
[ 3] 0.0-11.5 sec 1.38 MBytes 1.01 Mbits/sec
[root@localhost ~]# iperf -c test-debit.free.fr
------------------------------------------------------------
Client connecting to test-debit.free.fr, TCP port 5001
TCP window size: 20.9 KByte (default)
------------------------------------------------------------
[ 3] local 10.55.0.2 port 59715 connected with 212.27.42.153 port 5001
[ ID] Interval Transfer Bandwidth
[ 3] 0.0-12.1 sec 1.38 MBytes 955 Kbits/sec
[root@localhost ~]# iperf -c test-debit.free.fr
------------------------------------------------------------
Client connecting to test-debit.free.fr, TCP port 5001
TCP window size: 20.9 KByte (default)
------------------------------------------------------------
[ 3] local 10.55.0.2 port 59761 connected with 212.27.42.153 port 5001
[ ID] Interval Transfer Bandwidth
[ 3] 0.0-12.1 sec 1.38 MBytes 954 Kbits/sec
[root@localhost ~]# iperf -c test-debit.free.fr
------------------------------------------------------------
Client connecting to test-debit.free.fr, TCP port 5001
TCP window size: 20.9 KByte (default)
------------------------------------------------------------
[ 3] local 10.55.0.2 port 60194 connected with 212.27.42.153 port 5001
[ ID] Interval Transfer Bandwidth
[ 3] 0.0-12.1 sec 1.38 MBytes 955 Kbits/sec
[root@localhost ~]# iperf -c test-debit.free.fr
------------------------------------------------------------
Client connecting to test-debit.free.fr, TCP port 5001
TCP window size: 20.9 KByte (default)
------------------------------------------------------------
[ 3] local 10.55.0.2 port 60195 connected with 212.27.42.153 port 5001
[ ID] Interval Transfer Bandwidth
[ 3] 0.0-12.1 sec 1.38 MBytes 953 Kbits/sec

Results seem stable, but not according to: 256kb downstream & 128kb upstream.

Regards,

/Fermi

User avatar

cryptostorm_support
ForumHelper
Posts: 296
Joined: Sat Jan 26, 2013 4:31 am
Contact:

Re: cryptofree conf's - alpha 1.4 for linux

Postby cryptostorm_support » Mon Nov 10, 2014 12:37 am

Definitely something funny going on there. I ran the same test you did and got similar results to those that you saw, but when I monitor the throughput indicated by tunnelblick I'm only seeing uploads of ~130 KB/s
Screen Shot 2014-11-09 at 2.33.22 PM.png
Up/download observed with iperf command
Screen Shot 2014-11-09 at 2.33.22 PM.png (20.34 KiB) Viewed 25055 times


Whereas if I run the same curl command used during testing, (curl -o/dev/null http://proof.ovh.net/files/100Mb.dat) my downloads average 243, both very close to the caps we have in place, but in KB/s. That would give a connection close to 2 Mbps, which is obviously tuned too high. I have a feeling that it's just a simple mixup of Kb and KB.

Screen Shot 2014-11-09 at 2.36.21 PM.png
Up/download observed with curl command
Screen Shot 2014-11-09 at 2.36.21 PM.png (20.13 KiB) Viewed 25055 times


EDIT: I've sent some of this information off for review, and if it's what I think it is, it should be a simple fix
cryptostorm_support shared support team forum account
PLEASE DON'T SEND PRIVATE MESSAGES with support questions!
--> feel free to use any of our other contact channels, or post in the support forum
cryptostorm: structurally anonymous, token-based, unlimited ☂ bandwidth, opensource, darknet data security for everyone!
keybase.io validatorsonename.io validatorsPGP key @ MITnetwork statuscryptostorm github
support team bitmessage address: BM-2cTMH8K5JnjbfSALjZtSkRWCLfc3Tr8GBV
support team email: support@cryptostorm.is
live chat support: #cryptostorm


Lignus
Posts: 33
Joined: Sat Nov 02, 2013 1:26 am

Re: cryptofree conf's - alpha 1.4 for linux

Postby Lignus » Mon Nov 10, 2014 3:36 am

Unreliable old Speedtest giving false results for the burst, it seems. However, it does appear someone confused bytes for bits on the caps.

Image

Traffic graph seems to confirm it. (Note: OS X double counts the traffic because of the architecture)

User avatar

cryptostorm_support
ForumHelper
Posts: 296
Joined: Sat Jan 26, 2013 4:31 am
Contact:

Re: cryptofree conf's - alpha 1.4 for linux

Postby cryptostorm_support » Mon Nov 10, 2014 6:08 am

After some discussion, we're going to leave the caps as they are and see how it goes. Further changes to proposed speed caps will likely be announced here.
cryptostorm_support shared support team forum account
PLEASE DON'T SEND PRIVATE MESSAGES with support questions!
--> feel free to use any of our other contact channels, or post in the support forum
cryptostorm: structurally anonymous, token-based, unlimited ☂ bandwidth, opensource, darknet data security for everyone!
keybase.io validatorsonename.io validatorsPGP key @ MITnetwork statuscryptostorm github
support team bitmessage address: BM-2cTMH8K5JnjbfSALjZtSkRWCLfc3Tr8GBV
support team email: support@cryptostorm.is
live chat support: #cryptostorm

User avatar

vpnDarknet
Posts: 129
Joined: Thu Feb 27, 2014 2:42 pm
Contact:

Re: cryptofree conf's - alpha 1.4 for linux

Postby vpnDarknet » Mon Nov 10, 2014 12:43 pm

Lignus wrote:
vpnDarknet wrote:Are you handing out a generic password to Beta testers for this conf, or would a hashed token allow access?


It is pretty much like token access as it exists with the exception that it will accept any value(other than NULL) as a valid token. You can use your existing token without issue and it will work, just at cryptofree speeds.


Doh! My bad, I haven't freed up the IP for my firewall... what is the IP address :?

My connection is very poor, so looking forward to testing how this performs

Edit: found it 212-129-34-154... although still no luck :crazy:
Buy your tokens via vpnDark.net and cryptostorm cannot and does not know anything about users - no link between a token & purchase details
Unofficial Wiki cryptostorm access guide
Ways to talk to me


Lignus
Posts: 33
Joined: Sat Nov 02, 2013 1:26 am

Re: cryptofree conf's - alpha 1.4 for linux

Postby Lignus » Mon Nov 10, 2014 3:18 pm

vpnDarknet wrote:
Lignus wrote:
vpnDarknet wrote:Are you handing out a generic password to Beta testers for this conf, or would a hashed token allow access?


It is pretty much like token access as it exists with the exception that it will accept any value(other than NULL) as a valid token. You can use your existing token without issue and it will work, just at cryptofree speeds.


Doh! My bad, I haven't freed up the IP for my firewall... what is the IP address :?

My connection is very poor, so looking forward to testing how this performs

Edit: found it 212-129-34-154... although still no luck :crazy:


Dots, not dashes, but yes. Just take your existing working config for normal connections and change the remote address(IP). That should do it.

User avatar

parityboy
Site Admin
Posts: 1092
Joined: Wed Feb 05, 2014 3:47 am

Re: cryptofree conf's - alpha 1.4 for linux

Postby parityboy » Mon Nov 10, 2014 10:19 pm

@thread

Code: Select all

"wget -O /dev/null http://proof.ovh.net/files/100Mb.dat"
yields:
2014-11-10 17:16:19 (207 KB/s) - `/dev/null' saved [12500000/12500000]

User avatar

vpnDarknet
Posts: 129
Joined: Thu Feb 27, 2014 2:42 pm
Contact:

Re: cryptofree conf's - alpha 1.4 for linux

Postby vpnDarknet » Tue Nov 11, 2014 12:31 pm

@Lingus - Thanks man much appreciated, updating the .conf with the IP address worked... & even I'm not that much of a n00b to enter an IP address with dashes ;)

Freemium
2014-11-11 20:24:58 (201 KB/s) - ‘/dev/null’ saved [12500000/12500000]


Compared with my terrible non throttled connection :(
2014-11-11 20:29:21 (251 KB/s) - ‘/dev/null’ saved [12500000/12500000]
Buy your tokens via vpnDark.net and cryptostorm cannot and does not know anything about users - no link between a token & purchase details
Unofficial Wiki cryptostorm access guide
Ways to talk to me

User avatar

Pattern_Juggled
Posts: 1492
Joined: Sun Dec 16, 2012 6:34 am
Contact:

just a bit of chaos

Postby Pattern_Juggled » Sun Nov 23, 2014 3:50 pm

Scanning back through this thread, two things become apparent.

A highly parsimonious explanation for the confusion about the caps, and the sense that the capping is "off," is this: we've done a poor job of distinguishing between bits - little "b" - and Bytes - bit "B." This can happen really easily. Software folks tend to thing in Bytes: 1 teraByte hard drive. Network geeks (usually) thin in bits: a gigabit NIC. It's sort of a big deal which one you choose, because...

1 byte = 8 bits

So, if you go through the posts and try to figure out who's talking about b's and who's talking about B's, it makes sense. This has also happened during the dev process; indeed, some on team thought we were doing little-b 256/128; some public comments on the project have been really clear on this. Other dev folks were thinking in Bytes, and when they did the testing and tuning they reported back to the team that it was "throtting accurately at 256/128" - which it was, and is... in Bytes. D'oh.

Which sort of means we provisioned the service with nearly an order of magnitude more network capacity per session than some had expected. Apparently that was meant to be, so (for now) we're leaving those big-B caps.

I will say this: we tested the hell out of the capping methodology, from all angles. It works. It's not easy to break, either. So it's a good test-bed for seeing how weird speedtest metrics can be sometimes. We know the NIC is only letting in/out packets at a certain rate. That's just a hair off the hardware level of network control. So if you go five or more layers up the OSI model, and some application thinks it's sending packets alot faster than that... well, I trust close-to-metal alot more than up-the-stack, to be blunt.


Second, it'd be really great to distil down this dev-type thread into a howto that folks can jump right to and follow. Someone's opened up such a thread placeholder already, so hopefully that final step can be completed and we'll have a more or less robust connection guide for Linux cryptofree.

Oh and yeah this...

A generous twitter colleague has been kind enough to share these Linux start/stop scripts, as well as some icons to go with them. Which is generous, and much appreciated:
cryptofree-vpn-icons.tar.gz
(478.45 KiB) Downloaded 518 times

startvpn.png
startvpn.png (118.13 KiB) Viewed 24710 times

stopvpn.png
stopvpn.png (84.18 KiB) Viewed 24710 times


Cheers,

    ~ pj


highlighter
Posts: 3
Joined: Thu Nov 27, 2014 10:33 pm

Re: cryptofree conf's - alpha 1.4 for linux

Postby highlighter » Fri Nov 28, 2014 12:59 am

Speedtest.net: Ping 98ms | DL 1.92Mbs | UL 10.49Mbs
Bitmessage BM-2cWyjfNB1YnjTA6hWZrPmiDKZPzwdZgG6K

User avatar

cryptostorm_admin
ForumHelper
Posts: 74
Joined: Tue Jan 01, 2013 5:43 pm
Contact:

Re: cryptofree conf's - alpha 1.4 for linux

Postby cryptostorm_admin » Fri Nov 28, 2014 1:27 am

highlighter wrote:Speedtest.net: Ping 98ms | DL 1.92Mbs | UL 10.49Mbs


Thanks for posting the results. It is always interesting to see how these present in the wild.

During in-house testing of cryptofree, we found enormous variance between what speedtest.net (and other automated, web-based tools) report, and what wgets and other closer-to-metal tools report. In the end, we decided to trust the closer to metal tools, despite the fact that in many cases the web-based tools showed far higher packet transit rates.

Also, we watched statistics reported by hardware NICs as part of our testing, and those universally aligned more closely with what we were seeing in wget/terminal applications. And in the end, if the NIC says it has transited a certain number of bits of raw data, that is what ends up being "true" in a sense.

My own suspicion is that the particular manner in which we've implemented tc-based capping has an unintended impact on the mechanisms underlying these web-based testing tools. I have a couple theories on what exactly is going on, but not having tested them they remain only theories at this point. It is worth noting that the web tools are, for cryptofree, always over-reporting throughput as compared to both terminal and NIC-based metrics. An important clue, we think.

Thank you,

    cryptostorm_admin


Return to “cryptofree: no-cost cryptostorm network access”

Who is online

Users browsing this forum: No registered users and 4 guests

cron

Login