Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
∞ take a peek at our legendary cryptostorm_is twitter feed if you're into that kind of thing ∞
Ξ we're rolling out voodoo network security across cryptostorm - big things happening, indeed! Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit GitHub Ξ

cryptostorm's Windows widget - version 2.0 'Narwhal' {DEPRECATED}

Looking for a bit more than customer support, and want to learn more about what cryptostorm is , what we've been announcing lately, and how the cryptostorm network makes the magic? This is a great place to start, so make yourself at home!
User avatar

Topic Author
cryptostorm_team
ForumHelper
Posts: 159
Joined: Sat Mar 02, 2013 12:12 am

cryptostorm's Windows widget - version 2.0 'Narwhal' {DEPRECATED}

Postby cryptostorm_team » Mon Nov 17, 2014 1:59 pm

{new widget version 2.2 has inherited production-deployed build status; this thread retained for archival purposes, and locked ~admin}


The latest build of our Perl network connection client application - the widget - us 2,0, nicknamed Narwhal. Technical changelog available at https://cryptostorm.org/viewtopic.php?f=47&t=6200&p=9191

narwhal1.png
narwhal1.png (23.33 KiB) Viewed 17457 times

The biggest change from earlier builds is integrated access to no-cost cryptofree capped network service, for those without access tokens for whatever reason. This is really beta, which means we're still testing the integration into our widget and there's a few rough edges here and there... but having wider public access to cryptofree seems worth the stretch for us to integrate cryptofree into Narwhal.

Other improvements in this widget include improved dialog boxes, extra tweaks to the Tap installer framework to avoid the dreaded "zombie Taps" (which, one wag observed, might require a double-tap to dispatch), smoother install from within existing widget sessions, tighter procedures to save tokens across widget upgrades, and a handful of performance improvements behind the scenes. Oh, and way better graphics thanks to @VisualVeritas.

Full release notes, and proper publication of Narwhal source code via our github repository, being completed later today.

So without further ado... Narwhal! :clap:

Zipped installer:
cstorm_narwhal21.zip
(11.28 MiB) Downloaded 789 times


Windows installer, ready to run:
cstorm_narwhal21.exe
(11.43 MiB) Downloaded 1218 times


#OpKillingBay

User avatar

cryptostorm_admin
ForumHelper
Posts: 74
Joined: Tue Jan 01, 2013 5:43 pm
Contact:

Tap driver mysteriously missing post-install

Postby cryptostorm_admin » Tue Nov 18, 2014 6:32 am

We have received two reports (one from in-house testing) of a situation where the widget is installed and despite successful install, once connection is attempted there is no Tap driver present on the system. In the replicated example we have produced in-house, we can confirm that there is no Tap driver on the machine. This behaviour persists over multiple reboots and reinstalls.

Currently it appears from our testing that a certain brand of "antivirus" software running on the machine is responsible for this counter-expected result. However, we need more data before we're confident in that being the solution here. In the one reported case of this occurring with an outside network member, we're working with them to determine whether the same "antivirus" software is present.

edited(2): thanks to a well-informed contributor here's the most current Tap-Widows installer, standalone - better solution than doing the full Windows-OpenVPN GUI install:
tap-windows-9.9.2_3.exe
(234.9 KiB) Downloaded 568 times


Thank you in advance for any information you can share, if this occurs on your local install.

~ cryptostorm_admin


edited(deprecated): if this "missing Tap driver" issue occurs for you, we've reports that doing an install of the generic OpenVPN Windows client, which carries its own Tap driver installer, may be successful, Here's that installer, in .exe form, for convenience (if you're running XP or a 32 bit windows flavour, go to the link and grab the XP-specific installer):
openvpn-install-2.3.5-I602-x86_64.exe
(1.71 MiB) Downloaded 544 times

User avatar

vpnDarknet
Posts: 129
Joined: Thu Feb 27, 2014 2:42 pm
Contact:

Re: Windows widget version 2.0: Narwhal

Postby vpnDarknet » Tue Nov 18, 2014 2:12 pm

This is awsome!

Easy free use of a secure top quality VPN, this will potentially be a market changer.
Buy your tokens via vpnDark.net and cryptostorm cannot and does not know anything about users - no link between a token & purchase details
Unofficial Wiki cryptostorm access guide
Ways to talk to me


b3lt3r5
Posts: 27
Joined: Sun Dec 23, 2012 2:55 pm

Re: Windows widget version 2.0: Narwhal

Postby b3lt3r5 » Tue Nov 18, 2014 3:05 pm

Yes! Well played.


dccc
Posts: 27
Joined: Mon Jan 12, 2015 10:57 pm

Re: Windows widget version 2.0: Narwhal

Postby dccc » Wed Jan 14, 2015 4:13 am

Not sure where to post this: Is there a beta for the housemade Mac widget somewhere or can we expect a full release soonish? ;-)

User avatar

cryptostorm_dev
ForumHelper
Posts: 20
Joined: Wed Jan 23, 2013 5:31 am

Mac version of widget?

Postby cryptostorm_dev » Wed Jan 14, 2015 2:55 pm

dccc wrote:Not sure where to post this: Is there a beta for the housemade Mac widget somewhere or can we expect a full release soonish? ;-)


Now that the widget is at a spot in its development where we're all fairly happy with it, the task of porting over to a Mac/OSX compile is back on the frontburner. We have played around with some in-house compiles for BSD platforms, but there's a spot of work to port over GUI elements in a viable and elegant way - that's the crux of things.

Do note that as the Perl code underlying the widget is published on github, and licensed in broadest possible opensource terms, anyone with a bit of experience in such matters is more than welcome to do some test-compiles and thus move the Mac build along faster. Just wanted to make that clear... :thumbup:

/dev


dccc
Posts: 27
Joined: Mon Jan 12, 2015 10:57 pm

Re: Windows widget version 2.0: Narwhal

Postby dccc » Wed Jan 14, 2015 9:15 pm

Sounds interesting and thanks for the update! I wish I could be more of help with this matter but due to lack of competence with coding and compiling, I have no other choice to ask you guys for updates, heh :angel:

User avatar

DesuStrike
ForumHelper
Posts: 346
Joined: Thu Oct 24, 2013 2:37 pm

Re: Windows widget version 2.0: Narwhal

Postby DesuStrike » Wed Jan 14, 2015 10:59 pm

dccc wrote:I wish I could be more of help with this matter but due to lack of competence with coding and compiling, I have no other choice to ask you guys for updates, heh :angel:


Tell me about it! I always hang around github, looking at interesting projects browsing the code and wishing I could contribute but I can't. I kinda was a dumbass as a kid for favoring gaming above coding or other useful activities you can do with your computer. Now every time I sit down and try to learn some C or Java (ugh! I know! but android....) something big comes around the corner and takes my energy and attention away from it. I'm starting to feel like I missed the spot of opportunity when I was a kid and now I'm doomed to stay code illiterate my whole live. :(
home is where the artillery hits

User avatar

Pattern_Juggled
Posts: 1492
Joined: Sun Dec 16, 2012 6:34 am
Contact:

split off "zombie Tap" thread

Postby Pattern_Juggled » Tue Jan 20, 2015 1:36 am

We've split off the responses in this thread regarding the Windows bug we refer to as the "zombie Tap issue" to its own thread, in the howto section, so it's easier for folks to find.

Thanks to those who have contributed that information - it's helped many, many members resolve this annoying Windows bug.

Cheers,

~ pj
...just a scatterbrained network topologist & crypto systems architect……… ҉҉҉

    ✨ ✨ ✨
pj@ðëëþ.bekeybase pgpmit pgpðørkßöt-on-consolegit 'er github
bitmessage:
BM-NBBqTcefbdgjCyQpAKFGKw9udBZzDr7f

User avatar

marzametal
Posts: 500
Joined: Mon Aug 05, 2013 11:39 am

Re: cryptostorm's Windows network access widget - current version (2.0, aka 'narwhal')

Postby marzametal » Tue Jan 27, 2015 9:02 am

How often are the widget IP addresses changing? It seems every 2nd day or so when I click on update, my firewall throws up a different IP. For example, today I connected to Mishigami and my firewall popped up saying vpn32.exe wants to connect to "198.204.245.6". I didn't get that popup yesterday on Mishi since it wanted the provided IP. Sometimes I have also seen Linux IP's in the widget command prompt screen... mainly the Cantus one, ends with .245, also been prompted with a .246 ...

Any other windows users getting this, or is it just me? Is your "find the quickest node" button working?


DudeOfLondon
Posts: 109
Joined: Sat Jan 10, 2015 5:14 pm

Re: cryptostorm's Windows network access widget - current version (2.0, aka 'narwhal')

Postby DudeOfLondon » Wed Jan 28, 2015 2:01 am

A few days ago the "find the quickest node" button showed different servers while testing a few times in row.
But now it seems to show always the same server, which is for me the server that is geographically the closest to my place.

User avatar

marzametal
Posts: 500
Joined: Mon Aug 05, 2013 11:39 am

Re: cryptostorm's Windows network access widget - current version (2.0, aka 'narwhal')

Postby marzametal » Wed Jan 28, 2015 4:58 am

DudeOfLondon wrote:A few days ago the "find the quickest node" button showed different servers while testing a few times in row.
But now it seems to show always the same server, which is for me the server that is geographically the closest to my place.

The CS staffers are aware of it... when they implemented HAF v1.1, it broke "find the quickest node" functionality. The next widget release will include a fixed button, or total removal.

In the meantime, I gotta' start looking for a firewall that can handle hostnames. Won't be able to use W7 firewall anymore since it is based on IP. Who can be bothered updating IPs all the time. Just today, Maple spat out another IP after I had updated it yesterday.


DudeOfLondon
Posts: 109
Joined: Sat Jan 10, 2015 5:14 pm

Re: cryptostorm's Windows network access widget - current version (2.0, aka 'narwhal')

Postby DudeOfLondon » Wed Jan 28, 2015 6:21 am

In the meantime, I gotta' start looking for a firewall that can handle hostnames.


I coud use my router's firewall, it supports "host [ip] - Only this IP / Only this host" for destination and source.
https://translate.google.de/translate?h ... irewall%2F

Maybe you can do that too?

User avatar

Pattern_Juggled
Posts: 1492
Joined: Sun Dec 16, 2012 6:34 am
Contact:

"quickest node" selection feature

Postby Pattern_Juggled » Sun Feb 01, 2015 2:07 pm

marzametal wrote:
DudeOfLondon wrote:A few days ago the "find the quickest node" button showed different servers while testing a few times in row.
But now it seems to show always the same server, which is for me the server that is geographically the closest to my place.

The CS staffers are aware of it... when they implemented HAF v1.1, it broke "find the quickest node" functionality. The next widget release will include a fixed button, or total removal.


I believe widget 2.2 will remove the function as we work on a logical syntax that makes sense with a properly cluster-based topology. Because, in clustered context, there's inherent (and valuable, opsec-wise) stochasticity in which exact node (and instance) is mapped by a given cluster or balancer A Record. So we'll need to do some Monte Carlo-ish probabilistic/iterative test queries to see what connection meets a given parameter. There's also the structural divergence between pings and throughput - "fastest" sort of hand-waves this and we'd like to come up with an heuristic that really captures the desires of members when they are picking such connection optimisation parameters.

My preference is to do this with additional HAF-level balancers, somehow. This may not be possible, but there's an elegance to the solution that continues to lead me to hope I can work it out in a way that meets production requirements.

This "fastest connection" option is one that gets bullshitted alot by "VPN clients" out there. I've taken a few apart & done iterative reconnect tests with them, as I was curious what sort of heuristic they implemented. Pretty much every one was just faking the whole thing. They pick from an ordered list, or have a hard-coded "fastest connection" that happens to be the cheapest datacentre, or whatever. Reminds one of the faked 'server status' page... which itself is hardly the only example of that particular mendacity.

Anyway...

In the meantime, I gotta' start looking for a firewall that can handle hostnames. Won't be able to use W7 firewall anymore since it is based on IP. Who can be bothered updating IPs all the time. Just today, Maple spat out another IP after I had updated it yesterday.


A firewall that operates based on hostname mappings that are themselves one-to-many categorical entities risks getting into recursive logical loops of the Turing 'halting problem' type of NP Complete algorithmic expressions... which isn't good if you're a firewall :-P

However, I think we (df, actually) have come up with a way to do a form of balancer that is actually IP-based, versus hostname-based. Still quite some testing to do before we could present a publicly-callable example for members... but I think it's logically sound, and I think we'll be able to make use if it in -for example - a really wildly effective defensive technique against IP-based national blocking of cryptostorm network resources (i.e. Great Firewall). This still leaves the recursive firewall problem, however...

We do have a realtime list of all IPs associated with all nodes currently in production on the network - perhaps we can find a way to make that callable so firewall-based setups can rsync to that and thus have a current iptables rules-chain by definition (rather than manually being updated). If there's demand for such a function, I believe we can do it in a security-appropriate context (ask for a hashed token as part of the script query, for example - just to cut down on spammy queries, perhaps?).

Anyway, that likely deserves a separate thread in the leakblock forum, if anyone's game to continue the discussion...

Cheers,

~ pj
...just a scatterbrained network topologist & crypto systems architect……… ҉҉҉

    ✨ ✨ ✨
pj@ðëëþ.bekeybase pgpmit pgpðørkßöt-on-consolegit 'er github
bitmessage:
BM-NBBqTcefbdgjCyQpAKFGKw9udBZzDr7f


Return to “cryptostorm in-depth: announcements, how it works, what it is”

Who is online

Users browsing this forum: Baidu [Spider] and 13 guests

Login