Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
∞ take a peek at our legendary cryptostorm_is twitter feed if you're into that kind of thing ∞
Ξ we're rolling out voodoo network security across cryptostorm - big things happening, indeed! Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit GitHub Ξ

HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Guides, HOWTOs etc on how to setup Cryptostorm on PCs, smartphones, tablets and routers.

Guest

Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Postby Guest » Sun Feb 28, 2016 11:10 pm

I have no problems at all on Cyanogenmod (all versions up to the current nightlies)

User avatar

parityboy
Site Admin
Posts: 1105
Joined: Wed Feb 05, 2014 3:47 am

Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Postby parityboy » Tue Mar 01, 2016 5:41 am

@thread

Just tested this on a Google Nexus 4 running 5.1.1 (LMY48T), works fine connected to Cantus, Onyx and Turing.

User avatar

Topic Author
Tealc
ForumHelper
Posts: 283
Joined: Tue Jan 28, 2014 12:38 am

Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Postby Tealc » Tue Mar 01, 2016 7:51 am

This is really strange, I'm at 5.1.1 stock Sony android and it doesn't work.

Are we seeing once again the problem in non-root and rooted?

User avatar

Topic Author
Tealc
ForumHelper
Posts: 283
Joined: Tue Jan 28, 2014 12:38 am

Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Postby Tealc » Fri Mar 04, 2016 11:00 pm

So once again an update... it works everywhere once again, download new conf's files from github


furryguest

Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Postby furryguest » Sat Mar 05, 2016 1:34 am

First time trying and I get an error on import :
no endtag <//button> for starttag </button> found
Nexus 6p on mm


wpaschukat
Posts: 15
Joined: Sun Mar 22, 2015 3:25 am

Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Postby wpaschukat » Sat Mar 05, 2016 3:33 am

Mr Tealc Sir,

works like a charm. Mille Gracie.

User avatar

Topic Author
Tealc
ForumHelper
Posts: 283
Joined: Tue Jan 28, 2014 12:38 am

Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Postby Tealc » Sat Mar 05, 2016 4:41 pm

furryguest wrote:First time trying and I get an error on import :
no endtag <//button> for starttag </button> found
Nexus 6p on mm


Are you using "OpenVPN for Android 0.6.47" application from Arne Schwabe ?


wpaschukat
Posts: 15
Joined: Sun Mar 22, 2015 3:25 am

Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Postby wpaschukat » Sat Mar 05, 2016 11:59 pm

furryguest wrote:First time trying and I get an error on import :
no endtag <//button> for starttag </button> found
Nexus 6p on mm


You're making the same mistake that I made (downloading the conf files directly from within github).

Download the lot directly https://github.com/tealcavalon/OpenVPN_ ... master.zip and extract the necessary confs from there.


Guest

Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Postby Guest » Sun Mar 06, 2016 11:38 am

wpaschukat wrote:
furryguest wrote:First time trying and I get an error on import :
no endtag <//button> for starttag </button> found
Nexus 6p on mm


You're making the same mistake that I made (downloading the conf files directly from within github).

Download the lot directly https://github.com/tealcavalon/OpenVPN_ ... master.zip and extract the necessary confs from there.


Aha. Thanks, this worked !!

User avatar

JTD121
Posts: 28
Joined: Sun Oct 11, 2015 7:28 pm

Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Postby JTD121 » Sat Mar 12, 2016 8:19 pm

Ah, great. I recently upgraded my Nexus 5 to 5.1.1 (CM12.1), and haven't tested connection to CS yet. In a couple weeks I will probably be using CS connection heavily (at a con) so hopefully this will be a non-issue by then :p
---------------------------------------------------------------------------------------------------
You derive personal satisfaction from the continued existence of the near perfect day-night cycles of the hyper cube.....

► Show Spoiler

User avatar

marzametal
Posts: 504
Joined: Mon Aug 05, 2013 11:39 am

Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Postby marzametal » Sun Apr 03, 2016 8:09 am

Thanks for the work put to the Android confs... much appreciated Sir!

User avatar

dfkt
Site Admin
Posts: 13
Joined: Thu Jan 29, 2015 2:29 pm

Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Postby dfkt » Sat Jun 11, 2016 6:33 pm

Made some fresh configs with the currently available nodes - https://github.com/dfkt/cryptostorm-and ... pn-configs

They include remote-random, which seems to work just fine with the current version of Arne Schwabe's client.

User avatar

marzametal
Posts: 504
Joined: Mon Aug 05, 2013 11:39 am

Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Postby marzametal » Mon Jun 20, 2016 2:47 pm

dfkt wrote:Made some fresh configs with the currently available nodes - https://github.com/dfkt/cryptostorm-and ... pn-configs

They include remote-random, which seems to work just fine with the current version of Arne Schwabe's client.

Just when I was looking to update mobile configs, I notice this. Thanks!


ipv6problem

Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Postby ipv6problem » Tue Aug 30, 2016 12:02 am

I have a problem with IPV6. Is there any way to block IPV6 connections on a non-rooted device? whatsmyipaddress.com sees my device IPV6 address and locates me precisely.

I know that cyrptostorm does not handle IPV6 addresses and that is not a problem on a PC, but on android this is an issue.

I just tried VyprVPN with whatsmyipaddress.com and it only showed my IPV4 address and the VPN assigned IP address.

How can I block IPV6 connections using OpenVPN/cyptostorm?


ipv6problem

Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Postby ipv6problem » Tue Aug 30, 2016 12:13 am

How do I disable IPv6? OpenVPN leaks my IPv6, or at least the config files do. My phone is not rooted so I am relying on the VPN client to deal with this. Can OpenVPN do this?


ipv6problem

Blocking IPv6

Postby ipv6problem » Tue Aug 30, 2016 12:28 am

Sorry about the double post before. I missed the moderation message before the page refreshed.

I wanted to add that I solved the IPv6 problem by doing the following workaround. I do not know if this works in all cases, but I tested it with www.ipv6leak.com and it reported that IPv6 is not leaking.

In OpenVPN under "Routing" tab, untick "Bypass VPN for local networks"

Under IPv6, untick "Use default Route" and enter a bogus local route under "Custom Routes".

This sends all IPv6 routing requests nowhere...


Winehouse
Posts: 8
Joined: Fri Apr 22, 2016 11:53 pm

Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Postby Winehouse » Tue Dec 27, 2016 10:27 pm

Hi.

Where can I find the .conf files for Android? I don't see them on Github.

Thanks.

User avatar

marzametal
Posts: 504
Joined: Mon Aug 05, 2013 11:39 am

Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Postby marzametal » Wed Dec 28, 2016 7:25 am

Winehouse wrote:Hi.

Where can I find the .conf files for Android? I don't see them on Github.

Thanks.

https://github.com/cryptostorm/cryptost ... tion_files
The conf files you are looking for are located in the LINUX directory...


kakoulo

Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Postby kakoulo » Fri Jan 13, 2017 1:09 am

Hi, For me it does not work anymore, I change smartphone

I installed open vpn, but when i want to import a config he says :

" No endtag <//head> for startag </head> found "

Do you have a solution ?

thanks

User avatar

marzametal
Posts: 504
Joined: Mon Aug 05, 2013 11:39 am

Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Postby marzametal » Fri Jan 13, 2017 8:12 am

kakoulo wrote:Hi, For me it does not work anymore, I change smartphone

I installed open vpn, but when i want to import a config he says :

" No endtag <//head> for startag </head> found "

Do you have a solution ?

thanks

CS on my Samsung Galaxy S2, running LineageOS 14.1, build date 08/01 is working fine. But I use OpenVPN for Android by Arne Schwabe.

I just had a look at my .conf / .ovpn file, and I couldn't find any head tags in it.

User avatar

parityboy
Site Admin
Posts: 1105
Joined: Wed Feb 05, 2014 3:47 am

Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Postby parityboy » Mon Jan 16, 2017 3:32 pm

kakoulo wrote:Hi, For me it does not work anymore, I change smartphone

I installed open vpn, but when i want to import a config he says :

" No endtag <//head> for startag </head> found "

Do you have a solution ?

thanks


Sounds like you downloaded the config from GitHub. Left click on the config file, then click "raw". Save that into a config file, and then import it.


user name

Android config import issue

Postby user name » Tue Apr 04, 2017 2:38 am

Android 7.1.1 on Pixel
OpenVPN for Android 0.6.65, have working vpn configs

Tried linux and android ovpn files (raw) from github and android tutorials, which are linked in the token email.

Issue: nothing is being imported fromt the ovpn file. No server list, no certs, nothing. Import log says: your config had a few options that are not mapped to UI configurations.

How do I get it going on android?

User avatar

parityboy
Site Admin
Posts: 1105
Joined: Wed Feb 05, 2014 3:47 am

Re: Android config import issue

Postby parityboy » Wed Apr 05, 2017 4:40 am

user name wrote:Android 7.1.1 on Pixel
OpenVPN for Android 0.6.65, have working vpn configs

Tried linux and android ovpn files (raw) from github and android tutorials, which are linked in the token email.

Issue: nothing is being imported fromt the ovpn file. No server list, no certs, nothing. Import log says: your config had a few options that are not mapped to UI configurations.

How do I get it going on android?


Have you tried these very same config files on a previous version of Android? Did they work? Did you have to edit them in any way?


user name

Re: Android config import issue

Postby user name » Wed Apr 05, 2017 7:51 pm

parityboy wrote:Have you tried these very same config files on a previous version of Android? Did they work? Did you have to edit them in any way?


I don't have access to older Android versions. But I do have other VPN servers set up and running on my current 7.1.1 phone.


user name

Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Postby user name » Fri Apr 07, 2017 3:53 am

It is very disappoining to see such slow support response here. Days between me sending a post and it appearing, forget about getting an answer. My 1 week test token is about to expire, still no working android config.

User avatar

parityboy
Site Admin
Posts: 1105
Joined: Wed Feb 05, 2014 3:47 am

Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android

Postby parityboy » Fri Apr 07, 2017 7:01 pm

@user name

Does the config file have multiple <remote></remote> tags? If so, could you try removing the tags?

For example:

Code: Select all

# this is the cryptostorm.is client settings file, versioning...
# cstorm_linux-rome_1-4.conf
# last update date: 12 January 2014

# it is intended to provide connection solely to our London-based exitnode cluster... yay bad food! ;-)
# DNS resolver redundancy provided by TLD-striped, randomised lookup queries
# Chelsea Manning is indeed a badassed chick: #FreeChelsea!
# also... FuckTheNSA - for reals. W00d!


client
dev tun
resolv-retry 16
nobind
persist-tun
persist-key
float


remote-random
# randomizes selection of connection profile from list below, for redundancy against...
# DNS blacklisting-based session blocking attacks


# Exit node mappings for Rome
remote linux-rome.cryptostorm.net 443 udp
remote linux-rome.cryptostorm.org 443 udp
remote linux-rome.cryptostorm.nu 443 udp
remote linux-rome.cstorm.pw 443 udp



comp-lzo no
# specifies refusal of link-layer compression defaults
# we prefer compression be handled elsewhere in the OSI layers
# see forum for ongoing discussion - https://cryptostorm.org/viewtopic.php?f=38&t=5981

down-pre
# runs client-side "down" script prior to shutdown, to help minimise risk...
# of session termination packet leakage

allow-pull-fqdn
# allows client to pull DNS names from server
# we don't use but may in future leakblock integration

explicit-exit-notify 3
# attempts to notify exit node when client session is terminated
# strengthens MiTM protections for orphan sessions

hand-window 37
# specified duration (in seconds) to wait for the session handshake to complete
# a renegotiation taking longer than this has a problem, & should be aborted

mssfix 1400
# congruent with server-side --fragment directive

auth-user-pass
# passes up, via bootstrapped TLS, SHA512 hashed token value to authenticate to darknet

# auth-retry interact
# 'interact' is an experimental parameter not yet in our production build.

ca ca2.crt
# specification & location of server-verification PKI materials
# for details, see http://pki.cryptostorm.org

<ca>
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgIJAKekpGXxXvhbMA0GCSqGSIb3DQEBCwUAMIG6MQswCQYD
VQQGEwJDQTELMAkGA1UECBMCUUMxETAPBgNVBAcTCE1vbnRyZWFsMTYwNAYDVQQK
FC1LYXRhbmEgSG9sZGluZ3MgTGltaXRlIC8gIGNyeXB0b3N0b3JtX2RhcmtuZXQx
ETAPBgNVBAsTCFRlY2ggT3BzMRcwFQYDVQQDFA5jcnlwdG9zdG9ybV9pczEnMCUG
CSqGSIb3DQEJARYYY2VydGFkbWluQGNyeXB0b3N0b3JtLmlzMB4XDTE0MDQyNTE3
MTAxNVoXDTE3MTIyMjE3MTAxNVowgboxCzAJBgNVBAYTAkNBMQswCQYDVQQIEwJR
QzERMA8GA1UEBxMITW9udHJlYWwxNjA0BgNVBAoULUthdGFuYSBIb2xkaW5ncyBM
aW1pdGUgLyAgY3J5cHRvc3Rvcm1fZGFya25ldDERMA8GA1UECxMIVGVjaCBPcHMx
FzAVBgNVBAMUDmNyeXB0b3N0b3JtX2lzMScwJQYJKoZIhvcNAQkBFhhjZXJ0YWRt
aW5AY3J5cHRvc3Rvcm0uaXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDJaOSYIX/sm+4/OkCgyAPYB/VPjDo9YBc+zznKGxd1F8fAkeqcuPpGNCxMBLOu
mLsBdxLdR2sppK8cu9kYx6g+fBUQtShoOj84Q6+n6F4DqbjsHlLwUy0ulkeQWk1v
vKKkpBViGVFsZ5ODdZ6caJ2UY2C41OACTQdblCqaebsLQvp/VGKTWdh9UsGQ3LaS
Tcxt0PskqpGiWEUeOGG3mKE0KWyvxt6Ox9is9QbDXJOYdklQaPX9yUuII03Gj3xm
+vi6q2vzD5VymOeTMyky7Geatbd2U459Lwzu/g+8V6EQl8qvWrXESX/ZXZvNG8QA
cOXU4ktNBOoZtws6TzknpQF3AgMBAAGjggEjMIIBHzAdBgNVHQ4EFgQUOFjh918z
L4vR8x1q3vkp6npwUSUwge8GA1UdIwSB5zCB5IAUOFjh918zL4vR8x1q3vkp6npw
USWhgcCkgb0wgboxCzAJBgNVBAYTAkNBMQswCQYDVQQIEwJRQzERMA8GA1UEBxMI
TW9udHJlYWwxNjA0BgNVBAoULUthdGFuYSBIb2xkaW5ncyBMaW1pdGUgLyAgY3J5
cHRvc3Rvcm1fZGFya25ldDERMA8GA1UECxMIVGVjaCBPcHMxFzAVBgNVBAMUDmNy
eXB0b3N0b3JtX2lzMScwJQYJKoZIhvcNAQkBFhhjZXJ0YWRtaW5AY3J5cHRvc3Rv
cm0uaXOCCQCnpKRl8V74WzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IB
AQAK6B7AOEqbaYjXoyhXeWK1NjpcCLCuRcwhMSvf+gVfrcMsJ5ySTHg5iR1/LFay
IEGFsOFEpoNkY4H5UqLnBByzFp55nYwqJUmLqa/nfIc0vfiXL5rFZLao0npLrTr/
inF/hecIghLGVDeVcC24uIdgfMr3Z/EXSpUxvFLGE7ELlsnmpYBxm0rf7s9S9wtH
o6PjBpb9iurF7KxDjoXsIgHmYAEnI4+rrArQqn7ny4vgvXE1xfAkFPWR8Ty1ZlxZ
gEyypTkIWhphdHLSdifoOqo83snmCObHgyHG2zo4njXGExQhxS1ywPvZJRt7fhjn
X03mQP3ssBs2YRNR5hR5cMdC
-----END CERTIFICATE-----
</ca>

ns-cert-type server
# requires TLS-level confirmation of categorical state of server-side certificate for MiTM hardening.

auth SHA512
# data channel HMAC generation
# heavy processor load from this parameter, but the benefit is big gains in packet-level...
# integrity checks, & protection against packet injections / MiTM attack vectors

cipher AES-256-CBC
# data channel stream cipher methodology
# we are actively testing CBC alternatives & will deploy once well-tested...
# cipher libraries support our choice - AES-GCM is looking good currently

replay-window 128 30
# settings which determine when to throw out UDP datagrams that are out of order...
# either temporally or via sequence number

tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA
# implements 'perfect forward secrecy' via TLS 1.x & its ephemeral Diffie-Hellman...
# see our forum for extensive discussion of ECDHE v. DHE & tradeoffs wrt ECC curve choice
# http://ecc.cryptostorm.org

tls-client
key-method 2
# specification of entropy source to be used in initial generation of TLS keys as part of session bootstrap

log devnull.txt
verb 0
mute 1
# sets logging verbosity client-side, by default, to zero
# no logs kept locally of connections - this can be changed...
# if you'd like to see more details of connection initiation & negotiation


Return to “guides, HOWTOs & tutorials”

Who is online

Users browsing this forum: No registered users and 4 guests

cron

Login