Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit here or GitHub Ξ
Ξ If you're looking for tutorials/guides, check out the new https://cryptostorm.is/#section6 Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit here or GitHub Ξ
Ξ If you're looking for tutorials/guides, check out the new https://cryptostorm.is/#section6 Ξ
HOWTO: cryptostorm on Android non-root | cryptostorm.org/android
Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android
I have no problems at all on Cyanogenmod (all versions up to the current nightlies)
Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android
@thread
Just tested this on a Google Nexus 4 running 5.1.1 (LMY48T), works fine connected to Cantus, Onyx and Turing.
Just tested this on a Google Nexus 4 running 5.1.1 (LMY48T), works fine connected to Cantus, Onyx and Turing.
Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android
This is really strange, I'm at 5.1.1 stock Sony android and it doesn't work.
Are we seeing once again the problem in non-root and rooted?
Are we seeing once again the problem in non-root and rooted?
Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android
So once again an update... it works everywhere once again, download new conf's files from github
Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android
First time trying and I get an error on import :
no endtag <//button> for starttag </button> found
Nexus 6p on mm
no endtag <//button> for starttag </button> found
Nexus 6p on mm
-
- Posts: 14
- Joined: Sun Mar 22, 2015 3:25 am
Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android
Mr Tealc Sir,
works like a charm. Mille Gracie.
works like a charm. Mille Gracie.
Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android
Are you using "OpenVPN for Android 0.6.47" application from Arne Schwabe ?furryguest wrote:First time trying and I get an error on import :
no endtag <//button> for starttag </button> found
Nexus 6p on mm
-
- Posts: 14
- Joined: Sun Mar 22, 2015 3:25 am
Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android
You're making the same mistake that I made (downloading the conf files directly from within github).furryguest wrote:First time trying and I get an error on import :
no endtag <//button> for starttag </button> found
Nexus 6p on mm
Download the lot directly https://github.com/tealcavalon/OpenVPN_ ... master.zip and extract the necessary confs from there.
Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android
Aha. Thanks, this worked !!wpaschukat wrote:You're making the same mistake that I made (downloading the conf files directly from within github).furryguest wrote:First time trying and I get an error on import :
no endtag <//button> for starttag </button> found
Nexus 6p on mm
Download the lot directly https://github.com/tealcavalon/OpenVPN_ ... master.zip and extract the necessary confs from there.
Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android
Ah, great. I recently upgraded my Nexus 5 to 5.1.1 (CM12.1), and haven't tested connection to CS yet. In a couple weeks I will probably be using CS connection heavily (at a con) so hopefully this will be a non-issue by then :p
---------------------------------------------------------------------------------------------------
You derive personal satisfaction from the continued existence of the near perfect day-night cycles of the hyper cube.....
You derive personal satisfaction from the continued existence of the near perfect day-night cycles of the hyper cube.....
► Show Spoiler
-
- Posts: 467
- Joined: Mon Aug 05, 2013 11:39 am
Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android
Thanks for the work put to the Android confs... much appreciated Sir!
Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android
Made some fresh configs with the currently available nodes - https://github.com/dfkt/cryptostorm-and ... pn-configs
They include remote-random, which seems to work just fine with the current version of Arne Schwabe's client.
They include remote-random, which seems to work just fine with the current version of Arne Schwabe's client.
-
- Posts: 467
- Joined: Mon Aug 05, 2013 11:39 am
Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android
Just when I was looking to update mobile configs, I notice this. Thanks!dfkt wrote:Made some fresh configs with the currently available nodes - https://github.com/dfkt/cryptostorm-and ... pn-configs
They include remote-random, which seems to work just fine with the current version of Arne Schwabe's client.
Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android
I have a problem with IPV6. Is there any way to block IPV6 connections on a non-rooted device? whatsmyipaddress.com sees my device IPV6 address and locates me precisely.
I know that cyrptostorm does not handle IPV6 addresses and that is not a problem on a PC, but on android this is an issue.
I just tried VyprVPN with whatsmyipaddress.com and it only showed my IPV4 address and the VPN assigned IP address.
How can I block IPV6 connections using OpenVPN/cyptostorm?
I know that cyrptostorm does not handle IPV6 addresses and that is not a problem on a PC, but on android this is an issue.
I just tried VyprVPN with whatsmyipaddress.com and it only showed my IPV4 address and the VPN assigned IP address.
How can I block IPV6 connections using OpenVPN/cyptostorm?
Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android
How do I disable IPv6? OpenVPN leaks my IPv6, or at least the config files do. My phone is not rooted so I am relying on the VPN client to deal with this. Can OpenVPN do this?
Blocking IPv6
Sorry about the double post before. I missed the moderation message before the page refreshed.
I wanted to add that I solved the IPv6 problem by doing the following workaround. I do not know if this works in all cases, but I tested it with www.ipv6leak.com and it reported that IPv6 is not leaking.
In OpenVPN under "Routing" tab, untick "Bypass VPN for local networks"
Under IPv6, untick "Use default Route" and enter a bogus local route under "Custom Routes".
This sends all IPv6 routing requests nowhere...
I wanted to add that I solved the IPv6 problem by doing the following workaround. I do not know if this works in all cases, but I tested it with www.ipv6leak.com and it reported that IPv6 is not leaking.
In OpenVPN under "Routing" tab, untick "Bypass VPN for local networks"
Under IPv6, untick "Use default Route" and enter a bogus local route under "Custom Routes".
This sends all IPv6 routing requests nowhere...
Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android
Hi.
Where can I find the .conf files for Android? I don't see them on Github.
Thanks.
Where can I find the .conf files for Android? I don't see them on Github.
Thanks.
-
- Posts: 467
- Joined: Mon Aug 05, 2013 11:39 am
Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android
https://github.com/cryptostorm/cryptost ... tion_filesWinehouse wrote:Hi.
Where can I find the .conf files for Android? I don't see them on Github.
Thanks.
The conf files you are looking for are located in the LINUX directory...
Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android
Hi, For me it does not work anymore, I change smartphone
I installed open vpn, but when i want to import a config he says :
" No endtag <//head> for startag </head> found "
Do you have a solution ?
thanks
I installed open vpn, but when i want to import a config he says :
" No endtag <//head> for startag </head> found "
Do you have a solution ?
thanks
-
- Posts: 467
- Joined: Mon Aug 05, 2013 11:39 am
Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android
CS on my Samsung Galaxy S2, running LineageOS 14.1, build date 08/01 is working fine. But I use OpenVPN for Android by Arne Schwabe.kakoulo wrote:Hi, For me it does not work anymore, I change smartphone
I installed open vpn, but when i want to import a config he says :
" No endtag <//head> for startag </head> found "
Do you have a solution ?
thanks
I just had a look at my .conf / .ovpn file, and I couldn't find any head tags in it.
Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android
Sounds like you downloaded the config from GitHub. Left click on the config file, then click "raw". Save that into a config file, and then import it.kakoulo wrote:Hi, For me it does not work anymore, I change smartphone
I installed open vpn, but when i want to import a config he says :
" No endtag <//head> for startag </head> found "
Do you have a solution ?
thanks
Android config import issue
Android 7.1.1 on Pixel
OpenVPN for Android 0.6.65, have working vpn configs
Tried linux and android ovpn files (raw) from github and android tutorials, which are linked in the token email.
Issue: nothing is being imported fromt the ovpn file. No server list, no certs, nothing. Import log says: your config had a few options that are not mapped to UI configurations.
How do I get it going on android?
OpenVPN for Android 0.6.65, have working vpn configs
Tried linux and android ovpn files (raw) from github and android tutorials, which are linked in the token email.
Issue: nothing is being imported fromt the ovpn file. No server list, no certs, nothing. Import log says: your config had a few options that are not mapped to UI configurations.
How do I get it going on android?
Re: Android config import issue
Have you tried these very same config files on a previous version of Android? Did they work? Did you have to edit them in any way?user name wrote:Android 7.1.1 on Pixel
OpenVPN for Android 0.6.65, have working vpn configs
Tried linux and android ovpn files (raw) from github and android tutorials, which are linked in the token email.
Issue: nothing is being imported fromt the ovpn file. No server list, no certs, nothing. Import log says: your config had a few options that are not mapped to UI configurations.
How do I get it going on android?
Re: Android config import issue
I don't have access to older Android versions. But I do have other VPN servers set up and running on my current 7.1.1 phone.parityboy wrote: Have you tried these very same config files on a previous version of Android? Did they work? Did you have to edit them in any way?
Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android
It is very disappoining to see such slow support response here. Days between me sending a post and it appearing, forget about getting an answer. My 1 week test token is about to expire, still no working android config.
Re: HOWTO: cryptostorm on Android non-root | cryptostorm.org/android
@user name
Does the config file have multiple <remote></remote> tags? If so, could you try removing the tags?
For example:
Does the config file have multiple <remote></remote> tags? If so, could you try removing the tags?
For example:
Code: Select all
# this is the cryptostorm.is client settings file, versioning...
# cstorm_linux-rome_1-4.conf
# last update date: 12 January 2014
# it is intended to provide connection solely to our London-based exitnode cluster... yay bad food! ;-)
# DNS resolver redundancy provided by TLD-striped, randomised lookup queries
# Chelsea Manning is indeed a badassed chick: #FreeChelsea!
# also... FuckTheNSA - for reals. W00d!
client
dev tun
resolv-retry 16
nobind
persist-tun
persist-key
float
remote-random
# randomizes selection of connection profile from list below, for redundancy against...
# DNS blacklisting-based session blocking attacks
# Exit node mappings for Rome
remote linux-rome.cryptostorm.net 443 udp
remote linux-rome.cryptostorm.org 443 udp
remote linux-rome.cryptostorm.nu 443 udp
remote linux-rome.cstorm.pw 443 udp
comp-lzo no
# specifies refusal of link-layer compression defaults
# we prefer compression be handled elsewhere in the OSI layers
# see forum for ongoing discussion - https://cryptostorm.org/viewtopic.php?f=38&t=5981
down-pre
# runs client-side "down" script prior to shutdown, to help minimise risk...
# of session termination packet leakage
allow-pull-fqdn
# allows client to pull DNS names from server
# we don't use but may in future leakblock integration
explicit-exit-notify 3
# attempts to notify exit node when client session is terminated
# strengthens MiTM protections for orphan sessions
hand-window 37
# specified duration (in seconds) to wait for the session handshake to complete
# a renegotiation taking longer than this has a problem, & should be aborted
mssfix 1400
# congruent with server-side --fragment directive
auth-user-pass
# passes up, via bootstrapped TLS, SHA512 hashed token value to authenticate to darknet
# auth-retry interact
# 'interact' is an experimental parameter not yet in our production build.
ca ca2.crt
# specification & location of server-verification PKI materials
# for details, see http://pki.cryptostorm.org
<ca>
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgIJAKekpGXxXvhbMA0GCSqGSIb3DQEBCwUAMIG6MQswCQYD
VQQGEwJDQTELMAkGA1UECBMCUUMxETAPBgNVBAcTCE1vbnRyZWFsMTYwNAYDVQQK
FC1LYXRhbmEgSG9sZGluZ3MgTGltaXRlIC8gIGNyeXB0b3N0b3JtX2RhcmtuZXQx
ETAPBgNVBAsTCFRlY2ggT3BzMRcwFQYDVQQDFA5jcnlwdG9zdG9ybV9pczEnMCUG
CSqGSIb3DQEJARYYY2VydGFkbWluQGNyeXB0b3N0b3JtLmlzMB4XDTE0MDQyNTE3
MTAxNVoXDTE3MTIyMjE3MTAxNVowgboxCzAJBgNVBAYTAkNBMQswCQYDVQQIEwJR
QzERMA8GA1UEBxMITW9udHJlYWwxNjA0BgNVBAoULUthdGFuYSBIb2xkaW5ncyBM
aW1pdGUgLyAgY3J5cHRvc3Rvcm1fZGFya25ldDERMA8GA1UECxMIVGVjaCBPcHMx
FzAVBgNVBAMUDmNyeXB0b3N0b3JtX2lzMScwJQYJKoZIhvcNAQkBFhhjZXJ0YWRt
aW5AY3J5cHRvc3Rvcm0uaXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDJaOSYIX/sm+4/OkCgyAPYB/VPjDo9YBc+zznKGxd1F8fAkeqcuPpGNCxMBLOu
mLsBdxLdR2sppK8cu9kYx6g+fBUQtShoOj84Q6+n6F4DqbjsHlLwUy0ulkeQWk1v
vKKkpBViGVFsZ5ODdZ6caJ2UY2C41OACTQdblCqaebsLQvp/VGKTWdh9UsGQ3LaS
Tcxt0PskqpGiWEUeOGG3mKE0KWyvxt6Ox9is9QbDXJOYdklQaPX9yUuII03Gj3xm
+vi6q2vzD5VymOeTMyky7Geatbd2U459Lwzu/g+8V6EQl8qvWrXESX/ZXZvNG8QA
cOXU4ktNBOoZtws6TzknpQF3AgMBAAGjggEjMIIBHzAdBgNVHQ4EFgQUOFjh918z
L4vR8x1q3vkp6npwUSUwge8GA1UdIwSB5zCB5IAUOFjh918zL4vR8x1q3vkp6npw
USWhgcCkgb0wgboxCzAJBgNVBAYTAkNBMQswCQYDVQQIEwJRQzERMA8GA1UEBxMI
TW9udHJlYWwxNjA0BgNVBAoULUthdGFuYSBIb2xkaW5ncyBMaW1pdGUgLyAgY3J5
cHRvc3Rvcm1fZGFya25ldDERMA8GA1UECxMIVGVjaCBPcHMxFzAVBgNVBAMUDmNy
eXB0b3N0b3JtX2lzMScwJQYJKoZIhvcNAQkBFhhjZXJ0YWRtaW5AY3J5cHRvc3Rv
cm0uaXOCCQCnpKRl8V74WzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IB
AQAK6B7AOEqbaYjXoyhXeWK1NjpcCLCuRcwhMSvf+gVfrcMsJ5ySTHg5iR1/LFay
IEGFsOFEpoNkY4H5UqLnBByzFp55nYwqJUmLqa/nfIc0vfiXL5rFZLao0npLrTr/
inF/hecIghLGVDeVcC24uIdgfMr3Z/EXSpUxvFLGE7ELlsnmpYBxm0rf7s9S9wtH
o6PjBpb9iurF7KxDjoXsIgHmYAEnI4+rrArQqn7ny4vgvXE1xfAkFPWR8Ty1ZlxZ
gEyypTkIWhphdHLSdifoOqo83snmCObHgyHG2zo4njXGExQhxS1ywPvZJRt7fhjn
X03mQP3ssBs2YRNR5hR5cMdC
-----END CERTIFICATE-----
</ca>
ns-cert-type server
# requires TLS-level confirmation of categorical state of server-side certificate for MiTM hardening.
auth SHA512
# data channel HMAC generation
# heavy processor load from this parameter, but the benefit is big gains in packet-level...
# integrity checks, & protection against packet injections / MiTM attack vectors
cipher AES-256-CBC
# data channel stream cipher methodology
# we are actively testing CBC alternatives & will deploy once well-tested...
# cipher libraries support our choice - AES-GCM is looking good currently
replay-window 128 30
# settings which determine when to throw out UDP datagrams that are out of order...
# either temporally or via sequence number
tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA
# implements 'perfect forward secrecy' via TLS 1.x & its ephemeral Diffie-Hellman...
# see our forum for extensive discussion of ECDHE v. DHE & tradeoffs wrt ECC curve choice
# http://ecc.cryptostorm.org
tls-client
key-method 2
# specification of entropy source to be used in initial generation of TLS keys as part of session bootstrap
log devnull.txt
verb 0
mute 1
# sets logging verbosity client-side, by default, to zero
# no logs kept locally of connections - this can be changed...
# if you'd like to see more details of connection initiation & negotiation