Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit here or GitHub Ξ
Ξ If you're looking for tutorials/guides, check out the new https://cryptostorm.is/#section6 Ξ

New configuration files - my setup issues

Looking for assistance with a cryptostorm connection issue? Post here & we'll help out. Also: if you're not sure where to post, do so here & we'll move things around as needed. Also: for quickest support, email our oddly calm & easygoing support reps at support@cryptostorm.is :)

Topic Author
cryptomon
Posts: 22
Joined: Fri Feb 23, 2018 7:32 am

New configuration files - my setup issues

Postby cryptomon » Fri Oct 12, 2018 4:35 am

So I've updated to the new ECC configuration files using openvpn. A bit confused as to whether I should be using the default /ecc, /ed448 or /ed25519. Is this just personal preference based on the papers written about them?

My firewall settings are unchanged, but now the check page says I'm not connected to CS https://cryptostorm.is/test, whilst it displays an ip address of an exit node. Not sure what to look at here to fix this as I thought I had the firewall leaks etc solved. Suggestions welcome.

Using UFW is there some general recommended settings to set up a leak proof firewall? Thanks.

User avatar

parityboy
Site Admin
Posts: 1264
Joined: Wed Feb 05, 2014 3:47 am

Re: New configuration files - my setup issues

Postby parityboy » Sat Oct 13, 2018 7:03 am

@OP

I'd guess that the IP addresses of the new ecc/ed448/ed25519 instances are not yet in the check databases.


Topic Author
cryptomon
Posts: 22
Joined: Fri Feb 23, 2018 7:32 am

Re: New configuration files - my setup issues

Postby cryptomon » Sun Oct 14, 2018 5:16 am

That sounds about right because a day or two later later I started getting the okay (green colour) from the web checks.

I notice also from my output that there are now about 2368 exit node IP addresses from CS plus the 28 resolvers. This is an impressive list.

As far as UFW goes I haven't found a better way than placing every exit node IP address into my firewall rules e.g.
ufw allow out log-all to 162.221.207.75 port 5060 proto udp comment "montreal.cstorm.is | "

and every resolver as well e.g.
ufw allow out log-all to 212.129.46.86 port 443 proto udp comment "DNS resolver cs-fr|CS France DNSCrypt server|Paris France|212.129.46.86:443"


Return to “member support & tech assistance”

Who is online

Users browsing this forum: ghgfdhfdgjhfg, Google [Bot] and 24 guests

Login