Later in the thread the CS team state that they've updated the .conf files to handle linux NetworkManager connections, and then some peeps say that it's been fixed for them. But as this was in January of this year things have been switched over because of Heartbleed (that was this year right?) and so the servers have been updated. But it seems that now the *official* conf files posted no longer work with the *official* post-heartbleed cert file, or at least they don't for me using Linux Mint (Network Manager). And while I seem to be one of the few non-programmer types using CS and linux that I've now ended up with a direct IP workaround (which, from what you've posted, is not the end of the world but I will have to come back here to check anytime the server IP gets changed (nbd)), it seems like I should make a formal request (herein) to have the CS_Support team to update the .conf files to work with the post-heartbleed certs on Ubuntu & derivatives. So that my client-experience would be standard with other platforms (windows, etc.) Not that either way of connecting affects me profusely, I'm just happy that it works now.
The official conf files are, to be blunt, something of a mess right now.
This is mostly the result of our decision to bridge the heartbleed gap with pre- and
post-heartbleed instances on servers. That decision reflected an understanding of how important backwards compatability is for many of our members: think of folks who have "baked-in" settings to gadgets such as routers or other hard-to-update devices. If we just shut off all pre-hb instances, they'd see sessions drop immediately and that is simply not the right security choice. In those contexts, members were deploying upgrades in a scheduled, tested manner along the lines of IT operations procedures.
Anyway, blah blah... point is, we found ourselves with a bit of a mess in the confs due to the heartbleed reaction and our slow-but-steady move to full HAF compliance. This has been a tedious, time-intensive, high-stakes process that has gone on behind the scenes for months. We are now - finally - starting to roll out configuration files with the new (HAF-compliant) 1.4 settings in them.
Once those 1.4's are all complete - a project coming very close to fruition this week, with the addition of our HAF-compliant central US exitnode cluster
- we will go through and ruthlessly prune all old conf's from the forum. That transition also shuts down the final remaining pre-hb instances, as we've worked most all members through the instance upgrade process and thus can finally spin them down entirely.
Net result is that the config files, from 1.4 forward, will be vastly less complex, contradictory, and likely to need major updates to retain full functionality moving forward.
The best we can do is apologise for the ugly little mess that's been present, meanwhile, when it comes to conf's. Windows folks mostly just use our widget
to connect, and thus are shielded from all this by our updates of onboard widget conf's with each build. Linux (and OSX) folks get the full brunt of the conf messiness, and the best we can do is apologise for that and continue to work hard towards the completion of the 1.4 upgrade.
I'm also comfortable sharing that we've had a good bit of healthy team debate about many of the issues relating to the 1.4 upgrade, HAF, pre/post-hb procedures, and so forth. Each one of these topics, interestingly enough, tends to dig into deeper, more long-range questions and that's allowed us to really refine our goals as a team for 2015 and beyond. It hasn't helped get the 1.4 deploy finished, to be honest... but it's really helped the project overall, even so.
In the event, apologies for the hassle - the cause is us, not you. We're working fast - but carefully - to get to a place in 1.4 where these issues are only fading memories.
: there's also an interesting self-selection bias at work here, in that many/most folks posting here in the forum seem to be technically minded and often are Linux users. Thus, one might conclude that most cryptostorm members fit that profile - which I'd say is almost certainly not true (can't say for sure, as we know next to nothing about nearly all our members, due to the token model). Rather, the silent majority of cryptostorm members using the widget to connect simply never come to the forum, let alone post with questions or problems to resolve. Thus, their silent voices don't balance out us geeks clicking away endlessly on our keyboards in here