Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
∞ take a peek at our legendary cryptostorm_is twitter feed if you're into that kind of thing ∞
Ξ we're rolling out voodoo network security across cryptostorm - big things happening, indeed! Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit GitHub Ξ

Android HOWTO, alternative version - see cryptostorm.org/android for consensus preferred

Looking for a bit more than customer support, and want to learn more about what cryptostorm is , what we've been announcing lately, and how the cryptostorm network makes the magic? This is a great place to start, so make yourself at home!
User avatar

Topic Author
cryptostorm_support
ForumHelper
Posts: 296
Joined: Sat Jan 26, 2013 4:31 am
Contact:

Android HOWTO, alternative version - see cryptostorm.org/android for consensus preferred

Postby cryptostorm_support » Mon Dec 08, 2014 3:54 am

EDIT: The hostnames referred to in some posts below such as "raw-balancer-dynamic" are now obsolete. The current syntax is "linux-balancer".

As is happening with other threads, we’re in the process of cleaning up old tutorials in the attempt to make getting connected as easy and straightforward as possible. Toward that effort, we’re retiring the old tutorials that have a lot of old information that may just confuse people, but there's still a lot of useful information available within the old Android tutorial for those so interested.

We want to thank everyone involved in making the old Android connection tutorial, and also everyone who helped make the cryptofree tutorial (as that is what this guide is based off of). All of you are awesome. :D

Android Connection Tutorial (using OpenVPN for Android)

The following steps assumes you have obtained a token and have had it hashed. (The easiest method is to go HERE, but make sure the token field is cleared completely before pasting your token)

1. Download and install OpenVPN for Android from the Google Play Store (or elsewhere, if that’s what you’re in to).
2. Download a cryptostorm configuration file (for android) onto your device.

You can use any (or all) of the following configurations, but changes to settings (ie. step 7 below) will need to be done for each configuration you install


3. Open your OpenVPN for Android client, and click the folder icon in the upper-right corner of the window (an older version of OpenVPN for Andoid (such as that shown in the images in the cryptofree tutorial) had the icon in the bottom-right)
  android2.png
4. browse through your directory (start by selecting where the red box is placed in the picture below) and find where you saved your configuration file, then select it.
  Android1.png
5. You’ll see a log of all the things OpenVPN reads from the configuration file during its import. Click the disk icon in the lower right to save the configuration
  android3.png
6. Back at the main window you should see the configuration listed that we just added, but before we connect we need to make one change to the settings, so click the options button next to your installed configuration
  Screenshot_2014-12-08-10-56-10.png
7. Select the Server List tab at the top, and then push the button next to where it says "Use connection entries in random order on connect" so that it slides to the right in its "activated" form. Next, back out of the options menu to go to the main menu.
  Screenshot_2014-12-08-11-34-27.png

  8. Back in the main window, select the configuration you installed and you should be asked for your username and password.
  9. Enter your hashed token into the username field and enter anything as a password. Check the box to remember your password for future connects.
  10. If all goes well you should be connected successfully. If you wish to disconnect, select the OpenVPN for Android icon from the top pulldown menu and you should see the following menu
   android4.png
Simply select disconnect to disconnect.

That’s it!

If there are any questions or concerns, please post them here or email to our support channel: [email protected]

The official OpenVPN client requires different configuration file input, but if there are requests for such turorials we can definitely put one together

EDIT(S):
December 8, 2014 - Edited balancer config and tutorial to allow multiple connect commands

March 27, 2015 - Updated the Balancer configuration (so it works again) and also uploaded configurations for all other nodes
cryptostorm_support shared support team forum account
PLEASE DON'T SEND PRIVATE MESSAGES with support questions!
--> feel free to use any of our other contact channels, or post in the support forum
cryptostorm: structurally anonymous, token-based, unlimited ☂ bandwidth, opensource, darknet data security for everyone!
keybase.io validatorsonename.io validatorsPGP key @ MITnetwork statuscryptostorm github
support team bitmessage address: BM-2cTMH8K5JnjbfSALjZtSkRWCLfc3Tr8GBV
support team email: [email protected]
live chat support: #cryptostorm

User avatar

vpnDarknet
Posts: 129
Joined: Thu Feb 27, 2014 2:42 pm
Contact:

Re: HOWTO: Android

Postby vpnDarknet » Mon Dec 08, 2014 10:47 am

Sweet, although receiving error: "Cannot resolve host address"
Other nodes are connecting with same credentials, any ideas?
Buy your tokens via vpnDark.net and cryptostorm cannot and does not know anything about users - no link between a token & purchase details
Unofficial Wiki cryptostorm access guide
Ways to talk to me

User avatar

Topic Author
cryptostorm_support
ForumHelper
Posts: 296
Joined: Sat Jan 26, 2013 4:31 am
Contact:

Re: HOWTO: Android

Postby cryptostorm_support » Mon Dec 08, 2014 9:05 pm

When we did some testing with OpenVPN for Android, it did not support remote random, so as a stopgap we had the following in the config files

Code: Select all

# If anyone blocks a DNS, uncomment another
remote raw-balancer-dynamic.cryptostorm.net 443 udp
#remote raw-balancer-dynamic.cryptostorm.org 443 udp
#remote raw-balancer-dynamic.cryptokens.ca 443 udp
#remote raw-balancer-dynamic.cstorm.pw 443 udp
#remote raw-balancer-dynamic.cryptostorm.nu 443 udp


Where if one did not work for whatever reason you had to manually comment it out, and uncomment the next one and try again. I just did some digging however, and it does support it now in a slightly different way, so I've updated the tutorial and the configuration that goes with it.
cryptostorm_support shared support team forum account
PLEASE DON'T SEND PRIVATE MESSAGES with support questions!
--> feel free to use any of our other contact channels, or post in the support forum
cryptostorm: structurally anonymous, token-based, unlimited ☂ bandwidth, opensource, darknet data security for everyone!
keybase.io validatorsonename.io validatorsPGP key @ MITnetwork statuscryptostorm github
support team bitmessage address: BM-2cTMH8K5JnjbfSALjZtSkRWCLfc3Tr8GBV
support team email: [email protected]
live chat support: #cryptostorm

User avatar

vpnDarknet
Posts: 129
Joined: Thu Feb 27, 2014 2:42 pm
Contact:

Re: HOWTO: Android

Postby vpnDarknet » Tue Dec 09, 2014 11:15 am

F-Droid must have an older version of OpenVPN, as I get no Server List tab.
I've tried changing the balancer's manually, although no luck just yet... off to find a recent copy of OpenVPN
Buy your tokens via vpnDark.net and cryptostorm cannot and does not know anything about users - no link between a token & purchase details
Unofficial Wiki cryptostorm access guide
Ways to talk to me

User avatar

DesuStrike
ForumHelper
Posts: 346
Joined: Thu Oct 24, 2013 2:37 pm

Re: HOWTO: Android

Postby DesuStrike » Wed Dec 10, 2014 2:03 am

Very nicely done! I just updated my leakblock guide and was going to make an updated Android guide but you beat me to it. *phew* less work for me! hehe

@vpnDarknet: You might got an outdated version on F-Droid but this is not the reason for your connection problems. It's the leakblock if you use my Android guide. Remember our IRC chat about that? We block EVERYTHING until we are connected to the VPN thus we need to use IPs because the device cannot resolve the hostnames. If you want to use hostnames like suggested in this guide (and according to the staffer stance on this topic) you must enable DNS Proxy via Netd in AFWall+. (Lowest option in the preferences.)

Please consider that this does make you vulnarable to DNS-Leaks because of an old android bug that causes unpredictable fallbacks to ISP (or router DHCP) provided DNS-Servers. You know my opinion about weaking leakblock just for using hostnames but this whole topic is very controversial so you must decide for yourself. ;)
home is where the artillery hits

User avatar

vpnDarknet
Posts: 129
Joined: Thu Feb 27, 2014 2:42 pm
Contact:

Re: HOWTO: Android

Postby vpnDarknet » Wed Dec 10, 2014 9:59 am

Thanks for that man, hope Android fix the issue, although doubt it's high up their priority list
Buy your tokens via vpnDark.net and cryptostorm cannot and does not know anything about users - no link between a token & purchase details
Unofficial Wiki cryptostorm access guide
Ways to talk to me


DudeOfLondon
Posts: 105
Joined: Sat Jan 10, 2015 5:14 pm

Re: HOWTO: Android

Postby DudeOfLondon » Sat Jan 10, 2015 5:23 pm

Hi,
do you have a config for android for the official OpenVPN app?

If I take the balancer_android1_4.conf I have to rename it to balancer_android1_4.ovpn so that the import into the app works. But then when the app says: "Error reading file referenced by profile: ca.crt: cannot open: /sdcard/Download/ca.crt"
Obviously there is no ca.crt in the same directory as the ovpn file.

If I understand it correctly, the ca.crt is already embedded in the balancer_android1_4.conf. But why does the app search for a seperate ca.crt file?

User avatar

jlg
Posts: 90
Joined: Mon May 05, 2014 2:44 am

Re: HOWTO: Android

Postby jlg » Sat Jan 10, 2015 6:02 pm

vpnDarknet wrote:F-Droid must have an older version of OpenVPN, as I get no Server List tab.
I've tried changing the balancer's manually, although no luck just yet... off to find a recent copy of OpenVPN


Generally F-Droid only have the libre/free versions of software and generally if it's also on Google Play the F-Droid
version is very out of date. Just from what I've seen anyway. I hope this helps.


DudeOfLondon
Posts: 105
Joined: Sat Jan 10, 2015 5:14 pm

Re: Android HOWTO, alternative version - see cryptostorm.org/android for consensus preferred

Postby DudeOfLondon » Sun Jan 11, 2015 11:59 pm

So I found the ca2.crt in the pinned forum topic. I placed it in /sdcard and renamed the line in the balancer_android1_4.conf to point to ca2.crt instead of ca.crt
I then hashed my token and entered it into the username field.

But I still can't connect.
The log shows:
VERIFY OK: depth=1
error rendering cert
VERIFY OK: depth=0
error rendering cert
Session invalidated:
KEV_NEGOTIATE_ERROR


DudeOfLondon
Posts: 105
Joined: Sat Jan 10, 2015 5:14 pm

Re: Android HOWTO, alternative version - see cryptostorm.org/android for consensus preferred

Postby DudeOfLondon » Mon Jan 12, 2015 3:06 pm

So I just entered a password instead of leaving it empty and then the app connected finally.

But... as soon as I try to surf a website in chrome, it takes 15 seconds then brings up an error message in the browser (network timeout). After that the openvpn app reconnects but fails to authenticate and the vpn connection is lost....until I manually reconnect.

And this goes on and on, I can't surf while connected.

User avatar

DesuStrike
ForumHelper
Posts: 346
Joined: Thu Oct 24, 2013 2:37 pm

Re: Android HOWTO, alternative version - see cryptostorm.org/android for consensus preferred

Postby DesuStrike » Mon Jan 12, 2015 3:24 pm

@DudeOfLondon

You don't need a seperate certificate file because all configs come with one inline. So my suggestion would be to clear all imported configurations, import your desired one and don't touch the cert options. Arne's OpenVPN client will grab it automatically.

Haha... You just posted while I wrote this. Well, your findings look like a misconfiguration. So my suggestions still stands. ;)
home is where the artillery hits


DudeOfLondon
Posts: 105
Joined: Sat Jan 10, 2015 5:14 pm

Re: Android HOWTO, alternative version - see cryptostorm.org/android for consensus preferred

Postby DudeOfLondon » Mon Jan 12, 2015 6:37 pm

But if I don't provide a ca.crt file and just import the "balancer_android1_4.ovpn", the openVpn app complains: "Error reading file referenced by profile: ca.crt: cannot open: /sdcard/Download/ca.crt"
If I connect it takes a while and it connects.

If I surf to a webpage, it takes a few seconds. Then the browser says connection error, then suddenly the page loads (because the VPN connection has dropped) and after the page has loaded the VPN reconnects. And stays connected for a few seconds, then suddenly reconnects on its own.

EDIT: I've read that mssfix isn't supported by OPenVPN App. But if I comment it out, I get an authentication error.

EDIT2: To start from scratch: Has anyone ever gotten a stable connection with the official app? https://play.google.com/store/apps/deta ... pn.openvpn

User avatar

DesuStrike
ForumHelper
Posts: 346
Joined: Thu Oct 24, 2013 2:37 pm

Re: Android HOWTO, alternative version - see cryptostorm.org/android for consensus preferred

Postby DesuStrike » Tue Jan 13, 2015 1:43 am

Ahhh! Sorry, I just saw you use the "original" OpenVPN client for android.

I don't know the official support status for this but let me tell you from my personal experience that the "official" android client is total crap and not really compatible with CryptoStorm. In the past they often lagged behind months with implementing important features and bug fixes. So if the "official" client was ever compatible at some point it very well became incompatible again by now.

I really do recommend Arne Schwabes OpenVPN for Android. This guy has a spotless track record in the community and always provides the most recent changes with max 1-2 days delay which are mostly caused by Google needing to approve the new version. (If you grab apps from the PlayStore.)
So not only for compatibility reasons but also for security reasons you really should consider changing clients.
home is where the artillery hits


DudeOfLondon
Posts: 105
Joined: Sat Jan 10, 2015 5:14 pm

Re: HOWTO: Android

Postby DudeOfLondon » Tue Jan 13, 2015 2:11 am

vpnDarknet wrote:F-Droid must have an older version of OpenVPN, as I get no Server List tab.
I've tried changing the balancer's manually, although no luck just yet... off to find a recent copy of OpenVPN


I now downloaded the latest version from FDroid 0.6.17.
I have the same problem, there is no Server tab and no way to enable "Use connection entries in random order on connect"

I can't connet:

Code: Select all

ICS OpenVPN log Datei
2015-01-12 22:15:01 Modell A0001 (MSM8974) oneplus, Android API 19, version 0.6.17, F-Droid built and signed version
2015-01-12 22:15:01 Protokoll gelöscht.
2015-01-12 22:15:14 Generiere OpenVPN Konfiguration…
2015-01-12 22:15:16 started Socket Thread
2015-01-12 22:15:16 Warning: Error redirecting stdout/stderr to --log file: devnull.txt: Read-only file system (errno=30)
2015-01-12 22:15:16 Current Parameter Settings:
2015-01-12 22:15:16 NOTE: --mute triggered...
2015-01-12 22:15:16 181 variation(s) on previous 1 message(s) suppressed by --mute
2015-01-12 22:15:16 OpenVPN 2.4-icsopenvpn [git:icsopenvpn_615-c430ab0e0cef9994] android-14-armeabi-v7a [SSL (OpenSSL)] [LZO] [SNAPPY] [LZ4] [EPOLL] [MH] [IPv6] built on Jul  3 2014
2015-01-12 22:15:16 library versions: OpenSSL 1.0.1h 5 Jun 2014, LZO 2.06
2015-01-12 22:15:16 MANAGEMENT: Connected to management server at /data/data/de.blinkt.openvpn/cache/mgmtsocket
2015-01-12 22:15:16 MANAGEMENT: CMD 'hold release'
2015-01-12 22:15:16 NOTE: --mute triggered...
2015-01-12 22:15:16 Netzwerkstatus: CONNECTED  to WIFI "Skywing_nomap"
2015-01-12 22:15:17 5 variation(s) on previous 1 message(s) suppressed by --mute
2015-01-12 22:15:17 LZO compression initializing
2015-01-12 22:15:17 Control Channel MTU parms [ L:1602 D:138 EF:38 EB:0 ET:0 EL:0 ]
2015-01-12 22:15:17 MANAGEMENT: >STATE:1421097317,RESOLVE,,,
2015-01-12 22:15:17 Data Channel MTU parms [ L:1602 D:1400 EF:102 EB:403 ET:0 EL:0 ]
2015-01-12 22:15:17 Local Options String: 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-client'
2015-01-12 22:15:17 NOTE: --mute triggered...
2015-01-12 22:15:17 1 variation(s) on previous 1 message(s) suppressed by --mute
2015-01-12 22:15:17 Local Options hash (VER=V4): '9c102b00'
2015-01-12 22:15:17 NOTE: --mute triggered...
2015-01-12 22:15:17 1 variation(s) on previous 1 message(s) suppressed by --mute
2015-01-12 22:15:17 TCP/UDP: Preserving recently used remote address: [AF_INET]46.165.222.248:443
2015-01-12 22:15:17 Socket Buffers: R=[163840->163840] S=[163840->163840]
2015-01-12 22:15:17 Protecting socket fd 4
2015-01-12 22:15:17 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
2015-01-12 22:15:17 UDP link local: (not bound)
2015-01-12 22:15:17 UDP link remote: [AF_INET]46.165.222.248:443
2015-01-12 22:15:17 MANAGEMENT: >STATE:1421097317,WAIT,,,
2015-01-12 22:15:17 NOTE: --mute triggered...
2015-01-12 22:15:17 1 variation(s) on previous 1 message(s) suppressed by --mute
2015-01-12 22:15:17 TLS: Initial packet from [AF_INET]46.165.222.248:443, sid=e76166c8 07b0eb81
2015-01-12 22:15:17 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2015-01-12 22:15:18 VERIFY OK: depth=1, C=CA, ST=QC, L=Montreal, O=Katana Holdings Limite /  cryptostorm_darknet, OU=Tech Ops, CN=cryptostorm_is, [email protected]
2015-01-12 22:15:18 NOTE: --mute triggered...
2015-01-12 22:15:18 7 variation(s) on previous 1 message(s) suppressed by --mute
2015-01-12 22:15:18 [server] Peer Connection Initiated with [AF_INET]46.165.222.248:443
2015-01-12 22:15:19 MANAGEMENT: >STATE:1421097319,GET_CONFIG,,,
2015-01-12 22:15:20 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
2015-01-12 22:15:20 AUTH: Received control message: AUTH_FAILED
2015-01-12 22:15:20 SIGTERM received, sending exit notification to peer
2015-01-12 22:15:23 TCP/UDP: Closing socket
2015-01-12 22:15:23 SIGTERM[soft,exit-with-notification] received, process exiting
2015-01-12 22:15:23 MANAGEMENT: >STATE:1421097323,EXITING,exit-with-notification,,

User avatar

marzametal
Posts: 487
Joined: Mon Aug 05, 2013 11:39 am

Re: Android HOWTO, alternative version - see cryptostorm.org/android for consensus preferred

Postby marzametal » Tue Jan 13, 2015 2:28 am

The latest Arne Schwabe version is 0.6.26... FDroid hasn't updated their repository...
You can get the latest version here - OpenVPN for Android... just click on the "ics-openvpn-latest-stable.apk" file :)


DudeOfLondon
Posts: 105
Joined: Sat Jan 10, 2015 5:14 pm

Re: Android HOWTO, alternative version - see cryptostorm.org/android for consensus preferred

Postby DudeOfLondon » Tue Jan 13, 2015 2:42 am

Thanks for the link. I now have the latest version 0.6.26
I did everything like mentioned in the first post, but still can't connect and get the same error log like you see 2 posts above.

I can connect two devices at the same time, right?
I am connected on my PC while trying to connect with my smart phone via WLAN.

User avatar

marzametal
Posts: 487
Joined: Mon Aug 05, 2013 11:39 am

Re: Android HOWTO, alternative version - see cryptostorm.org/android for consensus preferred

Postby marzametal » Tue Jan 13, 2015 2:54 am

DudeOfLondon wrote:Thanks for the link. I now have the latest version 0.6.26
I did everything like mentioned in the first post, but still can't connect and get the same error log like you see 2 posts above.

I can connect two devices at the same time, right?
I am connected on my PC while trying to connect with my smart phone via WLAN.

Bit of a cloud fog with that one...
I think I read that you need a token for each device. However, I think I also read as long as your devices pick a different exit node you are fine.

EG: Last night I had Windows Mishigami for PC and Windows Cantus for Android device.

Question: [server] Peer Connection Initiated with [AF_INET]46.165.222.248:443
...why is it x.x.x.248 ? Shouldn't it be 245?

EDIT: have you tried to go the manual approach, using the exit node IP instead of a balancer...


DudeOfLondon
Posts: 105
Joined: Sat Jan 10, 2015 5:14 pm

Re: Android HOWTO, alternative version - see cryptostorm.org/android for consensus preferred

Postby DudeOfLondon » Tue Jan 13, 2015 3:19 am

Yeah, in the Desktop connection widget Cantus is 46.165.222.245:443 and not xxx.....248
I tried to disable all those servers in the server list and only enter 46.165.222.245:443. But I still get "auth_failed"
I not only tried the node which I use on my Desktop PC, but also differing nodes. So that the devices use different nodes.
But I still get "auth_failed"

User avatar

marzametal
Posts: 487
Joined: Mon Aug 05, 2013 11:39 am

Re: Android HOWTO, alternative version - see cryptostorm.org/android for consensus preferred

Postby marzametal » Tue Jan 13, 2015 3:29 am

Is there an invisible space at the end of your hashed token? "Auth failed" error comes up for that... can't help ya' much from here... grrr
Just for a shitstir, enter the has into - https://cryptostorm.nu/... it's also a good way to check for an invisible space


DudeOfLondon
Posts: 105
Joined: Sat Jan 10, 2015 5:14 pm

Re: Android HOWTO, alternative version - see cryptostorm.org/android for consensus preferred

Postby DudeOfLondon » Tue Jan 13, 2015 3:40 am

WOW!
I just compared the hash on my Android devices with the hash stored in the Desktop client. On the Android device the cash is cut off at about half of the length!

Now it finally works, thank you for that!

Don't know how that happened. This time I hashed my token on my pc instead via the android browser. And copied the hashed token via a txt file onto the android devices. And it didn't cut off.
Before that I copied the user name over from the field in the official ovpn app. Maybe it cut off the user name at a given length.
Last edited by DudeOfLondon on Tue Jan 13, 2015 3:49 am, edited 2 times in total.

User avatar

marzametal
Posts: 487
Joined: Mon Aug 05, 2013 11:39 am

Re: Android HOWTO, alternative version - see cryptostorm.org/android for consensus preferred

Postby marzametal » Tue Jan 13, 2015 3:45 am

LOL... errrrrrrrr!


DudeOfLondon
Posts: 105
Joined: Sat Jan 10, 2015 5:14 pm

Re: Android HOWTO, alternative version - see cryptostorm.org/android for consensus preferred

Postby DudeOfLondon » Tue Jan 13, 2015 4:16 am

Just 2 minors things left:
1. when I connected the first time, it showed in the log that it can't resolve the host for the *.ca and *.nu balancer server.

2. I turned off wlan while the vpn is connected, the vpn app in the android notification shows "waiting for internet connection". Then I enable wlan again and the status message changes to "resolving host" and it can't connect anymore on its own. So while it says "resolving host" in the android notification, I go to the log file and I see that it tries to connect to the *.org balancer server twice and that it cant resolve the address of the *.org server. After 10 minutes it finally reconnected on its own to 198.xx.56

Addition to both points above: Do I have a DNS problem? Which DNS is used? The one entered in my local router which is the internet gateway, or the DNS that is configured for the wlan connection in Android?

User avatar

marzametal
Posts: 487
Joined: Mon Aug 05, 2013 11:39 am

Re: Android HOWTO, alternative version - see cryptostorm.org/android for consensus preferred

Postby marzametal » Tue Jan 13, 2015 4:33 am

I can't begin to predict what's going on with the balancer servers as I do not connect via that method.

The DNS addreses 213.73.91.35 and 194.150.168.168 are to be entered:
1) In Windows - LOCAL AREA CONNECTION X - TCP/IPv4 properties (Use the following DNS server addresses)
2) In Windows - TAP DRIVER - TCP/IPv4 properties (Use the following DNS server addresses)
3) In Android - ARNE's OPENVPN - Cryptostorm VPN settings - IP AND DNS - DNS Server & Backup DNS Server
3)a) Also in the section 3)... change "searchDomain" to milae.net - FUCK GOOGLE :)

I would also include them:
4) Router DNS page - unload ISP assigned DNS and input the above two. If there is an empty slot (eg: more than 2 entries can be provided), then duplicate the entries. An empty slot will default back to an ISP DNS, I think...

EDIT: forgive me if WLAN implies that you are using wireless. I am on Ethernet, so some of the descriptions above won't relate to you...


DudeOfLondon
Posts: 105
Joined: Sat Jan 10, 2015 5:14 pm

Re: Android HOWTO, alternative version - see cryptostorm.org/android for consensus preferred

Postby DudeOfLondon » Tue Jan 13, 2015 4:48 am

For Android I use wireless. Obviously, or do you have ever seen a smart phone with ethernet port :D
My PC is connected via ethernet cable to a router. (till now, on my PC I have entered my router's ip as DNS server. And on my router I have entered the google dns 8.8.8.8 as preferred and the opendns 208.67.222.222 as alternate dns instead of the ISP DNS)

User avatar

DesuStrike
ForumHelper
Posts: 346
Joined: Thu Oct 24, 2013 2:37 pm

Re: Android HOWTO, alternative version - see cryptostorm.org/android for consensus preferred

Postby DesuStrike » Tue Jan 13, 2015 4:49 am

DudeOfLondon wrote:Just 2 minors things left


1. Don't worry. This is no misconfiguration on your side but those two simply do not resolve. (I'll report this.) Which brings us two the second issue...

2. Don't worry (again^^), you don't have DNS problems.
I try to make this as short as possible: There are basically two ways for connecting to CryptoStorm. Using hostnames (URLs) or IPs. There is an ongoing discussion about which is better because both ways have certain advantages and disadvantages. Hostnames need resolving and you just experienced what's happening when this doesn't work. This is one of the reasons I prefer IPs over hostnames. But keep in mind that when using IPs you need to change your configuration manually if they change! So this should be considered as an approach for "advanced users" and I DO NOT recommend it for people new to VPNs! (Use this as reference if you want to use IPs)


@marzametal: Though I do agree with you, still this is mainly useful for no VPN connections because CS is pushing DNS servers at connection anyways. To be honest people shouldn't switch around DNS in the TAP driver as long as the pushed DNS work fine because they will miss out on the new in house DNS in future. Lets consider this an advanced approach as well that IS NOT recommended.

To be honest I feel bad that both you and I are unloading advanced info on a newcomer whose level of expertise we cannot determine yet. I worry we could frustrate people by presenting all those (awesome) options CryptoStorm has to offer when they simply want to get connected at the beginning. But I don't know a better way to be honest.... :?
home is where the artillery hits

User avatar

marzametal
Posts: 487
Joined: Mon Aug 05, 2013 11:39 am

Re: Android HOWTO, alternative version - see cryptostorm.org/android for consensus preferred

Postby marzametal » Tue Jan 13, 2015 5:04 am

...and on that note, I shall enter the real world (albeit, outdoors, amongst the walking dead, surrounded by machines spewing out our violated dreams and temptation). Not for long though, I get pissed off when people don't say HI to me as they walk past... lmao


DudeOfLondon
Posts: 105
Joined: Sat Jan 10, 2015 5:14 pm

Re: Android HOWTO, alternative version - see cryptostorm.org/android for consensus preferred

Postby DudeOfLondon » Tue Jan 13, 2015 5:08 am

Ok, so basically I don't have to worry about the DNS setting. I simply put my gateway router's ip into the config of my Windows PC lan card and on my Android device's wireless config. Since on connecting to the VPN it gets overlayed/overwritten by the pushed config.

User avatar

DesuStrike
ForumHelper
Posts: 346
Joined: Thu Oct 24, 2013 2:37 pm

Re: Android HOWTO, alternative version - see cryptostorm.org/android for consensus preferred

Postby DesuStrike » Tue Jan 13, 2015 5:16 am

marzametal wrote:...and on that note, I shall enter the real world (albeit, outdoors, amongst the walking dead, surrounded by machines spewing out our violated dreams and temptation). Not for long though, I get pissed off when people don't say HI to me as they walk past... lmao

I sometimes wonder if you are actually the forum version of "phoreskin" our beloved IRC spam bot. :lol: :clap:


DudeOfLondon wrote:Ok, so basically I don't have to worry about the DNS setting.

Right!

DudeOfLondon wrote:I simply put my gateway router's ip into the config of my Windows PC lan card and on my Android device's wireless config. Since on connecting to the VPN it gets overlayed/overwritten by the pushed config.

Not sure I understand you correctly... But if you are worried that CryptoStorm is overriding your DNS settings then you shouldn't. That's actually exactly what you want to happen.
home is where the artillery hits


DudeOfLondon
Posts: 105
Joined: Sat Jan 10, 2015 5:14 pm

Re: Android HOWTO, alternative version - see cryptostorm.org/android for consensus preferred

Postby DudeOfLondon » Wed Jan 14, 2015 12:17 am

I still have a problem:
I turned wifi on this morning, then after a few minutes turned wifi off. And turned it on again after coming home this evening.
But the App can't connect it lays there and tries to connect for over 2 hrs now.

Here is the log:
vpnlog3.txt
(20.52 KiB) Downloaded 556 times

User avatar

marzametal
Posts: 487
Joined: Mon Aug 05, 2013 11:39 am

Re: Android HOWTO, alternative version - see cryptostorm.org/android for consensus preferred

Postby marzametal » Wed Jan 14, 2015 3:54 am

Do you use AFWall+?DudeOfLondon
Posts: 105
Joined: Sat Jan 10, 2015 5:14 pm

Re: Android HOWTO, alternative version - see cryptostorm.org/android for consensus preferred

Postby DudeOfLondon » Wed Jan 14, 2015 4:22 am

I just saw that the app exited on its own after trying to connect too many times.

Code: Select all

ICS OpenVPN log Datei
2015-01-13 07:18:03 Modell A0001 (MSM8974) oneplus, Android API 19, version 0.6.26, offizielle Version
...
...
2015-01-13 22:26:12 MANAGEMENT: >STATE:1421184372,RECONNECTING,init_instance,,
2015-01-13 22:26:12 MANAGEMENT: CMD 'hold release'
2015-01-13 22:26:12 NOTE: --mute triggered...
2015-01-13 22:26:13 3 variation(s) on previous 1 message(s) suppressed by --mute
2015-01-13 22:26:13 Re-using SSL/TLS context
2015-01-13 22:26:13 NOTE: --mute triggered...
2015-01-13 22:26:13 1 variation(s) on previous 1 message(s) suppressed by --mute
2015-01-13 22:26:13 Control Channel MTU parms [ L:1602 D:138 EF:38 EB:0 ET:0 EL:0 ]
2015-01-13 22:26:13 MANAGEMENT: >STATE:1421184373,RESOLVE,,,
2015-01-13 22:28:05 RESOLVE: Cannot resolve host address: raw-balancer-dynamic.cryptostorm.org:443 (No address associated with hostname)
2015-01-13 22:28:05 Data Channel MTU parms [ L:1602 D:1400 EF:102 EB:403 ET:0 EL:0 ]
2015-01-13 22:28:05 Local Options String: 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-client'
2015-01-13 22:28:05 NOTE: --mute triggered...
2015-01-13 22:28:05 1 variation(s) on previous 1 message(s) suppressed by --mute
2015-01-13 22:28:05 Local Options hash (VER=V4): '9c102b00'
2015-01-13 22:28:05 NOTE: --mute triggered...
2015-01-13 22:28:05 1 variation(s) on previous 1 message(s) suppressed by --mute
2015-01-13 22:28:05 MANAGEMENT: >STATE:1421184485,RESOLVE,,,
2015-01-13 22:29:57 RESOLVE: Cannot resolve host address: raw-balancer-dynamic.cryptostorm.org:443 (No address associated with hostname)
2015-01-13 22:31:55 NOTE: --mute triggered...
2015-01-13 22:35:49 3 variation(s) on previous 1 message(s) suppressed by --mute
2015-01-13 22:35:49 Could not determine IPv4/IPv6 protocol
2015-01-13 22:35:49 SIGUSR1[soft,init_instance] received, process restarting
2015-01-13 22:35:49 MANAGEMENT: >STATE:1421184949,RECONNECTING,init_instance,,
2015-01-13 22:35:49 MANAGEMENT: CMD 'hold release'
2015-01-13 22:35:49 NOTE: --mute triggered...
2015-01-13 22:35:50 MGMT: Got unrecognized command>FATAL:All connections have been connect-retry-max (5) times unsuccessful, exiting
2015-01-13 22:35:50 3 variation(s) on previous 1 message(s) suppressed by --mute
2015-01-13 22:35:50 MANAGEMENT: Client disconnected
2015-01-13 22:35:50 All connections have been connect-retry-max (5) times unsuccessful, exiting
2015-01-13 22:35:50 Exiting due to fatal error
2015-01-13 22:35:50 Sorry, deleting routes on Android is not possible. The VpnService API allows routes to be set on connect only.
2015-01-13 22:35:50 Sorry, deleting routes on Android is not possible. The VpnService API allows routes to be set on connect only.
2015-01-13 22:35:50 Closing TUN/TAP interface
2015-01-13 22:35:52 Process exited with exit value 1


And after it exited I started the app again. Suddenly it connected without problems at the first try, that's just so weird and inconsistent.

Code: Select all

ICS OpenVPN log Datei
2015-01-14 00:20:04 Modell A0001 (MSM8974) oneplus, Android API 19, version 0.6.26, offizielle Version
2015-01-14 00:20:04 Protokoll gelöscht.
2015-01-14 00:20:08 Generiere OpenVPN Konfiguration…
2015-01-14 00:20:10 started Socket Thread
2015-01-14 00:20:10 Warning: Error redirecting stdout/stderr to --log file: devnull.txt: Read-only file system (errno=30)
2015-01-14 00:20:10 Current Parameter Settings:
2015-01-14 00:20:10 NOTE: --mute triggered...
2015-01-14 00:20:10 280 variation(s) on previous 1 message(s) suppressed by --mute
2015-01-14 00:20:10 OpenVPN 2.4-icsopenvpn [git:icsopenvpn_625-af9eb9424047f9f5] android-14-armeabi-v7a [SSL (OpenSSL)] [LZO] [SNAPPY] [LZ4] [EPOLL] [MH] [IPv6] built on Dec 15 2014
2015-01-14 00:20:10 library versions: OpenSSL 1.0.1j 15 Oct 2014, LZO 2.07
2015-01-14 00:20:10 MANAGEMENT: Connected to management server at /data/data/de.blinkt.openvpn/cache/mgmtsocket
2015-01-14 00:20:10 MANAGEMENT: CMD 'hold release'
2015-01-14 00:20:10 NOTE: --mute triggered...
2015-01-14 00:20:10 Netzwerkstatus: CONNECTED  to WIFI "Skywing_nomap"
2015-01-14 00:20:11 5 variation(s) on previous 1 message(s) suppressed by --mute
2015-01-14 00:20:11 LZO compression initializing
2015-01-14 00:20:11 Control Channel MTU parms [ L:1602 D:138 EF:38 EB:0 ET:0 EL:0 ]
2015-01-14 00:20:11 MANAGEMENT: >STATE:1421191211,RESOLVE,,,
2015-01-14 00:20:12 Data Channel MTU parms [ L:1602 D:1400 EF:102 EB:403 ET:0 EL:0 ]
2015-01-14 00:20:12 Local Options String: 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-client'
2015-01-14 00:20:12 NOTE: --mute triggered...
2015-01-14 00:20:12 1 variation(s) on previous 1 message(s) suppressed by --mute
2015-01-14 00:20:12 Local Options hash (VER=V4): '9c102b00'
2015-01-14 00:20:12 NOTE: --mute triggered...
2015-01-14 00:20:12 1 variation(s) on previous 1 message(s) suppressed by --mute
2015-01-14 00:20:12 TCP/UDP: Preserving recently used remote address: [AF_INET]89.26.243.109:443
2015-01-14 00:20:12 Socket Buffers: R=[163840->163840] S=[163840->163840]
2015-01-14 00:20:12 Protecting socket fd 4
2015-01-14 00:20:12 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
2015-01-14 00:20:12 UDP link local: (not bound)
2015-01-14 00:20:12 UDP link remote: [AF_INET]89.26.243.109:443
2015-01-14 00:20:12 MANAGEMENT: >STATE:1421191212,WAIT,,,
2015-01-14 00:20:12 read UDP [ECONNREFUSED]: Connection refused (code=111)
2015-01-14 00:20:14 NOTE: --mute triggered...
2015-01-14 00:20:50 3 variation(s) on previous 1 message(s) suppressed by --mute
2015-01-14 00:20:50 TLS Error: TLS key negotiation failed to occur within 37 seconds (check your network connectivity)
2015-01-14 00:20:50 NOTE: --mute triggered...
2015-01-14 00:20:50 1 variation(s) on previous 1 message(s) suppressed by --mute
2015-01-14 00:20:50 TCP/UDP: Closing socket
2015-01-14 00:20:50 SIGUSR1[soft,tls-error] received, process restarting
2015-01-14 00:20:50 MANAGEMENT: >STATE:1421191250,RECONNECTING,tls-error,,
2015-01-14 00:20:50 MANAGEMENT: CMD 'hold release'
2015-01-14 00:20:50 NOTE: --mute triggered...
2015-01-14 00:20:51 3 variation(s) on previous 1 message(s) suppressed by --mute
2015-01-14 00:20:51 LZO compression initializing
2015-01-14 00:20:51 Control Channel MTU parms [ L:1602 D:138 EF:38 EB:0 ET:0 EL:0 ]
2015-01-14 00:20:51 NOTE: --mute triggered...
2015-01-14 00:20:51 1 variation(s) on previous 1 message(s) suppressed by --mute
2015-01-14 00:20:51 Local Options String: 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-client'
2015-01-14 00:20:51 NOTE: --mute triggered...
2015-01-14 00:20:51 1 variation(s) on previous 1 message(s) suppressed by --mute
2015-01-14 00:20:51 Local Options hash (VER=V4): '9c102b00'
2015-01-14 00:20:51 NOTE: --mute triggered...
2015-01-14 00:20:51 1 variation(s) on previous 1 message(s) suppressed by --mute
2015-01-14 00:20:51 TCP/UDP: Preserving recently used remote address: [AF_INET]212.83.167.81:443
2015-01-14 00:20:51 Socket Buffers: R=[163840->163840] S=[163840->163840]
2015-01-14 00:20:51 Protecting socket fd 4
2015-01-14 00:20:51 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
2015-01-14 00:20:51 UDP link local: (not bound)
2015-01-14 00:20:51 UDP link remote: [AF_INET]212.83.167.81:443
2015-01-14 00:20:51 MANAGEMENT: >STATE:1421191251,WAIT,,,
2015-01-14 00:20:51 NOTE: --mute triggered...
2015-01-14 00:20:51 1 variation(s) on previous 1 message(s) suppressed by --mute
2015-01-14 00:20:51 TLS: Initial packet from [AF_INET]212.83.167.81:443, sid=91ea6390 2442cb73
2015-01-14 00:20:51 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2015-01-14 00:20:51 VERIFY OK: depth=1, C=CA, ST=QC, L=Montreal, O=Katana Holdings Limite /  cryptostorm_darknet, OU=Tech Ops, CN=cryptostorm_is, [email protected]
2015-01-14 00:20:51 NOTE: --mute triggered...
2015-01-14 00:20:52 7 variation(s) on previous 1 message(s) suppressed by --mute
2015-01-14 00:20:52 [server] Peer Connection Initiated with [AF_INET]212.83.167.81:443
2015-01-14 00:20:53 MANAGEMENT: >STATE:1421191253,GET_CONFIG,,,
2015-01-14 00:20:54 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
2015-01-14 00:20:54 NOTE: --mute triggered...
2015-01-14 00:20:54 7 variation(s) on previous 1 message(s) suppressed by --mute
2015-01-14 00:20:54 ROUTE_GATEWAY 127.100.103.119/255.0.0.0 IFACE=lo HWADDR=00:00:00:00:00:00
2015-01-14 00:20:54 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
2015-01-14 00:20:54 MANAGEMENT: >STATE:1421191254,ASSIGN_IP,,10.33.0.7,
2015-01-14 00:20:54 MANAGEMENT: CMD 'needok 'IFCONFIG' ok'
2015-01-14 00:20:54 NOTE: --mute triggered...
2015-01-14 00:20:54 Öffne tun Netzwerkinterface:
2015-01-14 00:20:54 Lokale IPv4: 10.33.0.7/16 IPv6: null MTU: 1500
2015-01-14 00:20:54 DNS-Server: 213.73.91.35, 213.138.101.252, 80.237.196.2, 194.150.168.168, Domäne: null
2015-01-14 00:20:54 Routen: 0.0.0.0/0
2015-01-14 00:20:54 ausgeschlossene Routen: 192.168.178.13/24
2015-01-14 00:20:54 Installierte Routen (VpnService): 0.0.0.0/1, 128.0.0.0/2, 192.0.0.0/9, 192.128.0.0/11, 192.160.0.0/13, 192.168.0.0/17, 192.168.128.0/19, 192.168.160.0/20, 192.168.176.0/23, 192.168.179.0/24, 192.168.180.0/22, 192.168.184.0/21, 192.168.192.0/18, 192.169.0.0/16, 192.170.0.0/15, 192.172.0.0/14, 192.176.0.0/12, 192.192.0.0/10, 193.0.0.0/8, 194.0.0.0/7, 196.0.0.0/6, 200.0.0.0/5, 208.0.0.0/4, 224.0.0.0/3
2015-01-14 00:20:55 7 variation(s) on previous 1 message(s) suppressed by --mute
2015-01-14 00:20:55 Initialization Sequence Completed
2015-01-14 00:20:55 MANAGEMENT: >STATE:1421191255,CONNECTED,SUCCESS,10.33.0.7,212.83.167.81

User avatar

marzametal
Posts: 487
Joined: Mon Aug 05, 2013 11:39 am

Re: Android HOWTO, alternative version - see cryptostorm.org/android for consensus preferred

Postby marzametal » Wed Jan 14, 2015 4:37 am

DudeOfLondon wrote:Suddenly it connected without problems at the first try, that's just so weird and inconsistent.

...sounds like a female :P

2015-01-13 22:35:50 MGMT: Got unrecognized command>FATAL:All connections have been connect-retry-max (5) times unsuccessful, exiting
That doesn't make sense, since the tutorials outlined to change reconnection attempts to infinite. (OpenVPN setting)

2015-01-13 22:29:57 RESOLVE: Cannot resolve host address: raw-balancer-dynamic.cryptostorm.org:443 (No address associated with hostname)
This has something to do with DNS Proxy - enabling/disabling DNS via netd. (AFWall+ setting)

I use AdAway as well, but that's just an adblocker. You really should install a firewall dude!

EDIT: Wow, it really did work the 2nd time... damn inconsistency!


DudeOfLondon
Posts: 105
Joined: Sat Jan 10, 2015 5:14 pm

Re: Android HOWTO, alternative version - see cryptostorm.org/android for consensus preferred

Postby DudeOfLondon » Wed Jan 14, 2015 5:05 am

I don't use AFWall or any other firewall app on android. Didn't you read thoroughly?

I just found a pattern. It can't connect if I disable wifi while the vpn connection is active. So to do preventative measures, I should first disconnect the VPN connection, then turn off wifi. And it should work. Will check that in the next hours/days.

User avatar

marzametal
Posts: 487
Joined: Mon Aug 05, 2013 11:39 am

Re: Android HOWTO, alternative version - see cryptostorm.org/android for consensus preferred

Postby marzametal » Wed Jan 14, 2015 5:19 am

I read thoroughly, just made a recommendation and a setting comparison. I wasn't holding a 3D printed sawn-off shotgun to your head, telling you to get it. Good luck anyways...

User avatar

DesuStrike
ForumHelper
Posts: 346
Joined: Thu Oct 24, 2013 2:37 pm

Re: Android HOWTO, alternative version - see cryptostorm.org/android for consensus preferred

Postby DesuStrike » Wed Jan 14, 2015 12:00 pm

@Dude: There are some VPN bugs in Android versions after 4.2.1 afaik. I use 4.4.4 after the former versions became too insecure and have a similar problem with DNS resolution but it's still different from yours. I think using IP is the only way to fix your problem but if you are happy with your workaround you should probably stick to this for now.

Though I also recommend you to use a firewall for leak protection. You can read up on the topic in my Leakblock Howto.
home is where the artillery hits


DudeOfLondon
Posts: 105
Joined: Sat Jan 10, 2015 5:14 pm

Re: Android HOWTO, alternative version - see cryptostorm.org/android for consensus preferred

Postby DudeOfLondon » Thu Jan 15, 2015 1:31 am

I use Android 4.4.4 too.
I found out, that it connects almost instantly if I disconnected the VPN connection at first, then turn off wifi. And the other way turn on wifi first then start the VPN connection.

So in other words, I can't just turn off wifi and let the VPN app run. That's why it couldn't reconnect after turning off and on wifi.


User avatar

marzametal
Posts: 487
Joined: Mon Aug 05, 2013 11:39 am

Re: Android HOWTO, alternative version - see cryptostorm.org/android for consensus preferred

Postby marzametal » Thu Jan 15, 2015 1:09 pm

I'm thinking things will be easier and smoother once the HAF stuff and exit nodes have been sorted out... DNS stuff too...
After bricking my phone due to too many mods via SD Maid, I had to resort to the original HOW TO, the deprecated one :)


DudeOfLondon
Posts: 105
Joined: Sat Jan 10, 2015 5:14 pm

Re: Android HOWTO, alternative version - see cryptostorm.org/android for consensus preferred

Postby DudeOfLondon » Fri Jan 16, 2015 1:09 am

After another day of testing I can definitely say that the connection-loop (can't connect even after some hours) came from disabling wifi while the vpn connnection is active.

In the past 2 days I first disconnected the VPN connection and then disabled wifi, instead of letting the vpn connection run and just disabling wifi. And I have no more problems reconnecting.

The DNS issues remain, even in another WLAN at a frienfs place.

User avatar

marzametal
Posts: 487
Joined: Mon Aug 05, 2013 11:39 am

Re: Android HOWTO, alternative version - see cryptostorm.org/android for consensus preferred

Postby marzametal » Fri Jan 16, 2015 3:28 am

bad LZO decompression header byte: 0

User avatar

marzametal
Posts: 487
Joined: Mon Aug 05, 2013 11:39 am

Re: Android HOWTO, alternative version - see cryptostorm.org/android for consensus preferred

Postby marzametal » Fri Jan 16, 2015 11:19 am

warning: 'link-mtu' is used inconsistently, local='link-mtu 1601', remote='link-mtu 1606'
warning: 'comp-lzo' is present in remote config but missing in local config. remote='comp-lzo'
warning: 'mtu-dynamic' is present in remote config but missing in local config, remote='mtu-dynamic'

sorry... couldn't edit the above post.

write to tun/tap: invalid argument (code=22)

User avatar

DesuStrike
ForumHelper
Posts: 346
Joined: Thu Oct 24, 2013 2:37 pm

Re: Android HOWTO, alternative version - see cryptostorm.org/android for consensus preferred

Postby DesuStrike » Fri Jan 16, 2015 7:37 pm

marzametal wrote:warning: 'comp-lzo' is present in remote config but missing in local config. remote='comp-lzo'


This is an error I know of as well. The Linux config clearly says it disables compression for security reasons.
In android I manually set the compression flag because otherwise it won't work right.
On Linux however it works ok with the config but throws this error.
home is where the artillery hits

User avatar

marzametal
Posts: 487
Joined: Mon Aug 05, 2013 11:39 am

Re: Android HOWTO, alternative version - see cryptostorm.org/android for consensus preferred

Postby marzametal » Sat Jan 17, 2015 3:44 pm

Anyone been using CS on Android recently (today/tonight)?
Noticed that after a successful connection, my real IP was still showing, but DNS addresses are the ones that CS uses.. 3 showed up (2 were the new DNS chain addresses).

I'm either fucking things up, or all the work on HAF behind the scenes is still progressing...


DudeOfLondon
Posts: 105
Joined: Sat Jan 10, 2015 5:14 pm

Re: Android HOWTO, alternative version - see cryptostorm.org/android for consensus preferred

Postby DudeOfLondon » Sat Jan 17, 2015 10:15 pm

I used it on Android and IP checks always showed the IP of Crytostorm, not the real one.

User avatar

marzametal
Posts: 487
Joined: Mon Aug 05, 2013 11:39 am

Re: Android HOWTO, alternative version - see cryptostorm.org/android for consensus preferred

Postby marzametal » Tue Jan 20, 2015 4:23 pm

Is there a Cryptostorm balancer conf file for Android token holders? I am wiondering why the Android conf file at the top of this thread references Cryptofree...


DudeOfLondon
Posts: 105
Joined: Sat Jan 10, 2015 5:14 pm

Re: Android HOWTO, alternative version - see cryptostorm.org/android for consensus preferred

Postby DudeOfLondon » Tue Jan 20, 2015 7:59 pm

It doesn't use cryptofree.
Did you take the link from the 2nd step?
download/file.php?id=1068

It has the balancer settings:

Code: Select all

...
remote raw-balancer-dynamic.cryptostorm.net 443 udp
remote raw-balancer-dynamic.cryptostorm.org 443 udp
remote raw-balancer-dynamic.cryptokens.ca 443 udp
remote raw-balancer-dynamic.cstorm.pw 443 udp
remote raw-balancer-dynamic.cryptostorm.nu 443 udp
...


DudeOfLondon
Posts: 105
Joined: Sat Jan 10, 2015 5:14 pm

Re: Android HOWTO, alternative version - see cryptostorm.org/android for consensus preferred

Postby DudeOfLondon » Tue Jan 20, 2015 8:39 pm

I have an issue, the android client isn't stable.
On windows I just open the Narwhal client connect to my selected location and I'm done.

But with the android app I always have some trouble. Just now it seems, that it has lost connection and retries the connection.
A line that is weird for me is: "...Could not determine IPv4/IPv6 protocol..."
Attachments
vpnlog6.txt
(15.17 KiB) Downloaded 527 times

User avatar

marzametal
Posts: 487
Joined: Mon Aug 05, 2013 11:39 am

Re: Android HOWTO, alternative version - see cryptostorm.org/android for consensus preferred

Postby marzametal » Wed Jan 21, 2015 4:00 am

DudeOfLondon wrote:It doesn't use cryptofree.
Did you take the link from the 2nd step?
download/file.php?id=1068

It has the balancer settings:

Code: Select all

...
remote raw-balancer-dynamic.cryptostorm.net 443 udp
remote raw-balancer-dynamic.cryptostorm.org 443 udp
remote raw-balancer-dynamic.cryptokens.ca 443 udp
remote raw-balancer-dynamic.cstorm.pw 443 udp
remote raw-balancer-dynamic.cryptostorm.nu 443 udp
...

Yes I did, and if you open it, you will see...

# this is the cryptofree.me client settings file, versioning...
# cryptofree_client_android1_4.conf
# last update date: 5 November 2014: remember, remember...
# port to android: 19 November 2014: still remembering :)

# it is intended to provide connection solely to the global cryptofree instance/node resource pool


DudeOfLondon
Posts: 105
Joined: Sat Jan 10, 2015 5:14 pm

Re: Android HOWTO, alternative version - see cryptostorm.org/android for consensus preferred

Postby DudeOfLondon » Wed Jan 21, 2015 4:45 am

I guess they copied over the config of cryptofree and entered the non-free balancer lines, which I quoted before.

----
I discovered something interesting:

Code: Select all

comp-lzo no
# specifies refusal of link-layer compression defaults

Does it mean compression is denied? I ask because in the gui of the VPN App the checkbox for LZO compression is checked. Which would be the opposite state of that defined in the config.

User avatar

marzametal
Posts: 487
Joined: Mon Aug 05, 2013 11:39 am

Re: Android HOWTO, alternative version - see cryptostorm.org/android for consensus preferred

Postby marzametal » Wed Jan 21, 2015 5:50 am

DudeOfLondon wrote:I guess they copied over the config of cryptofree and entered the non-free balancer lines, which I quoted before.

----
I discovered something interesting:

Code: Select all

comp-lzo no
# specifies refusal of link-layer compression defaults

Does it mean compression is denied? I ask because in the gui of the VPN App the checkbox for LZO compression is checked. Which would be the opposite state of that defined in the config.

I noticed that also, it stays ticked regardless of "no" or "nothing entered next to command"...

User avatar

Topic Author
cryptostorm_support
ForumHelper
Posts: 296
Joined: Sat Jan 26, 2013 4:31 am
Contact:

Re: Android HOWTO, alternative version - see cryptostorm.org/android for consensus preferred

Postby cryptostorm_support » Fri Mar 27, 2015 10:31 am

Big update to configuration files above. I was receiving complaints that the Balancer config (which was all that was posted at the time) wasn't connecting, and I verified that this was true. Taking a look, the HAF entries were grotesquely out of date so there's no wonder they didn't work anymore.

Anyway, the Balancer configuration has been fixed and reuploaded alongside configs for all other exit nodes.
cryptostorm_support shared support team forum account
PLEASE DON'T SEND PRIVATE MESSAGES with support questions!
--> feel free to use any of our other contact channels, or post in the support forum
cryptostorm: structurally anonymous, token-based, unlimited ☂ bandwidth, opensource, darknet data security for everyone!
keybase.io validatorsonename.io validatorsPGP key @ MITnetwork statuscryptostorm github
support team bitmessage address: BM-2cTMH8K5JnjbfSALjZtSkRWCLfc3Tr8GBV
support team email: [email protected]
live chat support: #cryptostormDudeOfLondon
Posts: 105
Joined: Sat Jan 10, 2015 5:14 pm

Re: Android HOWTO, alternative version - see cryptostorm.org/android for consensus preferred

Postby DudeOfLondon » Sun Apr 26, 2015 4:34 am

What's the best way to select a node manually on android?

My current approach is to enter these nodes instead of the balancer urls.

Code: Select all

Paris - France:linux-paris.cstorm.pw
Montreal - Quebec:linux-montreal.cstorm.pw
Lisbon - Portugal:linux-lisbon.cstorm.pw
Seattle - US_west:USA western:linux-uswest.cstorm.pw
Kansas City - US_central:USA central:linux-uscentral.cstorm.pw
Frankfurt - German:Germany:linux-frankfurt.cstorm.pw
St Petersburg - Russia:Russia:linux-stpetersburg.cstorm.pw
London - England:England:linux-london.cstorm.pw
Singapore - citystate:Singapore:linux-singapore.cstorm.pw
Reykjavik - Iceland:Iceland:linux-iceland.cstorm.pw
Deneb - Cygnus:Cygnus:linux-dynamic.cstorm.pw


I took them from the windows Narwhal widget's nodelist.txt and changed for example windows-paris.cstorm.pw to linux-paris.cstorm.pw

User avatar

Topic Author
cryptostorm_support
ForumHelper
Posts: 296
Joined: Sat Jan 26, 2013 4:31 am
Contact:

Re: Android HOWTO, alternative version - see cryptostorm.org/android for consensus preferred

Postby cryptostorm_support » Sat May 02, 2015 7:31 pm

The best way would be to install any or all of the configurations posted above, and then simply connect to the node you want.
cryptostorm_support shared support team forum account
PLEASE DON'T SEND PRIVATE MESSAGES with support questions!
--> feel free to use any of our other contact channels, or post in the support forum
cryptostorm: structurally anonymous, token-based, unlimited ☂ bandwidth, opensource, darknet data security for everyone!
keybase.io validatorsonename.io validatorsPGP key @ MITnetwork statuscryptostorm github
support team bitmessage address: BM-2cTMH8K5JnjbfSALjZtSkRWCLfc3Tr8GBV
support team email: [email protected]
live chat support: #cryptostorm


Return to “cryptostorm in-depth: announcements, how it works, what it is”

Who is online

Users browsing this forum: No registered users and 5 guests

Login