cryptostorm's community forum

@OP

The Wireguard support infrastrucure is down at the moment. It'll be back up when df returns.

@OP Dusseldorf went down a while ago, I believe. On a few nodes, the Wireguard instance is down but the OpenVPN instance is functioning, but I think with Dusseldorf the entire node is offline. See my sig. for the node status page. :) So if you were fortunate enough to have your wireguard keys provi...

@OP

Dusseldorf went down a while ago, I believe. On a few nodes, the Wireguard instance is down but the OpenVPN instance is functioning, but I think with Dusseldorf the entire node is offline. See my sig. for the node status page.

@OP

Can you provide a little more detail? What platform are you running? Are you using the Cryptostorm Widget to connect or something else?

@Main Sequence

Just to clarify, is this error showing up during leeching, seeding or both?

@OP

Are you activating your connection from a desktop UI or from the terminal?

@Main Sequence

Can you check your router to see if UPnP is enabled on it? If so switch it off and also disable it in your torrent client.

@mando

From what I understand the Wireguard token generator requires cryptostorm.nu to be up and running (which it isn't) although that may just be for the paid service. Also, it may be that the wireguard instance on the free service exit node may be down and require a restart.

@Main Sequence

Which torrent client are you using? Could you experiment with another one to see if the issue appears there as well?

@Main Sequence

Does your real IP show if port-forwarding is disabled? How are you enabling port forwarding?

@OP

Can you post some logs here so that I can take a look? Thanks.

@Lsd

If you are familiar with Linux you can use iptables to effect a killswitch. I did this for years before moving to pfSense.

@OP

Can you capture some log output and post it here? Thanks.

@OP

Send an email to support@cryptostorm.is.

@OP

Which exit node are you trying to connect to? What OS are you using?

@OP

Many thanks for the update.

@OP

I've not heard anything re: df. Hopefully he/she will be back soon.

@OP

The authentication server is currently down. The system seems to have been designed so that in the event that certain services have failed (for whatever reason) the network will still remain accessible (and secure).

@OP

Glad you got it working!

FYI, if you check the uptime link in my sig, you'll likely find that those four configs that don't work look rather familiar...

@OP

With the connection active can you ping a DNS server such as 8.8.8.8 or 1.1.1.1?

@thread I recently upgraded to a 70Mb/s FTTC connection so I thought I'd share some results here. :) Connected to the Sweden node and pulling a copy of Linux Mint from the Swedish mirror, I get this: Resolving saimei.ftp.acc.umu.se (saimei.ftp.acc.umu.se)... 194.71.11.138, 2001:6b0:19::138 Connecti...

@Bob

Which node are you trying to connect to?

@OP

I think registering for a Wireguard token is broken at the moment.

DudeOfLondon wrote: ↑
Thu Dec 05, 2019 5:16 am
Also some European servers don't load all webpages. eg. the Frankfurt node does oly load half of my websites. Not ebven this forum loads with the Frankfurt node.

I could be wrong but apart from a misconfiguration, the Frankfurt node might have a flaky network card in it.

Mikrano wrote: ↑
Wed Dec 04, 2019 5:42 am
From some sources here, hopefully its not true, DF got captured by FBI. Is this true?

Absolutely no idea. He could have been hit by a car, struck down with illness, had to relocate @ short notice (although the last one is less likely, considering the lack of comms but you never know).

This is worrying, lots of down servers, df not seen anywhere, strange message on twitter yesterday!! parityboy, any insights????? edit; also HavenLabs hasn't tweeted anything since july 7, they're part of CS, right? There's something strange going on... HavenLabs is not a Twitter account I follow, ...

@DudeOfLondon When I connect (using Konversation) I get [SSL Connection Warning] The SSL certificate for the server irc.cryptostorm.is (port 6697) failed the authenticity check. likely due to the SSL certificate being self-signed. Odd that they never replaced it with a Let's Encrypt cert, but the I...

MOQ888 wrote: ↑
Mon Dec 02, 2019 7:37 am
bloody nuisances, they PM spam as well ...

Yeah, but the good thing about those is that they have to register on the site with a username. I've handed out a few IP bans as a result.

@OP

As far as I know, CS only support DNSCrypt.

@Hyam

Thanks for not going off at the deep end.

And yes, it is disappointing but more worrying than disappointing.

@DudeOfLondon

It looks like the Wireguard instance at the Frankfurt server has fallen over. The OpenVPN instance is up and running (I'm connected to it right now).

@OP I owe you an apology: I saw your latest posts and managed to hit the "Disapprove" button, which was damned careless of me; once again, I apologise. On a more technical note, if you wish to know which nodes are available, check my sig for an uptime page. For some odd reason, Moldova spent a day ...

@OP

There's a Black Friday announcement on the site, which could have been automated. As far as I am aware, it wasn't placed there by df.

@OP

As you may or may not know, df has been missing in action for the past few days. Unless he pops up shortly, there won't be any Black Friday sales. I would hold off buying any tokens at all until he returns.

They are not responding on twitter, irc server is down, wireguard not working. Something's definitively happening. I hope the boys are ok. If you have a native IRC client, you can hop onto IRC at irc.cryptostorm.is, port 6697 (SSL) or 6667 (non-SSL). It's the same problem with me. I bought 3 tokens...

@OP

Cryptostorm is definitely not a scam, I've been using it since 2014, basically since launch day.

Can you post any logs from your OpenVPN connection attempts (I don't use Wireguard so I'm not familiar with it)? Also which server are you trying to connect to?

@moris

If you have a native IRC client you can join the IRC channel at irc.cryptstorm.is, port 6697 (SSL) or 6667 (non-SSL). The channel name is #cryptostorm.

@OP

Glad you got it working.

By the way, if you wish to know if a node truly is down or not, check here.

@OP nslookup la.cryptostorm.pw Server: 127.0.1.1 Address: 127.0.1.1#53 Non-authoritative answer: Name: la.cryptostorm.pw Address: 173.208.77.71 Name: la.cryptostorm.pw Address: 173.208.77.70 Name: la.cryptostorm.pw Address: 173.208.77.89 Name: la.cryptostorm.pw Address: 23.19.67.117 Name: la.crypto...

@OP

df is going to have to implement a CAPTCHA or something to block automated registration bots...and then maybe 2FA afterwards to knock out password guessers.

@OP

Are you talking about port forwarding in general or specifically doing it on a Cryptostorm exit node?

@OP

No idea, but it's definitely still down for whatever reason...

@OP

Glad you're back and still operating!

On the surface, it may seem that the VPN market is teeming with various companies competing for a piece of the growing consumer VPN pie. However, when we began to look further into the VPNs and the companies that own them, we noticed something interesting: a lot of these products are owned by the s...

@OP

It's always useful to run a VPN on a router, since it saves having to run a VPN client on every Internet-accessing device. DNSCrypt is the cherry on top if you can get it working.

@OP

Interesting...do you not use the usual 192.168.x.x. addressing scheme on your LAN, or is this on a mobile Windows device?

MOQ888 wrote: ↑
Tue Jul 02, 2019 3:09 pm
DOH ... I switched it from NAT to Bridged and of course it works perfectly. Tks PB!

yw.

@df

Yeah, thanks for that. I think that for now 'll just set the 10.x.x.x DNS server address on the hosts I need it for. It works and is a simple fix.

@OP

In the VM config, is the LAN interface NAT or bridged?

@parityboy ... As for the DNS leak test failing, I can only see that happening on a host behind the router, and only if the host is set to use DHCP and a DNS server running on the router (which would be connected to CS, and maybe set to use the DNS pushed by the VPN ). That's the one thing that pfS...

@OP

Look here.

Weird things are afoot with NordVPN's app and the traffic it generates - Reg readers have spotted it contacting strange domains in the same way compromised machines talk to botnets' command-and-control servers. Although NordVPN has told us this is expected behaviour by the app and is intended as a ...

@df Apart from the usual SNAT/MASQ stuff which is needed anyway, the only thing outstanding I have in pfSense is a port forward rule to support a private tracker and that only applies to a single VM guest on a host-only network of its own. Another thing I noticed is that I can't get pfSense to reso...

@df

I get 88.202.180.213, which is one of the England exit node IPs.

@df

Code: Select all

whoami.cryptostorm.is has address 88.202.180.213

Those are exit node IPs. : ) They are what shows up on https://cryptostorm.is/test, depending on the exit node being used.

@df

I just tried the CS DNS Leak Test page. The IPs it listed are actually the IPs of the exit nodes I'm connected to, rather than the DNS servers I'm using, hence it lists them in red as "not cryptostorm DNS". I've configured pfSense to use 82.163.72.123 and 128.127.104.108 as DNS servers.

@OP

See here.

@OP As far as I am aware, the Great Firewall will (at least try to) block OpenVPN at the protocol level. The newer CS configs employ TLS to encrypt the OpenVPN handshake which should defeat and kind of Deep Packet Inspection. However Cryptostorm IPs are public, so blocking them is not exactly diffi...

@marza

Unless NBN goes out of its way to block port 443 or the OpenVPN protocol, it should no different to how it is now in terms of setup and operation.

@df

Really? All of the security-related posts here on the form have all pointed to compression being disabled (at least according to PJ and the earlier configs).

@OP Try this: sudo -s wget -O - https://swupdate.openvpn.net/repos/repo-public.gpg|apt-key add - echo "deb http://build.openvpn.net/debian/openvpn/stable bionic main" > /etc/apt/sources.list.d/openvpn-aptrepo.list apt-get update && apt-get install openvpn exit Linux Mint is based on Ubuntu and the ...

@OP

Can you post some logs generated by OpenVPN?

MOQ888 wrote:kubuntu up and running, CS working well - HOORAY!

@df

As a router, VyOS is actually OK. As a security device, clearly not so much so I would never use it as an edge device (although some people put their firewalls behind their edge-located routers).

@df I blew the VyOS instance away (I'll likely get a mini PC from AliExpress or Banggood and stick pfSense on it) but here's the ca.crt I was using. -----BEGIN CERTIFICATE----- MIIFIDCCBAigAwIBAgIJAKekpGXxXvhbMA0GCSqGSIb3DQEBCwUAMIG6MQswCQYD VQQGEwJDQTELMAkGA1UECBMCUUMxETAPBgNVBAcTCE1vbnRyZWFsMTYwN...

@MOQ888

Hmmm...I have KDE Neon badgering me to update it to its new 18.04 LTS base, but I'm now wondering whether it's worth it. Having said that, my VPN is handled by a router so I wouldn't need Network Manager for VPN duty.

@MOQ888

Glad you got working.

Now we just need Network Manager to support the ECC instances.

@df

I agree.

On that note, what happened to the Spain node? I see the legacy one has been consolidated onto the Portugal node and the newer configs (including RSA) have no Spain node at all.

@df

Oh, btw I love the ASCII art @ http://10.31.33.7.

@df

Sounds like something might be broken in the kernel running on that machine, or maybe sysctl needs a tweak? No reason why UDP should have issues when TCP works fine and the Windows-optimised instances also work fine.

@df Found it. :D In pfSense on the Port Forwarding page, simply creating the rule isn't enough. There's a field near the bottom of the page which says "Filter rule association". The default selection for this is "None" (no doubt for security reasons). To make the rule active, one needs to select "P...

@df Yep, I have a NAT hole punched in my pfSense firewall for the VPN client address (10.66.216.32) which is in turn forwarded to the VM running my BitTorrent client (which is listening on 45886). Weird - it definitely worked before the upgrade (I checked it with telnet from an outside network). I'...

@df

I'm currently on 128.127.104.111, port number 45886. Try telneting to it and see if you get a response.

I've just realised that the port forwarding feature on the legacy RSA nodes - <os>-<location>.cryptostorm.net - doesn't seem to be functional. The setup page at http://10.31.33.7/fwd is there and appears to set the mapping (even complaining when you try to set the mapping twice) but telnet ing to th...

@OP

I'm going to have to dig into this. I'm running KDE Neon (now based on 18.04 LTS but mine is still running a 16.04 LTS base) and I suspect it has a newer Network Manager that accommodates this. Mine looks like this.

@OP Oct 22 21:40:28 e8100i7 NetworkManager[1163]: nm-openvpn-Message: openvpn[7095]: send SIGTERM Oct 22 21:40:28 e8100i7 nm-openvpn[7095]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Oct 22 21:40:28 e8100i7 nm-openvpn[7095]: TLS Error: TLS hand...

@OP

Can you collect and post some logs so we can see what Network Manager is doing? I suspect it's related to TLS handshaking, but I'd like to be sure.

Search found 1254 matches