cryptostorm's community forum

@OP

That sounds like a NAT and/or firewall issue. I'm not familiar with OPNsense so i don't know how things are laid out, but I would look in the NAt rules and then the firewall rules first.

Main Sequence wrote: ↑
Sat Jan 22, 2022 7:12 am
Until that is implemented, you can use timeanddate.com's "What Date is it in X Days?" function: https://www.timeanddate.com/date/dateadd.html

Thanks!

The token check currently shows the number of days until expiry, but seeing the actual date would be helpful, i.e.

That 365 day token is VALID and will expire at midnight on 9th March 2022 (90 days from now).

My pfSense 2.4.5 router is currently connected to a number of CS nodes, all with identical (as in copy/pasted) settings and credentials (token is valid). All connect successfully except for the Paris node (auth failure). The nodes I am currently connected to are:

England
Frankfurt
Netherlands
Sweden

Can someone take a look at the Paris node? Cheers.

Seems to have resolved itself.

VPN connects to the England node as normal, but pinging beyond it gets no response.

@df

Thanks for that, I'll look a little deeper into my setup when I get a chance.

I haven't used this feature in a while and thought I would give it a spin. Since I'm connecting to Cryptostorm from a router (pfSense), I set the DNS on my workstation to 10.31.33.8 and tried to resolve CryptoStorm's Onion service.

Code: Select all

Server:         10.31.33.8
Address:        10.31.33.8#53

** server can't find stormgm7blbk7odd.onion: SERVFAIL

Is this service still available and if so, how do I get it to work?

Cheers.

@OP

Keys do not become active until first use. What is the duration of the keys you purchased?

cryptomon wrote: ↑
Fri Jan 22, 2021 9:26 am

parityboy wrote: ↑
Mon Nov 09, 2020 3:51 pm
@OP

The token checker is here. It only checks if a token is still in date though, it doesn't check current sessions in use.
If my connected computers is less than the maximum permitted with a token (e.g. 2/6), and an auth_failed error is due to too many sessions in use, how does one resolve this issue or diagnose that that is what the problem is?

The auth database has a script which cleans up expired sessions. I'm not sure how often it runs though; I assume a minimum of once every 24 hours.

@OP

The token checker is here. It only checks if a token is still in date though, it doesn't check current sessions in use.

Main Sequence wrote: ↑
Tue Oct 27, 2020 4:56 pm

Glad to see you back. Hope things are well with you.

All's good here, how's things with you?

I've cleaned the forums as best I can, but some of the entries in the forums seem to be "ghost" entries, which will require a sysadmin to clean out of the forum database.

Main Sequence wrote: ↑
Fri Oct 30, 2020 12:29 am
This error disappeared after a Firefox update.

cryptomon wrote: ↑
Wed Oct 14, 2020 12:17 pm
Any further updates on when the wireguard webpage will work to get wireguard configs working? It still seems to go no-where for me...

I guess we'll have to wait until df returns.

Main Sequence wrote: ↑
Sat Oct 03, 2020 5:17 pm

AnonAsPossible wrote: ↑
Fri Sep 25, 2020 7:16 am

n8 wrote: ↑
Thu Sep 24, 2020 11:49 am
Hey CS team

Any news on the network status?

- cryptostorm.nu is still bust
- Wireguard for CS is down
- OpenVPN is warning that it will soon discontinue 'compress' in your configs
- Is Df back? Last mention of him being available was end of August...

So an update would be higly appreciated. Thanks and take care.

n8
With cryptostorm.nu & Wireguard still down, it's a safe bet Df still ain't back. I hope he's OK, he is 'Cryptostorm', without him what do we have!?
Look at this way... September has come and gone.. we're now into October. No updates, no new news, no fixes. The Forum admin Parityboy hasn't logged-in for almost a month, with the result that the forum is overrun with spam postings. I can only conclude that the forum is essentially unmoderated, otherwise these spam posts would be long-gone. Everything seems to be running on autopilot.

Over time, I can only anticipate that more and more services will break, and not be fixed. By all appearances, Cryptostorm is in terminal decline.

I'm back.

Been really busy with work, but I'll try to clean up the forums this week.

@OP

The Wireguard support infrastrucure is down at the moment. It'll be back up when df returns.

sysfu wrote: ↑
Tue Apr 21, 2020 1:18 am

parityboy wrote: ↑
Tue Mar 31, 2020 12:59 am
@OP

Dusseldorf went down a while ago, I believe. On a few nodes, the Wireguard instance is down but the OpenVPN instance is functioning, but I think with Dusseldorf the entire node is offline. See my sig. for the node status page.
So if you were fortunate enough to have your wireguard keys provisioned before cryptostorm.nu went down, it still works on a few nodes?

My understanding was that wireguard key provisioning and management will be down until cryptostorm.nu comes back up.

Your understanding would appear to be correct.

@OP

Dusseldorf went down a while ago, I believe. On a few nodes, the Wireguard instance is down but the OpenVPN instance is functioning, but I think with Dusseldorf the entire node is offline. See my sig. for the node status page.

@OP

Can you provide a little more detail? What platform are you running? Are you using the Cryptostorm Widget to connect or something else?

@Main Sequence

Just to clarify, is this error showing up during leeching, seeding or both?

@OP

Are you activating your connection from a desktop UI or from the terminal?

@Main Sequence

Can you check your router to see if UPnP is enabled on it? If so switch it off and also disable it in your torrent client.

@mando

From what I understand the Wireguard token generator requires cryptostorm.nu to be up and running (which it isn't) although that may just be for the paid service. Also, it may be that the wireguard instance on the free service exit node may be down and require a restart.

@Main Sequence

Which torrent client are you using? Could you experiment with another one to see if the issue appears there as well?

@Main Sequence

Does your real IP show if port-forwarding is disabled? How are you enabling port forwarding?

@OP

Can you post some logs here so that I can take a look? Thanks.

@Lsd

If you are familiar with Linux you can use iptables to effect a killswitch. I did this for years before moving to pfSense.

@OP

Can you capture some log output and post it here? Thanks.

@OP

Send an email to support@cryptostorm.is.

@OP

Which exit node are you trying to connect to? What OS are you using?

@OP

Many thanks for the update.

@OP

I've not heard anything re: df. Hopefully he/she will be back soon.

@OP

The authentication server is currently down. The system seems to have been designed so that in the event that certain services have failed (for whatever reason) the network will still remain accessible (and secure).

@OP

Glad you got it working!

FYI, if you check the uptime link in my sig, you'll likely find that those four configs that don't work look rather familiar...

@OP

With the connection active can you ping a DNS server such as 8.8.8.8 or 1.1.1.1?

@thread

I recently upgraded to a 70Mb/s FTTC connection so I thought I'd share some results here.

Connected to the Sweden node and pulling a copy of Linux Mint from the Swedish mirror, I get this:

Code: Select all

Resolving saimei.ftp.acc.umu.se (saimei.ftp.acc.umu.se)... 194.71.11.138, 2001:6b0:19::138
Connecting to saimei.ftp.acc.umu.se (saimei.ftp.acc.umu.se)|194.71.11.138|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 2036826112 (1.9G) [application/x-iso9660-image]
Saving to: ‘linuxmint-19.3-cinnamon-64bit.iso’

linuxmint-19.3-cinnamon-64bit.iso      100%[=========================================================================>]   1.90G  7.28MB/s    in 4m 20s  

2019-12-30 22:50:03 (7.48 MB/s) - ‘linuxmint-19.3-cinnamon-64bit.iso’ saved [2036826112/2036826112]

Works out to 59.84Mbit/s; not bad considering I'm not using a node closer to me.

@Bob

Which node are you trying to connect to?

@OP

I think registering for a Wireguard token is broken at the moment.

DudeOfLondon wrote: ↑
Thu Dec 05, 2019 5:16 am
Also some European servers don't load all webpages. eg. the Frankfurt node does oly load half of my websites. Not ebven this forum loads with the Frankfurt node.

I could be wrong but apart from a misconfiguration, the Frankfurt node might have a flaky network card in it.

Mikrano wrote: ↑
Wed Dec 04, 2019 5:42 am
From some sources here, hopefully its not true, DF got captured by FBI. Is this true?

Absolutely no idea. He could have been hit by a car, struck down with illness, had to relocate @ short notice (although the last one is less likely, considering the lack of comms but you never know).

AnonAsPossible wrote: ↑
Tue Dec 03, 2019 10:35 pm
This is worrying, lots of down servers, df not seen anywhere, strange message on twitter yesterday!!

parityboy, any insights?????

edit; also HavenLabs hasn't tweeted anything since july 7, they're part of CS, right? There's something strange going on...

HavenLabs is not a Twitter account I follow, so I can't comment on that. However, there is certainly something strange (and presumably not good) happening.

@DudeOfLondon

When I connect (using Konversation) I get

Code: Select all

[SSL Connection Warning] The SSL certificate for the server irc.cryptostorm.is (port 6697) failed the authenticity check.

likely due to the SSL certificate being self-signed. Odd that they never replaced it with a Let's Encrypt cert, but the IRC server has always used that self-signed certificate.

MOQ888 wrote: ↑
Mon Dec 02, 2019 7:37 am
bloody nuisances, they PM spam as well ...

Yeah, but the good thing about those is that they have to register on the site with a username. I've handed out a few IP bans as a result.

@OP

As far as I know, CS only support DNSCrypt.

@Hyam

Thanks for not going off at the deep end.

And yes, it is disappointing but more worrying than disappointing.

@DudeOfLondon

It looks like the Wireguard instance at the Frankfurt server has fallen over. The OpenVPN instance is up and running (I'm connected to it right now).

@OP

I owe you an apology: I saw your latest posts and managed to hit the "Disapprove" button, which was damned careless of me; once again, I apologise.

On a more technical note, if you wish to know which nodes are available, check my sig for an uptime page. For some odd reason, Moldova spent a day offline but has somehow come back up.

@OP

There's a Black Friday announcement on the site, which could have been automated. As far as I am aware, it wasn't placed there by df.

@OP

As you may or may not know, df has been missing in action for the past few days. Unless he pops up shortly, there won't be any Black Friday sales. I would hold off buying any tokens at all until he returns.

cstormer wrote: ↑
Thu Nov 28, 2019 7:56 am
They are not responding on twitter, irc server is down, wireguard not working.
Something's definitively happening.
I hope the boys are ok.

If you have a native IRC client, you can hop onto IRC at irc.cryptostorm.is, port 6697 (SSL) or 6667 (non-SSL).

lilb0y wrote: ↑
Thu Nov 28, 2019 4:09 pm
It's the same problem with me. I bought 3 tokens for a test. Nothing's working. I can't create Wireguard keys and OpenVPN doesn't establish a connection.

I have contacted the support several times and there is no reaction.

What a bad provider and service.....

With OpenVPN, which configs are you using (RSA, ed448, ed25519)? Also which server are you trying to connect to? Could you post any logs?

@OP

Cryptostorm is definitely not a scam, I've been using it since 2014, basically since launch day.

Can you post any logs from your OpenVPN connection attempts (I don't use Wireguard so I'm not familiar with it)? Also which server are you trying to connect to?

@moris

If you have a native IRC client you can join the IRC channel at irc.cryptstorm.is, port 6697 (SSL) or 6667 (non-SSL). The channel name is #cryptostorm.

@OP

Glad you got it working.

By the way, if you wish to know if a node truly is down or not, check here.

@OP

Code: Select all

nslookup la.cryptostorm.pw

Code: Select all

Server:         127.0.1.1
Address:        127.0.1.1#53

Non-authoritative answer:
Name:   la.cryptostorm.pw
Address: 173.208.77.71
Name:   la.cryptostorm.pw
Address: 173.208.77.70
Name:   la.cryptostorm.pw
Address: 173.208.77.89
Name:   la.cryptostorm.pw
Address: 23.19.67.117
Name:   la.cryptostorm.pw
Address: 173.208.77.78
Name:   la.cryptostorm.pw
Address: 173.208.77.82
Name:   la.cryptostorm.pw
Address: 173.208.77.79
Name:   la.cryptostorm.pw
Address: 173.208.77.67
Name:   la.cryptostorm.pw
Address: 173.208.77.80
Name:   la.cryptostorm.pw
Address: 173.208.77.84
Name:   la.cryptostorm.pw
Address: 173.208.77.83
Name:   la.cryptostorm.pw
Address: 173.208.77.81
Name:   la.cryptostorm.pw
Address: 173.208.77.76
Name:   la.cryptostorm.pw
Address: 173.208.77.86
Name:   la.cryptostorm.pw
Address: 173.208.77.75
Name:   la.cryptostorm.pw
Address: 173.208.77.77
Name:   la.cryptostorm.pw
Address: 173.208.77.72
Name:   la.cryptostorm.pw
Address: 173.208.77.85
Name:   la.cryptostorm.pw
Address: 173.208.77.90
Name:   la.cryptostorm.pw
Address: 173.208.77.88
Name:   la.cryptostorm.pw
Address: 173.208.77.66
Name:   la.cryptostorm.pw
Address: 23.19.67.119
Name:   la.cryptostorm.pw
Address: 173.208.77.73
Name:   la.cryptostorm.pw
Address: 173.208.77.69
Name:   la.cryptostorm.pw
Address: 173.208.77.68
Name:   la.cryptostorm.pw
Address: 173.208.77.87
Name:   la.cryptostorm.pw
Address: 23.19.67.118
Name:   la.cryptostorm.pw
Address: 173.208.77.91
Name:   la.cryptostorm.pw
Address: 173.208.77.74

I would wager it's something local. What node are you connected to when you perform the DNS query?

EDIT
I got the wrong end of the stick. The host resolution is fine, I suspect (from your log) that the OpenVPN server on port 5601 is down. Could you try connecting to the same node using one of the RSA configs instead?

@OP

df is going to have to implement a CAPTCHA or something to block automated registration bots...and then maybe 2FA afterwards to knock out password guessers.

@OP

Are you talking about port forwarding in general or specifically doing it on a Cryptostorm exit node?

@OP

No idea, but it's definitely still down for whatever reason...

@OP

Glad you're back and still operating!

On the surface, it may seem that the VPN market is teeming with various companies competing for a piece of the growing consumer VPN pie.

However, when we began to look further into the VPNs and the companies that own them, we noticed something interesting: a lot of these products are owned by the same company. With our interests piqued, we decided to dig deeper to see just how many VPN products are owned or operated by which companies.

The number may surprise you:

Our research shows that at least 97 VPN products are owned or operated by only 23 companies.

This includes both cross-platform and mobile-only VPN products. It also includes direct subsidiaries or products/brands, as well as white label services. This represents a much bigger number than was previously reported in other research.

For our analysis, we only included parent companies that own or operate more than one VPN product.

You can find our infographic that summarizes our research here.

Source

@OP

It's always useful to run a VPN on a router, since it saves having to run a VPN client on every Internet-accessing device. DNSCrypt is the cherry on top if you can get it working.

@OP

Interesting...do you not use the usual 192.168.x.x. addressing scheme on your LAN, or is this on a mobile Windows device?

MOQ888 wrote: ↑
Tue Jul 02, 2019 3:09 pm
DOH ... I switched it from NAT to Bridged and of course it works perfectly. Tks PB!

yw.

@df

Yeah, thanks for that. I think that for now 'll just set the 10.x.x.x DNS server address on the hosts I need it for. It works and is a simple fix.

@OP

In the VM config, is the LAN interface NAT or bridged?

df wrote: ↑
Sat May 04, 2019 7:45 pm
@parityboy

...

As for the DNS leak test failing, I can only see that happening on a host behind the router, and only if the host is set to use DHCP and a DNS server running on the router (which would be connected to CS, and maybe set to use the DNS pushed by the VPN).

That's the one thing that pfSense cannot do. It'll do it on it's WAN interface, but not on any of the tunnel interfaces. If it could, it would make life far, far simpler...

@OP

Look here.

Weird things are afoot with NordVPN's app and the traffic it generates - Reg readers have spotted it contacting strange domains in the same way compromised machines talk to botnets' command-and-control servers.

Although NordVPN has told us this is expected behaviour by the app and is intended as a counter-blocking mechanism, the company's explanation has shifted a number of times.

...

Further scratching of heads led to infosec bod Ryan Niemes' personal blog, where he had written about exactly the same odd traffic. Except Niemes had noticed something else too: these domains weren't owned by anybody. So he bought them and spun up an EC2 instance to log what was coming in.

Source

@df

Apart from the usual SNAT/MASQ stuff which is needed anyway, the only thing outstanding I have in pfSense is a port forward rule to support a private tracker and that only applies to a single VM guest on a host-only network of its own.

Another thing I noticed is that I can't get pfSense to resolve .onion or .i2p domains using its configured (public) Cryptostorm DNS servers. However, if I tell one of my desktops (sitting behind pfSense) to use 10.31.33.8 in Network Manager, they resolve. It used to work in pfSense perfectly well.

I wonder if pfSense is doing something strange (which might explain both DNS test failures)...

@df

I get 88.202.180.213, which is one of the England exit node IPs.

@df

Code: Select all

whoami.cryptostorm.is has address 88.202.180.213

Those are exit node IPs. : ) They are what shows up on https://cryptostorm.is/test, depending on the exit node being used.

@df

I just tried the CS DNS Leak Test page. The IPs it listed are actually the IPs of the exit nodes I'm connected to, rather than the DNS servers I'm using, hence it lists them in red as "not cryptostorm DNS". I've configured pfSense to use 82.163.72.123 and 128.127.104.108 as DNS servers.

@OP

See here.

@OP

As far as I am aware, the Great Firewall will (at least try to) block OpenVPN at the protocol level. The newer CS configs employ TLS to encrypt the OpenVPN handshake which should defeat and kind of Deep Packet Inspection. However Cryptostorm IPs are public, so blocking them is not exactly difficult.

@marza

Unless NBN goes out of its way to block port 443 or the OpenVPN protocol, it should no different to how it is now in terms of setup and operation.

@df

Really? All of the security-related posts here on the form have all pointed to compression being disabled (at least according to PJ and the earlier configs).

@OP

Try this:

Code: Select all

sudo -s
wget -O - https://swupdate.openvpn.net/repos/repo-public.gpg|apt-key add -
echo "deb http://build.openvpn.net/debian/openvpn/stable bionic main" > /etc/apt/sources.list.d/openvpn-aptrepo.list
apt-get update && apt-get install openvpn
exit

Linux Mint is based on Ubuntu and the latest Ubuntu is Bionic Beaver. Packages like OpenVPN are packaged for the base system rather than the extras added on by respins such as Mint or Kubuntu.

@OP

Can you post some logs generated by OpenVPN?

Search found 1270 matches