Search found 54 matches

by sysfu
Tue Apr 21, 2020 1:18 am
Forum: member support & tech assistance
Topic: Nodes down + Speed problems
Replies: 3
Views: 9580

Re: Nodes down + Speed problems

parityboy wrote:
Tue Mar 31, 2020 12:59 am
@OP

Dusseldorf went down a while ago, I believe. On a few nodes, the Wireguard instance is down but the OpenVPN instance is functioning, but I think with Dusseldorf the entire node is offline. See my sig. for the node status page. :)
So if you were fortunate enough to have your wireguard keys provisioned before cryptostorm.nu went down, it still works on a few nodes?

My understanding was that wireguard key provisioning and management will be down until cryptostorm.nu comes back up.
by sysfu
Fri Apr 10, 2020 4:12 am
Forum: member support & tech assistance
Topic: Cryptostorm network - news
Replies: 30
Views: 69222

Re: Cryptostorm network - news

Does anyone beside df have access to the cryptostorm keybase account? https://keybase.io/cryptostorm
by sysfu
Wed Dec 04, 2019 9:06 pm
Forum: member support & tech assistance
Topic: Token doesn't work - support not responding.
Replies: 18
Views: 14329

Re: Token doesn't work - support not responding.

cstormer wrote:
Thu Nov 28, 2019 7:56 am
They are not responding on twitter, irc server is down, wireguard not working.
Something's definitively happening.
I hope the boys are ok.
I contacted them on Nov 22nd via Keybase regarding Wireguard web pages not returning tokens.

That communication remains unanswered and they have yet to respond to two additional follow-up messages via Keybase.
by sysfu
Sat Nov 23, 2019 4:49 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 277
Views: 1392025

Re: widget v3

marzametal wrote:
Fri Nov 15, 2019 6:05 am
I recently upgraded to the latest version of the widget.
This time around, the widget actually completes executing the killswitch (before it stopped on one of the exit nodes).

However, the widget now changes my dns to 127.0.0.1, which results in no chance in connection.
I have to use the Cloudflare 1.1.1.1 dns if I want to connect.
This did not happen with the previous release, which let me connect automatically.

NOTE: This is not the error with the tap adapter, a different error pops up. I will disconnect and connect again to provide a print screen.

dns.jpg
Can confirm the same issue on Windows 10 1909 with 3.43 CS Widget.

The Widget also hangs when disconnecting, process must be terminated forcefully to recover.
by sysfu
Sun Feb 25, 2018 11:11 pm
Forum: member support & tech assistance
Topic: Bitcoin payment on Cryptostorm.is
Replies: 6
Views: 14200

Re: Bitcoin payment on Cryptostorm.is

Please see if Coinpayment has the option to pay without providing an email address, like Bitpay does.
by sysfu
Sun Feb 25, 2018 9:16 pm
Forum: independent cryptostorm token resellers, & tokens 101
Topic: wallet addresses: darkcoins, dogecoins, litecoins, namecoins, bitcoins
Replies: 7
Views: 71505

Re: wallet addresses: darkcoins, dogecoins, litecoins, namecoins, bitcoins

Looks like Coinpayments requires use of an email address to check out.

Doesn't that partially defeat purpose of the token based authentication system?

Looks like Bitpay offers the option to pay with Bitcoin without having to provide an email.

Ideally, I would like customers to be able to pay with Monero and have the token delivered directly in the browser, no email needed.
by sysfu
Mon Nov 21, 2016 11:29 pm
Forum: crypto, VPN & security news
Topic: [BleepingComputer] UK Passes the Most Extreme Surveillance Law in the History of Western Democracy
Replies: 6
Views: 18391

Re: [BleepingComputer] UK Passes the Most Extreme Surveillance Law in the History of Western Democracy

I actually welcome these crackdowns because they drive encryption adoption by the plebs like nothing else.

I've been working for the last five years to develop my own self hosted and encrypted infrastructure and plan on releasing a video tutorial series showing punters how to do it themselves.
by sysfu
Sat Apr 09, 2016 11:02 pm
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 277
Views: 1392025

Re: widget v3

The alpha has actually been less buggy for me on Win7 than 2.22. Narwhal would crash with almost 99% percent reliability when attempting to exit the app as it tried to reset the DNS server(s).

Thanks for the hashes.
by sysfu
Thu Apr 07, 2016 8:47 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 277
Views: 1392025

Re: widget v3

PJ or df, can one of you please post a SHA file hash of the alpha installer .exe so we can verify file integrity after downloading?

Thanks
by sysfu
Sun Mar 27, 2016 4:33 am
Forum: general chat, suggestions, industry news
Topic: feedback reqest: jitsi, and Ostel.co
Replies: 4
Views: 22689

Re: feedback reqest: jitsi, and Ostel.co

Jitsi is a piece of sh*t in my experience, buggy as all hell, unreliable, devs insist on ridiculous amounts of logging enabled by default, dependence on client server architecture, etc etc.

Save your time and grief and go with Tox as a Skype replacement instead, I've had great success using it with non-technical users.

Can't comment on ostel.co, have not messed with it since way back when the Guardian project was experimenting using it as a backend for their zrtp sip clients on Android.
by sysfu
Fri Mar 25, 2016 6:15 am
Forum: general chat, suggestions, industry news
Topic: Modern 100% FOSS libreboot server now available!
Replies: 1
Views: 24414

Re: Modern 100% FOSS libreboot server now available!

Thanks for posting this.

I've been looking to migrate to coreboot capable server hardware for quite some time now however all of the well supported AMD motherboards listed on the coreboot wiki have been hard to come by, especially in small form factors.
by sysfu
Fri Mar 25, 2016 6:04 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 277
Views: 1392025

DNSC hash upgrade warning

Here's a screenshot of one of the DNSC hash upgrade warnings

Image
by sysfu
Fri Mar 25, 2016 4:37 am
Forum: DeepDNS - cryptostorm's no-compromise DNS resolver framework
Topic: TrackerSmacker: philosophical considerations
Replies: 11
Views: 34013

Re: TrackerSmacker: philosophical considerations

A little required reading directly related to this topic...

Software Defaults as De Facto Regulation: The Case of Wireless APs ," Rajiv Shah and Christian Sandvig, TPRC'07, September 2005,

Our results show that default settings play a powerful role in how people use technology. People are hesitant to change the manufacturer's default settings and defer to them. While this argument is well known to scholars in this area, this study found empirical evidence to quantify this effect using multiple measures from two very different sources of data (one of them very large). In our empirical study, we found that most people do not change default settings.
by sysfu
Thu Mar 24, 2016 9:44 pm
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 277
Views: 1392025

Re: widget v3

The V3 widget is working pretty well on my Windows 7x system, better than the v2.22 release. In-line updates are working smoothly, only issue is that the signature check for the widget software update appears to be failing, but the openvpn and openssl component updates work without any apparent errors. I'll try to get a screenshot of the signature/checksum error if it happens again.

Outside of that, the only other issue I'm running into is that when I set Cryptostorm to launch at login and connect automatically, there is nothing visible on the desktop, taskbar, or notification area. Process explorer shows that Cryptostorm is running and connected however, and visiting an IP check web site confirms that traffic is routing over the Cryptostorm network. If I want to disconnect Cryptostorm, I have to kill the process tree using Process Explorer.
by sysfu
Thu Mar 24, 2016 6:44 am
Forum: DeepDNS - cryptostorm's no-compromise DNS resolver framework
Topic: TrackerSmacker: philosophical considerations
Replies: 11
Views: 34013

Re: TrackerSmacker: philosophical considerations

I'm not going to get too worked up about it as long as there in as option for power users to opt-out of the filtering via a checkbox on the connection widget options, or perhaps a special password in the password field for cross platform support.

Would be re-assuring if the cryptostorm team will commit to making that knob available.
by sysfu
Thu Mar 24, 2016 2:32 am
Forum: general chat, suggestions, industry news
Topic: webRTC browser IP leak fix via Windows Firewall
Replies: 25
Views: 117698

Re: webRTC browser IP leak fix via Windows Firewall

People seeking to solve the WebRTC issue with Firefox might try installing the 'Statutory' add-on.

I also found out about a privacy centric Mozilla fork known as Pale Moon which should also solve the problem. This project is recommended in the description for the Statutory add-on.
by sysfu
Fri Mar 18, 2016 4:23 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 277
Views: 1392025

Re: widget v3

Is there any kind of timeline for an alpha/beta or official release of the v3 Widget?
by sysfu
Thu Mar 17, 2016 2:33 am
Forum: DeepDNS - cryptostorm's no-compromise DNS resolver framework
Topic: TrackerSmacker: adware/crapware-blocking done right
Replies: 67
Views: 363471

Re: TrackerSmacker: adware/crapware-blocking done right

Second the idea of the special password field opt-out method
by sysfu
Wed Mar 16, 2016 4:11 am
Forum: DeepDNS - cryptostorm's no-compromise DNS resolver framework
Topic: TrackerSmacker: adware/crapware-blocking done right
Replies: 67
Views: 363471

Re: TrackerSmacker: adware/crapware-blocking done right

Just a heads up, looks like hostname clicks.aweber.com is blocked which prevents a lot of links contained in legit newsletters from being usable.
by sysfu
Tue Mar 15, 2016 10:42 pm
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 277
Views: 1392025

Re: widget v3

Adding keywords 'black dolphin' to this thread so those searching for info on the v3 widget can more easily find it.
by sysfu
Tue Mar 15, 2016 10:24 pm
Forum: DeepDNS - cryptostorm's no-compromise DNS resolver framework
Topic: TrackerSmacker: adware/crapware-blocking done right
Replies: 67
Views: 363471

Re: TrackerSmacker: adware/crapware-blocking done right

Why don't you guys add a 'knob' to the connection widget that allows a user to enable or disable the ad blocking DNS functionality at connection time?

That would be the best way to implement the feature so that those with philosophical objections are not forced to use it.
by sysfu
Thu Feb 11, 2016 4:18 am
Forum: member support & tech assistance
Topic: Virustotal alert for Windows Narwhwal Widget
Replies: 3
Views: 7939

Virustotal alert for Windows Narwhwal Widget

Process Explorer is reporting one hit on virustotal.com for the client.exe process belonging to the Cryptostorm client Windows Narwhal widget v2.22.

The 'Bkav' antivirus is reporting a hit for 'HW32.Packed.4C3F'
by sysfu
Thu Jan 14, 2016 11:59 am
Forum: general chat, suggestions, industry news
Topic: webRTC browser IP leak fix via Windows Firewall
Replies: 25
Views: 117698

Re: webRTC browser IP leak fix via Windows Firewall

If you're forced to use Chrome for whatever reason you can block WebRTC leaks with the WebRTC Leak Prevent Extension

I also came across the manual method below posted here

08.01.2016 at 13:41
To deactivate WebRTC in chrome-Browser and clones you have to insert a code-line into the file “preferences” in user-directory:
,”webrtc”:{“multiple_routes_enabled”:false}
in front of last }
by sysfu
Thu Aug 13, 2015 10:21 am
Forum: member support & tech assistance
Topic: Narwhal 2.22 drop down node list needs updating
Replies: 2
Views: 6840

Re: Narwhal 2.22 drop down node list needs updating

IP of 'mystery' Rochester node is 23.92.211.54
by sysfu
Thu Aug 13, 2015 7:03 am
Forum: member support & tech assistance
Topic: Narwhal 2.22 drop down node list needs updating
Replies: 2
Views: 6840

Narwhal 2.22 drop down node list needs updating

Noticed that a few nodes on the drop down menu show below are either defunct or incorrectly labeled, this is the case after clicking the 'Update' button as well.
  • IIRC the Montreal node is down for the count and not coming back any time soon.
  • 'Deneb - Cygnus' appears to be a duplicate of the Tokyo location.
  • There appears to be a new mystery node in Rochester NY, (sorry don't have IP handy right now)
Image
by sysfu
Thu Aug 13, 2015 6:41 am
Forum: member support & tech assistance
Topic: Narwhal 2.22 windows resizing bug
Replies: 1
Views: 7060

Narwhal 2.22 windows resizing bug

I'm having an issue with the Narwhal 2.22 widget on a Windows system where it the window collapses to half size after clicking the 'Options' button, and will not allow resizing. Hitting the 'Back' button restores the window to the correct size.

Image
by sysfu
Fri Aug 07, 2015 7:28 am
Forum: member support & tech assistance
Topic: streaming video choppy (Youtube/Twitch/...)
Replies: 18
Views: 27015

Re: streaming video choppy (Youtube/Twitch/...)

The increased jitter would not come as a big surprise to me when stressing the connection in that manner.
by sysfu
Fri Aug 07, 2015 5:53 am
Forum: member support & tech assistance
Topic: streaming video choppy (Youtube/Twitch/...)
Replies: 18
Views: 27015

Re: streaming video choppy (Youtube/Twitch/...)

With regards to the 45% packet loss in de-cix, PingPlotter can be misleading that way to new users. "Is there any packet loss at the destination IP?" is the question you want to ask yourself first.

If the answer is no, then you can disregard packet loss on intermediate hops. They may be too overloaded to answer every query, or the router may be configured not to respond to PingPlotter queries at all, in which case you might see 100% packet loss on intermediate hops, but still be able to ping the target just fine.

Another thing to try is a tcp ping on port 443, most Youtube vids are served up over HTTPS these day. You can change to a tcp ping under 'Edit' menu => 'Options' => 'Packet' => 'Packet Type'

Lastly, as a workaround for video streaming problems, I have found using the youtube-dl and Clipgrab utilities to download the video for local playback a real frustration reducer.
by sysfu
Thu Aug 06, 2015 9:00 pm
Forum: member support & tech assistance
Topic: SSH sessions dropping constantly while connected to Cryptostorm network
Replies: 10
Views: 14110

Re: SSH sessions dropping constantly while connected to Cryptostorm network

Confirmed this issue also occurs with stock sshd_config on Ubuntu 15.04 x64 VM.

I think the next step is to gather pcaps both workstation and server side, any recommendations for filtering or snaplen length?
by sysfu
Thu Aug 06, 2015 8:40 am
Forum: member support & tech assistance
Topic: streaming video choppy (Youtube/Twitch/...)
Replies: 18
Views: 27015

Re: streaming video choppy (Youtube/Twitch/...)

Try this:
  • Install TCPView and PingPlotter for Windows
  • Connect to CrypoStorm and start streaming a video.
  • Fire up TCPView.
  • Under the TCPView 'Options' menu, make sure 'Show Unconnected Endpoints' is un-checked.
  • Click on the 'Rcvd Packets' column title to sort by it.
  • The process with the most rcvd packets is usually the server your video is streaming from.
  • Right click the entry and 'copy'
  • Paste that into notepad, then copy the 2nd IP address which was under the 'Remote Address' column in TCPView.
  • Fire up PingPlotter, and paste that remote IP address of the streaming server into the 'Target Name' box and hit the green run arrow-button.
  • Let it run for five minutes to collect data.
  • Go to the PingPlotter edit menu and select either 'Copy as Image' or 'Copy as Text'
  • update this topic with the PingPlotter info.
by sysfu
Thu Aug 06, 2015 7:10 am
Forum: member support & tech assistance
Topic: Windows 10?
Replies: 12
Views: 31190

Re: Windows 10?

Seeing as how Microsoft has been cramming the Windows 10 automatic updates down the throats of their Windows7/8 userbase with no way to opt out of them, it's hard not to draw the conclusion that the reason they're making the upgrade free for everybody is to get every last customer on the data collection and harvesting bandwagon.

The new default data collection settings for Windows 10 are alarming.
by sysfu
Thu Aug 06, 2015 6:51 am
Forum: member support & tech assistance
Topic: SSH sessions dropping constantly while connected to Cryptostorm network
Replies: 10
Views: 14110

Re: SSH sessions dropping constantly while connected to Cryptostorm network

I was able to reproduce the issue on an Ubuntu 15.04 x64 VM.

I am running a somewhat restricted sshd_config as detailed below. Wonder if that could have something to do with it, as I didn't notice any SSH session drops until I hardened SSH.

Code: Select all

/etc/ssh/sshd_config
Port 22
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey                         /etc/ssh/ssh_host_ed25519_key
UsePrivilegeSeparation yes
KeyRegenerationInterval 3600
ServerKeyBits 1024
SyslogFacility AUTH
LogLevel INFO
LoginGraceTime 120
PermitRootLogin no
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
UsePAM yes
PasswordAuthentication no
KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
Ciphers chacha20-poly1305@openssh.com,aes256-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-512
by sysfu
Tue Aug 04, 2015 11:37 pm
Forum: member support & tech assistance
Topic: SSH sessions dropping constantly while connected to Cryptostorm network
Replies: 10
Views: 14110

Re: SSH sessions dropping constantly while connected to Cryptostorm network

Mostly OpenBSD with a smattering of FreeBSD and Parabola GNU/Linux
by sysfu
Mon Aug 03, 2015 12:15 am
Forum: member support & tech assistance
Topic: SSH sessions dropping constantly while connected to Cryptostorm network
Replies: 10
Views: 14110

Re: SSH sessions dropping constantly while connected to Cryptostorm network

Another interesting data point on this issue; it's also happening with SSH connections to hosts on the local network. So this suggests it's something to do with the local OpenVPN software, not the Cryptostorm network.
by sysfu
Sun Aug 02, 2015 11:03 pm
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: The CryptoStorm Speed Test Thread
Replies: 84
Views: 237326

Re: The CryptoStorm Speed Test Thread

Using exit linux-cantus1.xn--cdaan2d.be46.165.222.248
Native 22Mbps/2Mbps dn/up

Code: Select all

Retrieving speedtest.net configuration...
Retrieving speedtest.net server list...
Testing from Leaseweb Germany GmbH (46.165.222.248)...
Selecting best server based on latency...
Hosted by Base-Mail (Frankfurt) [100.73 km]: 237.964 ms
Testing download speed........................................
Download: 8.62 Mbit/s
Testing upload speed..................................................
Upload: 0.98 Mbit/s
by sysfu
Sun Aug 02, 2015 10:57 pm
Forum: general chat, suggestions, industry news
Topic: Please three character search terms on the forum
Replies: 4
Views: 12475

Re: Please three character search terms on the forum

Confirmed that three letter search terms are working now, thank you.

Also, if there's any way to move the relocate the search box from the bottom of the screen to the top, that would be helpful too.
by sysfu
Sun Aug 02, 2015 10:54 pm
Forum: member support & tech assistance
Topic: SSH sessions dropping constantly while connected to Cryptostorm network
Replies: 10
Views: 14110

Re: SSH sessions dropping constantly while connected to Cryptostorm network

This behavior is hugely problematic for me, I cannot effectively administer servers when the connection drops every few minutes.

I will open a support request with Cryptostorm.
by sysfu
Sun Aug 02, 2015 1:26 am
Forum: member support & tech assistance
Topic: SSH sessions dropping constantly while connected to Cryptostorm network
Replies: 10
Views: 14110

Re: SSH sessions dropping constantly while connected to Cryptostorm network

Confirmed this is an issue on both Mac and Windows platforms with both the Narwhal widget and Viscosity, and SecureCRT and OpenSSH clients. Pretty confident it's a cryptostorm network issue of some sort as it rarely if ever happens when using 'naked' Internet connection.

Error message in terminal when connection drops is:

Code: Select all

packet_write_wait: Connection to xxx.xxx.xxx.xxx: Broken pipe
by sysfu
Sun Aug 02, 2015 12:12 am
Forum: member support & tech assistance
Topic: SSH sessions dropping constantly while connected to Cryptostorm network
Replies: 10
Views: 14110

SSH sessions dropping constantly while connected to Cryptostorm network

I'm having chronic issues with SSH sessions dropping while connected to the Cryptostorm network. They rarely stay up for more than 5 minutes after which they must be reconnected. This occurs with SecureCRT 7.3.1 and sshd OpenSSH_6.8, LibreSSL 2.1.

Right now I'm testing to see if I can duplicate this issue with OpenSSH_6.9p1, LibreSSL 2.2.1 client.

If anyone else is experiencing this issue and has troubleshooting tips please post.
by sysfu
Wed Jul 29, 2015 9:24 pm
Forum: general chat, suggestions, industry news
Topic: Please three character search terms on the forum
Replies: 4
Views: 12475

Please three character search terms on the forum

I'd like to search the forums for three letter technical terms like 'dns' and 'i2p' however currently only four letter or greater terms are allowed. Can the board sysadmin please allow searching for three letter terms?
by sysfu
Tue Jun 16, 2015 9:51 pm
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: The CryptoStorm Speed Test Thread
Replies: 84
Views: 237326

Re: The CryptoStorm Speed Test Thread

Thought I'd share a pretty cool command line client for speedtest.net that I found the other day: https://github.com/zpeters/speedtest
by sysfu
Sun Jun 14, 2015 10:27 pm
Forum: member support & tech assistance
Topic: OpenVPN terminal window filled with multiple replay warnings per minute
Replies: 5
Views: 10073

Re: OpenVPN terminal window filled with multiple replay warnings per minute

So far I have not been able to reproduce the replay warnings when connected to the Seattle or Montreal clusters on default udp port 443. Will post back here if they crop up again.
by sysfu
Sun Jun 14, 2015 9:33 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: The CryptoStorm Speed Test Thread
Replies: 84
Views: 237326

Re: The CryptoStorm Speed Test Thread

Raw or nekkid connection speed: ADSL ~22Mbps/2Mbps
by sysfu
Sat Jun 13, 2015 11:13 pm
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: The CryptoStorm Speed Test Thread
Replies: 84
Views: 237326

Re: The CryptoStorm Speed Test Thread

Direct via ISP

Code: Select all

aria2c http://speedtest.sea01.softlayer.com/downloads/test100.zip

Download Results:
gid   |stat|avg speed  |path/URI
======+====+===========+=======================================================
ed2189|OK  |   2.6MiB/s|D:/Users/test/Downloads/test100.zip
OpenBSD/Alix router via Seattle cluster:

Code: Select all

Download Results:
gid   |stat|avg speed  |path/URI
======+====+===========+=======================================================
a40207|OK  |   415KiB/s|D:/Users/test/Downloads/test100.zip
Narwhal 2.22 widget via Seattle cluster:

Code: Select all

Download Results:
gid   |stat|avg speed  |path/URI
======+====+===========+=======================================================
463ae2|OK  |   1.1MiB/s|D:/Users/test/Downloads/test100.zip
by sysfu
Fri Jun 12, 2015 4:09 am
Forum: member support & tech assistance
Topic: OpenVPN terminal window filled with multiple replay warnings per minute
Replies: 5
Views: 10073

Re: OpenVPN terminal window filled with multiple replay warnings per minute

Well it looks like I spoke too soon. Replay errors abound once again only this time on udp port 80. Seems to be tied to Netflix watching.

I'll try some other nodes, like Seattle and Montreal.
by sysfu
Thu Jun 11, 2015 10:54 pm
Forum: member support & tech assistance
Topic: OpenVPN terminal window filled with multiple replay warnings per minute
Replies: 5
Views: 10073

Re: OpenVPN terminal window filled with multiple replay warnings per minute

I switched to udp port 80 on the Kansas City node and so far no replay errors.

As far as I can tell the 'replay-window' OpenVPN connection config file option is not supported for tcp connections and therefore does not apply in this particular case.
by sysfu
Thu Jun 11, 2015 4:05 am
Forum: general chat, suggestions, industry news
Topic: Leakblock: opensource anti-leak tool for Windows VPNs
Replies: 4
Views: 16188

Re: Leakblock: opensource anti-leak tool for Windows VPNs

Any status update on the availability of the Leakblock software? Will it be rolled into the Narwahl connection app for Windows?
by sysfu
Wed Jun 10, 2015 11:53 pm
Forum: member support & tech assistance
Topic: OpenVPN terminal window filled with multiple replay warnings per minute
Replies: 5
Views: 10073

OpenVPN terminal window filled with multiple replay warnings per minute

I have CryptoStorm tunnel connected via an OpenBSD 5.7 router running OpenVPN 2.3.6 i386-unknown-openbsd5.7 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on May 7 2015 library versions: LibreSSL 2.1, LZO 2.08.

The terminal window is filled with bad packet ID / replay warnings such as the ones posted below. Is this normal or cause for alarm?

Code: Select all

Wed Jun 10 10:11:20 2015 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #82742 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Wed Jun 10 10:11:27 2015 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #84263 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Wed Jun 10 10:12:21 2015 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #93701 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Wed Jun 10 10:14:28 2015 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #117040 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Wed Jun 10 10:14:56 2015 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #122592 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Wed Jun 10 10:15:04 2015 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #124230 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Wed Jun 10 10:15:54 2015 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #135680 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Wed Jun 10 10:16:37 2015 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #144411 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Wed Jun 10 10:17:20 2015 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #155018 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Wed Jun 10 10:35:48 2015 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #5428 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Wed Jun 10 10:43:45 2015 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #17815 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Wed Jun 10 10:44:32 2015 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #31381 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Wed Jun 10 10:44:38 2015 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #33138 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Wed Jun 10 10:45:03 2015 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #3731 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Wed Jun 10 10:45:26 2015 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #11125 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Wed Jun 10 10:45:27 2015 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #11273 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Wed Jun 10 10:45:29 2015 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #11866 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Wed Jun 10 10:46:15 2015 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #26123 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Wed Jun 10 10:46:46 2015 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #35527 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Wed Jun 10 10:46:57 2015 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #38948 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Wed Jun 10 10:46:58 2015 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #39405 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Wed Jun 10 10:47:08 2015 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #42312 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Wed Jun 10 10:47:11 2015 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #43239 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Wed Jun 10 10:47:32 2015 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #50203 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Wed Jun 10 11:48:12 2015 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #864 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
by sysfu
Wed Jun 10, 2015 10:13 pm
Forum: guides, HOWTOs & tutorials
Topic: [OpenBSD] Connection Guide.
Replies: 2
Views: 23989

Re: [OpenBSD] Connection Guide.

Forgot to add that the 'txqueuelen 686' line in the OpenVPN configuration file should be commented out as it's apparently not supported on the BSD platform.
by sysfu
Wed Jun 10, 2015 9:45 pm
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: The CryptoStorm Speed Test Thread
Replies: 84
Views: 237326

Re: The CryptoStorm Speed Test Thread

parityboy wrote:@sysfu

Could you edit your post to include the supported bandwidth (8Mb/s, 24Mb/s, 100Mb/s) of your Internet connection? Many thanks. :)
Forgive me if I'm being dense but I no longer see an option to edit the previous post even though I am logged into the forum.

The 'raw' speed of the Internet connection is ~22Mps down and ~2Mps up. Currently running running OpenVPN + OpenBSD 5.7 on an Alix device which serves entire home LAN.

I just tried another quick and dirty download test from a Windows workstation (with a youtube vid playing mind you) and the results were much better.

Code: Select all

aria2c http://speedtest.dal01.softlayer.com/downloads/test100.zip

Download Results:
gid   |stat|avg speed  |path/URI
======+====+===========+=======================================================
4735ca|OK  |   341KiB/s|C:/Users/test/Downloads/test100.zip
OpenVPN cpu utilization on the Alix hovered around 45% during the download. The previous test was done on a Mac running Yosemite.

I'll also try tearing down the Cryptostorm OpenVPN tunnel on the router and connect directly from both Windows and Mac systems using the current Narwhal widget and Viscosity respectively, to see what kind of results I get.
by sysfu
Wed Jun 10, 2015 7:45 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: The CryptoStorm Speed Test Thread
Replies: 84
Views: 237326

Re: The CryptoStorm Speed Test Thread

Ran a test today from the Kansas City node to linode test file in Dallas.

¡Qué miserables!

Connection: ADSL 22Mb/2Mb

Code: Select all

curl -o /dev/null http://speedtest.dal01.softlayer.com/downloads/test100.zip

Code: Select all

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  100M  100  100M    0     0  47070      0  0:37:08  0:37:08 --:--:-- 67877
 ! Message from: parityboy
Edited to improve layout.
by sysfu
Wed Jun 10, 2015 1:54 am
Forum: guides, HOWTOs & tutorials
Topic: [OpenBSD] Connection Guide.
Replies: 2
Views: 23989

Re: [OpenBSD] Connection Guide.

you might also need to do the following:
  • Create the interface file:
    touch /etc/hostname.tun0
  • If you're configuring the OpenBSD device as a gateway/router for a LAN using a private IP address range, add a NAT translation rule to /etc/pf.conf
    match out on tun inet from !(tun:network) to any nat-to (tun:0)
by sysfu
Wed Apr 08, 2015 5:34 am
Forum: crypto, VPN & security news
Topic: [Spiegel] Inside the NSA's War on Internet Security
Replies: 2
Views: 17898

Re: [Spiegel] Inside the NSA's War on Internet Security

Regarding the IPSec side of things - Don’t stop using IPsec just yet
The “TL;DR” summary of what follows below is: If you configure your IPsec based VPN properly, you are not affected. Always use Perfect Forward Secrecy (“pfs=yes” wich is the default in libreswan IPsec) and avoid PreSharedKeys (authby=secret which is not the default in libreswan IPsec). If you really need to use PSK, use a strong shared secret that cannot be brute forced. The NSA has their own version of IKEcrack running on millions of dollars worth of CPU’s. Also, the NSA sneaks into your router to steal your PSK’s so they can decrypt all your traffic.