Search found 147 matches

by Khariz
Sun Mar 18, 2018 3:54 am
Forum: general chat, suggestions, industry news
Topic: Token Hashing - OpenVPN user input
Replies: 24
Views: 55154

Re: Token Hashing - OpenVPN user input

You can use the raw, un-hashed token, just FYI.
by Khariz
Thu Apr 13, 2017 9:30 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 243
Views: 1174679

Re: widget v3

Nice update! Thanks.
by Khariz
Wed Apr 05, 2017 8:22 pm
Forum: member support & tech assistance
Topic: Connection Issues Again
Replies: 6
Views: 7756

Re: Connection Issues Again

That's very odd that the token checker is saying it is valid but the server doesn't know.

Are you putting at least one character in the password field?
by Khariz
Wed Apr 05, 2017 4:43 am
Forum: member support & tech assistance
Topic: Connection Issues Again
Replies: 6
Views: 7756

Re: Connection Issues Again

Then you aren't hashing it correctly or the database isn't updated on the servers. Try connecting once with the raw token ID. If it connects, then create a new hash and try again.
by Khariz
Thu Mar 30, 2017 8:11 am
Forum: member support & tech assistance
Topic: Two Laptops, Same Router/SSID, Different Results
Replies: 2
Views: 5517

Re: Two Laptops, Same Router/SSID, Different Results

You need to edit resolv.conf to contain the DNS server of the TAP adapter, or directly add the CS DeepDNS server of your choice. It sounds like Ubuntu is using your router DNS settings without being specified to do otherwise via resolv.conf
by Khariz
Wed Mar 29, 2017 8:18 am
Forum: member support & tech assistance
Topic: Tunnelblick will not connect
Replies: 1
Views: 5253

Re: Tunnelblick will not connect

You don't type in tokens to cryptoFREE .ovpn files. Were you just using the wrong file?
by Khariz
Wed Mar 29, 2017 8:17 am
Forum: member support & tech assistance
Topic: DNS Leak quick question
Replies: 1
Views: 5390

Re: DNS Leak quick question

I'm pretty sure that's just an unnamed DNS server running on the same server box as the CryptoStorm server. They just didn't give it that fancy DeepDNS name yet.
by Khariz
Wed Mar 29, 2017 8:04 am
Forum: crypto, VPN & security news
Topic: You have just hours to stop Congress from giving away your web browsing history
Replies: 2
Views: 12606

Re: You have just hours to stop Congress from giving away your web browsing history

And just like that, overnight, VPN popularity exponentiates. Good think we use one of the good ones. Maybe people are going to be using some crappy VPNs.
by Khariz
Wed Mar 29, 2017 3:25 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 243
Views: 1174679

Re: widget v3

I find that exceptionally weird considering the fact that the widget should not be manually setting the DNS IP to the actual servers IP address anyway, it should be sending it to the tap adapter gateway. I wonder if some setting is being pushed differently from the servers than it used to be.
by Khariz
Sun Mar 12, 2017 7:25 am
Forum: member support & tech assistance
Topic: Torrents not seeding on VPN
Replies: 3
Views: 6477

Re: Torrents not seeding on VPN

No, but there are also torrent clients that work well with cryptostorm. For instance, I use Tixati, and the default port allows me to seed just fine. Not sure why, but it works great here.
by Khariz
Sun Feb 26, 2017 7:56 pm
Forum: independent cryptostorm token resellers, & tokens 101
Topic: Free Aleph
Replies: 3
Views: 18440

Re: Free Aleph

Hahaha. Yeah. I hear ya.
by Khariz
Sun Feb 26, 2017 6:39 am
Forum: independent cryptostorm token resellers, & tokens 101
Topic: Free Aleph
Replies: 3
Views: 18440

Re: Free Aleph

Well, I'm sure by the time df or Fermi read this, that token will need to be invalidated for the gazillion people that will try to log in using it. Granted after a few concurrent sessions, nobody will be able to log in anyway. Don't see the point in wasting a good key.
by Khariz
Tue Feb 21, 2017 4:53 am
Forum: cryptostorm reborn: voodoo networking, stormtokens, PostVPN exotic netsecurity
Topic: Obfsproxy and IP Modulation
Replies: 6
Views: 22520

Re: Obfsproxy and IP Modulation

If you download and connect using the widget, there is a USA obsfproxy connection available.
by Khariz
Mon Feb 20, 2017 6:15 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 243
Views: 1174679

Re: widget v3

It's no big deal for me to click no. I'm only getting disconnected like once a week now that thestuff from that disconnect thread seems to be sorted out.
by Khariz
Mon Feb 20, 2017 4:11 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 243
Views: 1174679

Re: widget v3

I'm keeping the 2.4 widget. It works great for me on Windows 10. I just keep answering no when it asks me to "upgrade" to 2.3
by Khariz
Sun Feb 19, 2017 9:32 pm
Forum: member support & tech assistance
Topic: ISP detecting Piratebay on VPN
Replies: 5
Views: 6950

Re: ISP detecting Piratebay on VPN

You have a DNS leak and you need to figure out why. Are you using OpenVPN or the widget?
by Khariz
Sun Feb 19, 2017 9:30 pm
Forum: member support & tech assistance
Topic: USSouth Windows vs Linux
Replies: 3
Views: 5672

Re: USSouth Windows vs Linux

Ahh, thanks Fermi! Just knowing that both are present in both configuration makes me feel a little better (theoretically). I still wonder if they are indicated in the opposite order in Linux vs windows. I literally always connect to Atlanta with Linux and Dallas with Windows.

Once resolved, do the two push different settings to the client, or are all of the settings local to the .ovpn file? What would happen if I manually changed the domain name of the server from windows to Linux in my windows .ovpn file?
by Khariz
Sun Feb 19, 2017 10:08 am
Forum: member support & tech assistance
Topic: USSouth Windows vs Linux
Replies: 3
Views: 5672

USSouth Windows vs Linux

So I've noticed something interesting to me:

When I connect to linux-ussouth.cryptostorm from my iphone, ipad, or Mac, it connects me to the Nobis/Ubiquity server in Atlanta, GA (where I would prefer to connect).

But when I connect to windows-ussouth.cryptostorm via either the Widget or OpenVPN using .ovpn files, it connects me to the Nobis/Ubiquity server in Dallas, TX.

All devices are connected to the same ISP, on the same wifi network, in the same house. The only difference is windows vs linux setups. What's up with that?
by Khariz
Wed Feb 08, 2017 12:37 pm
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 243
Views: 1174679

Re: widget v3

I know this isn't helpful to you guys having problems with the newest widget, but I just wanted to report that everything is working fine for me in Windows 10.
by Khariz
Wed Feb 08, 2017 6:58 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 243
Views: 1174679

Re: widget v3

After install, restart computer too. Sometimes there is nothing I can do to get that to work once it starts malfunctioning besides a restart.
by Khariz
Tue Feb 07, 2017 11:37 am
Forum: general chat, suggestions, industry news
Topic: Keys to iPhone? Best practices thoughts?
Replies: 3
Views: 16647

Re: Keys to iPhone? Best practices thoughts?

Khariz wrote:I wrote up a little guide on how to do this:
1. Download the app OpenVPN. Go into the iPhone's Settings app, locate OpenVPN, and enable "Force AES-CBC ciphersuites"

2. Download the app ZipViewer

3. Go to https://github.com/cryptostorm/cryptost ... tion_files

4. If you are on the mobile version of the page, scroll down to the bottom and click "Desktop Version"

5. Click the green "Clone or Download" button.

6. Click "Download ZIP".

7. Click "Open in..." in the upper left hand corner.

8. Select "Copy to ZipViewer".

9. Drill down into the Mac folder.

10. Select the .ovpn file of your choice.

11. Click the icon in the lower left that looks like a box with an arrow pointing up.

12. Select "Copy to OpenVPN".

13. Click the Green + sign.

14. Leave the certificate as "none selected"

15. Put your hashed (or un-hashed) token into the User ID box.

16. Put anything you want in the password field (I put a single letter).

17. Click save.

18. Connect and Enjoy.
by Khariz
Tue Feb 07, 2017 11:28 am
Forum: member support & tech assistance
Topic: All connections down?
Replies: 26
Views: 15794

Re: All connections down?

Pretty sure it was script kiddy botnets. This wasn't the only the vpn service to get hit either. I have four vpn services they were affected on the the same day.
by Khariz
Sat Jan 21, 2017 7:55 am
Forum: member support & tech assistance
Topic: CryptoStorm filtering web traffic.
Replies: 7
Views: 10983

Re: CryptoStorm filtering web traffic.

Just to be clear, that was a quote from the cryptostorm admin "df" responding to the snort concern on Reddit.
by Khariz
Fri Jan 20, 2017 7:28 am
Forum: member support & tech assistance
Topic: CryptoStorm filtering web traffic.
Replies: 7
Views: 10983

Re: CryptoStorm filtering web traffic.

In case you are feeling lazy:
df_cryptostorm• 211d
Seeing as how I'm the person that implemented the snort IPS you're referring to, I thought I should weigh in.

As it says in the "Access Denied" message, Cryptostorm owns servers at various data centers all over the world. Whenever someone tries to perform an automated/noisy vulnerability scan while connected to the VPN, those data centers will be the ones who receive abuse complaints from whatever server/website is being targeted. If any data center receives enough abuse complaints about a particular server under their roof, they will shut down that server and suspend the associated account.

Several people were using cryptostorm while running automated vulnerability scanners such as OpenVAS, Nessus, and Nikto (We know because we were forwarded the abuse emails containing WAF/IDS logs from the target and that included the User Agent that advertises the scanner program used, which the attacker was too lazy or dumb to change). We don't know if it was some script kiddies playing with a few tools, or if it was an intentional attempt to get our servers shut down. Either way, it was the reason that at least 3 of our servers were shut down by the data center (they've since been replaced with other servers in different data centers).

Most VPN providers prevent their servers from getting shut down due to these types of attacks by simply enabling logging (yes, even if they claim not to), or at the very least they'll set up some sort of server-side identifier (ID number, etc.) tied to every connection that can be used to trace which session belongs to which customer. An obvious sign that your VPN provider is doing this is if you ever receive any emails from them complaining about you attacking something (how did they know it was you performing that scan/hack unless they were logging?).

Cryptostorm needed to implement something to prevent these attacks from killing our servers, but we also didn't want to start logging anything that could potentially be used to identify any individual customer (that would defeat the whole purpose of our anonymous token authorization system).

The best solution I could think of was to use snort's NFQ DAQ directly against the tunnel interface, along with a generic ruleset that would prevent the most basic attacks before they even left the server. This allows us to keep our servers online without having to associate our customers with their sessions. This was also the only method I could think of that would allow us to block outgoing attacks without having to store any real client IPs anywhere (including RAM). When a block occurs, your internal (10.x.x.x) VPN IP is what gets temporarily added to iptables, not your real IP, and those internal IPs are randomly generated.

I've tried to remove most of the rules that were so generic or all-encompassing that it would definitely cause false positives, but even then there will be a few legitimate requests that get caught in this IPS. In those cases, emailing us will get the rule removed or modified to be more specific.

Regarding your http://example.com/?q=union%20select example, this was to prevent most SQL injection attacks because the majority of them do include "union select", but since that particular rule could also prevent someone from researching mysql related queries (http://stackoverflow.com/questions/8572 ... lect-query or http://stackoverflow.com/questions/3562 ... -in-clause for example), I'll go ahead and remove it.

As for your concern that we could possibly log all URLs or inject malicious HTML/JS/etc., you're right, we could (for HTTP at least). The implementation of this IPS isn't the reason for that possibility though. Any VPN server you're connected to could use something like http://www.linux-magazine.com/Issues/2015/173/Netsed to transparently inject/replace data in any plaintext stream between you and the server. That's why, as others have pointed out, using HTTPS is still a necessity even when using a VPN. A VPN only encrypts traffic between you and the VPN server. If you're using any plaintext protocols (HTTP, telnet, FTP, etc.) then the VPN server or any hop/route between the server and the destination could potentially perform a MiTM attack.

We try to alleviate any trust concerns by providing as much information as possible about how our network is structured:
https://github.com/cryptostorm/cstorm_deepDNS
https://github.com/cryptostorm/voodoo.network
viewtopic.php?t=6332
https://github.com/cryptostorm/cryptost ... tion_files
and by providing the source code to our custom client:
https://github.com/cryptostorm/cstorm_widget
But in the end, regarding our server-side setup, we could be making this all up and could really be using ancient/insecure software, or we could be logging all packets. Seems like a lot of trouble though to research possible ways to operate a VPN without that sort of logging and then not implement it.
by Khariz
Fri Jan 20, 2017 7:20 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 243
Views: 1174679

Re: widget v3

Unless you are trying to avoid a government level adversary, turning off dns crypt isn't going to mess you up at all.
by Khariz
Fri Jan 13, 2017 8:41 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: What about Douglas Spink ?
Replies: 4
Views: 17652

Re: What about Douglas Spink ?

He is not on the team. He hasn't been involved for a while now. There are already posts about this. He did come back and get re-involved for a short time after his release, but then he got arrested again, and the rest of the team disassociated him and removed/prevented any access of his to anything. He already had no control over the actual VPN service after that first big incident.

Find the last time pattern_juggled posted. That was the day before he no longer had anything to do with CryptoStorm.

df made a public statement about how they disassociated and how he is certain he has no access to any systems.

Edit: here is the thread; viewtopic.php?f=32&t=9018&p=15876
by Khariz
Thu Jan 12, 2017 1:57 am
Forum: guides, HOWTOs & tutorials
Topic: OpenVPN / Windows 7/8/8.1/10 & it's TAP/TUN Device problem
Replies: 9
Views: 29730

Re: OpenVPN / Windows 7/8/8.1/10 & it's TAP/TUN Device problem

Have you tried, just for troubleshooting purposes, connecting via OpenVPN (instead of the CS client) using the .ovpn files that you can find on the github?

https://github.com/cryptostorm

I just want to know if your computer can't open the TAP adapter at all, or if its just a widget issue.
by Khariz
Thu Jan 12, 2017 1:44 am
Forum: guides, HOWTOs & tutorials
Topic: OpenVPN / Windows 7/8/8.1/10 & it's TAP/TUN Device problem
Replies: 9
Views: 29730

Re: OpenVPN / Windows 7/8/8.1/10 & it's TAP/TUN Device problem

Judge wrote:I hate to admit defeat but I can't seem to get past

"Route: Waiting for TUN/TAP interface to come up..." right before it's normally log on, it seems.

It'll go through that a bunch of times then say "Connected with errors (most likely TAP related") then try again.

I'm using widget build 3.0.0.64 (removed and reinstalled multiple times)
I've downloaded the latest openvpn build (removed and reinstalled multiple times)
Win 10
I've downloaded the Canada east and west config files from GitHub and tried logging on to both of those.
Have tried following this guide multiple times.

The only thing this guide mentions I don't have/haven't done is a "client.dat" file, which I can't find.

Any ideas would be greatly appreciated.
This may sound stupid, but have you restarted your computer since you installed the Client? There are terminal TAP errors and windows that don't seem to be able to be fixed by anything but a restart.
by Khariz
Thu Jan 05, 2017 7:27 pm
Forum: member support & tech assistance
Topic: cryptostorm freezes sometimes when disconnecting
Replies: 8
Views: 21329

Re: cryptostorm freezes sometimes when disconnecting

Uncheck the WebRTC blocking stuff in the widget and this shouldn't happen any more. Just use browsers that can either turn off or block WebRTC connections (like Firefox).
by Khariz
Thu Jan 05, 2017 7:25 pm
Forum: cryptofree: no-cost cryptostorm network access
Topic: CryptoFree on OpenVPN
Replies: 7
Views: 23614

Re: CryptoFree on OpenVPN

Your government may be squashing non-obfuscated TCP 443 connections to prevent standard VPN Configurations.

A possible reason that the widget works to connect when OpenVPN doesn't is the widget's ability to both use DNScrypt and obfsproxy to hide the connection to the vpn. Without obfsproxy, you won't be able to hide your connection.

I'm not aware of any alternate solution that you can use with CryptoFree (or cryptostorm at all). You might want to try a VPN company that has both a competent Network Lock AND the ability to connect over SSH/SSL, such as AirVPN. I can just about guarantee that what you are trying to do would work on their network.

At this time, the only easy way to obfuscate your connection to cryptostorm is to use the widget.
by Khariz
Thu Jan 05, 2017 7:18 pm
Forum: guides, HOWTOs & tutorials
Topic: OpenVPN / Windows 7/8/8.1/10 & it's TAP/TUN Device problem
Replies: 9
Views: 29730

Re: OpenVPN / Windows 7/8/8.1/10 & it's TAP/TUN Device problem

ThundrB1rd wrote:for the "PUT HASHED TOKEN HERE" bit, I don't understand, what you should do for CryptoFree?
Cryptofree uses different ovpn files that don't require the insertion of a hash.
by Khariz
Sun Jan 01, 2017 4:51 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 243
Views: 1174679

Re: widget v3

Up to you. Can always put some opendns or some of cryptostorm's servers in there.
by Khariz
Sun Jan 01, 2017 12:36 am
Forum: member support & tech assistance
Topic: Importing .ovpn Config File iOS
Replies: 3
Views: 4943

Re: Importing .ovpn Config File iOS

If anybody ever has a hard time connecting on iOS, just check out my previous posts. I have posted a comprehensive guide to getting connected on iOS using nothing but an iOS device.
by Khariz
Wed Dec 28, 2016 3:33 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 243
Views: 1174679

Re: widget v3

Check your network adapter. Probably stuck on wrong dns settings. Reset to default and then re-run widget.
by Khariz
Tue Dec 20, 2016 8:53 am
Forum: member support & tech assistance
Topic: Mac Connection problems
Replies: 3
Views: 4513

Re: Mac Connection problems

Are you putting at least something in the password blank? You need at least a single character.
by Khariz
Fri Dec 16, 2016 6:33 pm
Forum: member support & tech assistance
Topic: AV Software Indicates Installer Is Infected
Replies: 8
Views: 10669

Re: AV Software Indicates Installer Is Infected

Yeah. And you can add it to the exceptions list. I've had a spyware scanner pick it up the other day too.
by Khariz
Thu Dec 15, 2016 2:55 am
Forum: member support & tech assistance
Topic: Serious Drops and packet loss South node
Replies: 108
Views: 77441

Re: Serious Drops and packet loss South node

Questions
Are our respective ISPs all experimenting with some kind of DPI-based packet mangling which affects (or perhaps even targets) OpenVPN?
Are our ISPs innocent and the fault lies closer to the exit nodes, i.e. in the DC?
If so, why during session re-negotiation and not mid-session?
Why are only some of us affected and not others?
That's not my problem. I have been connected for 1 week and three days to an AirVPN server on a standard UDP 443 connection. It's not a problem on my end.
by Khariz
Sun Dec 04, 2016 3:27 am
Forum: member support & tech assistance
Topic: Serious Drops and packet loss South node
Replies: 108
Views: 77441

Re: Serious Drops and packet loss South node

Yep, I've used the 2.4 RC on Windows OpenVPN as well. No dice. Not sure what's going on. Nothing that I can see on my end.
by Khariz
Sun Dec 04, 2016 1:04 am
Forum: member support & tech assistance
Topic: Serious Drops and packet loss South node
Replies: 108
Views: 77441

Re: Serious Drops and packet loss South node

Why are you using the 2.22 widget? 3.0.0.64 is the current 3.00 widget. Going to do some tests using that widget right now myself.

Edit: Using the 3.0.0.64 widget. My critical connections dropped out 7 minutes into the attempt. There is nothing in the logs at all. By all accounts in the logs, it's a stable connection, but it's clearly not.

Edit2: Reconnected with my Aleph token instead of my 1 year token, just for giggles, to see if that makes any difference.

Edit3: Lost my connections in only 3 minutes. Oh well. Back to the competitor again.
by Khariz
Sun Dec 04, 2016 12:03 am
Forum: member support & tech assistance
Topic: Serious Drops and packet loss South node
Replies: 108
Views: 77441

Re: Serious Drops and packet loss South node

NOYB wrote:
parityboy wrote:@Fermi

On the other hand, the connection to the Cryptofree node has been solid for the last 21.5 hours, no drops. That's the longest that any CS node has stayed up for since this issue began.
UPDATE
My connection to PT just died after 3 hours.
AirVPN - 9 days now

Yeah, same here:
Albireo United States
United States, Atlanta, Georgia
12d 10h 5m ago

I'd really rather be using CryptoStorm. I get the same good speeds, and feel just as confident security-wise, but I either can't stay connected or my critical connections drop out every 15 minutes or so.

Parityboy has a point. If CryptoFree is saying connected, but the paid CS nodes are not...there has to be a difference in the server configurations. And it's something that "recently" changed, as this was not happening to me a few weeks ago (which is evident from my responses to this very thread).
by Khariz
Wed Nov 30, 2016 1:31 am
Forum: member support & tech assistance
Topic: Serious Drops and packet loss South node
Replies: 108
Views: 77441

Re: Serious Drops and packet loss South node

It's probably a remnant in an old smoothed.ovpn
by Khariz
Mon Nov 28, 2016 3:44 am
Forum: member support & tech assistance
Topic: cryptostorm VPNleakage
Replies: 15
Views: 15008

Re: cryptostorm VPNleakage

Good point. The software is open source.
by Khariz
Sun Nov 27, 2016 10:23 pm
Forum: member support & tech assistance
Topic: cryptostorm VPNleakage
Replies: 15
Views: 15008

Re: cryptostorm VPNleakage

Anonymous poster wrote:Are you saying that cryptostorm doesn't have an Internet killswitch? Isn't that a basic feature that most VPNs have? If a user were to download something via BitTorrent and leave his/her computer on overnight, cryptostorm would happen to disconnect and pirate hunters/copyright nazis would happen to monitor one or several of the torrents the user is downloading, then the user is screwed.
That's correct. With CS, if you get disconnected while downloading, you are "screwed", unless you are savvy enough to know how to build your own network lock via firewall rules (which most people are admitted not). Hell, I'm pretty much too lazy to bother with that even though I know how. I like the software to do it for me.

PJ has expressed his opinion in the past that nobody has a truly functioning Network Lock and that everyone is lying to us, and that's why CS doesn't need one (but he is wrong, as a good handful of VPN providers now have truly good network lock functionality based both on windows firewall and WFP policy rules). I'll give him this though, there are just as many VPN providers with crappy network locks that don't work as advertised. But some, like AirVPN and IVPN as examples, truly functions like they are supposed to, completely killing your network if you get disconnected.

So yeah, if disconnection-based leakage is a concern of yours, you definitely want to look elsewhere for now.
by Khariz
Sun Nov 27, 2016 6:32 am
Forum: member support & tech assistance
Topic: cryptostorm VPNleakage
Replies: 15
Views: 15008

Re: cryptostorm VPNleakage

Ahh, okay. He was interrupting the links to test for leaks during disconnects and interruptions.

As CryptoStorm doesn't have any kind of "Network Lock" feature, that easily explains why he experienced DNS links. He was intentionally trying to create them and succeeded.

The 6 that passed his test all have competent firewall-rule-based network locks that cause your entire internet-facing network to 100% fail when the connection is not tunneling out of the TAP adapter.

I now believe that the test results are accurate, but CS has never made any claims to the contrary. You won't find CS saying "you won't leak your ISP's DNS if you disconnect from our network". Of course the CS client or OpenVPN leak DNS in the event of the crash. Neither have Network Lock features.
by Khariz
Sun Nov 27, 2016 1:35 am
Forum: member support & tech assistance
Topic: cryptostorm VPNleakage
Replies: 15
Views: 15008

Re: cryptostorm VPNleakage

I believe you, but it literally doesn't make any sense. If the client is blocking all DNS requests from being made anywhere but the tunnel's set DNS server, a failure would result in a failed lookup, not a leak. Even if the the England node's DNS were malfunctioning, it wouldn't attempt to use DNS servers that weren't set as an alternate in your TAP adapter.

I suggest this: connect to the England node and then manually open the settings on your TAP adapter and see if you have a secondary DNS server set. Or open up a command prompt and do a ipconfig /all and see if your tap adapter is reporting multiple DNS servers set. It should only have the internal 10.x.x.x server set.
by Khariz
Sat Nov 26, 2016 10:49 pm
Forum: member support & tech assistance
Topic: Serious Drops and packet loss South node
Replies: 108
Views: 77441

Re: Serious Drops and packet loss South node

Buy the AirVPN subscription now. The Black Friday deal is 35% off making a year cost only $37.00.

Doesn't hurt to have either way for that price.
by Khariz
Sat Nov 26, 2016 9:20 pm
Forum: member support & tech assistance
Topic: cryptostorm VPNleakage
Replies: 15
Views: 15008

Re: cryptostorm VPNleakage

If you aren't adding the command:

block-outside-DNS

To your .ovpn files, you need to do that. Otherwise OpenVPN isn't necessarily sending ALL DNS requests through the tunnel.

Also, in case anyone is wondering "why isn't that command just added in there by CryptoStorm?" Here is the answer: the command is not compatible with certain versions of Windows, nor other operating systems. I think the newest versions of the beta OpenVPN will ignore the command it if doesn't apply to the operating system, but most people aren't using that version.

If you use Windows 7, 8, or 10, you really need to add this command to your ovpn files.
by Khariz
Sat Nov 26, 2016 5:54 am
Forum: general chat, suggestions, industry news
Topic: Add multi-hop functionality to cryptostorm
Replies: 2
Views: 16706

Re: Add multi-hop functionality to cryptostorm

Yep. Download one of the Voodoo .opvn files from here and it will work for you:

https://github.com/cryptostorm/cryptost ... ter/voodoo
by Khariz
Sat Nov 26, 2016 5:52 am
Forum: member support & tech assistance
Topic: Bad file descriptor?
Replies: 3
Views: 5370

Re: Bad file descriptor?

What client are you using?
by Khariz
Sat Nov 26, 2016 5:51 am
Forum: general chat, suggestions, industry news
Topic: FAO Cryptostorm
Replies: 6
Views: 18729

Re: FAO Cryptostorm

What In the world are you talking about? You mean PJ? Yeah, when PJ was around the boards were a lot more active. Maybe if he could stop getting in trouble with the Feds he could stick around for a while. I like the guy, but damn.
by Khariz
Sat Nov 26, 2016 5:48 am
Forum: member support & tech assistance
Topic: cryptostorm VPNleakage
Replies: 15
Views: 15008

Re: cryptostorm VPNleakage

It is for windows users. Download the client. Run it. Both DNS leaks and WebRTC are plugged up by the client. You would have to manually go mucking around with your TAP adapter's DNS settings after connecting with the CS client if you wanted to create a DNS leak.

For us power users and people insisting on using OpenVPN (paranoid "only open source" software type people) they should know how to add "block-outside-DNS" to a .ovpn file.

I wrote an entire guide to using CS via iOS without the need of any outside platform as an aid. There are no DNS or WebRTC issues on iOS by default though.

I mean, and I'm being completely serious here, it's harder to experience a DNS leak with CS than to NOT experience one. The only way they could have experienced one is if they downloaded a stock .ovpn file from the Github and ran it through OpenVPN without adding in the block-outside-DNS argument.

Now that I think about it, that's probably exactly what they did. They probably performed their tests using CryptoFree and default .ovpn files. No wonder they got such crappy results.
by Khariz
Sat Nov 26, 2016 2:55 am
Forum: member support & tech assistance
Topic: cryptostorm VPNleakage
Replies: 15
Views: 15008

Re: cryptostorm VPNleakage

What are you taking about? I'm not teaching someone here, I'm saying that the SOURCE of that DNS leak test must be comprised of idiots if they couldn't figure out how to configure cryptostorm without having a DNS leak. I'm not speaking to the OP here. I'm addressing the acumen of vpntesting.info

For an entity that is making themselves out as some kind of "authority" on which sites have DNS leaks and which don't, they obviously don't know the basics of how to configure things for their tests.
by Khariz
Fri Nov 25, 2016 10:04 pm
Forum: member support & tech assistance
Topic: cryptostorm VPNleakage
Replies: 15
Views: 15008

Re: cryptostorm VPNleakage

It only fails if you don't know how to configure it correctly. Those people are idiots.
by Khariz
Fri Nov 25, 2016 6:29 am
Forum: member support & tech assistance
Topic: Serious Drops and packet loss South node
Replies: 108
Views: 77441

Re: Serious Drops and packet loss South node

Good questions. I haven't been able to resolve since I noticed. I'll post back if I figure anything out. It still works fine for browsing and whatnot, but if I need a super stable connection, I have to swap over to something else.
by Khariz
Fri Nov 25, 2016 6:22 am
Forum: member support & tech assistance
Topic: cryptostorm VPNleakage
Replies: 15
Views: 15008

Re: cryptostorm VPNleakage

You mean DNS leaks? That's likely because people didn't set things up properly. If you either use the most current version of the CS client, or if you use OpenVPN with the disable-outside-DNS argument, there are absolutely no DNS leaks with CS. I've done extensive testing with both clients.
by Khariz
Fri Nov 25, 2016 6:18 am
Forum: general chat, suggestions, industry news
Topic: Safejumper open source OpenVPN client
Replies: 1
Views: 15069

Re: Safejumper open source OpenVPN client

AirVPN technically has open source software with their "Eddie" client, which is a very fancy OpenVPN wrapper with some really nice features (such as an actual functioning network lock, the ability to route through Tor first as you log in to mask your RealIP even from AirVPN, which still appearing to the outside world as if you are NOT on Tor, which comes in really handy, etc.

You can view all of the code for the project here: https://github.com/AirVPN/airvpn-client

Edit: I suppose I should mention that you can't use Eddie with other VPN services without some pretty extensive changes to to the code. It's still pretty awesome and fully open to the community though.
by Khariz
Fri Nov 25, 2016 6:12 am
Forum: member support & tech assistance
Topic: Serious Drops and packet loss South node
Replies: 108
Views: 77441

Re: Serious Drops and packet loss South node

I'm already primarily using AirVPN. They are the only other guys that seem to take privacy and security seriously. One of the few VPN providers that is OpenVPN only with no other protocols. The Atlanta servers with AirVPN are much more stable than CS South node. It's on sale for 35% off right now too, so it's a good time to try it out.

I'm an aleph token holder over here at CS, so I'll always keep coming back and checking. But I agree that it's not ideal right now.
I've been meaning to mention that I'm now experiencing the same problems as everyone else. I'm technically staying connected to CS but I'm now experiencing the massive packet loss and spikes in latency that others are.
by Khariz
Thu Nov 24, 2016 9:14 pm
Forum: member support & tech assistance
Topic: Serious Drops and packet loss South node
Replies: 108
Views: 77441

Re: Serious Drops and packet loss South node

If you are referring to MTU values, I'm pretty sure that is a wives tale. Another reputable source has said as much. I'll try to find that information and post it.
by Khariz
Fri Nov 18, 2016 11:34 pm
Forum: member support & tech assistance
Topic: Serious Drops and packet loss South node
Replies: 108
Views: 77441

Re: Serious Drops and packet loss South node

Yeah, I was just going to mention the same thing. He's not resolving the server after he connects for the first time. That might explain the issue. I don't use the widget by the way. I use OpenVPN on my Windows computer and Viscosity on my Mac.

I love how super clean my logs on are Mac by the way. Windows is so messy:

Code: Select all

Nov 18 12:29:54: Viscosity Mac 1.6.7b5 (1363)
Nov 18 12:29:54: Viscosity OpenVPN Engine Started
Nov 18 12:29:54: Running on Mac OS X 10.12.2
Nov 18 12:29:54: ---------
Nov 18 12:29:54: Checking reachability status of connection...
Nov 18 12:29:54: Connection is reachable. Starting connection attempt.
Nov 18 12:29:56: OpenVPN 2.3.13 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Nov  4 2016
Nov 18 12:29:56: library versions: OpenSSL 1.0.2j  26 Sep 2016, LZO 2.09
Nov 18 12:29:59: UDPv4 link local: [undef]
Nov 18 12:29:59: UDPv4 link remote: [AF_INET]108.62.19.132:443
Nov 18 12:29:59: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Nov 18 12:30:00: [server] Peer Connection Initiated with [AF_INET]108.62.19.132:443
Nov 18 12:30:02: Opening utun (connect(AF_SYS_CONTROL)): Resource busy
Nov 18 12:30:02: Opened utun device utun1
Nov 18 12:30:02: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Nov 18 12:30:02: /sbin/ifconfig utun1 delete
Nov 18 12:30:02: NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
Nov 18 12:30:02: /sbin/ifconfig utun1 10.33.164.138 10.33.164.138 netmask 255.255.0.0 mtu 1500 up
Nov 18 12:30:02: Initialization Sequence Completed
Nov 18 12:30:02: DNS mode set to: Full
by Khariz
Fri Nov 11, 2016 10:03 am
Forum: member support & tech assistance
Topic: Serious Drops and packet loss South node
Replies: 108
Views: 77441

Re: Serious Drops and packet loss South node

I've been connected to south for 72 hours straight without any drops or significant spikes. Not sure what to tell you.
by Khariz
Sat Nov 05, 2016 3:28 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 243
Views: 1174679

Re: widget v3

Hashes for 3.0.0.56 are

[root@b html]# md5sum cryptostorm_setup.exe
2570e4a6a1a020a5c9114b9e55e197d7 cryptostorm_setup.exe
[root@b html]# sha1sum cryptostorm_setup.exe
bb230429d53363a81b010af2ee58ee154cee5ff0 cryptostorm_setup.exe
[root@b html]# sha256sum cryptostorm_setup.exe
0f8594a3714c9639668ed62995f56c8c15c540167cfe396335621bac4d257981 cryptostorm_setup.exe
by Khariz
Sat Oct 22, 2016 11:26 am
Forum: member support & tech assistance
Topic: AV Software Indicates Installer Is Infected
Replies: 8
Views: 10669

Re: AV Software Indicates Installer Is Infected

Sounds like you have an overactive heuristics scan. If you don't trust it, just use openvpn.
by Khariz
Sat Oct 08, 2016 7:42 pm
Forum: independent cryptostorm token resellers, & tokens 101
Topic: Aleph token (lifetime) for sale
Replies: 32
Views: 62675

Re: Aleph token (lifetime) for sale

Pretty hollow accusation.
by Khariz
Fri Sep 16, 2016 2:52 am
Forum: member support & tech assistance
Topic: iphone and IOS
Replies: 3
Views: 4660

Re: iphone and IOS

Awesome. Glad to hear it.
by Khariz
Tue Sep 13, 2016 11:03 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: The CryptoStorm Speed Test Thread
Replies: 83
Views: 199854

Re: The CryptoStorm Speed Test Thread

My speeds are great. I just tested all the U.S. Servers and England and I'm getting 45down, 35up on my 50/50 connection.

I'm even getting 30down on the Isle of Man voodoo.
by Khariz
Tue Sep 13, 2016 10:50 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 243
Views: 1174679

Re: widget v3

I'm not experiencing any stability issues at all. I've been connected to u.s. South for 72 hours straight at this point.
by Khariz
Thu Sep 01, 2016 12:05 am
Forum: member support & tech assistance
Topic: iphone and IOS
Replies: 3
Views: 4660

Re: iphone and IOS

I wrote up a little guide on how to do this:
1. Download the app OpenVPN. Go into the iPhone's Settings app, locate OpenVPN, and enable "Force AES-CBC ciphersuites"

2. Download the app ZipViewer

3. Go to https://github.com/cryptostorm/cryptost ... tion_files

4. If you are on the mobile version of the page, scroll down to the bottom and click "Desktop Version"

5. Click the green "Clone or Download" button.

6. Click "Download ZIP".

7. Click "Open in..." in the upper left hand corner.

8. Select "Copy to ZipViewer".

9. Drill down into the Mac folder.

10. Select the .ovpn file of your choice.

11. Click the icon in the lower left that looks like a box with an arrow pointing up.

12. Select "Copy to OpenVPN".

13. Click the Green + sign.

14. Leave the certificate as "none selected"

15. Put your hashed (or un-hashed) token into the User ID box.

16. Put anything you want in the password field (I put a single letter).

17. Click save.

18. Connect and Enjoy.
by Khariz
Wed Aug 17, 2016 5:29 am
Forum: independent cryptostorm token resellers, & tokens 101
Topic: Annual token for sale
Replies: 2
Views: 18600

Re: Annual token for sale

I'd go with yes. They've probably been using it since march. If you buy it, you can notify df and have it reissued so that you don't need to worry about someone else using the same token.
by Khariz
Sat Aug 06, 2016 8:28 pm
Forum: member support & tech assistance
Topic: Linux Not Connecting: Please Help?
Replies: 7
Views: 7240

Re: Linux Not Connecting: Please Help?

Have you checked the token To make sure it's valid?
https://cryptostorm.nu/