Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit here or GitHub Ξ
Ξ If you're looking for tutorials/guides, check out the new https://cryptostorm.is/#section6 Ξ

Search found 410 matches

by df
Mon Jun 10, 2019 8:07 am
Forum: member support & tech assistance
Topic: Circuit Breaker
Replies: 24
Views: 1953

Re: Circuit Breaker

@gangelop I'm seeing something different when I use it with the Switzerland config (or anything else with multiple IPs). For me, that `route -n|grep UGH` command only returns the route for the VPN IP that I'm connected to, not the other IPs the host resolves to. It shouldn't be possible for there to...
by df
Sat Jun 08, 2019 9:21 am
Forum: member support & tech assistance
Topic: IPLeak.net broken?
Replies: 15
Views: 2277

Re: IPLeak.net broken?

@parityboy Just had someone else in IRC showing this same symptom, where dns leak test sites would show the vpn's exit IP instead of the DNS IP. But this person was also not able to resolve some obvious things like google/youtube/etc. from a host machine. They were running WireGuard directly on an O...
by df
Sun May 26, 2019 11:24 pm
Forum: member support & tech assistance
Topic: Circuit Breaker
Replies: 24
Views: 1953

Re: Circuit Breaker

Those messages usually mean a packet was sent by the server out of sequence, which is fairly common on cellular networks. You can safely ignore them. By the way, if you start openvpn with `openvpn --config whatever.ovpn --daemon` it'll go into the background so you don't have to keep that terminal w...
by df
Sun May 26, 2019 11:15 pm
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 231
Views: 949181

Re: widget v3

@Moonlight My guess would be a DNS issue. Switzerland currently has 26 IPs, and Frankfurt has 28. Only way I could see the widget not displaying the select IP window is if somehow the host was resolving to only one IP. If you mean that option doesn't show up at all in the widget's options, then that...
by df
Thu May 23, 2019 6:08 am
Forum: member support & tech assistance
Topic: Circuit Breaker
Replies: 24
Views: 1953

Re: Circuit Breaker

If resolv.conf doesn't support lsattr/chattr, then it's most likely mounted onto a non-ext4 filesystem. On my Ubuntu system, /etc/resolv.conf is a symlink to /run/resolvconf/resolv.conf and /run is mounted as: tmpfs on /run type tmpfs (rw,nosuid,noexec,relatime,size=385288k,mode=755) You should stil...
by df
Wed May 22, 2019 4:30 pm
Forum: member support & tech assistance
Topic: Circuit Breaker
Replies: 24
Views: 1953

Re: Circuit Breaker

Those iptables DNAT commands should be ran after connecting to the VPN, not before (since 10.31.33.8 isn't accessible until after you're connected). Be sure to read the note on https://cryptostorm.is/nix#dnsleak about how if you've got 127.0.0.x in your /etc/resolv.conf, then you'll need to change i...
by df
Mon May 20, 2019 2:28 am
Forum: member support & tech assistance
Topic: Automating Port Forwarding?
Replies: 3
Views: 150

Re: Automating Port Forwarding?

Not really, they both perform the same task. It's just that it's Linux, so there's more than one way to do the same thing.
by df
Wed May 15, 2019 5:06 pm
Forum: member support & tech assistance
Topic: Circuit Breaker
Replies: 24
Views: 1953

Re: Circuit Breaker

just do a `grep ^up whatever.ovpn` to check the up lines in the config. The update-resolv-conf script doesn't use iptables, it updates /etc/resolv.conf But killswitch does use iptables for DNS leak protection. You can check if those rules are still there with `iptables -L -n -t nat` But if they were...
by df
Wed May 15, 2019 4:43 pm
Forum: member support & tech assistance
Topic: Circuit Breaker
Replies: 24
Views: 1953

Re: Circuit Breaker

It doesn't matter whether the script-security line is before or after up/down.
Only other thing I can think of is that there's more than one up/down line, that would also cause the killswitch not to run (like if your config is still using the old update-resolv-conf thing for DNS leak prevention).
by df
Wed May 15, 2019 4:24 pm
Forum: member support & tech assistance
Topic: Circuit Breaker
Replies: 24
Views: 1953

Re: Circuit Breaker

That scenario #3 kill switch will remove the kill switch if OpenVPN exits "cleanly" (like it does via NM). You can test it by killing openvpn with `killall -9 openvpn` then trying to ping 8.8.8.8 It should also stay active if you keep the --up part but remove the --down part, but I haven't tested wi...
by df
Wed May 15, 2019 2:35 pm
Forum: member support & tech assistance
Topic: Automating Port Forwarding?
Replies: 3
Views: 150

Re: Automating Port Forwarding?

The page on http://10.31.33.7/fwd only accepts a single port per request, so your script would need to do it multiple times per port. Since you're using a script to connect to the VPN, you could add something like this that would run after being connected: #!/bin/bash declare -a ports=( 31340 31341 ...
by df
Mon May 13, 2019 6:22 pm
Forum: member support & tech assistance
Topic: Circuit Breaker
Replies: 24
Views: 1953

Re: Circuit Breaker

Yea, comment out or remove those existing lines. The killswitch script does it's own DNS leak protection, so using the update-resolv-conf script isn't necessary.
And yes, you would have to remove the config from NM and set it up again for NM to see the changes.
by df
Sat May 04, 2019 7:45 pm
Forum: member support & tech assistance
Topic: IPLeak.net broken?
Replies: 15
Views: 2277

Re: IPLeak.net broken?

@parityboy Maybe you're right, something in pfSense changed recently... the .i2p/.onion/.bit/etc. thing works by first resolving to something in 10.0.0.0/8 (10.99.0.0/16 for .onion, a single 10.98.0.1 for .i2p) and the VPN server sees the client trying to reach one of those ranges and forwards it to...
by df
Sun Apr 28, 2019 9:35 am
Forum: member support & tech assistance
Topic: IPLeak.net broken?
Replies: 15
Views: 2277

Re: IPLeak.net broken?

Do you have any custom iptables rules that are doing any SNAT or DNAT or MASQUERADE? Because I can't think of any other reason why an exit IP would show up in the whoami results or the dnsleaktest one, since none of the exit IPs are running any DNS servers. That's why `host whoami.cryptostorm.is 88....
by df
Sun Apr 28, 2019 12:46 am
Forum: member support & tech assistance
Topic: IPLeak.net broken?
Replies: 15
Views: 2277

Re: IPLeak.net broken?

@parityboy Weird... Not sure how that could happen. What do you get if you go to: https://aeopfieahofherurt.dnsl.cryptostorm.is/ ? That's the backend site that loads the images containing IPs, the "aeopfieahofherurt" bit can be any random letters. The IP in the image is what the custom DNS server se...
by df
Sat Apr 27, 2019 12:33 am
Forum: member support & tech assistance
Topic: IPLeak.net broken?
Replies: 15
Views: 2277

Re: IPLeak.net broken?

@parityboy You sure it's exit node IPs that's showing? Because it shouldn't do that... The custom DNS server behind it works the same way whoami.cryptostorm.is does, i.e. it only sees your DNS IP, no direct connection to the custom DNS server should happen. If you do `host whoami.cryptostorm.is` it ...
by df
Wed Apr 24, 2019 6:45 am
Forum: member support & tech assistance
Topic: IPLeak.net broken?
Replies: 15
Views: 2277

Re: IPLeak.net broken?

I haven't noticed that issue, but I don't use ipleak.net often. My go to is usually dnsleaktest.com. We also have our own at https://cryptostorm.is/dnsleaktest that might work better for some people. It's kinda BETA-ish, so it might fail to load completely, sometimes, but it seems fine so far in our...
by df
Mon Apr 08, 2019 6:51 am
Forum: member support & tech assistance
Topic: TOR over CryptoStorm
Replies: 1
Views: 1053

Re: TOR over CryptoStorm

See the very bottom of https://cryptostorm.is/multihop
it includes some info on how to do this.
by df
Mon Apr 08, 2019 5:34 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 231
Views: 949181

Re: widget v3

DudeOfLondon: secp521r1 is default because it is more secure than Ed448 or Ed25519, but because it's an NIST curve we decided to also provide Ed25519/Ed448 options.
And there's no such thing as security overkill :-P
by df
Mon Apr 08, 2019 5:08 am
Forum: general chat, suggestions, industry news
Topic: [Suggestion] Support WireGuard
Replies: 13
Views: 19977

Re: [Suggestion] Support WireGuard

https://cryptostorm.is/wireguard just went live :-D Be sure to check out https://cryptostorm.is/blog/wireguard-support-added too for info on device limits and whatnot EDIT: Like it says on https://cryptostorm.is/wireguard and https://www.wireguard.com/ - WireGuard is not yet complete. You should not...
by df
Tue Apr 02, 2019 8:02 pm
Forum: general chat, suggestions, industry news
Topic: [Suggestion] Support WireGuard
Replies: 13
Views: 19977

Re: [Suggestion] Support WireGuard

We're working on the interface for it now. Almost done.
by df
Tue Apr 02, 2019 8:01 pm
Forum: member support & tech assistance
Topic: Android-settings import failed
Replies: 2
Views: 1337

Re: Android-settings import failed

Yea, if you save the default page it will save the HTML, which OpenVPN doesn't know how to read.
Need to click the "Raw" button, or download the master.zip, or download from https://cryptostorm.is/configs/ instead.
by df
Thu Mar 21, 2019 11:46 am
Forum: member support & tech assistance
Topic: block outside dns
Replies: 5
Views: 7996

Re: block outside dns

@marzametal The node list used by the widget is at https://cryptostorm.nu/nodelist4.txt and an easier to read version is at https://cryptostorm.nu/nodes.txt The whitelist that contains all the VPN IPs is at https://cryptostorm.is/whitelist.txt and the one with all the DNS IPs is at https://cryptosto...
by df
Tue Mar 12, 2019 12:06 pm
Forum: DeepDNS - cryptostorm's no-compromise DNS resolver framework
Topic: How to setup DNS on Ubuntu?
Replies: 6
Views: 16056

Re: How to setup DNS on Ubuntu?

The problem here is that the update-resolv-conf script needs to be added to the OpenVPN configs.
https://cryptostorm.is/nix#dnsleak has the instructions
by df
Tue Mar 12, 2019 11:56 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 231
Views: 949181

Re: widget v3

@marzametal Only reason that would happen is if your system is using a different DNS than the one pushed by the VPN server. The only other IPs that'll work with block-outside-dns are 10.31.33.8 (same thing as the pushed IP), or 10.31.33.7 (the TS enabled IP). After connecting, try doing `nslookup wh...
by df
Tue Mar 12, 2019 1:08 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 231
Views: 949181

Re: widget v3

@marzametal
What block-outside-dns thing?
by df
Sat Mar 02, 2019 10:22 pm
Forum: member support & tech assistance
Topic: Problems configuring on Reborn OS (Arch Linux)
Replies: 33
Views: 20276

Re: Problems configuring on Reborn OS (Arch Linux)

No, of course not. Just update the file that contains your token (or it's hash), the file that's called by auth-user-pass in the openvpn config file.
by df
Sat Mar 02, 2019 10:19 pm
Forum: member support & tech assistance
Topic: Onions not resolving
Replies: 1
Views: 1449

Re: Onions not resolving

I'm pretty sure this was a temporary issue. The .onion's aren't hosted on this web server, they're hosted on our Romanian server using a simple nginx reverse proxy that relays to the clearnet websites. Since that'll cause the Romanian server's IP to show up in things like https://cryptostorm.is/test...
by df
Sat Mar 02, 2019 10:07 pm
Forum: member support & tech assistance
Topic: paying in bitcoin, alpha-numerical address
Replies: 6
Views: 11603

Re: paying in bitcoin, alpha-numerical address

Yea, just use CoinPayments for BTC. Bitpay's BTC thing is weird, doesn't use wallet addresses like normal, it uses some new payment protocol they're trying to push. That's why with BitPay, only the wallets listed at https://support.bitpay.com/hc/en-us/articles/115005701523-Which-wallets-work-for-a-B...
by df
Sat Mar 02, 2019 8:31 pm
Forum: guides, HOWTOs & tutorials
Topic: Tracker Smacker for Modems
Replies: 2
Views: 9338

Re: Tracker Smacker for Modems

FYI, TS is disabled by default because a lot of people were complaining about it, mostly because they wanted to do something similar themselves.
If you want to use TS now, set your DNS to 10.31.33.7
by df
Thu Feb 28, 2019 4:17 am
Forum: general chat, suggestions, industry news
Topic: feedback reqest: jitsi, and Ostel.co
Replies: 4
Views: 17282

Re: feedback reqest: jitsi, and Ostel.co

Well I was going to delete this old thread, but since KungFuChe showed that it's still relevant, I'll keep it up :-)
by df
Thu Feb 28, 2019 3:12 am
Forum: general chat, suggestions, industry news
Topic: cryptofree
Replies: 1
Views: 1167

Re: cryptofree

There's just the one Cryptofree server in France. If you want more location options, buy a token :-P
by df
Thu Feb 28, 2019 3:05 am
Forum: member support & tech assistance
Topic: how do you setup all extra features in terminal in linux
Replies: 1
Views: 1061

Re: how do you setup all extra features in terminal in linux

https://github.com/jedisct1/dnscrypt-proxy/wiki/Installation-linux for DNSCrypt A killswitch will need to be written yourself, depending on your needs. We have one at https://cryptostorm.is/killswitch_user.txt that applies a killswitch to a specific user, it should make it relatively easy to write u...
by df
Thu Feb 28, 2019 2:59 am
Forum: general chat, suggestions, industry news
Topic: Forum theme
Replies: 1
Views: 1508

Re: Forum theme

The old theme wasn't supported in the latest phpBB, and I really didn't feel like going through changing colors in the current theme.
by df
Fri Feb 22, 2019 3:44 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 231
Views: 949181

Re: widget v3

v3.42 is up now. Fixed a few bugs in v3.40 where the widget would crash on disconnect, and sometimes on exit. Switched from using slow as hell `netsh` commands for changing the system's DNS to much faster registry changes. Removed the TLS version GUI option since it'll now default to TLSv1.3, unless...
by df
Sat Feb 16, 2019 10:54 pm
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 231
Views: 949181

Re: widget v3

@Stan That's a bugfix for previous widget versions that would sometimes set DNS to 127.0.0.1 even when the widget's dnscrypt-proxy isn't running. You shouldn't need to run your own dnscrypt-proxy anyways, the widget includes it. If you want to use your own dnscrypt servers instead of ours, edit the ...
by df
Thu Feb 14, 2019 7:56 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 231
Views: 949181

Re: widget v3

Just released v3.40, it's up on the main website now. It includes a new "Advanced" tab under Options that allows you to change a few defaults that might help in certain network setups (--route-method, --ip-win32, binding to a specific network adapter or IP, switching between TLSv1.2 and TLSv1.3). Al...
by df
Tue Jan 29, 2019 4:37 am
Forum: member support & tech assistance
Topic: Error when attempting to buy token using Monero
Replies: 1
Views: 2447

Re: Error when attempting to buy token using Monero

Sounds like you're probably using a browser addon like NoScript that's preventing the checkout page from working correctly.
Disable it, or add *.coinpayments.net to your whitelist, then try again.
by df
Mon Jan 21, 2019 3:52 am
Forum: crypto, VPN & security news
Topic: [BleepingComputer] VORACLE Attack Can Recover HTTP Data From VPN Connections
Replies: 5
Views: 14807

Re: [BleepingComputer] VORACLE Attack Can Recover HTTP Data From VPN Connections

Ah, that's right. In the ancient 2013 post @ https://cryptostorm.ch/viewtopic.php?f=38&t=5981 PJ describes in his round-about way something that sounds an awful lot like VORACLE, which was the reason we've (almost) always had compression disabled. IIRC, back then we had a mixture of "comp-lzo no" in...
by df
Mon Jan 21, 2019 3:12 am
Forum: member support & tech assistance
Topic: OVP Android Issues
Replies: 4
Views: 3459

Re: OVP Android Issues

I just talked to someone else who had this same issue, they also were using the app from Google's Play Store. The problem ended up being that Google Play Store has v0.7.5 of the app, which uses OpenSSL 1.1.0h, and the Ed25519/Ed448 configs require at least OpenSSL 1.1.1. F-Droid has version 0.7.6, w...
by df
Wed Jan 09, 2019 11:27 pm
Forum: member support & tech assistance
Topic: ISP blocking all other DNS
Replies: 4
Views: 5346

Re: ISP blocking all other DNS

@Moonlight
Yes, all of the nodes are running a DNSCrypt server. With the widget, all you need to do is enable the DNSCrypt option, it'll start in the background and your DNS settings will be changed to point to that DNSCrypt instance.
by df
Wed Jan 09, 2019 10:40 pm
Forum: cryptofree: no-cost cryptostorm network access
Topic: windows xp
Replies: 1
Views: 19137

Re: windows xp

We no longer offer any official support for Windows XP since Microsoft stopped supporting XP in April of 2014, and OpenVPN themselves stopped supporting it early last year. In 2017, Microsoft did release security patches for the vulnerability the WannaCry ransomware exploited, but that was a major v...
by df
Wed Jan 09, 2019 10:16 pm
Forum: member support & tech assistance
Topic: Can't connect following Windows Defender Update
Replies: 1
Views: 2450

Re: Can't connect following Windows Defender Update

I just updated my Windows 10 Home VM to the latest, and updated Windows Defender to the latest (threat definition version: 1.283.2606.0), and I'm not seeing anything about the CS widget being detected, nor is any new firewall rules blocking it.... But then again, Microsoft doesn't use a single datab...
by df
Thu Jan 03, 2019 9:03 pm
Forum: crypto, VPN & security news
Topic: [BleepingComputer] VORACLE Attack Can Recover HTTP Data From VPN Connections
Replies: 5
Views: 14807

Re: [BleepingComputer] VORACLE Attack Can Recover HTTP Data From VPN Connections

@parityboy
No, it's always been enabled, at least until Oct of last year
by df
Thu Jan 03, 2019 8:44 pm
Forum: member support & tech assistance
Topic: block outside dns
Replies: 5
Views: 7996

Re: block outside dns

I'm sure you already have, but if not, you need to upgrade to the latest v3.36 widget. It fixes most DNS issues. The --block-outside-dns option is now pushed from the server if you connect from Windows (either via the widget or OpenVPN GUI). To tell your client to ignore that pushed setting, in the ...
by df
Thu Jan 03, 2019 8:24 pm
Forum: member support & tech assistance
Topic: OVP Android Issues
Replies: 4
Views: 3459

Re: OVP Android Issues

I haven't heard of anything like this happening, but my suggestion would be to make sure you're using the latest OpenVPN for Android app from http://plaisthos.de/android/ics-openvpn-latest-stable.apk Other than that, check the logs and see if anything unusual is there (or post it here and we'll look...
by df
Thu Jan 03, 2019 8:22 pm
Forum: member support & tech assistance
Topic: ISP blocking all other DNS
Replies: 4
Views: 5346

Re: ISP blocking all other DNS

FYI, even when you're using our DNS servers, it's still regular DNS, which is very easy to manipulate or block entirely.
To bypass anything like that, use our DNSCrypt servers instead. Most DNS blocking methods won't block that since it's TCP port 443, and it doesn't look anything like DNS.
by df
Thu Jan 03, 2019 7:37 pm
Forum: general chat, suggestions, industry news
Topic: wrong repository link in tutorial
Replies: 3
Views: 5635

Re: wrong repository link in tutorial

I just posted an update in that other thread. Basically, those commands will only work if your distro branch/version is listed at https://build.openvpn.net/debian/openvpn/stable/dists/
by df
Thu Jan 03, 2019 7:35 pm
Forum: guides, HOWTOs & tutorials
Topic: HOWTO: OpenWRT Routers
Replies: 22
Views: 79905

Re: HOWTO: OpenWRT Routers

@FoodMaven You need to change the "auth-user-password" line in /etc/openvpn/cstorm_linux-lisbon_udp.ovpn to point to a file containing your token (or it's hash) on the first line, and any random text on the second line. Otherwise it'll try to prompt you for the user/pass, but since you're not runnin...
by df
Thu Jan 03, 2019 7:30 pm
Forum: member support & tech assistance
Topic: TorrentIP
Replies: 3
Views: 3011

Re: TorrentIP

I guess any of the styles at https://www.phpbb.com/customise/db/styl ... _styles-12 would work (just the ones that say "3.2.5"), but I'm not sure how to go about switching the styles on a per-user basis (via the UCP)
by df
Thu Jan 03, 2019 7:18 pm
Forum: guides, HOWTOs & tutorials
Topic: HOWTO: OpenWRT Routers
Replies: 22
Views: 79905

Re: HOWTO: OpenWRT Routers

Notice the time/date stamp in the original post of this thread, it was started way back in 2013, so there's some outdated things here. But at the very top of the page (and every other page here), there's the notice "Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit ...
by df
Thu Jan 03, 2019 7:08 pm
Forum: member support & tech assistance
Topic: Linux Mint 19 repository OpenVPN does not have a Release file
Replies: 5
Views: 14759

Re: Linux Mint 19 repository OpenVPN does not have a Release file

Keep in mind that both the Network Manager and Terminal instructions on https://cryptostorm.is/nix were intended for Ubuntu. They'll work on a few other Debian based distros, but not ones that aren't up to date or have their own version/branch names (such as Linux Mint). Here's a simple(ish) script ...
by df
Wed Jan 02, 2019 12:47 am
Forum: member support & tech assistance
Topic: TorrentIP
Replies: 3
Views: 3011

Re: TorrentIP

Yep, it was broken. Should be good now though. We were working on the main web server during New Year's since people were more likely to be out celebrating, and because there were some things that desperately needed upgrading. Now it's running the latest Apache/PHP, and this forum was upgraded to th...
by df
Sat Dec 29, 2018 1:23 am
Forum: cryptofree: no-cost cryptostorm network access
Topic: Download CryptoStorm FREE (Client), W7, 32-Bit
Replies: 1
Views: 3972

Re: Download CryptoStorm FREE (Client), W7, 32-Bit

The free client is the same as the paid client. See the instructions at https://cryptostorm.is/cryptofree (the last paragraph has the info you need)
by df
Fri Nov 30, 2018 7:04 am
Forum: member support & tech assistance
Topic: Problems configuring on Reborn OS (Arch Linux)
Replies: 33
Views: 20276

Re: Problems configuring on Reborn OS (Arch Linux)

yea. the configs normally have 4 "remote" lines, like in Balancer_UDP.ovpn it would have: remote balancer.cstorm.is 443 udp remote balancer.cstorm.net 443 udp remote balancer.cryptostorm.ch 443 udp remote balancer.cryptostorm.pw 443 udp delete all but one, and change the hostname to whoami.cryptosto...
by df
Fri Nov 30, 2018 6:24 am
Forum: member support & tech assistance
Topic: Problems configuring on Reborn OS (Arch Linux)
Replies: 33
Views: 20276

Re: Problems configuring on Reborn OS (Arch Linux)

So with 1.1.1.1 the only thing in your resolv.conf, you get cannot resolve errors with OpenVPN? heh, I've got an idea. change the remote lines in the OpenVPN config so that you're connecting to the hostname whoami.cryptostorm.is it'll fail, but it'll tell you what DNS is actually being used at the t...
by df
Fri Nov 30, 2018 5:35 am
Forum: member support & tech assistance
Topic: Problems configuring on Reborn OS (Arch Linux)
Replies: 33
Views: 20276

Re: Problems configuring on Reborn OS (Arch Linux)

"I uninstalled in the package manager", but did you install using that "VPN Manager" shortcut that runs /usr/bin/vpn-manager.sh? That thing was buggy as hell, I run it just ffs and selected PIA, it got stuck in a loop. Anyways, how are you running OpenVPN? Just a plain `openvpn --config Balancer_UDP...
by df
Fri Nov 30, 2018 4:21 am
Forum: member support & tech assistance
Topic: Problems configuring on Reborn OS (Arch Linux)
Replies: 33
Views: 20276

Re: Problems configuring on Reborn OS (Arch Linux)

I just tested with a clean Reborn OS install, it resolves it fine. Are you sure when you uninstalled that killswitch it really was uninstalled?
Could be some iptables rules leftover blocking the DNS, or maybe something else you did changed the cryptostorm OpenVPN config?
by df
Fri Nov 30, 2018 4:04 am
Forum: member support & tech assistance
Topic: Problems configuring on Reborn OS (Arch Linux)
Replies: 33
Views: 20276

Re: Problems configuring on Reborn OS (Arch Linux)

yea, that's cloudflare alright... and when you do `host sweden.cstorm.is` does it return 27 IPs?
by df
Fri Nov 30, 2018 2:43 am
Forum: member support & tech assistance
Topic: Problems configuring on Reborn OS (Arch Linux)
Replies: 33
Views: 20276

Re: Problems configuring on Reborn OS (Arch Linux)

try it without the 1.1.1.1
by df
Fri Nov 30, 2018 1:33 am
Forum: member support & tech assistance
Topic: Problems configuring on Reborn OS (Arch Linux)
Replies: 33
Views: 20276

Re: Problems configuring on Reborn OS (Arch Linux)

Both the `host` command and OpenVPN use the DNS settings that are in /etc/resolv.conf Can't think of any reason why `host` would work but openvpn wouldn't... But check that file anyways to see what's in it. If it's got 'nameserver 127.0.1.1' then you're probably using a local dnsmasq server, which i...
by df
Thu Nov 29, 2018 5:08 pm
Forum: member support & tech assistance
Topic: Problems configuring on Reborn OS (Arch Linux)
Replies: 33
Views: 20276

Re: Problems configuring on Reborn OS (Arch Linux)

when you do `host sweden.cryptostorm.ch` does it resolve?
by df
Tue Nov 27, 2018 3:54 am
Forum: cryptostorm reborn: voodoo networking, stormtokens, PostVPN exotic netsecurity
Topic: voodoo.network: topological & routing discussions
Replies: 9
Views: 19640

Re: voodoo.network: alpha token batch, official release

@privangle
Yea, similar to Tor relay chains.
And yes, VPNs can be attacked. Anything online can be attacked (and probably is being attacked), and a lot of offline stuff too.

Voodoo is something the CS-team invented, but it does use existing networking technologies, just in an unusual way :-)
by df
Mon Nov 26, 2018 1:31 am
Forum: member support & tech assistance
Topic: Problems configuring on Reborn OS (Arch Linux)
Replies: 33
Views: 20276

Re: Problems configuring on Reborn OS (Arch Linux)

Sun Nov 25 14:10:49 2018 us=888128 RESOLVE: Cannot resolve host address: sweden.cryptostorm.ch:5062 (System error) Sun Nov 25 14:10:54 2018 us=890652 RESOLVE: Cannot resolve host address: sweden.cryptostorm.ch:5062 (System error) Sun Nov 25 14:10:59 2018 us=893612 RESOLVE: Cannot resolve host addres...
by df
Wed Nov 21, 2018 4:19 am
Forum: member support & tech assistance
Topic: Probs with new configs in Ubuntu
Replies: 28
Views: 17798

Re: Probs with new configs in Ubuntu

@deadbeef I dunno if it's true on Buster, but I have seen some other distros do this weird thing where the openssl they install is one version, but the shared libraries used by programs like openvpn is another. If `openssl version` says 1.1.1, but `openvpn --version` says openssl 1.0.2o, then that c...
by df
Wed Nov 21, 2018 3:28 am
Forum: member support & tech assistance
Topic: Probs with new configs in Ubuntu
Replies: 28
Views: 17798

Re: Probs with new configs in Ubuntu

@deadbeef I don't think Debian or Ubuntu has OpenSSL 1.1.1 in their repos yet. Try installing OpenVPN and OpenSSL from source. As root, this should do it: cd /usr/src/ apt install -y build-essential zlib1g-dev liblz4-dev liblzo2-dev wget http://www.openssl.org/source/openssl-1.1.1.tar.gz;tar zxf ope...
by df
Sat Nov 17, 2018 6:31 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 231
Views: 949181

Re: widget v3

@Moonlight Try Frankfurt again. Someone else was having issues too, turns out something between their PC and the frankfurt server was mucking around with IP headers just enough to make our port striping v2 thing to not work. So I added some extra rules to check for that. If it works for you too, the...
by df
Sat Nov 17, 2018 12:10 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 231
Views: 949181

Re: widget v3

@Moonlight It might be that a previous widget version caused your DNS to be set to something invalid (like 127.0.0.1 even when the widget's not running). So when this version first starts, it remembers whatever DNS settings you have on launch so that it can restore that if the program crashes. If th...
by df
Fri Nov 16, 2018 2:42 pm
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 231
Views: 949181

Re: widget v3

@Brucie Try rebooting your system. There's a weird TAP adapter bug outside of the scope of our widget that causes the existing adapter to go into a strange read-only state. I wasn't able to reproduce it on win7, but I did get a win10 system do end up like that. For me, after rebooting it worked corr...
by df
Fri Nov 16, 2018 6:15 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 231
Views: 949181

Re: widget v3

@Brucie Oh god damnit. You're right, I just tested on a Vista VM and it still did the TAP loop thing. Pretty sure I know what the problem is though. Apparently M$ thought it was a good idea to change the way simple IF statements work in batch files across different Windows versions. Either that or i...
by df
Fri Nov 16, 2018 2:39 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 231
Views: 949181

Re: widget v3

@Moonlight Ah, there's the damn problem. The killswitch adds the VPN IPs all in one line using netsh advfirewall, but there's a character limit in the command prompt. The VPN IPs including the balancer IPs brings the total to > 600, so it hits that character limit and that cmd spits out an error. Se...
by df
Wed Nov 14, 2018 8:41 am
Forum: member support & tech assistance
Topic: Problems configuring on Reborn OS (Arch Linux)
Replies: 33
Views: 20276

Re: Problems configuring on Reborn OS (Arch Linux)

See the updated commands @ https://cryptostorm.is/nix
Turns out on some non-Ubuntu distros NM adds the file extension '.nmconnection' for the configs in /etc/NetworkManager/system-connections/
So the commands have been updated to check for that
by df
Wed Nov 14, 2018 8:35 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 231
Views: 949181

Re: widget v3

@marzametal The blocking of outside DNS issue should be fixed now in the latest version that's up now. The dns proxy thing is clashing with dnscrypt-proxy because the widget is bundled with it's own dnscrypt-proxy. I renamed the one the widget comes with to cs-dnsc-p.exe so that when it checks the p...
by df
Tue Nov 13, 2018 11:04 pm
Forum: cryptofree: no-cost cryptostorm network access
Topic: Pass few days can connect with all configs windows and android but pages timeout
Replies: 3
Views: 9951

Re: Pass few days can connect with all configs windows and android but pages timeout

That was our mistake. We were adding a new feature that lets people connect to our ECC instances on ports outside of 5060, but when adding the iptables rules they accidentally got added twice on the cryptofree server.
That error has been fixed, so cryptofree should work correctly for everyone now.
by df
Sat Nov 10, 2018 9:30 pm
Forum: member support & tech assistance
Topic: ECC port 5060?
Replies: 3
Views: 11882

Re: ECC port 5060?

Yay! I was able to implement network-wide the thing I mentioned in the previous post. So now ECC is no longer restricted to port 5060. The range of ports that'll work now are: RSA UDP = 1-29999 RSA TCP = 1-5060,5063-29999 ECC UDP = 1-5060,5063-29999 ECC TCP = 1-5060,5063-29999 Ed25519 is still 5061 ...