Can't get work new config files

Looking for assistance with a cryptostorm connection issue? Post here & we'll help out. Also: if you're not sure where to post, do so here & we'll move things around as needed. Also: for quickest support, email our oddly calm & easygoing support reps at support@cryptostorm.is :)
User avatar
privangle
Posts: 90
Joined: Thu Apr 25, 2013 5:57 am

Can't get work new config files

Post by privangle » Sun Jan 26, 2020 4:28 am

Hello,

Since some weeks I could no more connect to CS. My config files was dated from 2017.

So I download the new ones on Github from the directory RSAA because my Linux System is old.

My openvpn version is 2.3.2,
openssl version is 1.0.1k,

so these config files in principle should work.
They work with OpenVPN 2.3.2 through 2.4.7, and OpenSSL 1.0.0 through 1.1.1b
Looking in the new config files I see that the certificat has changed, so I copied the certificate from a config file and stored it in a file ca.txt.

In my Network Manager (Linux openSUSE) I imported the config file, point the field "certificate" to the file ca.txt, took as "username" the sha512 hash of my lifetime token, put in the password field something (or let it empty).

When I try connecting, it doesn't work.

To see messages I connect in a console window with the command "openvpn --config Switzerland_udp.conf, I copied the sha-ed token in "username" and let the password empty (or put in some letters, same result...), and here are the messages I get:

Code: Select all

# openvpn --config Switzerland_udp.conf 
Sat Jan 25 23:23:14 2020 us=886346 Current Parameter Settings:
Sat Jan 25 23:23:14 2020 us=886425   config = 'Switzerland_udp.conf'
Sat Jan 25 23:23:14 2020 us=886443   mode = 0
Sat Jan 25 23:23:14 2020 us=886458 NOTE: --mute triggered...
Sat Jan 25 23:23:14 2020 us=886485 321 variation(s) on previous 3 message(s) suppressed by --mute
Sat Jan 25 23:23:14 2020 us=886501 OpenVPN 2.3.2 x86_64-suse-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [eurephia] [MH] [IPv6] built on May 31 2013
Enter Auth Username: ********************************************************************************************************************************
Enter Auth Password: 
Sat Jan 25 23:23:17 2020 us=940236 No valid translation found for TLS cipher 'TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256'
Sat Jan 25 23:23:17 2020 us=940371 Control Channel Authentication: tls-auth using INLINE static key file
Sat Jan 25 23:23:17 2020 us=940396 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Sat Jan 25 23:23:17 2020 us=940409 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Sat Jan 25 23:23:17 2020 us=940489 Control Channel MTU parms [ L:1601 D:210 EF:110 EB:0 ET:0 EL:0 ]
Sat Jan 25 23:23:17 2020 us=940533 Socket Buffers: R=[212992->131072] S=[212992->131072]
Sat Jan 25 23:23:17 2020 us=987306 Data Channel MTU parms [ L:1601 D:1450 EF:101 EB:4 ET:0 EL:0 ]
Sat Jan 25 23:23:17 2020 us=987357 Local Options String: 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,keydir 0,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client'
Sat Jan 25 23:23:17 2020 us=987369 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-server'
Sat Jan 25 23:23:17 2020 us=987397 Local Options hash (VER=V4): 'd3cade52'
Sat Jan 25 23:23:17 2020 us=987412 Expected Remote Options hash (VER=V4): 'd883f1f3'
Sat Jan 25 23:23:17 2020 us=987433 UDPv4 link local: [undef]
Sat Jan 25 23:23:17 2020 us=987448 UDPv4 link remote: [AF_INET]81.17.31.40:443
Sat Jan 25 23:23:18 2020 us=30636 TLS: Initial packet from [AF_INET]81.17.31.40:443, sid=032a8f95 0dbee080
Sat Jan 25 23:23:18 2020 us=30768 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sat Jan 25 23:23:18 2020 us=760249 VERIFY OK: depth=1, CN=cryptostorm CA
Sat Jan 25 23:23:18 2020 us=762264 Validating certificate key usage
Sat Jan 25 23:23:18 2020 us=762276 ++ Certificate has key usage  00a0, expects 00a0
Sat Jan 25 23:23:18 2020 us=762286 NOTE: --mute triggered...
Sat Jan 25 23:23:28 2020 us=653383 10 variation(s) on previous 3 message(s) suppressed by --mute
Sat Jan 25 23:23:28 2020 us=653417 [cryptostorm server] Peer Connection Initiated with [AF_INET]81.17.31.40:443
Sat Jan 25 23:23:31 2020 us=36263 SENT CONTROL [cryptostorm server]: 'PUSH_REQUEST' (status=1)
Sat Jan 25 23:23:36 2020 us=421457 SENT CONTROL [cryptostorm server]: 'PUSH_REQUEST' (status=1)
Sat Jan 25 23:23:41 2020 us=667020 SENT CONTROL [cryptostorm server]: 'PUSH_REQUEST' (status=1)
Sat Jan 25 23:23:44 2020 us=714856 NOTE: --mute triggered...
Sat Jan 25 23:23:44 2020 us=715154 7 variation(s) on previous 3 message(s) suppressed by --mute
Sat Jan 25 23:23:44 2020 us=715167 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 IFACE=enp0s20 HWADDR=00:1a:92:ce:59:88
Sat Jan 25 23:23:44 2020 us=715485 TUN/TAP device tun0 opened
Sat Jan 25 23:23:44 2020 us=715505 TUN/TAP TX queue length set to 100
Sat Jan 25 23:23:44 2020 us=715521 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sat Jan 25 23:23:44 2020 us=715543 /bin/ip link set dev tun0 up mtu 1500
Sat Jan 25 23:23:44 2020 us=717861 /bin/ip addr add dev tun0 10.66.16.161/24 broadcast 10.66.16.255
Sat Jan 25 23:23:44 2020 us=720137 /bin/ip route add 81.17.31.40/32 via 192.168.1.1
Sat Jan 25 23:23:44 2020 us=720927 /bin/ip route add 0.0.0.0/1 via 10.66.16.1
Sat Jan 25 23:23:44 2020 us=721694 /bin/ip route add 128.0.0.0/1 via 10.66.16.1
Sat Jan 25 23:23:44 2020 us=722397 Initialization Sequence Completed
With the old configs, usually the connection was working as soon as the message Initialization Sequence Completed appeared, but with the new ones it does not.

Do you have an idea what I'm making wrong ? Thank you.

 ! Message from: parityboy
Added code tags to improve readability

User avatar
parityboy
Site Admin
Posts: 1262
Joined: Wed Feb 05, 2014 3:47 am

Re: Can't get work new config files

Post by parityboy » Mon Jan 27, 2020 8:52 pm

@OP

With the connection active can you ping a DNS server such as 8.8.8.8 or 1.1.1.1?

User avatar
privangle
Posts: 90
Joined: Thu Apr 25, 2013 5:57 am

Re: Can't get work new config files

Post by privangle » Tue Jan 28, 2020 7:55 am

@parityboy

Thank you for your answer and for putting in the BBcode "code" for me.
I wasn't sure if I should use it for the console messages or not, now I know.

The last hour I tested all config files in a console window, and at my surprise, 27 files from 31 are now working!
I don't know what the problem was before.

I did not yet test importing them in my NetworkManager, but I am already happy that I can make again a vpn connection using the console.

The not working connections for me are
  • Dusseldorf
  • Denmark
  • England
  • Poland (auth failed message)
In the next days I'll try to import them in my NetworkManager and I'll tell you the result.

Ah, I forgot: the ping works, when the vpn connection works.
Time of response about 112ms for 8.8.8.8 and 79ms for 1.1.1.1

For the 4 not working connections, I don't get the final message Initialization Sequence Completed.

User avatar
parityboy
Site Admin
Posts: 1262
Joined: Wed Feb 05, 2014 3:47 am

Re: Can't get work new config files

Post by parityboy » Wed Jan 29, 2020 1:54 am

@OP

Glad you got it working! :D FYI, if you check the uptime link in my sig, you'll likely find that those four configs that don't work look rather familiar...

solaris

Re: Can't get work new config files

Post by solaris » Wed Jan 29, 2020 6:44 am

the Cryptostorm Exit Node Status page has been cleaned up and:

England
Denmark
Dusseldorf
and the 2nd Paris server

listings have been removed.

Poland is there and working.

any news if and when DF will return?

whatever the situation, sincerely hope she/he is OK.

User avatar
parityboy
Site Admin
Posts: 1262
Joined: Wed Feb 05, 2014 3:47 am

Re: Can't get work new config files

Post by parityboy » Mon Feb 03, 2020 1:24 am

@OP

I've not heard anything re: df. Hopefully he/she will be back soon. :thumbup:

Post Reply