Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit here or GitHub Ξ
Ξ If you're looking for tutorials/guides, check out the new https://cryptostorm.is/#section6 Ξ

Connection breaks systematically every 20 minutes (linux)

Looking for assistance with a cryptostorm connection issue? Post here & we'll help out. Also: if you're not sure where to post, do so here & we'll move things around as needed. Also: for quickest support, email our oddly calm & easygoing support reps at support@cryptostorm.is :)
User avatar

Topic Author
privangle
Posts: 87
Joined: Thu Apr 25, 2013 5:57 am

Re: HOWTO: Linux connections to cryptostorm

Post by privangle » Sat Mar 08, 2014 1:04 pm

It works on openSUSE 13.1 too, but...

now I'm sure - I have a problem to maintain the connection.
First I thought it happens accidentally, but it is systematic.

I make a connection in a terminal and after 5 to 10 minutes, the connections is broken.
In the terminal I am asked again to enter Auth Username.

Just now I tried to reenter my usermane (= hashed access token), but authentication failes.

Here are the messages (verb 3; mute 0):
Enter Auth Username: *************....
Enter Auth Password:
Sat Mar 8 08:18:42 2014 Socket Buffers: R=[212992->131072] S=[212992->131072]
Sat Mar 8 08:18:42 2014 UDPv4 link local: [undef]
Sat Mar 8 08:18:42 2014 UDPv4 link remote: [AF_INET]46.165.222.246:443
Sat Mar 8 08:18:42 2014 TLS: Initial packet from [AF_INET]46.165.222.246:443, sid=21b3d746 c04af60a
Sat Mar 8 08:18:42 2014 VERIFY OK: depth=1, C=CA, ST=QC, L=Montreal, O=Katana Holdings Limite / cryptostorm_darknet, OU=Tech Ops, CN=cryptostorm_is, emailAddress=certadmin@cryptostorm.is
Sat Mar 8 08:18:42 2014 VERIFY OK: nsCertType=SERVER
Sat Mar 8 08:18:42 2014 VERIFY OK: depth=0, C=CA, ST=QC, L=Montreal, O=Katana Holdings Limite / cryptostorm_darknet, OU=Tech Ops, CN=server, emailAddress=certadmin@cryptostorm.is
Sat Mar 8 08:18:43 2014 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Sat Mar 8 08:18:43 2014 Data Channel Encrypt: Using 512 bit message hash 'SHA512' for HMAC authentication
Sat Mar 8 08:18:43 2014 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Sat Mar 8 08:18:43 2014 Data Channel Decrypt: Using 512 bit message hash 'SHA512' for HMAC authentication
Sat Mar 8 08:18:43 2014 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Sat Mar 8 08:18:43 2014 [server] Peer Connection Initiated with [AF_INET]46.165.222.246:443
Sat Mar 8 08:18:45 2014 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sat Mar 8 08:18:45 2014 PUSH: Received control message: 'PUSH_REPLY,persist-key,persist-tun,redirect-gateway def1,dhcp-option DNS 213.73.91.35,dhcp-option DNS 198.100.146.51,dhcp-option DNS 91.191.136.152,route-gateway 10.55.0.1,topology subnet,ping 20,ping-restart 60,ifconfig 10.55.0.5 255.255.0.0'
Sat Mar 8 08:18:45 2014 OPTIONS IMPORT: timers and/or timeouts modified
Sat Mar 8 08:18:45 2014 OPTIONS IMPORT: --persist options modified
Sat Mar 8 08:18:45 2014 OPTIONS IMPORT: --ifconfig/up options modified
Sat Mar 8 08:18:45 2014 OPTIONS IMPORT: route options modified
Sat Mar 8 08:18:45 2014 OPTIONS IMPORT: route-related options modified
Sat Mar 8 08:18:45 2014 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sat Mar 8 08:18:45 2014 ROUTE_GATEWAY 92.151.56.90
Sat Mar 8 08:18:45 2014 TUN/TAP device tun0 opened
Sat Mar 8 08:18:45 2014 TUN/TAP TX queue length set to 100
Sat Mar 8 08:18:45 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sat Mar 8 08:18:45 2014 /bin/ip link set dev tun0 up mtu 1500
Sat Mar 8 08:18:45 2014 /bin/ip addr add dev tun0 10.55.0.5/16 broadcast 10.55.255.255
Sat Mar 8 08:18:45 2014 /bin/ip route add 46.165.222.246/32 via 92.151.56.90
Sat Mar 8 08:18:45 2014 /bin/ip route add 0.0.0.0/1 via 10.55.0.1
Sat Mar 8 08:18:45 2014 /bin/ip route add 128.0.0.0/1 via 10.55.0.1
Sat Mar 8 08:18:45 2014 Initialization Sequence Completed <-- here the connection is build up
Enter Auth Username: ************..... <-- 5 to 10 minutes later
Enter Auth Password:
Sat Mar 8 08:39:59 2014 TLS Error: TLS key negotiation failed to occur within 37 seconds (check your network connectivity)
Sat Mar 8 08:39:59 2014 TLS Error: TLS handshake failed
Sat Mar 8 08:39:59 2014 TLS: move_session: dest=TM_LAME_DUCK src=TM_ACTIVE reinit_src=1
Sat Mar 8 08:39:59 2014 TLS: Initial packet from [AF_INET]46.165.222.246:443, sid=3bd3d2ee 7108e3cb
Enter Auth Username: Sat Mar 8 08:40:04 2014 ERROR: could not read Auth username from stdin
Sat Mar 8 08:40:04 2014 Exiting due to fatal error
Sat Mar 8 08:40:04 2014 /bin/ip route del 46.165.222.246/32
Sat Mar 8 08:40:04 2014 /bin/ip route del 0.0.0.0/1
Sat Mar 8 08:40:04 2014 /bin/ip route del 128.0.0.0/1
Sat Mar 8 08:40:04 2014 Closing TUN/TAP interface
Sat Mar 8 08:40:04 2014 /bin/ip addr del dev tun0 10.55.0.5/16
Do you have any idea what to do ?

Another test with "verb 5".

Start:
Sat Mar 8 09:12:30 2014 us=974034 Current Parameter Settings:

End of connection after 22 minutes:
Sat Mar 8 09:34:14 2014 us=591038 ERROR: could not read Auth username from stdin

Here is the devnull.txt file.

User avatar

Topic Author
privangle
Posts: 87
Joined: Thu Apr 25, 2013 5:57 am

Connection breaks systematically every 20 minutes (linux)

Post by privangle » Sat Mar 08, 2014 3:11 pm

Hi and sorry,

I was wrong, I should have written my post here in the "member support", not in the "Howto connection guide".

So my terminal connection (openSUSE) breaks every 20 minutes, re-asking me for authentication.
Do you have an idea how to fix it ?

Thank you.


I merged the topics (and fucked up at first try. So in the end it was way more work then worth it :roll: ) ~DesuStrike


User avatar

Topic Author
privangle
Posts: 87
Joined: Thu Apr 25, 2013 5:57 am

Re: Connection breaks systematically every 20 minutes (linux

Post by privangle » Sun Mar 09, 2014 12:56 am

Yes, my desktop is KDE and I'm using NetworkManager. NWM is more comfortable for changing DNS servers.

Here it is; do you see something special ? For the moment I have 2 google dns servers in it, but
the problem is independant of the DNS servers. My connection cuts after 20 minutes whatever the DNS servers are.

I find the regularity strange - alsways ~ 20 minutes, as if there was a counter somewhere.

Could perhaps my ISP have sth. to do with the problem? I ask myself if my ISP could change regularly
the DNS server every 20 minutes ? Ok, I have static DNS server adress in NWM, but my router has
DHCP activated. I don't know. ??..

Image

User avatar

parityboy
Site Admin
Posts: 1208
Joined: Wed Feb 05, 2014 3:47 am

Re: Connection breaks systematically every 20 minutes (linux

Post by parityboy » Sun Mar 09, 2014 1:12 am

@OP

Right...first and foremost, your Gateway for the Wired Connection should be the LAN address of your router. You are using a router, right? It should NOT be your WAN address, so it should be 192.168.1.x (where x is usually .1 or .254). Remember, you router is using NAT to translate between the LAN address and the WAN (public Internet) address. Secondly, System Connection should be checked.

Try these steps and report back with the results. :)

User avatar

Topic Author
privangle
Posts: 87
Joined: Thu Apr 25, 2013 5:57 am

Re: Connection breaks systematically every 20 minutes (linux

Post by privangle » Sun Mar 09, 2014 2:25 am

Hi, I don't know if my try is ok, for me the network things are really difficult to understand.
I don't even know really the difference between 192.168.1.1 and 192.168.1.36

My router is a box which is router and adsl modem in one.

When I configure my router/modem, it happens over a web interface in a browser with
the url: http://192.168.1.1

This gives me access to the configuration intercafe of my ~box~.

Is the connection scheme like that ?

PC <-> ethernetcard <-> router <-> modem <-> my ISP <-> Internet
--

With the NWM data, the internet connection and vpn worked, but, as usual, exactly 22 minutes later
I was asked for authentication. I could set my clock with that. :roll:

Begin connection:

Enter Auth Username: *************...
Enter Auth Password:
Sat Mar 8 21:40:42 2014 us=490117 ...

End connection:
Enter Auth Username: *************...
Enter Auth Password:
Sat Mar 8 22:02:13 2014 us=929821 TLS Error: TLS key negotiation...

And here is the NWM: (I'm not shure about it)

Image

User avatar

parityboy
Site Admin
Posts: 1208
Joined: Wed Feb 05, 2014 3:47 am

Re: Connection breaks systematically every 20 minutes (linux

Post by parityboy » Sun Mar 09, 2014 2:54 am

@OP

Well it didn't solve your problem, but I think it needed to be done anyway just to eliminate it as a possible culprit.
Is the connection scheme like that ?

PC <-> ethernetcard <-> router <-> modem <-> my ISP <-> Internet
Correct. :)


NEXT STEP:
Can you try importing your Cryptostorm configuration into the VPN part of Network Manager, and connecting? Remember to install the network-manager-openvpn package (or whatever it's called on openSUSE). Make sure it doesn't have a dependency on an older version of OpenVPN. Check the screenshots in this post for guidance.

I'm trying to see if the issue with stdin goes away. :)


EDIT:

Can you post the command line you're using to invoke the tunnel?


UPDATE
I invoked the VPN from the commandline and have been torrenting and browsing for about 40 mins with no issues. This stdin issue must be specific to the openSUSE environment, but...that's...weird...

User avatar

Topic Author
privangle
Posts: 87
Joined: Thu Apr 25, 2013 5:57 am

Re: Connection breaks systematically every 20 minutes (linux

Post by privangle » Sun Mar 09, 2014 5:22 am

@parityboy

Well, at least my idea about the scheme was correct. :-)

NEXT STEP

I tried it some days ago and I didn't succeed, but I hadn't seen the nice howto.

In my first try I copied the certification which is in the configuration file
cryptostorm_client_raw-iceland1_3.conf and pasted it in a file ca.crt.
I importet the conf file but was lost about the rest.

With the "howto" now under my eyes, I have compared my ca.crt with the Cryptostorm Certificate.crt
I just downloaded by making a diff and I see that in my ca.crt a "new line" at the end of file was missing.

Now the VPN connects with the NetworkManager, nice !

By the way, I'm curious if one can import all the 6 config files and comfortably choose one of them
in the NetworkManager, I'll try that!

Immediately I did a dnsleaktest.com and I see a DNS server which is neither in my list of DNS servers
(8.8.8.8 and 8.8.8.4), nor a DNS server nearby of my ISP or belonging to my ISP or country.
Its a DSN server in Canada. (I'm using the iceland conf file).

In the result of the DNS leak test, the ISP is marked as "unknown":

IP........................Hostname.....ISP............Country
198.100.146.51 .... milae.net ... Not found ... Canada


All these elements make me think that I am on darknet without leak.
What do you think ?

Well, I am on Iceland over 1 hour now, this is the first time with this duration!
Very probably the problem is solved.

Thanks a lot for your help ! :)

P.S. You asked me the command I write in a terminal

I have a file ".iceland" in $home chmoded 711 with

Code: Select all

cd tools/cryptostorm
openvpn --auth-nocache --config cryptostorm_client_raw-iceland1_3.conf 
In a terminal as superuser I lauch

./.cryptostorm

(the config-files are in $home/tools/cryptostorm)

With cryptocloud and openSUSE 12.1 it worked.

I tried also more simpel:
su
cd tool/cryptostorm
openvpn --config cryptostorm_client_raw-iceland1_3.conf

User avatar

parityboy
Site Admin
Posts: 1208
Joined: Wed Feb 05, 2014 3:47 am

Re: Connection breaks systematically every 20 minutes (linux

Post by parityboy » Sun Mar 09, 2014 5:30 am

@OP

Glad you got it working. :D Just to let you know, the --auth-nocache option does not keep your credentials in memory, so when the link refreshes it cannot resubmit them. Obviously, the connection will fail if it can't log you in. :)

As for the DNS leak, yeah I get that DNS when I run the test as well. It appears to be pushed to your OpenVPN client by the OpenVPN server, when you connect.

User avatar

Topic Author
privangle
Posts: 87
Joined: Thu Apr 25, 2013 5:57 am

Re: Connection breaks systematically every 20 minutes (linux

Post by privangle » Sun Mar 09, 2014 12:29 pm

@parityboy,

now I maintained a tunnel connection for 6 hours without interruption, great!

--auth-nocache

Well, with this option I took me for a ride myself. :lol:

This is due to a sort of perfectionism for my part I think; it is not the first time this knocks me out...

I read in the terminal a security warning message like "your password is in memory
and could be read" (I forgot the exact message), so I said to me: lets make it more secure.
Nice "improvement" which made it worse. :roll:

I like the communication here, its sharing knowledge and learning.

The last step I imported the other 5 config files and tested them all.
It works fine and the ConnectionManager is really comfortable.

In all countries (Iceland, Canada, Germany, USA) the DNS server is the same,
our milae.net, it must be choosen from cryptostorm side, so no leak.

Taking a good look on the DNS leak problem taught me how to avoid the DNS server
my ISP chooses for me. We are not save from censorship in our resp. countries.
Look at the UK for example:
On July 22, 2013, Prime Minister David Cameron announced that by default pornography
and other abusive material (such as suicide, alcohol and violence-related content) to
most households in the UK would be filtered from the Internet by the end of 2013
unless a household chooses to receive it.
so being able to choose ourself DNS servers is important.
Once the censorship infrastructure is there, they will use it for whatever they want.

The dynamic connection is particularly interesting. If I understand well,
this config changes randomly the exit nodes every n minutes, while the
locked config choose randomly an exit node at start of the connection
and then maintain it.

Have a good sunday.

Post Reply