Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit here or GitHub Ξ
Ξ If you're looking for tutorials/guides, check out the new https://cryptostorm.is/#section6 Ξ

Trying to Setup on Fedora 27

Looking for assistance with a cryptostorm connection issue? Post here & we'll help out. Also: if you're not sure where to post, do so here & we'll move things around as needed. Also: for quickest support, email our oddly calm & easygoing support reps at support@cryptostorm.is :)

Topic Author
aaaliens
Posts: 1
Joined: Fri Dec 01, 2017 6:44 am

Trying to Setup on Fedora 27

Post by aaaliens » Fri Dec 01, 2017 7:04 am

Please excuse my general ignorance. I'll try to write my questions down in a coherent way...

I'm trying to connect to cryptostorm on fedora27 using the guide provided( viewtopic.php?f=37&t=6158), but it doesn't seem to be working for me.

I made sure openvpn and openssl were installed, got my hashed token, and got a got a configuration file from github. After doing
sudo openvpn --config {path & filename of your config file}
(I assume the config file here is the one I get from github?), I give my hashed key as the username, blank for the password, then I get:
Thu Nov 30 20:32:17 2017 us=397084 WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Thu Nov 30 20:32:17 2017 us=398128 LZO compression initializing
Thu Nov 30 20:32:17 2017 us=398399 Control Channel MTU parms [ L:1622 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Thu Nov 30 20:32:17 2017 us=470136 Data Channel MTU parms [ L:1622 D:1400 EF:122 EB:406 ET:0 EL:3 ]
Thu Nov 30 20:32:17 2017 us=470285 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-client'
Thu Nov 30 20:32:17 2017 us=470344 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-server'
Thu Nov 30 20:32:17 2017 us=470406 TCP/UDP: Preserving recently used remote address: [AF_INET]212.129.27.79:443
Thu Nov 30 20:32:17 2017 us=470502 Socket Buffers: R=[212992->212992] S=[212992->212992]
Thu Nov 30 20:32:17 2017 us=470524 UDP link local: (not bound)
Thu Nov 30 20:32:17 2017 us=470550 UDP link remote: [AF_INET]212.129.27.79:443
Thu Nov 30 20:32:17 2017 us=577389 TLS: Initial packet from [AF_INET]212.129.27.79:443, sid=93e6f3e1 c0c6d6f6
Thu Nov 30 20:32:17 2017 us=577705 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Thu Nov 30 20:32:17 2017 us=695635 VERIFY OK: depth=1, C=CA, ST=QC, L=Montreal, O=Katana Holdings Limite / cryptostorm_darknet, OU=Tech Ops, CN=cryptostorm_is, emailAddress=certadmin@cryptostorm.is
Thu Nov 30 20:32:17 2017 us=696351 VERIFY OK: nsCertType=SERVER
Thu Nov 30 20:32:17 2017 us=696403 VERIFY OK: depth=0, C=CA, ST=QC, L=Montreal, O=Katana Holdings Limite / cryptostorm_darknet, OU=Tech Ops, CN=server, emailAddress=certadmin@cryptostorm.is
Thu Nov 30 20:32:18 2017 us=339648 NOTE: --mute triggered...
Thu Nov 30 20:32:18 2017 us=339831 1 variation(s) on previous 3 message(s) suppressed by --mute
Thu Nov 30 20:32:18 2017 us=339880 [server] Peer Connection Initiated with [AF_INET]212.129.27.79:443
Thu Nov 30 20:32:19 2017 us=554283 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Thu Nov 30 20:32:19 2017 us=664123 PUSH: Received control message: 'PUSH_REPLY,persist-key,persist-tun,redirect-gateway def1,dhcp-option DNS 212.129.46.86,route-gateway 10.33.0.1,topology subnet,ping 20,ping-restart 60,ifconfig 10.33.200.51 255.255.0.0'
Thu Nov 30 20:32:19 2017 us=664362 OPTIONS IMPORT: timers and/or timeouts modified
Thu Nov 30 20:32:19 2017 us=664395 NOTE: --mute triggered...
Thu Nov 30 20:32:19 2017 us=664437 5 variation(s) on previous 3 message(s) suppressed by --mute
Thu Nov 30 20:32:19 2017 us=664459 Data Channel MTU parms [ L:1602 D:1400 EF:102 EB:406 ET:0 EL:3 ]
Thu Nov 30 20:32:19 2017 us=664667 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Thu Nov 30 20:32:19 2017 us=664704 Outgoing Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
Thu Nov 30 20:32:19 2017 us=664729 Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Thu Nov 30 20:32:19 2017 us=664813 NOTE: --mute triggered...
Thu Nov 30 20:32:19 2017 us=665296 1 variation(s) on previous 3 message(s) suppressed by --mute
Thu Nov 30 20:32:19 2017 us=665337 ROUTE_GATEWAY 192.168.0.1/255.255.255.0 IFACE=wlp2s0 HWADDR=68:5d:43:33:f5:d6
Thu Nov 30 20:32:19 2017 us=667487 TUN/TAP device tun0 opened
Thu Nov 30 20:32:19 2017 us=667822 TUN/TAP TX queue length set to 100
Thu Nov 30 20:32:19 2017 us=667914 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Thu Nov 30 20:32:19 2017 us=667986 /sbin/ip link set dev tun0 up mtu 1500
Thu Nov 30 20:32:19 2017 us=676263 /sbin/ip addr add dev tun0 10.33.200.51/16 broadcast 10.33.255.255
Thu Nov 30 20:32:19 2017 us=681528 /sbin/ip route add 212.129.27.79/32 via 192.168.0.1
Thu Nov 30 20:32:19 2017 us=686187 /sbin/ip route add 0.0.0.0/1 via 10.33.0.1
Thu Nov 30 20:32:19 2017 us=691407 /sbin/ip route add 128.0.0.0/1 via 10.33.0.1
Thu Nov 30 20:32:19 2017 us=692641 Initialization Sequence Completed
and I lose connection. When I try
traceroute cryptostorm.is
I get:
cryptostorm.is: Name or service not known
Cannot handle "host" cmdline arg `cryptostorm.is' on position 1 (argc 1)
Am I supposed to do something more with openvpn besides just install it? Am I using the config files right? I noticed that the files are .ovpn. Does that matter?

I appreciate any help anyone can offer.

User avatar

parityboy
Site Admin
Posts: 1208
Joined: Wed Feb 05, 2014 3:47 am

Re: Trying to Setup on Fedora 27

Post by parityboy » Sat Dec 02, 2017 8:17 pm

@OP

Couple of points:

1) The password cannot be blank. It can be anything, but it must be at least something, even if it's only a single character. I'm surprised you didn't get AUTH_FAILED.

2) The traceroute error is appearing because traceroute is expecting to be able to resolve cryptostorm.is to an IP address - that is the part which is failing. It would appear that the DNS resolver/forwarder (likely dnsmasq) on your system isn't being updated with the new DNS entries being pushed from the server.

Can you use NetworkManager? NetworkManager will automatically updated dnsmasq with the correct DNS entries.

Post Reply