Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit here or GitHub Ξ
Ξ If you're looking for tutorials/guides, check out the new https://cryptostorm.is/#section6 Ξ

All vpn detected as proxy

Looking for assistance with a cryptostorm connection issue? Post here & we'll help out. Also: if you're not sure where to post, do so here & we'll move things around as needed. Also: for quickest support, email our oddly calm & easygoing support reps at support@cryptostorm.is :)

Topic Author
bannys
Posts: 1
Joined: Mon Jun 25, 2018 3:27 pm

All vpn detected as proxy

Post by bannys » Mon Jun 25, 2018 3:31 pm

Is it normal? :D All VPN servers have open ports 80, 1080, 1723, 3124, 3127, 3128, 8080.
Image
Image

User avatar

marzametal
Posts: 432
Joined: Mon Aug 05, 2013 11:39 am

Re: All vpn detected as proxy

Post by marzametal » Sat Jun 30, 2018 8:59 am

I have encontered this as well. I was told I couldn't treat these sites like gospel. Sometimes the ports would appear and disappear after xx amount of refreshes. As for the proxy thing, that is a hit and miss situation too, for me anyway. Comes and goes like cravings for cleavage.

I don't think CS restrict ports anyway. So this site showing some ports open is irrelevant. It's a non-issue. They don't know where you are, so even if the server gets crapped on, how would they get to you?

User avatar

df
Site Admin
Posts: 420
Joined: Thu Jan 01, 1970 5:00 am

Re: All vpn detected as proxy

Post by df » Wed Jul 04, 2018 2:55 pm

whoer.net detects proxies by simply checking if you have a port open that's commonly used by a proxy (80, 1080, 1723, etc. etc.).

All of the cryptostorm VPN servers will appear to have all TCP and UDP ports open.
We use two iptables rules (one for UDP, one for TCP) to forward all ports to the VPN instances on that server.
This is to help people who are behind restrictive firewalls where the usual VPN ports aren't allowed.

So that "anonymity test" isn't accurate, or at least the proxy testing portion of it isn't.
The only thing accessible from the internet to our VPN servers is OpenVPN. It's just accessible using any TCP/UDP port (now excluding 30000-65535, since that's reserved for port forwarding).

User avatar

marzametal
Posts: 432
Joined: Mon Aug 05, 2013 11:39 am

Re: All vpn detected as proxy

Post by marzametal » Wed Jul 11, 2018 4:36 pm

Just a little FYI, maybe someone can confirm, even the original poster.

Try logging onto a voodoo node, and check if Proxy is shown as YES. For me, it is shown as NO on Voodoo Denmark-IOM (I nearly typed IRON MAIDEN because I was listening to an album of theirs hahaha).

Maybe it can't detect a proxy because it is half voodoo?

I am not sure if I can remember if there was ever talk about full voodoo? I think there was, but not sure what happened to it.

EDIT: By the way, just saw the 60% in the posted pic... I think you got better things to look at to improve that %... eg: modifying time etc... it's easy to get it to 100%, regardless of the open port stuff...

User avatar

df
Site Admin
Posts: 420
Joined: Thu Jan 01, 1970 5:00 am

Re: All vpn detected as proxy

Post by df » Wed Jul 11, 2018 6:01 pm

@marzametal
Oh yea, voodoo nodes would probably show up as no ports open.
If the scan was more thorough it would show TCP/UDP port 443 open, since on voodoo exit IPs that's the only thing open.
But if you scan the entry IP for that voodoo node (the thing you connect to), it would show all ports as open.

We did discuss full voodoo a while back.
Basically it was 2 VPSes for the circuit, one in front of the dedicated server and one behind it.
The added benefits for clients were:
The entry VPS doesn't know the websites you're visiting
The dedicated server doesn't see your real IP or the websites you visit
and the exit VPS doesn't see your real IP
The main added benefit to CS was that the dedicated server's IP stays hidden, which protects it from abuse complaints or DDoS or whatever.
The downside is that because the dedicated server doesn't add an extra hop, there's really no way to verify the whole thing.

We ended up not doing full voodoo simply because VPS bandwidth is shit, and expensive as hell in most regions.
It's cheaper to just use dedicated servers.

Some of the half voodoo (you -> dedi -> VPS -> internet) ones are still up, but we might ditch them once I figure out a decent replacement.
What I'd like to do is replace them with a [you -> dedi -> dedi (repeat) -> internet] type of voodoo thing, if that's feasible. Basically doing a double tunnel, but with one step for the client. I dunno yet how to pull that off, maybe specifying a certain password, or some other argument to the whole thing that tells server to tunnel that session through another VPN server... or something. It would be more economical if I could pull that off without having to buy more IPs.
Seems doable, just need to figure out the best way to do it.

And just because, I'm now listening to the 1980 self-titled Iron Maiden album =D

User avatar

marzametal
Posts: 432
Joined: Mon Aug 05, 2013 11:39 am

Re: All vpn detected as proxy

Post by marzametal » Thu Jul 12, 2018 8:59 am

\m/

Post Reply