Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit here or GitHub Ξ
Ξ If you're looking for tutorials/guides, check out the new https://cryptostorm.is/#section6 Ξ

Problems configuring on Reborn OS (Arch Linux)

Looking for assistance with a cryptostorm connection issue? Post here & we'll help out. Also: if you're not sure where to post, do so here & we'll move things around as needed. Also: for quickest support, email our oddly calm & easygoing support reps at support@cryptostorm.is :)

Topic Author
lazarus_long
Posts: 22
Joined: Tue Oct 30, 2018 7:17 pm

Problems configuring on Reborn OS (Arch Linux)

Post by lazarus_long » Tue Oct 30, 2018 7:35 pm

I had set this up once before on a previous Antergos install and had problems until I figured out I was missing dnsmasq. After installing it my config worked. So I installed on Reborn and I am still getting an error on the last step. I actually imported my config files three times trying to figure out what I had done wrong. Here is what I put into terminal for the last step minus my token and what came out:

[root@Minerva system-connections]# cd /data/Documents/conf
[root@Minerva conf]# CSTOKEN=MY-CRYPTOSTORM-TOKEN for conf in `ls *.ovpn|sed -e's/.ovpn//'`;do sed "/\[vpn\]/a username=$CSTOKEN" -i /etc/NetworkManager/system-connections/$conf sed -e"s/password-flags=.*/password-flags=0/" -i /etc/NetworkManager/system-connections/$conf sed "\$a\\\n[vpn-secrets]\npassword=whatever\n" -i /etc/NetworkManager/system-connections/$conf done
bash: syntax error near unexpected token `do'
[root@Minerva conf]#

I am not sure what the deal is. I have DNSMASQ and Openvpn. are there any other dependencies or am I missing something else. I followed the Ubuntu guide minus the append the three lines to the config files as arch doesn't have the same script Ubuntu does.
I have all the servers on my panel probably times three, but, they require the token.


Topic Author
lazarus_long
Posts: 22
Joined: Tue Oct 30, 2018 7:17 pm

Re: Problems configuring on Reborn OS (Arch Linux)

Post by lazarus_long » Tue Oct 30, 2018 9:09 pm

To clarify cryptostorm is working if I access one of the servers through the Terminal I just want to edit all of them with the token at once.


Topic Author
lazarus_long
Posts: 22
Joined: Tue Oct 30, 2018 7:17 pm

Re: Probvia terminallems configuring on Reborn OS (Arch Linux)

Post by lazarus_long » Wed Oct 31, 2018 4:51 am

Nevermind I connected via terminal since that is better. I do have one problem though. This part didn't work.
So you don't have to enter your token every time you connect, store your token in a random file.
(Replace CsTok-enGvX-F4b4a-j7CED with your token or your token's hash using the token hasher at https://cryptostorm.is/#section6, under the teddy bear
And replace /home/test/cstoken with the location you want to save the token to. My username is "test", so I'm storing the file in /home/test/cstoken)
echo CsTok-enGvX-F4b4a-j7CED > /home/test/cstoken;echo anythingcangohere >> /home/test/cstoken;chmod 600 /home/test/cstoken
Then edit all the configs to use /home/test/cstoken:
sed -e's_^auth-user-pass_auth-user-pass /home/test/cstoken_' -i *.ovpn

This part replacing test with my username did not work for me. It made a file but it still asks me for a password when I connect. The file is in my home folder with nothing on it but my token.

User avatar

df
Site Admin
Posts: 420
Joined: Thu Jan 01, 1970 5:00 am

Re: Problems configuring on Reborn OS (Arch Linux)

Post by df » Wed Oct 31, 2018 12:35 pm

In your first post, the problem is that you're issuing a multiline set of commands as a single command.
If you want to do that, semi colons would need to be added in the right places, I.e.:

CSTOKEN=CsTok-enGvX-F4b4a-j7CED;for conf in `ls *.ovpn|sed -e's/.ovpn//'`;do sed "/\[vpn\]/a username=$CSTOKEN" -i /etc/NetworkManager/system-connections/$conf; sed -e"s/password-flags=.*/password-flags=0/" -i /etc/NetworkManager/system-connections/$conf; sed "\$a\\\n[vpn-secrets]\npassword=whatever\n" -i /etc/NetworkManager/system-connections/$conf; done

But those commands were intended for Ubuntu. I haven't tested on Arch, not even sure if they use NetworkManager. But if they do, then the above commands should work.

As for your last post, that sed command needs to be ran from the same directory that has your .ovpn config files that you download from our website or github.


Topic Author
lazarus_long
Posts: 22
Joined: Tue Oct 30, 2018 7:17 pm

Re: Problems configuring on Reborn OS (Arch Linux)

Post by lazarus_long » Thu Nov 01, 2018 12:01 am

Yes i was running from that directory. it still is asking me for my password. And yes network manager can be installed on arch. i think it is installed by default on the GNOME desktop which i run.

User avatar

df
Site Admin
Posts: 420
Joined: Thu Jan 01, 1970 5:00 am

Re: Problems configuring on Reborn OS (Arch Linux)

Post by df » Wed Nov 14, 2018 8:41 am

See the updated commands @ https://cryptostorm.is/nix
Turns out on some non-Ubuntu distros NM adds the file extension '.nmconnection' for the configs in /etc/NetworkManager/system-connections/
So the commands have been updated to check for that


Topic Author
lazarus_long
Posts: 22
Joined: Tue Oct 30, 2018 7:17 pm

Re: Problems configuring on Reborn OS (Arch Linux)

Post by lazarus_long » Mon Nov 26, 2018 12:23 am

Okay with the new tutorial and my updated token no joy at all. I can't even connect via the terminal anymore. here is the output.
Attachments
cs log.txt
(4.26 KiB) Downloaded 213 times

User avatar

df
Site Admin
Posts: 420
Joined: Thu Jan 01, 1970 5:00 am

Re: Problems configuring on Reborn OS (Arch Linux)

Post by df » Mon Nov 26, 2018 1:31 am

Sun Nov 25 14:10:49 2018 us=888128 RESOLVE: Cannot resolve host address: sweden.cryptostorm.ch:5062 (System error)
Sun Nov 25 14:10:54 2018 us=890652 RESOLVE: Cannot resolve host address: sweden.cryptostorm.ch:5062 (System error)
Sun Nov 25 14:10:59 2018 us=893612 RESOLVE: Cannot resolve host address: sweden.cryptostorm.ch:5062 (System error)

Sounds like your DNS is misconfigured, or maybe you've got a killswitch that's interfering?
sweden.cryptostorm.ch resolves to 27 IPs for me, and I tested against several different public DNS servers.

Check your /etc/resolv.conf and see what IP your DNS is pointed at before connecting.
On some Linux distros a local dnsmasq server is used, so it might say something like 127.0.1.1
but in those cases if dnsmasq isn't running, DNS would fail.

Try running the command: host google.com
or if you don't have the `host` command: nslookup google.com
If that also fails, then it's definitely your DNS settings


Topic Author
lazarus_long
Posts: 22
Joined: Tue Oct 30, 2018 7:17 pm

Re: Problems configuring on Reborn OS (Arch Linux)

Post by lazarus_long » Thu Nov 29, 2018 4:49 pm

The host check worked fine.I had 75.75.75.75. I changed it to cloudflare's 1.1.1.1 because that is what I thought I was using before. As far as the kill switch goes, I did install ipredetor's netsplice, to try out, but, never got a trial so I uninstalled it.


Topic Author
lazarus_long
Posts: 22
Joined: Tue Oct 30, 2018 7:17 pm

Re: Problems configuring on Reborn OS (Arch Linux)

Post by lazarus_long » Thu Nov 29, 2018 4:50 pm

And it is still giving the same errors.

User avatar

df
Site Admin
Posts: 420
Joined: Thu Jan 01, 1970 5:00 am

Re: Problems configuring on Reborn OS (Arch Linux)

Post by df » Thu Nov 29, 2018 5:08 pm

when you do `host sweden.cryptostorm.ch` does it resolve?


Topic Author
lazarus_long
Posts: 22
Joined: Tue Oct 30, 2018 7:17 pm

Re: Problems configuring on Reborn OS (Arch Linux)

Post by lazarus_long » Fri Nov 30, 2018 12:56 am

It doesn't resolve regardless of which server I choose.


Topic Author
lazarus_long
Posts: 22
Joined: Tue Oct 30, 2018 7:17 pm

Re: Problems configuring on Reborn OS (Arch Linux)

Post by lazarus_long » Fri Nov 30, 2018 12:56 am

Wait no yes it does.


Topic Author
lazarus_long
Posts: 22
Joined: Tue Oct 30, 2018 7:17 pm

Re: Problems configuring on Reborn OS (Arch Linux)

Post by lazarus_long » Fri Nov 30, 2018 12:57 am

But I can't connect following the tutorial for terminal.

User avatar

df
Site Admin
Posts: 420
Joined: Thu Jan 01, 1970 5:00 am

Re: Problems configuring on Reborn OS (Arch Linux)

Post by df » Fri Nov 30, 2018 1:33 am

Both the `host` command and OpenVPN use the DNS settings that are in /etc/resolv.conf
Can't think of any reason why `host` would work but openvpn wouldn't...
But check that file anyways to see what's in it. If it's got 'nameserver 127.0.1.1' then you're probably using a local dnsmasq server, which is the default for Ubuntu and some other Debian based distros.
If dnsmasq isn't running, or something else is being used that's changing the DNS settings then it could cause these issues.

Another thing is that Comcast's 75.75.75.75 and 75.75.76.76 DNS servers aren't actually public DNS servers, they only work if you're coming from a Comcast IP. So if you're using something that might be changing the IP that's connecting to those DNS servers, which would be the case if you're using DNSCrypt, then that could also cause those failures.
I'm not sure how you set your DNS to 1.1.1.1 before, but I'd recommend doing that via /etc/resolv.conf with the command:
echo 'nameserver 1.1.1.1' > /etc/resolv.conf
then trying openvpn again

Even with the above command, something could still overwrite /etc/resolv.conf with something else. So after running the above command you could make the file immutable (it's like read-only) with `chattr +i /etc/resolv.conf`
But it would be better to figure out what's changing resolv.conf and telling it not to, or work within that program's configuration.

Another useful command in all this is: `host whoami.cryptostorm.is`
The custom DNS server at whoami.cryptostorm.is is designed to respond to all queries with an A record that contains the IP that made the final request.
I.e.,

root@oldbox:~# host whoami.cryptostorm.is 1.1.1.1
Using domain server:
Name: 1.1.1.1
Address: 1.1.1.1#53
Aliases:

whoami.cryptostorm.is has address 172.69.66.24

That shows that the cloudflare IP 172.69.66.24 is one of the IPs behind the 1.1.1.1 balancer.
In your case, it would be useful if you needed to know what the final IP is making your DNS requests.


Topic Author
lazarus_long
Posts: 22
Joined: Tue Oct 30, 2018 7:17 pm

Re: Problems configuring on Reborn OS (Arch Linux)

Post by lazarus_long » Fri Nov 30, 2018 1:48 am

Okay I edited the resolve,conf file like you said and made it read only. Here is the output trying to connect to Paris. Basically the same as before.I think anyway.Because It won't read the cstoken text file like in the tutorial I am just putting whatever as a name and my token as a password.
Attachments
cs.txt
(11.8 KiB) Downloaded 195 times


Topic Author
lazarus_long
Posts: 22
Joined: Tue Oct 30, 2018 7:17 pm

Re: Problems configuring on Reborn OS (Arch Linux)

Post by lazarus_long » Fri Nov 30, 2018 1:52 am

[lazarus@Minerva ~]$ host whoami.cryptostorm.is 1.1.1.1
Using domain server:
Name: 1.1.1.1
Address: 1.1.1.1#53
Aliases:

whoami.cryptostorm.is has address 108.162.217.160

User avatar

df
Site Admin
Posts: 420
Joined: Thu Jan 01, 1970 5:00 am

Re: Problems configuring on Reborn OS (Arch Linux)

Post by df » Fri Nov 30, 2018 2:43 am

try it without the 1.1.1.1


Topic Author
lazarus_long
Posts: 22
Joined: Tue Oct 30, 2018 7:17 pm

Re: Problems configuring on Reborn OS (Arch Linux)

Post by lazarus_long » Fri Nov 30, 2018 3:59 am

[lazarus@Minerva ~]$ host whoami.cryptostorm.is
whoami.cryptostorm.is has address 162.158.72.85

User avatar

df
Site Admin
Posts: 420
Joined: Thu Jan 01, 1970 5:00 am

Re: Problems configuring on Reborn OS (Arch Linux)

Post by df » Fri Nov 30, 2018 4:04 am

yea, that's cloudflare alright... and when you do `host sweden.cstorm.is` does it return 27 IPs?

User avatar

df
Site Admin
Posts: 420
Joined: Thu Jan 01, 1970 5:00 am

Re: Problems configuring on Reborn OS (Arch Linux)

Post by df » Fri Nov 30, 2018 4:21 am

I just tested with a clean Reborn OS install, it resolves it fine. Are you sure when you uninstalled that killswitch it really was uninstalled?
Could be some iptables rules leftover blocking the DNS, or maybe something else you did changed the cryptostorm OpenVPN config?


Topic Author
lazarus_long
Posts: 22
Joined: Tue Oct 30, 2018 7:17 pm

Re: Problems configuring on Reborn OS (Arch Linux)

Post by lazarus_long » Fri Nov 30, 2018 5:25 am

I uninstalled in the package manager. I never configured it though. I opened the program once to see how an install worked and it threw an error which I figured was because I didn't have that VPN. Their website doesn't give how to's for that program even as it is in beta I believe. The only reason I wanted to try it is because they have it for arch. I'm not really sure what it did or changed if anything. And yes I get 27 ip's.


Topic Author
lazarus_long
Posts: 22
Joined: Tue Oct 30, 2018 7:17 pm

Re: Problems configuring on Reborn OS (Arch Linux)

Post by lazarus_long » Fri Nov 30, 2018 5:27 am

My cryptostorm configs I have done fresh if that is what you mean, following g the new tutorial.

User avatar

df
Site Admin
Posts: 420
Joined: Thu Jan 01, 1970 5:00 am

Re: Problems configuring on Reborn OS (Arch Linux)

Post by df » Fri Nov 30, 2018 5:35 am

"I uninstalled in the package manager", but did you install using that "VPN Manager" shortcut that runs /usr/bin/vpn-manager.sh? That thing was buggy as hell, I run it just ffs and selected PIA, it got stuck in a loop.

Anyways, how are you running OpenVPN? Just a plain `openvpn --config Balancer_UDP.ovpn` (or whatever)?

If you're doing that, one way to really debug exactly what DNS is being used is with:
strace -fF -esendmmsg,recvfrom -s65536 openvpn --config Balancer_UDP.ovpn

The first sendmmsg() and recvfrom() calls are generally to/from your DNS server.

But an easier way is to check /etc/resolv.conf and see what's in there, and if whatever it's pointing to is changing things


Topic Author
lazarus_long
Posts: 22
Joined: Tue Oct 30, 2018 7:17 pm

Re: Problems configuring on Reborn OS (Arch Linux)

Post by lazarus_long » Fri Nov 30, 2018 5:51 am

Allthat is on my resolv.conf after your suggested change is nameserver 1.1.1.1.
This is what I installed. https://ipredator.se/netsplice#client_general The arch link. Then I unisntalled using pamac, reborn's gui package manager.


Topic Author
lazarus_long
Posts: 22
Joined: Tue Oct 30, 2018 7:17 pm

Re: Problems configuring on Reborn OS (Arch Linux)

Post by lazarus_long » Fri Nov 30, 2018 6:20 am

To run I am copy pasting from the tutorial, with the exception I changed it to sweden for the first run.

User avatar

df
Site Admin
Posts: 420
Joined: Thu Jan 01, 1970 5:00 am

Re: Problems configuring on Reborn OS (Arch Linux)

Post by df » Fri Nov 30, 2018 6:24 am

So with 1.1.1.1 the only thing in your resolv.conf, you get cannot resolve errors with OpenVPN?
heh, I've got an idea. change the remote lines in the OpenVPN config so that you're connecting to the hostname whoami.cryptostorm.is
it'll fail, but it'll tell you what DNS is actually being used at the time of connecting to OpenVPN.

I just tried with 1.1.1.1 in my /etc/resolv.conf and no iptables rules, in my openvpn output I see:
Thu Nov 29 19:21:14 2018 us=570793 UDP link remote: [AF_INET]172.69.66.180:443
which is a cloudflare IP behind their 1.1.1.1

If you get anything that isn't a cloudflare IP, then something else is changing your DNS, perhaps with iptables rules.

And I know cloudflare isn't blocking our DNS:
root@oldbox:~# host sweden.cstorm.is 1.1.1.1|head
Using domain server:
Name: 1.1.1.1
Address: 1.1.1.1#53
Aliases:

sweden.cstorm.is has address 128.127.104.121
sweden.cstorm.is has address 128.127.104.122
sweden.cstorm.is has address 128.127.104.123
etc.

EDIT:
also check `iptables -L -n` and `iptables -L -n -t nat` to make sure there's no rules leftover from something else


Topic Author
lazarus_long
Posts: 22
Joined: Tue Oct 30, 2018 7:17 pm

Re: Problems configuring on Reborn OS (Arch Linux)

Post by lazarus_long » Fri Nov 30, 2018 6:52 am

change the remote lines in the OpenVPN config so that you're connecting to the hostname whoami.cryptostorm.is

Do you mean the config files I downloaded?


Topic Author
lazarus_long
Posts: 22
Joined: Tue Oct 30, 2018 7:17 pm

Re: Problems configuring on Reborn OS (Arch Linux)

Post by lazarus_long » Fri Nov 30, 2018 6:58 am

the output from the iptable commands.
Attachments
iptables -L -n -t nat.txt
(366 Bytes) Downloaded 172 times
iptables -L -n.txt
(9.41 KiB) Downloaded 197 times

User avatar

df
Site Admin
Posts: 420
Joined: Thu Jan 01, 1970 5:00 am

Re: Problems configuring on Reborn OS (Arch Linux)

Post by df » Fri Nov 30, 2018 7:04 am

yea. the configs normally have 4 "remote" lines, like in Balancer_UDP.ovpn it would have:

remote balancer.cstorm.is 443 udp
remote balancer.cstorm.net 443 udp
remote balancer.cryptostorm.ch 443 udp
remote balancer.cryptostorm.pw 443 udp

delete all but one, and change the hostname to whoami.cryptostorm.is

EDIT:
just got your iptables log post while posting this... nothing in the nat table.
the default iptables rules do have alot of ufw stuff in them, but i'm not seeing anything that would conflict with DNS.
even so, you could try flushing out all those rules with `iptables -F` then trying to connect again


Topic Author
lazarus_long
Posts: 22
Joined: Tue Oct 30, 2018 7:17 pm

Re: Problems configuring on Reborn OS (Arch Linux)

Post by lazarus_long » Fri Nov 30, 2018 7:27 pm

I need some of those rules for use with my steamlink for in home streaming. I only use the VPN some of the time.


Topic Author
lazarus_long
Posts: 22
Joined: Tue Oct 30, 2018 7:17 pm

Re: Problems configuring on Reborn OS (Arch Linux)

Post by lazarus_long » Fri Nov 30, 2018 7:35 pm

At this point I am thinking about going nuclear and reinstalling wiping my home folder. I would have some loss, but, most of my important stuff is on a seperate /data partition anyway.


Topic Author
lazarus_long
Posts: 22
Joined: Tue Oct 30, 2018 7:17 pm

Re: Problems configuring on Reborn OS (Arch Linux)

Post by lazarus_long » Sun Dec 02, 2018 7:31 pm

I wiped my home partition and started from scratch. Cryptostorm is running again. Question, do I have to delete my configs and start over every time I get a new token?

User avatar

df
Site Admin
Posts: 420
Joined: Thu Jan 01, 1970 5:00 am

Re: Problems configuring on Reborn OS (Arch Linux)

Post by df » Sat Mar 02, 2019 10:22 pm

No, of course not. Just update the file that contains your token (or it's hash), the file that's called by auth-user-pass in the openvpn config file.

Post Reply