cryptostorm's community forum

@blurb
With the Wireguard option it probably would be, but I wouldn't trust a VPS for anything that requires a high
level of security. Since it's a VM, you have no way of verifying the security of the system running the VM. Whatever security measures you do (firewall, grsecurity, FDE, strong passwords/keys, etc.) can all be circumvented if someone has root access to the host server. Plus, VPS bandwidth tends to be fairly limited/expensive in some regions. Probably enough for one person though.

Also, sometime soon we'll add Wireguard to all our servers.
I'd recommend waiting for that, but if you require more immediate traffic obfuscation than OpenVPN's --tls-crypt provides (what our ECC instances use), I'd say go with streisand. That setup does offer more obfuscation methods than we currently do.
But after or during our wireguard implementation, we'll most likely be adding extra obfuscation methods to our setup, so you could just wait for that as well.

FYI, online.net, OVH, oneprovider.com, and kimsufi usually offer very cheap 1gbps dedicated servers in France and/or the Netherlands.
At the moment https://oneprovider.com/dedicated-servers/paris-france has a 2.5gbps one for €11/month, and
https://www.online.net/en/server-dedica ... t-2-s-sata has a 1gbps one for €9.99/month.
With those, you wouldn't have to worry about the security issues that a VPS has since they're dedicated servers.

@df

Yeah, I glossed over everything but the speed comparison there didn't I. Thanks for clarifying the privacy implications, and I agree there isn't any privacy if they chose for there not to be - the power is all with them.

I do find those $5 instances fun to play with though, when I just want to tinker with something for its own sake, and treat them as a 'crowded room', temporary and disposable - probably spend a dollar a month. If any of my vague ideas go anywhere I'll take a good look at using the more solid options you linked, nice one. I liked those prices.

You guys will continue to be the ones to keep the list of the sites my family visit off my ISP's logs, and by extension out of the hands of the ~50 organisations my government said can access them as they please. Not due to it being very interesting in and of itself, non of us would even blush, but due to fuck-them; the principal. I much prefer the attitude I've picked up from you guys so you'll be our quasi isp.

"Also, sometime soon we'll add Wireguard to all our servers."

Yay. If you want the perspective of a mostly casual linux user who'll funnel 300gig/month of irritating youtube videos, xbox updates etc through it to beta test, I'd be more than willing to jump on early. I'm looking for an excuse to integrate it into my router and squeeze that last bit out of our connection.

I noticed the web site and forum overhaul... so the home page now says: "The OpenVPN service provider for the truly paranoid". Well sure, anyone who is not paranoid is not paying attention ... but does this mean that plans to support wireguard have been abandoned? If not, can you give us some hint about your timeline for trials and full scale deployment? Are we talking weeks or months? Just wanted to have some idea of where I should be sending clients who ask about wireguard service.

@thread

I recently upgraded to a 70Mb/s FTTC connection so I thought I'd share some results here. Connected to the Sweden node and pulling a copy of Linux Mint from the Swedish mirror, I get this: Works out to 59.84Mbit/s; not bad considering I'm not using a node closer to me.

I've been having speed issues for over 3 weeks now. Can't break 50kb/s, regardless of server selected.
Tried changing the port and swapping from UDP to TCP, no help whatsoever.
My firewall shows no blockages relating to CS.
Killswitch is actvated.
Torrents don't break 30kb/s barrier.
Not sure what is going on, even tried a new token but the problem still exists.

Windows widget, latest version.

Running on Windows 10 with Comcast Broadband, Arris SB6190, and Edgerouter X.

I am having a major problem with bandwidth speed while using Cryptostorm VPN. Since you advertise “blazing fast speeds,” I am hoping you can correct my issues so that I do not have to request a refund for my purchased token.

Let me state that I do not know how to test broadband speed in any way other than using speedtest.net.

I recently increased my broadband download speed (from Comcast) from 75Mbps to 400Mbps. Prior to using the VPN (and with the faster Comcast speed), I was receiving download speeds of 150Mbps wireless and 300Mbps wired.

I programmed the Edgerouter X for whole house VPN using this blog post.

https://tech.michaelaltfield.net/2017/0 ... flix-safe/

Now, all my wired devices go through the router and the VPN. On my wireless devices, I can choose this same route or, instead, go through the router but bypass the VPN. I do this depending upon which wi-fi network I am connected to.

So, starting with cryptofree, I connected to a VPN server in France. Not wanting to see my web pages in French, I purchased a cryptostorm token, and applied it to the VPN. I decided to connect to a server in Chicago using UDP.

Here is a breakdown of my download speeds after this change.

Wired through VPN…. 10Mbps
Wireless through VPN… 5Mbps
Wireless bypass VPN… 150Mbps

The Chicago UDP server is obviously giving this slow speed. Do you have any suggestions? This needs to be almost as fast as when the VPN is bypassed.

Remember, before the VPN, I was getting these download speeds.

Wired no VPN… 350Mbps
Wireless no VPN… 150Mbps

@BillShannonA
No VPN is going to give you speeds close to what you see when you're not on a VPN, unless the VPN has encryption completely disabled, or it's using a very weak algorithm. The encryption algorithms we use are the strongest available at the moment, and that does take resources (CPU/RAM). The Edgerouter X router only has a Dual-Core 880 MHz MIPS1004Kc CPU and 256 MB of RAM. That's not much, especially when that small device is handling the networking for a whole house of devices.

That being said, there are some things you can try to boost your VPN speeds. First, you should try to connect to the VPN from a computer, just to see what kind of speeds you get when you do it directly instead of going through the router. If the speeds are good, then it's the router. If they still suck, try switching the UDP port to something other than the default 443 (53 might help). Comcast in some regions is known to do QoS (Quality of Service) on some traffic, so the Ed25519 or Ed448 UDP configs might give you better speeds since they use ports that are commonly associated with VoIP.

The version of OpenVPN you have will also affect your speeds. If it's something ancient, the algorithms used might not be very efficient. OpenVPN 2.5 is the latest, and it includes support for the cipher CHACHA20-POLY1305 on OpenVPN's data channel (that's the part that handles your actual traffic). For any of the ecc/ed25519/ed448 configs, if you have openvpn 2.5, you can change the "cipher AES-256-GCM" line to "cipher CHACHA20-POLY1305" to use that algorithm. In my tests, CHACHA20-POLY1305 shows better performance, except on CPUs with support for the AES-NI instruction (I haven't checked if EdgeRouter X's CPU does or not).

Another thing you can try is WireGuard instead of OpenVPN. WireGuard is much faster because it uses more modern encryption than OpenVPN, and it's not a userspace program like OpenVPN is, WireGuard is a kernel-space program. So it would be a better choice for a VPN running on a small embedded device (like a router). Here's a guide DDG found: https://www.adamintech.com/install-wire ... er-edgeos/

Also, if you're geographically close to Chicago and that's why you picked that server, try picking another one, even if it's a little bit further away. Some data centers have uplinks (their ISP) that might share some of the same networks as your ISP. That means you can sometimes get better speeds on a server that's further away than another that's closer.

Hope this helps :-)

Thanks a lot. I can continue in this thread, or I can take it elsewhere if it fits better elsewhere.

Do I have to encrypt? Is it even possible not to encrypt? Is it good enough to hide who/where I am, or do I need to hide what I am doing as well? Can I install a less stringent encryption?

How do I switch the UDP port to 53?

I do not know what version of OpenVPN I am using? Is this found on the Edgerouter or somewhere else? And if I am using OpenVPN 2.5, which config do you recommend... ecc, ed25519, or ed448.

I could not find out if Edgerouter X supports AES-NI instruction. I know not what it is. I did a search for it on the Ubiquiti site. Could not find "AES-NI." I sent them a support ticket to find out if it does or not. Where do I change the cipher?

I am not going to try WireGuard, but thanks for that suggestion. It took me long enough to get it to work with OpenVPN.

I am in Denver, CO. The only server in Mountain Time Zone is Las Vegas. I picked Chicago because it was close to Wisconsin and I like the Green Bay Packers. Shall I try Las Vegas? Can I choose one of the balanced configs and insure that I am getting a USA server.

BillShannonA wrote: ↑ Do I have to encrypt? Is it even possible not to encrypt? Is it good enough to hide who/where I am, or do I need to hide what I am doing as well? Can I install a less stringent encryption?

Yes, you have to encrypt. It's not possible to connect to our service without encryption. What you're looking for is more of a basic proxy, which we don't offer. The reason we don't offer weaker (or no) encryption for those who want faster speeds is because that opens up everyone to downgrade attacks where people wanting the most secure option could be forced by a malicious person to use whatever the weakest algorithm is. It's basically the whole "only as strong as it's weakest link" concept.

BillShannonA wrote: ↑ How do I switch the UDP port to 53?

Edit the OpenVPN config file (.ovpn), find the four lines that start with "remote", they'll have "443" near the end of each of them.
Just change 443 to 53 to use that port instead.

BillShannonA wrote: ↑ I do not know what version of OpenVPN I am using? Is this found on the Edgerouter or somewhere else? And if I am using OpenVPN 2.5, which config do you recommend... ecc, ed25519, or ed448.

The ed25519 configs will probably give you the best speeds, but they do require at least OpenSSL 1.1.1 and OpenVPN 2.4.3.
The OpenVPN 2.5 requirement was just if you wanted to switch to the Poly1305-Chacha20 cipher.
If you are using OpenVPN 2.5, you can do that by editing the config and changing the line "cipher AES-256-GCM" to "cipher CHACHA20-POLY1305"

BillShannonA wrote: ↑ I could not find out if Edgerouter X supports AES-NI instruction. I know not what it is. I did a search for it on the Ubiquiti site. Could not find "AES-NI." I sent them a support ticket to find out if it does or not. Where do I change the cipher?

See above. AES-NI is a feature in most modern CPUs that lets the processor do AES related functions faster.

BillShannonA wrote: ↑ I am not going to try WireGuard, but thanks for that suggestion. It took me long enough to get it to work with OpenVPN.

Just try it out locally on your computer first (OpenVPN too). That will give you a baseline that you can use for bandwidth you expect to get.

BillShannonA wrote: ↑ I am in Denver, CO. The only server in Mountain Time Zone is Las Vegas. I picked Chicago because it was close to Wisconsin and I like the Green Bay Packers. Shall I try Las Vegas? Can I choose one of the balanced configs and insure that I am getting a USA server.

Vegas does have less users on it usually. If you chose the balancer configs it wouldn't ensure you connect to a US server. Most of our customers don't want to connect to US servers, so the only way to do that is to manually choose the US configs.

Machen Sie sich keine Sorgen, wenn Sie Probleme mit der sexuellen Aktivität nicht lösen können. Ich empfehle Ihnen, Ihre Aufmerksamkeit auf besuchen sie diese Website zu lenken, um weitere Informationen zu erhalten, da ich dort immer versuche, meine Probleme in meinem Sexualleben zu lösen.