widget v3

Post by **parityboy** » Sun Sep 11, 2016 7:06 am

superstyle wrote:just upgraded to the lastest one . did some speedtest getting almost full speed

Can you post your findings in the Cryptotorm Speedtest Thread? Many thanks.

themanwithavan · Post by **themanwithavan** » Sun Sep 11, 2016 3:46 pm

Big thanks for this version. I've had nothing but problems with the other version. Dropouts under load, inability to connect to server, retries not working because a pop-up says unable to find host. Was about to dump cryptostorm but thought to at least see if there is a new version of the client. Glad I did.

Downloading like mad and so far no issue. And like other posters I'm pretty sure it's faster too.

themanwithavan · Post by **themanwithavan** » Sun Sep 11, 2016 7:16 pm

Well I take it back. Seems to last a bit longer but now instead of a dialogue box about unable to connect the client now hangs on attempting to reset to crypto dns. The log says after 20 or 40 minutes that it's resetting due to time out. But that isn't the case at all. This is so frustrating. Cryptostorm is so unstable.

superstyle · Post by **superstyle** » Mon Sep 12, 2016 1:06 am

hey df everything seems to be working fine for me, left the vpn on over night no drops. i would like to request feature. please add internet kill switch if its possible.

Thank you for your amazing work

Post by **parityboy** » Tue Sep 13, 2016 5:15 am

themanwithavan wrote:Well I take it back. Seems to last a bit longer but now instead of a dialogue box about unable to connect the client now hangs on attempting to reset to crypto dns. The log says after 20 or 40 minutes that it's resetting due to time out. But that isn't the case at all. This is so frustrating. Cryptostorm is so unstable.

Can you give us a bit more detail as to your setup? OS etc? I don't run Windows, but I may be able to help.

Khariz · Post by **Khariz** » Tue Sep 13, 2016 10:50 am

I'm not experiencing any stability issues at all. I've been connected to u.s. South for 72 hours straight at this point.

marzametal · Post by **marzametal** » Sat Sep 17, 2016 3:18 pm

Are these the latest hashes for cryptostorm_setup.exe v3.0.0.56 ?

md5 - 2570E4A6A1A020A5C9114B9E55E197D7
sha1 - BB230429D53363A81B010AF2EE58EE154CEE5FF0
sha256 - 0F8594A3714C9639668ED62995F56C8C15C540167CFE396335621BAC4D257981

Post by df » Sat Sep 17, 2016 3:44 pm

@marzametal
yep,

[root@b html]# md5sum cryptostorm_setup.exe
2570e4a6a1a020a5c9114b9e55e197d7 cryptostorm_setup.exe
[root@b html]# sha1sum cryptostorm_setup.exe
bb230429d53363a81b010af2ee58ee154cee5ff0 cryptostorm_setup.exe
[root@b html]# sha256sum cryptostorm_setup.exe
0f8594a3714c9639668ed62995f56c8c15c540167cfe396335621bac4d257981 cryptostorm_setup.exe

marzametal · Post by **marzametal** » Sun Sep 18, 2016 8:45 am

@df

much appreciated my good man... keep up the great work! It's been an honour thus far to be a part of the CS community.

Post by df » Mon Oct 03, 2016 10:46 pm

toupie wrote:not very technology literate and new to the world of vpn.

using win xp sp3
currently using sexynarwhal2_22 - no major issues apart from occasional crashing while running with standard node (but rare).

installed beta version of 24 may 2016
(after having uninstalled sexynarwhal2_22 and deleting cs and tap-windows folders in program files and rebooting)
on installing getting error installing tap-windows, but installation complete.
on running the widget v3, getting it's getting longer than 60 seconds, trying again, at the 3rd automatic try getting this message:

Can't load fwpuclnt.dll
Options error: Failed to enable --block-outside-dns. Maybe WFP is not supported on your system?

after installing tap-windows-9.21.2.exe manually, no longer getting the above error message on re-installing widget v3, but still not being able to connect.

installed beta version of 25 may 2016
(after having uninstalled widget v3 of 24 may 2016 and deleting cs and tap-windows folders in program files and rebooting)

no error message during installation

still cannot connect and getting it's getting longer than 60 seconds, trying again, and no error message after the 5th try (but still no connection).

going back to sexynarwhal2_22 for the time being, until a new widget v3 version is available.

thank you.

Just noticed your post. You do realize that you're using an OS that was discontinued in 2014?
I strongly suggest you upgrade to something that still receives security updates - http://home.bt.com/tech-gadgets/computi ... 3972474326
If your PC is so old that it can't run anything after XP, then either buy a new one or replace your XP install with Linux.

JTD121 · Post by **JTD121** » Sat Nov 05, 2016 3:25 am

Just downloaded and installed without verifying the hashes for 3.0.0.56. Any update on that? Are they automatically posted somewheres?

Khariz · Post by **Khariz** » Sat Nov 05, 2016 3:28 am

Hashes for 3.0.0.56 are

[root@b html]# md5sum cryptostorm_setup.exe
2570e4a6a1a020a5c9114b9e55e197d7 cryptostorm_setup.exe
[root@b html]# sha1sum cryptostorm_setup.exe
bb230429d53363a81b010af2ee58ee154cee5ff0 cryptostorm_setup.exe
[root@b html]# sha256sum cryptostorm_setup.exe
0f8594a3714c9639668ed62995f56c8c15c540167cfe396335621bac4d257981 cryptostorm_setup.exe

JTD121 · Post by **JTD121** » Sat Nov 05, 2016 3:38 am

Wow, quick response! Verified!

Post by df » Thu Dec 15, 2016 6:07 am

btw, latest is v3.0.0.64 - https://cryptostorm.is/cryptostorm_setup.exe (or https://b.unni.es/cryptostorm_setup.exe )
hashes -
md5:
542751249fae327375413932c84115b4 cryptostorm_setup.exe
sha512:
8c18afd7b55e7d13806eb36754fad55725230ca6af76b85c2068afa94da7c679d5096eb620896198d181e718f736c634003467ca1bb39af888d20ccdf292834a cryptostorm_setup.exe
sha1:
959d3a488f269053e15822246b22affaa04d4281 cryptostorm_setup.exe

JJ · Post by JJ » Tue Dec 27, 2016 11:04 pm

Widget not working. problems resolving DNS. Installed latest version in the assumption that everything was updated (including DNS) but apparantly that is not the case. Or did I do something wrong?

Unfortunately; the older version is also not working anymore. The same Error.

Khariz · Post by **Khariz** » Wed Dec 28, 2016 3:33 am

Check your network adapter. Probably stuck on wrong dns settings. Reset to default and then re-run widget.

Post by df » Wed Dec 28, 2016 3:41 am

@JJ
Old and new widget work fine in my tests.
Most likely your DNS settings were changed somehow, you'll need to restore them to their default settings in order to be able to resolve stuff again.
https://www.opennicproject.org/configur ... windows-7/ and other sites you can find via Googling "windows dns change" have instructions for doing so.

In the latest v3 widget build, DNS settings are saved to a file when the program starts up, so if the widget ever crashes (leaving DNS in an unusable state), all that's needed to restore DNS settings is to run the widget again.

EDIT:
tldr, what Khariz said

marzametal · Post by **marzametal** » Wed Dec 28, 2016 7:18 am

The scenario in the above post happened to me as well...

It turns out that the widget defaults to a specific exit node after install/update, and unless the end user picks it up by checking connection logs, he/she will throw a fit because s**t doesn't work.

For me, it was one of the US nodes, off the top of my head, cannot remember which one.

JJ · Post by JJ » Sun Jan 01, 2017 2:02 am

In my case the default was without any specific DNS-settings in the network adapter on IP4. Am I supposed to enter a specified DNS-setting here?

Khariz · Post by **Khariz** » Sun Jan 01, 2017 4:51 am

Up to you. Can always put some opendns or some of cryptostorm's servers in there.

JJ · Post by JJ » Mon Jan 02, 2017 3:02 am

No succes so far. Changing DNS setting to OpenDNS of CS-adresses does not work. Widget keeps displaying the message that it is impossible to resolve the server in the specific country. Did not try all the countries, but at least 5. All the same errors.

JJ · Post by JJ » Wed Jan 11, 2017 2:16 am

See my previous posting, January 2th. Still no working connection. Anyone any suggestion??

XmrE7 · Post by **XmrE7** » Sun Jan 15, 2017 3:58 am

OS ?

I also use dnscrypt client outside the widget..

Perhaps we need something that avoids isps performing transparent dns proxying?

JJ · Post by JJ » Mon Jan 16, 2017 3:23 am

marzametal wrote:The scenario in the above post happened to me as well...

It turns out that the widget defaults to a specific exit node after install/update, and unless the end user picks it up by checking connection logs, he/she will throw a fit because s**t doesn't work.

For me, it was one of the US nodes, off the top of my head, cannot remember which one.

Hey Marzametal: really interested in what connection logs I will have to check. Looks like it has nothing to do with DNS-settings. Would expect every location to have a problem then. But that is not the case. So it seems like another problem. Hope you can give me a clue.

marzametal · Post by **marzametal** » Mon Jan 16, 2017 8:38 am

What firewall do you use? Maybe I can think of something...

I make use of Windows Firewall with Advanced Security, but I use a 3rd party app called Windows Firewall Control to act as an interface for WFwAS for the purposes of monitoring connection logs, and a 3rd party app called Acrylic DNS Proxy to handle DNS (along with wildcards in Hosts file).

NOTE: WFwAS does not provide such logging capabilites... one would have to navigate to "C:\Windows\System32\LogFiles\Firewall\pfirewall.log" to see any resemblance of a connection log... very ugly looking, but it is plain text after all...

Essentially, it would be a guessing game to figure this out without firewall connection logs. Hence why I asked at the beginning of this post about your firewall software.

The basic rules needed would be: (each line represents a rule)
DHCP Inbound
DHCP Outbound
DNS Resolving C:\Windows\system32\svchost.exe - tied to DNS Windows Service
DNSCrypt C:\Program Files (x86)\Cryptostorm Client\bin\dnscrypt-proxy.exe
NETSH C:\windows\syswow64\netsh.exe
WIDGET C:\program files (x86)\cryptostorm client\bin\client.exe

I have attached a print screen of my rules for an exit node, along with DHCP rules. The NLA Outbound Snooping rule (tied to Network Location Awareness Service) and the Crypto Outbound Snooping rule (tied to Cryptographic Services Service) are there, but are denied via a global Block Rule. The other rules are active when connecting to said exit node. Also, disregard the rule for Acrylic.

I will keep an eye on this thread for any of your replies... very interesting as to why you are having dramas.

Cheers.

P.S.: In regards to router, I have replaced my ISP DNS entries with CS DNS entries, and before I started using Acrylic DNS Proxy, I would have included two CS DNS addresses for ISP connection, but left the TAP Adapter DNS fields to populate automatically.

P.S.: Just remembered there is also an outbound rule for "C:\Program Files (x86)\Cryptostorm Client\bin\csvpn.exe"...

My approach is tedious, but once set up, it allows for transparency because the rules that are active only apply for the exit node that I am connecting to. I could provide more details, but will wait for a response so we are on the same page. Good luck buddy!

JJ · Post by JJ » Tue Jan 17, 2017 4:07 am

@marzametal
Many thanks for your thorough response. For me it is rather technical, (too technical) so I am not sure if I understand it all correct. But I use Kaspersky Internet Security. So far never had a problem with it. Wonder why this schould be the case with widget3 and off course, what I can do about it.

JJ · Post by JJ » Thu Jan 19, 2017 3:43 am

OK. Another few hours of puzzling. Just found out that when I disable DSN-crypt in the widget, it is possible to connect to CS VPN without any errors. What does this mean? Is there an error in the DNS-crypt list? Or?

Post by df » Thu Jan 19, 2017 3:23 pm

@JJ
The only thing I can think of that would cause that is if something else is already listening on 127.0.0.1:53 (such as a local DNS server/proxy/cache).
Currently, the widget doesn't check to make sure port 53 is available on 127.0.0.1.
I'll add that to the next build, so if something is using that port already, it'll popup a message telling you about it then it'll disable DNSCrypt. Maybe if it doesn't add too much additional code, I could also have it tell you which program is already listening on 127.0.0.1:53.

mmm · Post by **mmm** » Thu Jan 19, 2017 11:21 pm

bro .. are you using SimpleDNSCrypt or another windows dnscrypt resolver ? .. i might be facing this too. i'll check again.

JJ · Post by JJ » Fri Jan 20, 2017 12:56 am

@df Thanks for your response. I do not have a local DNS-server/proxy etc.. Is the widget adapted to block when this is the case?
What is the risk of disabling DNS-crypt?? I understood that it was meant to improve privacy/security. What if it is permanently disabled?

JJ · Post by JJ » Fri Jan 20, 2017 1:09 am

@df Used Currports to check if port 53 is used by another program at 127.0.0.1 but that is also not the case.

Post by df » Fri Jan 20, 2017 6:58 am

@JJ
It could also be that something else (an AV maybe?) is closing dnscrypt-proxy.exe for whatever reason.
Either that or dnscrypt-proxy is spitting out an unexpected error.
A way to test would be to open up a cmd prompt as Administrator and run:

"C:\Program Files (x86)\Cryptostorm Client\bin\dnscrypt-proxy" -R cs-fr

and see if dnscrypt-proxy spits out any errors.

As for disabling dnscrypt, it will make your pre-connect DNS requests less secure, but it's highly unlikely that an attacker would be able to do anything more than a DoS against you (maybe to prevent you from accessing the VPN).

Khariz · Post by **Khariz** » Fri Jan 20, 2017 7:20 am

Unless you are trying to avoid a government level adversary, turning off dns crypt isn't going to mess you up at all.

JJ · Post by JJ » Fri Jan 20, 2017 12:29 pm

@df - Thanks for your info and your efforts to help me through this.
When I enter this command I receive mainly INFO (no errors):
[INFO] [cs-fr] does not support DNS security extensions
+ namecoins domains can be resolved
+ provider supposedly doesn't keep logs
[Notice] starting dnscrypt-proxy 1.6.0
Generating a new session keypair
Done
Server certificate #..... received
This certificate looks valid
Server key fingerprint is .........
[Notice] Proxying from 127.0.0.1:53 to 212.129.46.86:443

Looks to me it is working OK. Or? What to do now?

@Khariz - no such case

Post by df » Fri Jan 20, 2017 9:22 pm

@JJ
It looks like dnscrypt is running correctly. I guess try doing the same thing the widget would do (from cmd):
nslookup windows-balancer.cstorm.pw 127.0.0.1
That'll lookup the first windows balancer against dnscrypt.

But as Khariz said, you could just disable dnscrypt since you're not facing any adversaries that are capable of causing problems via DNS.

Guest404 · Post by **Guest404** » Sun Jan 29, 2017 8:30 am

Sorry to be a pain, but is the widget going to come to Linux anytime soon?

Post by df » Mon Jan 30, 2017 1:11 pm

@Guest404
Probably not very soon, I'm still working on the widget for Windows.
But I do plan on starting a Linux widget after v3 is officially released, which shouldn't be long now.

When I do begin the Linux widget, I'll probably just start from the Windows widget's code and begin hacking off a big portion of the code since a lot of it is unnecessary on Linux because Linux handles certain things in a sane manner (process signals, threading, a non-horrible firewall, etc.).

JJ · Post by JJ » Wed Feb 01, 2017 3:16 am

df wrote:@JJ
It looks like dnscrypt is running correctly. I guess try doing the same thing the widget would do (from cmd):
nslookup windows-balancer.cstorm.pw 127.0.0.1
That'll lookup the first windows balancer against dnscrypt.

But as Khariz said, you could just disable dnscrypt since you're not facing any adversaries that are capable of causing problems via DNS.

OK. Thamks for this information. In the meantime (after hours of frustration and trial and error) I found out that my Kaspersky Internet Security was responsible for these problems. After consulting their Support crew I found a solution that is working with DNS-crypt enabled. Thanks for your support and keep up the good work.

JJ · Post by JJ » Wed Feb 01, 2017 10:17 pm

In addition to my earlier message: it looks as if there is also something with the widget. Not sure if that's the case, but when my laptop restarts after a hibernate mode, the DNS-server setting of my network adapter is changed in a local one: 127.0.0.1. With the widget activated the adapter setting on IP4 is the CS DNS-server of the country I selected.

Post by df » Tue Feb 07, 2017 10:11 am

@JJ
That's intended. The widget detects hibernate/suspend and disconnects the VPN since internet gets killed anyways when that happens. When the computer wakes up, the widget detects that too and will reconnect the VPN if you were connected before the hibernate. If you weren't connected to the VPN before hibernate, it'll still set the DNS to the local DNSCrypt server (127.0.0.1), unless you have DNSCrypt disabled.

@Everyone else
Latest widget build is v3.0.0.66, which fixes a small bug where when auto-updating the dnscrypt-resolvers.csv file, it would delete the openssl + openvpn .exe's too if also upgrading those.
There was a v3.0.0.65 that was on the web site for about a minute, but it was quickly removed because of a bug where the upgrade process broke due to a temporary directory not being created correctly. So if anyone downloaded it in the short time it was there, upgrade to v3.0.0.66.

Hashes for v3.0.0.66 are:

MD5:
cf35a86b4a2a6f2fb8315466d83e64c0
SHA1:
5eb64a2e469f12e0b36532d7f1c6c72407d88a4f
SHA512:
73ba3f43b5adcbec38da1d9c4f9bae21b3122dd632dbdceb2caaed2f92e3a29aca83e6c3c49e7cc39d5f7ca1b6bcb879c4e7fef4251f7c90a8a9a53269c42625

Included is the latest nodelist, dnscrypt resolvers, openssl, and openvpn.
As usual, the latest build can be found at https://cryptostorm.is/cryptostorm_setup.exe or https://b.unni.es/cryptostorm_setup.exe

Side note:
Right now I'm trying to change the node list update code since it still does a simple/lazy grab of https://cryptostorm.nu/nodelist3.txt , which means if cryptostorm.nu goes down or someone is able to do an HTTPS MitM against you, you won't be able to update your node list (or in the MiTM case, someone could point you to a malicious VPN server). I think a solution to that problem would be to only allow updating of the node list after connected to the VPN, so it would grab nodelist3.txt from a local copy stored on node itself, via the VPN tunnel. For people who don't have tokens yet, the feature would also work on Cryptofree.

And yes, I still plan on adding a killswitch function in the near future. If I can't get the code I'm working on now to play nicely with Windows, or if it's going to end up taking much longer than it already has, I'll most likely just slap together something using WFP or Windows Firewall. Not as efficient as I'd like, but it would be functional enough for most people.

JTD121 · Post by **JTD121** » Wed Feb 08, 2017 6:56 am

Hm....Just upgraded to 3.0.0.66, and upon starting I get an OpenVPN Daemon has stopped working error on Win8.1

Complete uninstall/reinstall?

Khariz · Post by **Khariz** » Wed Feb 08, 2017 6:58 am

After install, restart computer too. Sometimes there is nothing I can do to get that to work once it starts malfunctioning besides a restart.

bricus · Post by **bricus** » Wed Feb 08, 2017 8:09 am

Hi,

I was on a previous v3 build, and since several updates happened within the widget, I’m not able to use a v3 build any more – well, I just have the v3.0.0.66 to test.
It stops at the “Logging into the darknet” step, no log is visible, just a black square.
Is there a way to get the log elsewhere?
Widget v2.22 is working.

Thanks in advance for any help.

marzametal · Post by **marzametal** » Wed Feb 08, 2017 10:04 am

bricus wrote:Hi,

I was on a previous v3 build, and since several updates happened within the widget, I’m not able to use a v3 build any more – well, I just have the v3.0.0.66 to test.
It stops at the “Logging into the darknet” step, no log is visible, just a black square.
Is there a way to get the log elsewhere?
Widget v2.22 is working.

Thanks in advance for any help.

I am having the same issue. Tracked it down to csvpn.exe (the openvpn version - openvpn.exe after renaming to csvpn.exe also misbehaves)

turbz · Post by **turbz** » Wed Feb 08, 2017 12:00 pm

Same here, happened before and reinstall fixed it, but not this time :/

Khariz · Post by **Khariz** » Wed Feb 08, 2017 12:37 pm

I know this isn't helpful to you guys having problems with the newest widget, but I just wanted to report that everything is working fine for me in Windows 10.

astudy · Post by **astudy** » Wed Feb 08, 2017 9:38 pm

I've been using widget v3 for months and it has been solid. All of a sudden last night it automatically stalled on connection. I tried to restart it and it kept coming back with the yellow bar 'took longer than 60 seconds to connect'.

I've now completed all of the task below with the same yellow bar continuing to plague me:
updated nodes
restarted the widget
installed the widget all over again
restarted my computer

If anyone has any updates on why this could be happening I'd greatly appreciate it. I have to admit that since August when I purchased I feel like I've had a lot of problems and not much on the way of help.

Quark55 · Post by **Quark55** » Wed Feb 08, 2017 9:52 pm

I have the same problem as the others above. After some auto update yesterday it stopped working. I have reinstalled (build 3.0.0.66)and so on but it dosent work and i am using Win10. Someone wrote that it worked on Win10... not for me. Same error it loads and then stoppes on logging into darknet.. then only reconnect every 60 sek. I have checked my key and it is still valid for 45 Days.

bricus · Post by **bricus** » Thu Feb 09, 2017 12:55 am

Thanks for the various responses, and good to know I’m not the only one.
I just tested on Win10, so I have this issue on Win7 and Win10.

Post by df » Fri Feb 10, 2017 1:24 pm

It sounds like people had problems with the csvpn.exe (openvpn 2.4.0) that got pushed in the last update.
It worked for me on Win10, but just in case I reuploaded the same openvpn/openssl binaries/libraries that I had locally onto all the servers so that they would get pushed instead.

For those still having this issue, uninstall/reinstall v3.0.0.66 and connect, then accept the update when it pops up and it should upgrade to openvpn 2.4.0 + openssl 1.0.2k just fine.

If you're still getting stuck at "Logging into darknet" even after trying the above, my guess is that you have an AV program running in the background that's deleting csvpn.exe or ossl.exe after it gets downloaded because the action appears to be malicious (granted, it is suspicious for a .exe to get downloaded like that). So if you've got any sort of AV running, add "C:\Program Files (x86)\Cryptostorm Client\" to your exclusion list.

Post by df » Fri Feb 10, 2017 8:28 pm

Tested with somebody, and for whatever reason OpenVPN 2.4.0 kept crashing on them.
So I just released v3.0.0.67 that's downgraded to OpenVPN 2.3.14, it'll most likely fix this issue for anyone else still having problems with v3.0.0.66.

Latest v3.0.0.67 @ https://cryptostorm.is/cryptostorm_setup.exe & https://b.unni.es/cryptostorm_setup.exe
md5:
00ad5e5c1d33d40825771d29d000547b
sha1:
54972c1cc4ba0a94057e5a879d480c02abd3b80f
sha512:
0fbf233211a7fe1d086ea59705ccf15b69e6e5e2748866323dc9489f31a24c1bcbea9bc90ab5f5cccfbec6196f172ee06eeeee7bb7eb16c8c09296079a4ce141

astudy · Post by **astudy** » Fri Feb 10, 2017 10:31 pm

hmm....I downloaded the one just posted and it connected but then I go to my browser to navigate to my email and I'm not connected to the internet at all???

Very strange....I tried the OpenVPN route and the same thing is happening. After connecting to a cryptostorm server I no longer have internet connection.

I've disabled all of my AV programs during the process.

astudy · Post by **astudy** » Fri Feb 10, 2017 11:36 pm

I can't explain.....but I just downloaded the v3 widget again and I'm now connected and the screen shot below is showing green. Thanks for all your work and responses. I'm just happy this is finally working.

bricus · Post by **bricus** » Sat Feb 11, 2017 9:11 am

V3 is working again, thanks.
If it’s ever known, I’m curious to know why OpenVPN 2.4.0 is/was crashing – even if I won’t understand.

Post by df » Mon Feb 20, 2017 4:08 am

@bricus
I'm not sure, it was working fine on my win10 test VM.
Maybe an OpenVPN 2.4 bug that only affects certain configurations?

Khariz · Post by **Khariz** » Mon Feb 20, 2017 4:11 am

I'm keeping the 2.4 widget. It works great for me on Windows 10. I just keep answering no when it asks me to "upgrade" to 2.3

marzametal · Post by **marzametal** » Mon Feb 20, 2017 5:53 am

Khariz wrote:I'm keeping the 2.4 widget. It works great for me on Windows 10. I just keep answering no when it asks me to "upgrade" to 2.3

Maybe you could roll back to .66 which has 2.4... saves you clicking No all the time.

Post by df » Mon Feb 20, 2017 5:59 am

@marzametal
Eh, I haven't been maintaining the previous versions though since these v3 betas were never really intended to be released, at least not until it got out of beta. So each new build is uploaded to the same place, overwriting the previous. The only way to get .66 would be if you already downloaded it and still have it saved, or if I built a new .68 that used ovpn 2.4 instead of 2.3.

Khariz · Post by **Khariz** » Mon Feb 20, 2017 6:15 am

It's no big deal for me to click no. I'm only getting disconnected like once a week now that thestuff from that disconnect thread seems to be sorted out.

crimghost · Post by **crimghost** » Wed Mar 29, 2017 3:03 am

I've run into a problem where when I connect to Cryptostorm service, no matter which server I connect to, the v3 client sets my preferred DNS server 1 digit too low. So my browser cannot connect to the internet until I go into Windows 10 settings and manually increase the final digit on the right 1 digit higher than client v3 sets it automatically.
To be clear if client v3.0.0.67 sets my preferred DNS to ***.**.147.76 I cannot connect until I go in and manually set my preferred DNS to ***.**.147.77 instead. Every server I've tried works fine once I make this change though.

Khariz · Post by **Khariz** » Wed Mar 29, 2017 3:25 am

I find that exceptionally weird considering the fact that the widget should not be manually setting the DNS IP to the actual servers IP address anyway, it should be sending it to the tap adapter gateway. I wonder if some setting is being pushed differently from the servers than it used to be.

Post by df » Wed Mar 29, 2017 3:45 am

@Khariz
The widget does manually set the DNS if DNSCrypt is enabled. Everything else is done via TAP, but there might be some code still in there that's leftover from before --block-outside-dns was implemented into OpenVPN, back when the widget had to do the DNS leak blocks itself.

@crimghost
That is very weird. There's nothing in the code that does any sort of math against any DNSCrypt server IP, and the DNS server IP you get when you connect is pushed directly from the server...
You sure you're not running any other software that might be modifying your DNS settings?

crimghost · Post by **crimghost** » Wed Mar 29, 2017 12:46 pm

Some other weird things about it:
My connection to the internet works if I also go down a digit as well. So, if I changed ***.**.147.76 to ***.**.147.75 That change also repairs the connection. So one digit either up or down makes it work

When I use the v3 client to connect at the end I get the green bar that says I'm connected and no errors are reported even though I cannot browse the internet with any standard browser. Firefox, Microsoft Edge, Brave Browser all don't work. Tor Browser however, does work even before any changes are made by me manually to the Primary DNS IP address.

The only thing that I've installed recently was mullvad's windows client, in order to compare VPN services. That has since been completely uninstalled and the system has been rebooted, and the problem remains.

crimghost · Post by **crimghost** » Thu Mar 30, 2017 8:35 am

Well, I fixed it.
Windows Settings, Network & Internet, in the Status tab all the way at the bottom click "Network reset". It auto reboots the system and then after that it was fixed.
Sorry for the confusion, and for cluttering your thread here when the problem was on my end.

PS I ended up buying a 1 year token with CS. Very impressive service. Nothing else came close after extensive research and testing.

JTD121 · Post by **JTD121** » Thu Mar 30, 2017 4:51 pm

@crimghost, you should come along into the IRC Support channel. We lurk and talk about random stuff, sometimes actually support new users such as yourself

Post by df » Thu Apr 13, 2017 9:28 am

New widget build out, v3.0.0.71
hashes:

md5: 6bf40dd09b2b7851849e5630e24f7121
sha1: 747e75eaaa623f5dcbbd6ed22430d4f5235989ee
sha512: 31bb34f65c73788e7f5149c295f649ad5b6ca6b07f2d113891bf64d2007efdee648473a127ff7bb868314b4e5e2c340fc028aaa81babee3d11d402440518843f

Up at the usual places, https://cryptostorm.is/cryptostorm_setup.exe and https://b.unni.es/cryptostorm_setup.exe

The main feature in this build is better closing of the openvpn process, so your session counter will decrease instantly when you disconnect or exit.
In all the previous builds it was doing an 'unclean' kill of that process, which meant the server didn't recognize your disconnect until the server-side openvpn timed out the connection, which takes 2 minutes.
Now it should happen instantly, so no more auth failures when you quickly disconnect/reconnect.

The other feature is in Options -> Connecting, you can now specify that 60 second connect timeout to something a little higher if you need more than 60 seconds to connect (like if on bad WiFi).

Khariz · Post by **Khariz** » Thu Apr 13, 2017 9:30 am

Nice update! Thanks.

JTD121 · Post by **JTD121** » Thu Apr 13, 2017 3:42 pm

Great update! Installing now!

Post by **parityboy** » Fri Apr 14, 2017 10:21 pm

@df

Why are you still posting MD5 signatures for the widget? Would it not be better to deprecate it and replace it with SHA-256, if you still want to provide 3 hashes?

Just a thought.

justintime · Post by **justintime** » Sun Apr 16, 2017 1:50 am

I'm a bit shocked/surprised that there is ONLY a windows widget version. CS has always prided itself on being as secure as possible, and I don't understand why that wouldn't include Unix? The windows widget has many added security features...

But anyone who is REALLY concerned with security, is either running it on Linux, or on their router which means they cannot take advantage of any of these extra security enhancements.

I left CS a year ago, waiting for this to be released, but it still hasn't happened yet

It just feels wrong on so many levels.

Post by **parityboy** » Sun Apr 16, 2017 2:40 am

@justintime

Most Linux users know enough to handle their security issues in terms of firewalls, leaks etc. Not only that, but also consider that those security features are in the widget because...Windows. However, you do have a point: as desktop Linux becomes more popular, that popularity will be represented by users who are not as familiar with Linux and network security as us *nix heads are.

Post by df » Mon Apr 17, 2017 9:25 am

@justintime
Just as parityboy said, Windows requires more effort to make things more secure/anonymous.
It's non-trivial to run DNSCrypt along with OpenVPN while also blocking DNS, WebRTC/STUN/ICE, and IPv6 leaks in Windows.
On Linux, it is trivial. Plus, most of the issues that the Windows Widget fixes don't even exist in Linux.

@parityboy
MD5 and SHA1 are considered broken, but in order for someone to perform a collision (like if they were able to manipulate the cryptostorm_setup.exe file and wanted to get past integrity checks), they would have to cause the other hashes to change too (md5 collision would change the sha1 and sha512 hashes, sha1 collision would change the md5 and sha512 hashes, etc.). That's why you should check all 3 hashes.
Even so, here's the sha256 hash of the last build (v3.0.0.71): d93e388f90b8177f3dcc16365e25c575f1be64df7a6a1b9caca13bbae87f1733

The only reason I'm still including SHA1 and MD5 hashes is that there's a lot of free products (like https://www.microsoft.com/en-us/downloa ... x?id=11533 ) that only does MD5 and SHA1, and a lot of people are probably using one of those programs.

If anyone out there is using one of those programs that only supports MD5 or SHA1, try out https://sourceforge.net/projects/simplehasher/
It's free and supports a lot more ciphers (more than I've provided for the .exe actually), and is pretty easy to use.

dabb · Post by **dabb** » Tue Apr 25, 2017 12:04 am

Currently using Tunnelblick and dropped by to make a little prayer for a mac/linux port of widget

Much love x

Elf · Post by **Elf** » Wed Apr 26, 2017 3:06 am

Is it possible to get a comprehensive comparative of issues that the windows widged is supposed to fixes and features added that might not exist or lack on linux/mac osx with other clients?

Im a recent CS user on OSX with tunnelblick and as relative novice I would like to be informed if I can try to improve things on my side? Already disables ipv6 altogether :p

thanks

KungFuChe · Post by **KungFuChe** » Fri May 05, 2017 3:52 pm

some good progress is being made on the widget here but i see a major issue on some 32 bit platforms:

client.exe hangs at splash screen with high CPU load
(the initial window with the controls does not appear)
then it constantly retries some I/O read operation - looks like it might involve a call to mswsock.dll (WSPStartup)
this produces a memory leak: client.exe allocates +1 MB every 2 seconds until system halts
nothing related is seen in event log

not really looking for old platform support - just pointing out that v2 was working so if you are going to fail now lets make a clean exit

on other platforms where it works, i see some issues with suspend / resume:
upon resuming client.exe is still running and it appears in tray
- but nothing happens when you click on it (and https://cryptostorm.is/test fails)
so the user must manually test connectivity every time the machine wakes
need some way to fail safe (= no access without VPN)