CryptoFree on OpenVPN

[ThundrB1rd]

Hi, I'm under heavy government censorship, The widget doesn't work as it should, it disconnects without any warnings and exposes you with your real IP address.
the best thing here is OpenVPN app, I have it on my Android and It's great, because it doesn't expose your IP, it simply disconnects you in case of a problem.
But I can't seem to config it under windows, with CryptoFree config file I get this error: "connection to cryptofree_windows-tcp has failed". Any help will be appreciated.

[Khariz]

Your government may be squashing non-obfuscated TCP 443 connections to prevent standard VPN Configurations.

A possible reason that the widget works to connect when OpenVPN doesn't is the widget's ability to both use DNScrypt and obfsproxy to hide the connection to the vpn. Without obfsproxy, you won't be able to hide your connection.

I'm not aware of any alternate solution that you can use with CryptoFree (or cryptostorm at all). You might want to try a VPN company that has both a competent Network Lock AND the ability to connect over SSH/SSL, such as AirVPN. I can just about guarantee that what you are trying to do would work on their network.

At this time, the only easy way to obfuscate your connection to cryptostorm is to use the widget.

[NOYB]

Hi, I'm under heavy government censorship, The widget doesn't work as it should, it disconnects without any warnings and exposes you with your real IP address.
the best thing here is OpenVPN app, I have it on my Android and It's great, because it doesn't expose your IP, it simply disconnects you in case of a problem.
But I can't seem to config it under windows, with CryptoFree config file I get this error: "connection to cryptofree_windows-tcp has failed". Any help will be appreciated.

We don't use wifi much, but were recently startled to learn just how pernicious these blocking systems have become. Tried to VPN out of our local public library which had deployed an almost zero safety open wifi system where you could actually "see" the other patrons on the network (rolling eyes).

Could not connect, no matter what we tried Tried Cryptostorm's OBFS, and AirVPN's SSL port 443 + many others. It was truly frightening.

Some days later I returned to that library with a Softether client: https://www.softether.org/

It worked instantly. On a hunch, I then tunneled both AirVPN's client and Cryptostorm's through the Softether tunnel. Both connected with the exit port IP of each respective OpenVPN provider.

Really scratching my head over this one. I would have thought that both the AirVPN and the Cryptostorm clients would work. But they didn't.

One caution? Softether has not been vetted to the degree OpenVPN has been checked. May not be safe to rely on it. But for getting to the point where you can use OpenVPN (or even Strongswan IPsec) - seems to work.

There aren't many Softether nodes in NA. I was forced to connect to Japan to get any bandwidth. OpenVPN through Softether was reliable even at that distance (checked it overnight)...but IPsec was finicky. Worked better when a Canadian Softether node was up (Softether nodes drop in and out all the time).

Right now I'm raising hell with my city councilman trying to learn of this "brainiac" who forces taxpayers into unprotected connections....It seems if there is a way to waste funds - gubmint will always find it.

Iran, China, Russia have great firewalls....US libraries? "Me too! Me too!".

[parityboy]

@NYOB

What you've written is both worrying and interesting. I very much doubt a publicly-funded library is using expensive DPI equipment, so could it be that that they are simply blocking UDP/443?

Blocking TCP/443 would of course be foolish, as would playing whack-a-mole with exit node IP addresses. That's not to say they wouldn't try it though...

[NOYB]

@NYOB

What you've written is both worrying and interesting. I very much doubt a publicly-funded library is using expensive DPI equipment, so could it be that that they are simply blocking UDP/443?

Blocking TCP/443 would of course be foolish, as would playing whack-a-mole with exit node IP addresses. That's not to say they wouldn't try it though...

Perhaps I missed something, but believe I tried both UDP & TCPIP on port 443, then with AirVPN client set to wrap OpenVPN with SSL. None of it worked

Ran across a reference recently which indicated free federal money was distributed to public libraries to be used for strengthening their firewalls. So Parityboy, perhaps you underestimate just how nuts Washington has become? Gotta keep young minds away from porn cooties - even if we rip up the Constitution to do it .....

And C'mon, truthfully half of the guys on this board would be gleefully running officials ragged using public libraries as "terrorism platforms" if they were still in junior high That's just what dudes do. "Watch this".

[NOYB]

@NYOB

What you've written is both worrying and interesting. I very much doubt a publicly-funded library is using expensive DPI equipment, so could it be that that they are simply blocking UDP/443?

Blocking TCP/443 would of course be foolish, as would playing whack-a-mole with exit node IP addresses. That's not to say they wouldn't try it though...

Nuther one: https://workfrom.co/salt-lake-city-publ ... ade-brance

Network blocks all ports except 80 and 443 and does deep packet inspection to block VPNs. Using a VPN in a SSL tunnel is necessary to provide access to additional ports.

[parityboy]

@NYOB

That last one is an epic /facepalm. Why block VPN? To me that's retardedly stupid. If anything, they should welcome VPN usage, since it inherently and automatically indemnifies them against any consequences of "unwanted" network usage.

[NOYB]

@NYOB

That last one is an epic /facepalm. Why block VPN? To me that's retardedly stupid. If anything, they should welcome VPN usage, since it inherently and automatically indemnifies them against any consequences of "unwanted" network usage.

Are you old enough to remember the cultural revolution in China? Young people running around with little red books? Over time, those books devolved into "license to kill."

Now if an old culture like China can succumb to such groupthink, what chance do "rest of us" have in controlling our crazies? How many people do you run into *every* day who are willing to cede their Bill of Rights? Why isn't Clapper headless?

We did it. It was cowardice.