Administrators Netduma Fraser Posted June 18, 2015 Administrators Share Posted June 18, 2015 Oh, I'm not suggesting replacing the names with the MACs. I'd just like to see the MACs as well as the IPs in the Edit section of Device Manager, so it's easier to know which device is which when faced with a screenful of unnamed devices. While we're at it, it'd also be nice if the screen didn't refresh and change hosts while I'm in the middle of editing the handle/quality on a host in the Host Filtering page. It does it routinely, and screws up my host filtering. Highlighting on the map the host you're currently pinging/editing would also be helpful, in case it does change, so you can go back to the one you were interrupted from working with, too. Yeah, as an added bonus Oh I've never had that issue, are you using IE by any chance? As Chrome/Firefox is recommended and may fix that issue. Yeah thats a nice little feature, highlighting would be cool! Link to comment Share on other sites More sharing options...
mcl Posted June 18, 2015 Share Posted June 18, 2015 Hm. It seems in my Host Filtering geo-filter, whenever my VPN is enabled, the ping is going through my VPN rather than through the hybrid. Prior to my problems today, this was working fine (i.e., geo-filter pings going out over the Internet, even when my VPN was enabled). Now, however, they're all going through my VPN. Did I break the hybrid somehow? My VPN configuration hasn't changed, by the way. EDIT: The weird thing, too, is that the geo-filtering still seems to work; it's just that the ping of the hosts is 300ms and up, which is clearly wrong because the same hosts ping at 20-40ms when I turn off the VPN. It'd be a shame if this is "as intended", because it makes the hybrid VPN solution useless with geo-filtering, since we can't accurately rate hosts. Link to comment Share on other sites More sharing options...
mcl Posted June 18, 2015 Share Posted June 18, 2015 Yeah, as an added bonus Oh I've never had that issue, are you using IE by any chance? As Chrome/Firefox is recommended and may fix that issue. Yeah thats a nice little feature, highlighting would be cool! Nope, I'm using the latest Firefox on Win 8.1. Speaking of highlighting, adding the handle of the host you're hovering over in the allow/deny slider at the bottom would be awesome. Link to comment Share on other sites More sharing options...
Administrators Netduma Fraser Posted June 18, 2015 Author Administrators Share Posted June 18, 2015 Nope, I'm using the latest Firefox on Win 8.1. Speaking of highlighting, adding the handle of the host you're hovering over in the allow/deny slider at the bottom would be awesome. Just a thought, turn off auto ping and see if that refreshing issue goes away. Redoing the Allow and Deny is something we have been planning on doing, having this would definitely be a good addition. Link to comment Share on other sites More sharing options...
Administrators Netduma Fraser Posted June 18, 2015 Author Administrators Share Posted June 18, 2015 I've moved your post into a new thread as this is a support issue. Are you using the Geo-filter with VPN for a console or PC? Link to comment Share on other sites More sharing options...
mcl Posted June 18, 2015 Share Posted June 18, 2015 I'll give it a shot. After having to do a factory reset after every time I made a change to my VPN config file (I've done 5 factory resets today, including having to change the LAN subnet each time, rename all my devices, redo the congestion control, and lose all my host ratings from the geo-filter), I'm really, really wanting a way to disable the VPN outside of the VPN page itself. Or have it not dependent on the network so I can turn it off when something's not working right. Also, it'd be great if there were some easy way to skip the forced tour that occurs after a factory reset, since having gone through it five times now just today, it's really rather unnecessary. It's also somewhat frustrating, because the only changes I'm making to the VPN config file is commenting out one or more servers to change the list of servers I'm using. Yet, whenever I hit Apply, I always get "Unable to communicate with the router", and if I ever reload the page, I just get "VPN" and the pulsating progress bar forever. And since at that point I have no networking and can't turn the VPN off (it doesn't matter anyway, since once I start getting "Unable to communicate with router", unchecking the "enable" box and hitting Apply does nothing), I'm forced to do a factory reset just to get networking back. My wife and daughter have been very forgiving of not having network all day because I've been fighting with this. At this point, I'm either going to have to live with the fact that certain programs won't work right through the VPN (including the geofilter ping), or give up on trying to use VPN with the R1. Which is also frustrating since I just paid for 3 months of service. Link to comment Share on other sites More sharing options...
Administrators Netduma Fraser Posted June 18, 2015 Author Administrators Share Posted June 18, 2015 Right okay, this may in fact be one of your issues, please take a look here and let us know how it turns out http://wiki.netduma.com/doku.php?id=common_vpn_errors Link to comment Share on other sites More sharing options...
mcl Posted June 18, 2015 Share Posted June 18, 2015 Yup, tried that. Once I start getting "unable to communicate with router", unticking enable and clicking apply just generates the same error. And a reboot just gives me the endless progress bar under VPN without access to any of the VPN settings. Link to comment Share on other sites More sharing options...
Administrators Netduma Fraser Posted June 18, 2015 Author Administrators Share Posted June 18, 2015 Yup, tried that. Once I start getting "unable to communicate with router", unticking enable and clicking apply just generates the same error. And a reboot just gives me the endless progress bar under VPN without access to any of the VPN settings. So disabling anti virus etc did nothing? Okay, just as an alternative test, if you make a free hide my ass account and then use the basic part of the VPN do these issues still persist? Link to comment Share on other sites More sharing options...
mcl Posted June 18, 2015 Share Posted June 18, 2015 I'll test that this evening and let you know. Link to comment Share on other sites More sharing options...
Administrators Netduma Fraser Posted June 18, 2015 Author Administrators Share Posted June 18, 2015 I'll test that this evening and let you know. Okay great, I'm going to move the support part of this thread to somewhere more relevant to keep your original suggestions as the main focus Link to comment Share on other sites More sharing options...
Administrators Netduma Fraser Posted June 18, 2015 Author Administrators Share Posted June 18, 2015 Also, check this out, this may be contributing http://forum.netduma.com/topic/84-why-cant-i-connect-to-a-vpn-using-the-advanced-tab/ Link to comment Share on other sites More sharing options...
mcl Posted June 18, 2015 Share Posted June 18, 2015 I've moved your post into a new thread as this is a support issue. Are you using the Geo-filter with VPN for a console or PC? PC. Windows 8.1. Link to comment Share on other sites More sharing options...
mcl Posted June 18, 2015 Share Posted June 18, 2015 Also, check this out, this may be contributing http://forum.netduma.com/topic/84-why-cant-i-connect-to-a-vpn-using-the-advanced-tab/ It's all one config. Here's what I'm using: # this is the cryptostorm.is client settings file, versioning... # cstorm_linux_dynamic_1-4.conf # last update date: 12 January 2014 # it is intended to provide stochastic connection _and_ reconnection variablity # across both exitnode clusters _and_ nodes within clusters # thus, maximum hardening against aggressive attack vectors # Chelsea Manning is indeed a badassed chick: #FreeChelsea! # also... FuckTheNSA - for reals. W00d! client dev tun resolv-retry 16 nobind persist-tun persist-key float txqueuelen 686 # expanded packet queue plane, to improve throughput on high-capacity sessions sndbuf size 1655368 rcvbuf size 1655368 # increase pre-ring packet buffering cache, to improve high-throughput session performance remote-random # randomizes selection of connection profile from list below, for redundancy against... # DNS blacklisting-based session blocking attacks # iceland cluster <connection> remote linux-iceland.cryptostorm.net 443 udp </connection> <connection> remote linux-iceland.cryptostorm.org 443 udp </connection> <connection> remote linux-iceland.cryptostorm.nu 443 udp </connection> <connection> remote linux-iceland.cstorm.pw 443 udp </connection> # Frankfurt cluster <connection> remote linux-frankfurt.cryptostorm.net 443 udp </connection> <connection> remote linux-frankfurt.cryptostorm.org 443 udp </connection> <connection> remote linux-frankfurt.cryptostorm.nu 443 udp </connection> <connection> remote linux-frankfurt.cstorm.pw 443 udp </connection> # Montreal cluster <connection> remote linux-montreal.cryptostorm.net 443 udp </connection> <connection> remote linux-montreal.cryptostorm.org 443 udp </connection> <connection> remote linux-montreal.cryptostorm.nu 443 udp </connection> <connection> remote linux-montreal.cstorm.pw 443 udp </connection> # Lisbon (Portugal) cluster <connection> remote linux-lisbon.cryptostorm.net 443 udp </connection> <connection> remote linux-lisbon.cryptostorm.org 443 udp </connection> <connection> remote linux-lisbon.cryptostorm.nu 443 udp </connection> <connection> remote linux-lisbon.cstorm.pw 443 udp </connection> # Seattle / US west cluster <connection> remote linux-uswest.cryptostorm.net 443 udp </connection> <connection> remote linux-uswest.cryptostorm.org 443 udp </connection> <connection> remote linux-uswest.cryptostorm.nu 443 udp </connection> <connection> remote linux-uswest.cstorm.pw 443 udp </connection> # US midwest cluster <connection> remote linux-uscentral.cryptostorm.net 443 udp </connection> <connection> remote linux-uscentral.cryptostorm.org 443 udp </connection> <connection> remote linux-uscentral.cryptostorm.nu 443 udp </connection> <connection> remote linux-uscentral.cstorm.pw 443 udp </connection> # London (England) cluster <connection> remote linux-london.cryptostorm.net 443 udp </connection> <connection> remote linux-london.cryptostorm.org 443 udp </connection> <connection> remote linux-london.cryptostorm.nu 443 udp </connection> <connection> remote linux-london.cstorm.pw 443 udp </connection> # Paris (France) cluster <connection> remote linux-paris.cryptostorm.net 443 udp </connection> <connection> remote linux-paris.cryptostorm.org 443 udp </connection> <connection> remote linux-paris.cryptostorm.nu 443 udp </connection> <connection> remote linux-paris.cstorm.pw 443 udp </connection> comp-lzo no # specifies refusal of link-layer compression defaults # we prefer compression be handled elsewhere in the OSI layers # see forum for ongoing discussion - https://cryptostorm.org/viewtopic.php?f=38&t=5981 down-pre # runs client-side "down" script prior to shutdown, to help minimise risk... # of session termination packet leakage allow-pull-fqdn # allows client to pull DNS names from server # we don't use but may in future leakblock integration #explicit-exit-notify 3 # attempts to notify exit node when client session is terminated # strengthens MiTM protections for orphan sessions hand-window 37 # specified duration (in seconds) to wait for the session handshake to complete # a renegotiation taking longer than this has a problem, & should be aborted mssfix 1400 # congruent with server-side --fragment directive auth-user-pass # passes up, via bootstrapped TLS, SHA512 hashed token value to authenticate to darknet # auth-retry interact # 'interact' is an experimental parameter not yet in our production build. ca ca.crt # specification & location of server-verification PKI materials # for details, see http://pki.cryptostorm.org <ca> -----BEGIN CERTIFICATE----- MIIFHjCCBAagAwIBAgIJAKekpGXxXvhbMA0GCSqGSIb3DQEBCwUAMIG6MQswCQYD VQQGEwJDQTELMAkGA1UECBMCUUMxETAPBgNVBAcTCE1vbnRyZWFsMTYwNAYDVQQK FC1LYXRhbmEgSG9sZGluZ3MgTGltaXRlIC8gIGNyeXB0b3N0b3JtX2RhcmtuZXQx ETAPBgNVBAsTCFRlY2ggT3BzMRcwFQYDVQQDFA5jcnlwdG9zdG9ybV9pczEnMCUG CSqGSIb3DQEJARYYY2VydGFkbWluQGNyeXB0b3N0b3JtLmlzMB4XDTE0MDQyNTE3 MTAxNVoXDTE3MTIyMjE3MTAxNVowgboxCzAJBgNVBAYTAkNBMQswCQYDVQQIEwJR QzERMA8GA1UEBxMITW9udHJlYWwxNjA0BgNVBAoULUthdGFuYSBIb2xkaW5ncyBM aW1pdGUgLyAgY3J5cHRvc3Rvcm1fZGFya25ldDERMA8GA1UECxMIVGVjaCBPcHMx FzAVBgNVBAMUDmNyeXB0b3N0b3JtX2lzMScwJQYJKoZIhvcNAQkBFhhjZXJ0YWRt aW5AY3J5cHRvc3Rvcm0uaXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB AQDJaOSYIX/sm+4/OkCgyAPYB/VPjDo9YBc+zznKGxd1F8fAkeqcuPpGNCxMBLOu mLsBdxLdR2sppK8cu9kYx6g+fBUQtShoOj84Q6+n6F4DqbjsHlLwUy0ulkeQWk1v vKKkpBViGVFsZ5ODdZ6caJ2UY2C41OACTQdblCqaebsLQvp/VGKTWdh9UsGQ3LaS Tcxt0PskqpGiWEUeOGG3mKE0KWyvxt6Ox9is9QbDXJOYdklQaPX9yUuII03Gj3xm +vi6q2vzD5VymOeTMyky7Geatbd2U459Lwzu/g+8V6EQl8qvWrXESX/ZXZvNG8QA cOXU4ktNBOoZtws6TzknpQF3AgMBAAGjggEjMIIBHzAdBgNVHQ4EFgQUOFjh918z L4vR8x1q3vkp6npwUSUwge8GA1UdIwSB5zCB5IAUOFjh918zL4vR8x1q3vkp6npw USWhgcCkgb0wgboxCzAJBgNVBAYTAkNBMQswCQYDVQQIEwJRQzERMA8GA1UEBxMI TW9udHJlYWwxNjA0BgNVBAoULUthdGFuYSBIb2xkaW5ncyBMaW1pdGUgLyAgY3J5 cHRvc3Rvcm1fZGFya25ldDERMA8GA1UECxMIVGVjaCBPcHMxFzAVBgNVBAMUDmNy eXB0b3N0b3JtX2lzMScwJQYJKoZIhvcNAQkBFhhjZXJ0YWRtaW5AY3J5cHRvc3Rv cm0uaXOCCQCnpKRl8V74WzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IB AQAK6B7AOEqbaYjXoyhXeWK1NjpcCLCuRcwhMSvf+gVfrcMsJ5ySTHg5iR1/LFay IEGFsOFEpoNkY4H5UqLnBByzFp55nYwqJUmLqa/nfIc0vfiXL5rFZLao0npLrTr/ inF/hecIghLGVDeVcC24uIdgfMr3Z/EXSpUxvFLGE7ELlsnmpYBxm0rf7s9S9wtH o6PjBpb9iurF7KxDjoXsIgHmYAEnI4+rrArQqn7ny4vgvXE1xfAkFPWR8Ty1ZlxZ gEyypTkIWhphdHLSdifoOqo83snmCObHgyHG2zo4njXGExQhxS1ywPvZJRt7fhjn X03mQP3ssBs2YRNR5hR5cMdC -----END CERTIFICATE----- </ca> ns-cert-type server # requires TLS-level confirmation of categorical state of server-side certificate for MiTM hardening. auth SHA512 # data channel HMAC generation # heavy processor load from this parameter, but the benefit is big gains in packet-level... # integrity checks, & protection against packet injections / MiTM attack vectors cipher AES-256-CBC # data channel stream cipher methodology # we are actively testing CBC alternatives & will deploy once well-tested... # cipher libraries support our choice - AES-GCM is looking good currently replay-window 128 30 # settings which determine when to throw out UDP datagrams that are out of order... # either temporally or via sequence number tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA # implements 'perfect forward secrecy' via TLS 1.x & its ephemeral Diffie-Hellman... # see our forum for extensive discussion of ECDHE v. DHE & tradeoffs wrt ECC curve choice # http://ecc.cryptostorm.org tls-client key-method 2 # specification of entropy source to be used in initial generation of TLS keys as part of session bootstrap log devnull.txt verb 0 mute 1 # sets logging verbosity client-side, by default, to zero # no logs kept locally of connections - this can be changed... # if you'd like to see more details of connection initiation & negotiation Link to comment Share on other sites More sharing options...
mcl Posted June 18, 2015 Share Posted June 18, 2015 So disabling anti virus etc did nothing? Okay, just as an alternative test, if you make a free hide my ass account and then use the basic part of the VPN do these issues still persist? Hm. I can't find any free account for hidemyass. At best, there's 1 month for $9.99. Do you have a link? Link to comment Share on other sites More sharing options...
Administrators Netduma Fraser Posted June 19, 2015 Author Administrators Share Posted June 19, 2015 They used to do a free version but seems like they've stopped that now! I spoke with Iain about this issue, we didn't expect people to use the Geo-filter ping when you're using exceptions and so only outputs the ping from the VPN not what it is through the exception. Link to comment Share on other sites More sharing options...
mcl Posted June 19, 2015 Share Posted June 19, 2015 In that case, I'd like to make a suggestion that when a host is VPN-enabled on the router, and that host is also selected at the top of the host filtering page, that the pings go out separate from the VPN? Particularly as you're aiming for a VPN hybrid that does the right thing automatically. Link to comment Share on other sites More sharing options...
Administrators Netduma Fraser Posted June 20, 2015 Author Administrators Share Posted June 20, 2015 That is a good suggestion, I believe when I spoke to Iain he said that it may not be possible due to the way its been implemented. However, I will try to get clarification on this as it would be good to do. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.