Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit here or GitHub Ξ
Ξ If you're looking for tutorials/guides, check out the new https://cryptostorm.is/#section6 Ξ

List of IP addresses for nodes

Looking for assistance with a cryptostorm connection issue? Post here & we'll help out. Also: if you're not sure where to post, do so here & we'll move things around as needed. Also: for quickest support, email our oddly calm & easygoing support reps at support@cryptostorm.is :)

Topic Author
0x24d

List of IP addresses for nodes

Postby 0x24d » Wed Jun 13, 2018 1:22 am

Since I started using Cryptostorm I have maintained my own iptables script where I would manually hardcode the IP addresses on the nodes that I was wanting to connect to.

I have now decided to use a script such as https://github.com/fermi-cryptostorm/fe ... tostorm.sh which would find and allow all Cryptostorm node IP address so my script does not have to be updated everytime node IP addresses are changed, such as when the England node was updated recently.

However after running the script from fermi I was not able to connect to the England node - the IP address I was connecting to was different than the one retrieved from linux-balancer.

Code: Select all

x@localhost:~$ host linux-england.cryptostorm.net | awk -F ' '  '{print $4}'
5.101.149.25
5.101.149.11
5.101.149.19
5.101.149.29
5.101.149.15
5.101.149.23
5.101.149.9
5.101.149.21
5.101.149.17
5.101.149.7
5.101.149.27
5.101.149.13
x@localhost:~$ host linux-balancer.cryptostorm.net | grep 5.101.149 | awk -F ' '  '{print $4}'
5.101.149.5


Does linux-balancer need to be updated to include the new IP addresses for linux-england or is it correct and I need to retrieve a list of IP addresses a different way?

note: the IP address in linux-balancer is not returned in the list for linux-england

User avatar

df
Site Admin
Posts: 399
Joined: Thu Jan 01, 1970 5:00 am

Re: List of IP addresses for nodes

Postby df » Mon Jun 18, 2018 3:38 am

We've recently added several iptables-based load balancers to the DNS based linux-balancer.cryptostorm.net (and windows-balancer.cryptostorm.net), but haven't yet announced it anywhere.
The reason for this new type of balancer is that we've ordered a lot more IPs for several of the servers to give people more exit IP options to help them bypass any VPN bans or whatever.
Problem is, if we added all these new IPs to linux-balancer.cryptostorm.net or windows-balancer.cryptostorm.net, it would send a disproportionate number of people to the servers with the extra IPs instead of evenly distributing clients among all the servers.
Plus, most of these new IPs are in groups of /26 subnets (30 IPs), and adding 30 IPs per new group would make the DNS balancers have too many IPs.

So the solution I came up with was to use the iptables statistic module's --probability option (see http://ipset.netfilter.org/iptables-extensions.man.html ) as a sort of makeshift load balancer.
In the case of the Linux England instance, the way it works is a client connects to 5.101.149.5, which is listed in linux-balancer.cryptostorm.net, then the above iptables module will forward them to one of the new IPs you got when you resolved linux-england.cryptostorm.net.
Doing it this way, linux-balancer doesn't get filled up with linux-england IPs, so everything gets distributed evenly.

Currently, the nodes that have new IPs are paris, romania, england, and frankfurt. The Chicago (ussouth) server is going to be replaced in about a week or so, when the new one comes up it'll also include 30 or so new IPs.

Anyways, back to your issue.
Instead of using DNS to gather a list of all the exit IPs, use the file at https://cryptostorm.is/whitelist
It contains all the possible exit IPs, and it's always up-to-date since it's used by https://cryptostorm.is/test and a few other pages to determine if your IP is a CS IP or not.
You could run a cronjob that grabs that list every so often, and run it through | grep -v \# to have it remove the comments. The only thing in that file exit IPs and # comments containing the internal node name

EDIT:
In the latest version of the widget, I've had to rewrite the killswitch because it too was using windows-balancer.cstorm.pw to get the list of VPN IPs.
The replacement I decided to go with was to use the node list @ https://cryptostorm.nu/nodelist3.txt (which the widget already comes with), resolving the hostname at the end of each line.
Doing it that way is probably easier, because it accounts for any new servers that have lotsa IPs.


Return to “member support & tech assistance”

Who is online

Users browsing this forum: Baidu [Spider] and 43 guests

cron

Login