@cryptostorm_is profile picture
‍ ‍‍‍ᓭ cryptostorm ᓯ @cryptostorm_is

The VPN provider for the truly paranoid

Joined January 2010
  • Tweets 30,388
  • Following 18
  • Followers 5,994
2,659 Photos and videos
Regarding the github.com/V4bel/dirtyfrag vulnerability that was disclosed a few hours ago, our servers aren't vulnerable since we're not using the affected modules. Now go buy tokens - cryptostorm.is/#section5
4
300
Regarding the copy.fail/ vulnerability, our servers do run Arch Linux, but they're not vulnerable since support for the affected kernel crypto API (AF_ALG) isn't enabled, and the module is blacklisted as described on cryptostorm.is/blog/port-str…

Copy Fail — 732 Bytes to Root

CVE-2026-31431. 100% Reliable Linux LPE — no race, no per-distro offsets, page-cache write that bypasses on-disk file-integrity tools and crosses containers. Found by Xint Code.

copy.fail
7
437
We added public DNS-over-HTTPS endpoints with optional ad/tracker blocking See cryptostorm.is/blog/doh The post also includes setup instructions for popular browsers, age/ID verification law comments, lifetime token news, and a Windows client update.
2
6
399
Our current supply of minted lifetime tokens is down to 24, and when those are sold we will be removing the option to purchase new lifetime tokens cryptostorm.is/#section5 <- buy one now before they're all gone And no, they will not return for the annual Black Friday sale
2
233
We finally got around to updating our Linux kill switch page scripts: cryptostorm.is/killswitch Replaced the old pile of legacy scripts with one clean, unified solution (WireGuard OpenVPN, nftables iptables).
7
386
We updated cryptostorm.is/xray/ to include xtls-rprx-vision support. The old configs should still work, but updgrading is recommended. Our CSXRAY Android app has also been updated - github.com/cryptostorm/CSXRA… and so has the server-side Xray instances (Xray-core v26.3.27)
1
346
We added better isolation to the backend endpoints for cryptostorm.is/wireguard and /wireguard_man but a (now fixed) bug was causing keys to not propagate the network correctly for the past 24 hours. If you used either page in that time, please go back and add/del your key again.
2
344
We wrote a blog post about our new server-side multihop feature. See cryptostorm.is/blog/ssmultih…
1
1
275
We added a new server-side multihop feature: connect like normal and go to http://10.31.33.7/multihop to use it. Also updated to OpenVPN 2.7.0 on all the servers, and re-enabled DCO on the UDP instances since 2.7.0 is using a newer (less buggy) DCO
2
340
Xray support is live and our custom Android app is finished, see cryptostorm.is/blog/xray
1
640
For those already asking: Yes, we will be doing the Black Friday to Cyber Monday half-off sale this year (Nov 28 - Dec 1), same as we've done every year for the past decade or so. Xray support is live and our custom Android app is finished, but the blog post is still in-progress
5
733
We extended the ports you can connect to our VPN entry IPs on (was 1-29999, now 1-65535). That was leftover from when the entry IP was the exit IP, but they're separate now so we can use all ports. Port forwarding is still restricted to ports >30000. cryptostorm.is/
2
770
We wrote a quick blog post better explaining the post-quantum stuff involving SSH that we tweeted about on July 3. Also added a couple of other things to the post (fixed an ad/tracker blocking issue, and info about the Xray setup we're working on). cryptostorm.is/blog/pq-opens…
1
4
940
We added jittered, obfuscated API calls to OpenVPN's auth logic to blunt timing and size-based side-channel attacks—even with TLS 1.3 PQ KEX in place. See cryptostorm.is/conf/ — the comments in the last four scripts have more details.
screenshot of comments in /configs/auth.sh.txt

ALT screenshot of comments in /configs/auth.sh.txt

1
1
5
1,185
the result=$(wait "$real_pid") line was incorrect, since that doesn't get the output, it just gets the return code from the wait command. The corrected code has been pushed to the server and updated on cryptostorm.is/conf/
589
We added support for post-quantum key exchanges to our SSH tunneling/obfuscation. OpenVPN can't do PQ KEX yet, but with this you can add a PQ layer on top of your OpenVPN (TCP) traffic. This requires a recent OpenSSH/OpenSSL version.
4
929
We accidentally broke transparent .onion access for WireGuard users in cryptostorm.is/blog/port-str… at "Tighter leak prevention in iptables". An exclusion was needed for tor's VirtualAddrNetworkIPv4. The transparent .onion (and .i2p) feature now works again for WireGuard users.
6
685
Cryptostorm client v3.65 released • Switched to Wintun (faster than TAP) • Killswitch reverted rewritten • Japanese lang fixed • Better OpenVPN output parsing • Improved threading update button logic • Faster connect/disconnect/exit Download from cryptostorm.is/windows

1
3
645
The full changelog along with the source code is on github.com/cryptostorm/cstor…

v3.64 -> v3.65 · cryptostorm/cstorm_widget@4a0eeb2

Switched from the old TAP driver to the newer/faster Wintun driver. Tested it on everything from Windows 7 (32 and 64-bit) to the latest Windows 11. People still using Windows 7 SP1 will need the ...

github.com
1
508
Load more