cryptostorm - The VPN service provider for the truly paranoid

Bare metal servers

dedicated servers only

No logs

Our VPN servers never save data that can be used to identify a customer.

Chaining supported

Don't trust that we're not logging?
Use multihop to connect to another VPN (or Tor) before you connect to us.

Open source

no proprietary code

All server-side configs are public

Available for review here.

Security through transparency

(too many) details on how the network operates available on our blog and on our
privacy policy page.

Token-based network access

anonymous authentication

Hashed tokens

Access tokens are hashed before connecting. Compromised or confiscated servers can't be used to identify clients.

Decentralized organization

roots in Iceland, entities worldwide

Financials in several regions

No central office, anywhere.

OpenVPN ECC

Ed25519, Ed448, and secp521r1 instances

521-bit EC (~15360-bit RSA)

TLSv1.3 supported

AEAD authentication

256-bit AES or ChaCha20-Poly1305

Resistant to quantum attacks

OpenVPN RSA

Our least secure option is stronger than most VPN providers' strongest option

8192-bit RSA server certificate

521-bit EC (~15360-bit RSA) CA

8192-bit DH params

256-bit AES or ChaCha20-Poly1305

Safe from padding oracle attacks

WireGuard

ChaCha20 for symmetric encryption, authenticated with Poly1305, using RFC7539's AEAD construction

Curve25519 for ECDH

BLAKE2s for hashing and keyed hashing, described in RFC7693

SipHash24 for hashtable keys

HKDF for key derivation, as described in RFC5869

Customized systems

~~grsecurity~~ linux-hardened kernels

exploit mitigation
hardened against heap corruption

Principle of least privilege practiced

Integrity verified

tripwire used to prevent backdoors

Disposable servers

Secure PKI management
Confiscating one server won't compromise the rest

DeepDNS system

protecting clients before they connect

encrypted DNS servers

Chain DNS traffic with Anonymized DNS

DNSCrypt v2

Public DNSCrypt servers for encrypting your DNS traffic before you connect

Transparent .onion/.i2p access

Direct access to darknets

Anti-leak protection

keeping your real IP safe

DNS/WebRTC leak protection

Stops IP leaks

DNS-based ad/tracker blocking

Prevents malicious trackers from working

Kill switch included

Many different killswitches available to prevents leaks if disconnected

Flexible connection options

bypass restrictive firewalls

SSH / HTTPS / obfs4 tunneling.

Obfuscate your VPN traffic to look like SSH or HTTPS traffic, or with obfs4, like nothing

Connect on any port

UDP or TCP (1-29999)

BitTorrent allowed

Port forwarding supported

Unlimited bandwidth

unrestricted access

No data caps, no throttling

Redundant load balancing

Minimizes downtime

Many IPs to choose from

Currently over 450 available IPs

Now with IPv6 support

The "devices" number below would be the maximum number of devices allowed to connect at the same time.
If you need to connect more devices, buy more tokens, or buy ones that allow more devices, or setup your router to use cryptostorm.

credit card ☇ PayPal

friendly pricing, quick access

single order USD (non-recurring)

credit card ☇ CCBill

supports most prepaid cards

Monero / XMR

no 3rd parties, no email or JS required

instructional video here

crypto ☇ NOWPayments

~200 cryptocurrencies supported
(no email or JS needed here either)

crypto ☇ BitPay

BTC, ETH, or any other cryptocurrency supported by BitPay

We use OpenVPN, so if they support your OS, then so do we. We also support WireGuard.

The VPN service provider for the truly paranoid

This website is also available as a Tor hidden service at this .onion linkand the I2P eepsite at cs.i2p

Privacy

Security

Benefits