admin/gluetun
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
98 Commits 18 Branches 75 Tags
00f6c74869ff266dbfacbc4b51d3572725e5d8ad
Commit Graph

35 Commits

Author SHA1 Message Date
Quentin McGaw
305b5954f9 Upgrade to Alpine 3.9 2019-04-23 10:32:31 +02:00
Quentin McGaw
aad11510f5 More defaults and fixing typos 2019-04-23 10:32:15 +02:00
Quentin McGaw
b26cb508de Splitted BLOCK_MALICIOUS with BLOCK_NSA and UNBLOCK env variable 2019-04-23 10:29:44 +02:00
Quentin McGaw
27802ba886 Runs OpenVPN as root by default, fixes #19 2019-03-18 11:27:36 +01:00
Quentin McGaw
2b45ba3425 The target files are created in /openvpn/target 
- More resilience to failure
- Less verbose
- Works with start/stop
 2018-11-27 17:50:08 +02:00
Quentin McGaw
0f02500a85 Moved all OpenVPN parameters to conf file + fixing AUTH_FAILED messages 2018-11-20 09:28:48 +02:00
Quentin McGaw
d1ebddb029 Fixed auth_failed error 
- Removed nonrootgroup
- File directories are slightly different
- Resolv-retry is removed as pointless as IP addresses are used
- Fixed some arguments to openvpn
 2018-11-17 14:44:17 +02:00
Quentin McGaw
9c6afff973 Healthcheck checks your IP is in the VPN configuration file 2018-11-14 16:25:23 +02:00
Quentin McGaw
d3dc6c74d8 Multiple additions and fixes #12 
- Unbound ran as `nonrootuser`
- Readme updated
- auth.conf replaced by `USER` and `PASSWORD` env variables
- Removed Nginx section from readme for now
- Reworked entrypoint with more checks
- Malicious IPs and hostnames building is done at Docker build to gain time at launch
- docker-compose updated to reflect changes
 2018-11-14 14:38:10 +02:00
Quentin McGaw
3c79ba33bb Fixes #13 2018-11-06 18:26:24 +01:00
Quentin McGaw
7b4c216fc8 Reworked project overall 2018-11-06 14:55:11 +01:00
Quentin McGaw
4bcaec6a33 Big refactoring (more secured, more modular) 
- Region change to "CA Montreal"
- Using external data images for malicious hostnames
- Added malicious IP addresses blocking with Unbound
- Unbound has DNS rebinding protection
 2018-10-28 14:08:14 +01:00
Tomasz Janowski
1af242f773 Don't insert duplicate ip addresses to the openvpn config file 
A new set of ip addresses is appended on every restart of the container which eventually results in openvpn error "Maximum number of 'remote' options (64) exceeded."
 2018-10-28 16:43:55 +11:00
Quentin McGaw
3bc45d930c Hostnames block is done in memory only 2018-10-10 10:24:15 +02:00
Quentin McGaw
d12f44fd6b Fixes #6 (forgot quotes for $REGION.ovpn) 2018-10-08 08:45:11 +02:00
Quentin McGaw
e0f201a334 Openvpn runs as non root user and tries all IP addresses 2018-10-05 12:43:16 +02:00
Quentin McGaw
b73ad75cde Multiple additions and fixes #5 
- Multi stage build
- Download and checks Unbound Root anchors
- Download and build malicious hostnames block list for Unbound
- Healthcheck only based on the current IP being different from the initial IP
- IPv6 related completely removed
- Multiple checks at launch with $?
- Launch openvpn as root (can't change user)
- Unbound configured with DNS SEC for DNS over TLS
 2018-10-04 22:24:43 +02:00
Quentin McGaw
b8dbf0761f Moved DNS over TLS at start as DNS is required in firewall anyway 2018-09-28 19:51:30 +02:00
Quentin McGaw
cfd1bab58d Checks for TUN device to be opened (useful after a reboot) 2018-09-21 17:00:52 +02:00
Quentin McGaw
2b7c7cc62a Restarts on fail; DNS over TLS only when connected to VPN; readme update 2018-09-21 16:39:08 +02:00
Quentin McGaw
6929947611 Runs openvpn as non-root user 2018-09-21 11:39:00 +02:00
Quentin McGaw
706050619d Re-added Unbound DNS over TLS 
It turns out you can't use a local DNS server once connected with the VPN, so running the DNS over TLS in the PIA container is the best.
 2018-09-21 11:28:23 +02:00
Quentin McGaw
de981c3566 Fixed firewall (iptables) and added ip6tables for ipv6 2018-09-21 09:33:37 +02:00
Quentin McGaw
41d7ca9824 Removed useless DNS shell code 2018-09-20 20:42:37 +02:00
Quentin McGaw
bf6401da23 New line after encryption 2018-09-12 19:23:02 +02:00
Quentin McGaw
081227edf2 Scans through corresponding REGION.OVPN file to find domain name and port 2018-06-07 18:33:03 -04:00
Quentin McGaw
7aa43274b1 Killswitch added with firewall, fixes #3 2018-06-06 22:44:11 -04:00
Quentin McGaw
ede5979541 Reverted back to creating tun device manually 2018-06-01 14:38:27 -04:00
Quentin McGaw
88dac5bdee Tun device is created inside the container, fixes #2 2018-05-27 21:00:42 -04:00
Quentin McGaw
bcc39a97f0 IP detection only relies on duckduck.go 2018-05-27 20:38:43 -04:00
Quentin McGaw
e4d7dea676 Trying to fix bug with space value for REGION 2018-04-18 18:02:36 -04:00
Quentin McGaw
adade5698e Finished dockerfile and updating RAM usage 2018-04-16 14:50:24 -04:00
Quentin McGaw
73c5fe5b2a Healthcheck searches for city and organization of public IP 2018-04-16 14:19:35 -04:00
Quentin McGaw
dd99f7e306 Added healthcheck 2018-04-15 14:52:27 -04:00
Quentin McGaw
6be3846d74 Added choice of UDP/TCP and level of encryption. Reworked readme and Dockerfile 2018-04-15 14:15:58 -04:00