admin/gluetun
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,071 Commits 18 Branches 75 Tags
5ca13021e7d0b23099c314c52aae4e5671e4737c
Commit Graph

51 Commits

Author SHA1 Message Date
Quentin McGaw
5ca13021e7 feat(netlink): detect IPv6 using query to address 
- If a default IPv6 route is found, query the ip:port defined by `IPV6_CHECK_ADDRESS` to check for internet access
 2025-11-07 21:50:58 +00:00
Quentin McGaw
b0c4a28be6 chore(lint): upgrade linter to v2.4.0 
- migrate configuration file
- fix existing code issues
- add exclusion rules
- update linter names
 2025-08-16 20:10:19 +00:00
Quentin McGaw
76a4bb5dc3 chore: use gofumpt for code formatting 2024-10-11 19:27:29 +00:00
Quentin McGaw
7842ff4cdc fix(firewall): ipv6 multicast output address value 2024-10-06 09:28:39 +00:00
Quentin McGaw
3d6d03b327 fix(firewall): log warning if ipv6 nat filter not supported instead of returning an error 
- Allow to port forward redirect for IPv4 and not IPv6 if IPv6 NAT is not supported
- Fix #2503
 2024-10-05 07:52:30 +00:00
Quentin McGaw
bc55c25e73 fix(firewall): delete chain rules by line number (#2411) 
- Fix #2334 
- Parsing of iptables chains, contributing to progress for #1856
 2024-08-17 20:12:22 +02:00
Quentin McGaw
2a9ab29e7d fix(firewall): VPN_PORT_FORWARDING_LISTENING_PORT behavior fixed again 
- allow redirection destination port in INPUT table
 2024-08-05 13:57:30 +00:00
Quentin McGaw
f6165d206a fix(firewall): VPN_PORT_FORWARDING_LISTENING_PORT behavior fixed 
by not restricting the destination address to 127.0.0.1
 2024-08-05 13:37:49 +00:00
Quentin McGaw
26705f5a23 hotfix(firewall): re-add iptables-legacy for setups with nft kernel support 2024-07-29 05:43:34 +00:00
Quentin McGaw
73832d8b49 hotfix(firewall): add iptables -m flag for input port instructions 2024-07-26 11:40:12 +00:00
Quentin McGaw
ef6874fe57 fix(firewall): query iptables version for iptables found 2024-05-04 16:19:30 +00:00
Quentin McGaw
75fd869625 fix(firewall): handle OpenVPN tcp-client as tcp 2023-12-14 15:10:33 +00:00
Quentin McGaw
4105f74ce1 feat(portforward): port redirection with VPN_PORT_FORWARDING_LISTENING_PORT 2023-11-23 08:37:43 +00:00
Quentin McGaw
0a29337c3b chore(all): replace net.IP with netip.Addr 2023-05-20 20:06:12 +00:00
Quentin McGaw
d21a943779 chore(all): use netip.Prefix for ip networks 
- remove usage of `net.IPNet`
- remove usage of `netaddr.IPPrefix`
 2023-04-27 13:42:50 +00:00
Quentin McGaw
723d0f5e12 chore(lint): upgrade from v1.51.2 to v1.52.2 2023-04-12 09:40:00 +00:00
Quentin McGaw
4ba159e483 chore(all): review error wrappings 
- remove repetitive `cannot` and `failed` prefixes
- rename `unmarshaling` to `decoding`
 2023-04-01 16:57:18 +00:00
EkilDeew
875690ab18 feat(network): enable ipv6 connection and tunneling (#1114) 
Co-authored-by: Quentin McGaw <quentin.mcgaw@gmail.com>
 2022-09-13 17:18:10 -07:00
Quentin McGaw
20f20f051b fix(firewall): iptables support detection 
- Add dummy rule to `INPUT` to test for iptables support
- This may resolve #896
 2022-03-30 09:03:25 +00:00
Quentin McGaw
39a62f5db7 feat(firewall): improve error message when NET_ADMIN is missing 2022-03-09 11:16:10 +00:00
Quentin McGaw
006b218ade feat(firewall): auto-detect which iptables 
- On `iptables` error, try to use `iptables-nft`
- On `ip6tables` error, try to use `ip6tables-nft`
 2022-02-26 22:55:22 +00:00
Quentin McGaw
920ad8b54b chore(errors): review all errors in codebase 2022-02-20 02:58:16 +00:00
Quentin McGaw (desktop)
3d8e61900b Maint: make VPN connection not specific to OpenVPN 
- Add VPN field to ServerSelection struct
- Set VPN type to server selection at start using VPN_TYPE
- Change OpenVPNConnection to Connection with Type field
- Rename Provider GetOpenVPNConnection to GetConnection
- Rename GetTargetIPOpenVPNConnection to GetTargetIPConnection
- Rename PickRandomOpenVPNConnection to PickRandomConnection
- Add 'OpenVPN' prefix to OpenVPN specific methods on connection
 2021-08-19 14:09:41 +00:00
Quentin McGaw (laptop)
3f1fb52fcb Maint: upgrade qdm12 dependencies 
- Upgrade qdm12/golibs
- Upgrade qdm12/dns to v1.11.0
 2021-07-24 17:59:22 +00:00
Quentin McGaw (desktop)
2ddc784965 Maint: firewall package interface rework 
- return concrete struct type
- split interface is sub-interfaces
 2021-07-23 19:12:16 +00:00
Quentin McGaw (desktop)
94b60d9f70 Maint: firewall and routing use logger.Debug 
- Remove SetVerbose and SetDebug from both
- Log routing teardown
- Default logging level set to info
 2021-07-23 18:20:18 +00:00
Quentin McGaw (desktop)
21f4cf7ab5 Maint: do not mock os functions 
- Use filepaths with /tmp for tests instead
- Only mock functions where filepath can't be specified such as user.Lookup
 2021-07-23 16:06:19 +00:00
Quentin McGaw (desktop)
7c44188130 Fix: controlled interrupt exit for subprograms 
- Openvpn and Unbound do not receive OS signals
- Openvpn and Unbound run in a different process group than the entrypoint
- Openvpn and Unbound are gracefully shutdown by the entrypoint
- Update golibs with a modified command package
- Update dns to v1.9.0 where Unbound is luanched in its own group
 2021-07-16 20:04:17 +00:00
Quentin McGaw (desktop)
be22c8547f Maintenance: use io instead of ioutil if possible 2021-05-30 03:13:19 +00:00
Quentin McGaw
e0e56595c6 Fix: only run ip6tables if it is supported by the Kernel (#431) 
- Fix #430
 2021-04-19 14:35:29 -04:00
Quentin McGaw
7ba98af1cc Feature/Bugfix: IPv6 blocking (#428) 
- Feature/Bugfix: Block all IPv6 traffic with `ip6tables` by default
- Feature: Adapt existing firewall code to handle IPv4 and IPv6, depending on user inputs and environment
- Maintenance: improve error wrapping in the firewall package
 2021-04-19 09:24:46 -04:00
Quentin McGaw
dd5a9c6067 Fix: empty connection for NordVPN and Windscribe 2021-01-31 18:45:58 +00:00
Quentin McGaw
4abb8cd87f Add panic checks 2021-01-29 00:32:43 +00:00
Quentin McGaw
73479bab26 Code maintenance: OS package for file system 
- OS custom internal package for file system interaction
- Remove fileManager external dependency
- Closer API to Go's native API on the OS
- Create directories at startup
- Better testability
- Move Unsetenv to os interface
 2020-12-29 00:55:31 +00:00
Quentin McGaw
db64dea664 Fix #273 (#277), adding FIREWALL_OUTBOUND_SUBNETS 2020-10-29 19:23:44 -04:00
Quentin McGaw
ed4fcc17b3 Routing improvements (#268) 
- Fixes #82 
- Remove `EXTRA_SUBNETS`
- Remove no longer needed iptables rules
- Reduce routing interface arity
- Routing setup is done in main.go instead of in the firewall
- Routing setup gets reverted at shutdown
 2020-10-24 18:05:11 -04:00
Quentin McGaw
9c73faaaeb Add linters and fix lint issues 2020-10-20 02:45:28 +00:00
Quentin McGaw
f95f6201b1 Rename repo to Gluetun, refers to #112 2020-07-26 12:07:06 +00:00
Quentin McGaw
a13be8f45e Firewall simplifications 
- Only a map of allowed input port to interface
- port forwarded is in the map of allowed input ports
- port forwarded has the interface tun0 in this map
- Always allow tcp and udp for allowed input ports
- Port forward state is in openvpn looper only
- Shadowsocks input port allowed on default interface only
- Tinyproxy input port allowed on default interface only
 2020-07-20 00:39:59 +00:00
Quentin McGaw
4a7d341c57 Fixing extra subnets firewall rules 
- Fix #194
- Fix #190
- Refers to #188
 2020-07-13 02:17:49 +00:00
Quentin McGaw
0fc69e068e FIREWALL_DEBUG variable, refers to #190, #194 2020-07-13 02:14:56 +00:00
Quentin McGaw
b1596bc7e4 Firewall refactoring 
- Ability to enable and disable rules in various loops
- Simplified code overall
- Port forwarding moved into openvpn loop
- Route addition and removal improved
 2020-07-11 21:03:55 +00:00
Quentin McGaw
5a6cf0fe3a Remove firewall nat chain clearing, refers to #171 2020-06-16 12:20:33 +00:00
Quentin McGaw
8cae369186 Add FIREWALL variable, refers to #171 2020-06-12 17:11:21 +00:00
Quentin McGaw
ab223a5e06 User specified iptables rules (#161) 2020-05-18 09:37:34 -04:00
Quentin McGaw
e805d42197 Updated dependencies 2020-04-19 18:13:48 +00:00
Quentin McGaw
3d7cfb125a Using WithPrefix for loggers 2020-04-12 19:07:19 +00:00
Quentin McGaw
fa0272d5ad Support Mullvad over openvpn (#85) 
Additional changes:
- Allow empty value for PIA region
- Most settings are lowercased
- `OPENVPN_VERBOSITY` environment variable
- openvpn also tunnels IPv6, and unbound supports ipv6
- auth kept only on disk, not in memory
- readme reworked
- CI script fixed and improved
- Added v2 Docker tag
- Shadowsocks log defaults to `off`
 2020-02-29 21:05:20 -05:00
Quentin McGaw (desktop)
095623925a Might fix #82 
- Allow any input traffic on Shadowsocks port if Shadowsocks is enabled
- Allow any input traffic on TinyProxy port if TinyProxy is enabled
 2020-02-16 23:58:03 +00:00
Quentin McGaw (desktop)
ce11745f6f Using struct for VPN connection settings 2020-02-16 19:50:21 +00:00