admin/gluetun
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,861 Commits 18 Branches 75 Tags
fe05521f2b4a655dbc34b8a0602341e76d2cda9c
Commit Graph

79 Commits

Author SHA1 Message Date
Quentin McGaw
ce642a6d8b hotfix(firewall): prefer using iptables-legacy over nf_tables 
- due to nf_tables bugs I discovered and reported
 2024-05-09 14:33:34 +00:00
Quentin McGaw
ef6874fe57 fix(firewall): query iptables version for iptables found 2024-05-04 16:19:30 +00:00
Quentin McGaw
fb145d68a0 hotfix(firewall): support iptables-legacy for older kernels 2024-05-02 16:54:29 +00:00
Quentin McGaw
c0621bf381 chore(lint): upgrade linter to v1.56.2 2024-03-21 17:02:11 +00:00
Quentin McGaw
75fd869625 fix(firewall): handle OpenVPN tcp-client as tcp 2023-12-14 15:10:33 +00:00
Quentin McGaw
4105f74ce1 feat(portforward): port redirection with VPN_PORT_FORWARDING_LISTENING_PORT 2023-11-23 08:37:43 +00:00
Quentin McGaw
4ea474b896 fix(routing): change firewall only for matching ip families 2023-09-20 10:45:13 +00:00
Quentin McGaw
0a29337c3b chore(all): replace net.IP with netip.Addr 2023-05-20 20:06:12 +00:00
Quentin McGaw
d21a943779 chore(all): use netip.Prefix for ip networks 
- remove usage of `net.IPNet`
- remove usage of `netaddr.IPPrefix`
 2023-04-27 13:42:50 +00:00
Quentin McGaw
723d0f5e12 chore(lint): upgrade from v1.51.2 to v1.52.2 2023-04-12 09:40:00 +00:00
Quentin McGaw
4ba159e483 chore(all): review error wrappings 
- remove repetitive `cannot` and `failed` prefixes
- rename `unmarshaling` to `decoding`
 2023-04-01 16:57:18 +00:00
Quentin McGaw
5a06d8e155 fix(firewall): iptables detection with permission denied 2022-11-15 12:34:25 +00:00
Quentin McGaw
5aa39be973 fix(firewall): remove previously allowed input ports 2022-11-11 09:19:03 +00:00
EkilDeew
875690ab18 feat(network): enable ipv6 connection and tunneling (#1114) 
Co-authored-by: Quentin McGaw <quentin.mcgaw@gmail.com>
 2022-09-13 17:18:10 -07:00
Quentin McGaw
6826b05d58 chore(all): remove all package comments 2022-07-02 20:58:43 +00:00
Quentin McGaw
578ef768ab chore(all): return concrete types, accept interfaces 
- Remove exported interfaces unused locally
- Define interfaces to accept arguments
- Return concrete types, not interfaces
 2022-06-11 01:34:30 +00:00
Quentin McGaw
fc5cf44b2c fix(firewall): iptables detection improved 
1. Try setting a dummy output rule
2. Remove the dummy output rule
3. Get the INPUT table policy
4. Set the INPUT table policy to its existing policy
 2022-04-22 17:23:57 +00:00
Quentin McGaw
71ab0416b0 fix(iptables): use OUTPUT chain for test instead of INPUT 2022-04-11 21:05:12 +00:00
Quentin McGaw
20f20f051b fix(firewall): iptables support detection 
- Add dummy rule to `INPUT` to test for iptables support
- This may resolve #896
 2022-03-30 09:03:25 +00:00
Quentin McGaw
f99d5e8656 feat(firewall): use all default routes 
- Accept output traffic from all default routes through VPN interface
- Accept output from all default routes to outbound subnets
- Accept all input traffic on ports for all default routes
- Add IP rules for all default routes
 2022-03-13 13:26:33 +00:00
Quentin McGaw
39a62f5db7 feat(firewall): improve error message when NET_ADMIN is missing 2022-03-09 11:16:10 +00:00
Quentin McGaw
006b218ade feat(firewall): auto-detect which iptables 
- On `iptables` error, try to use `iptables-nft`
- On `ip6tables` error, try to use `ip6tables-nft`
 2022-02-26 22:55:22 +00:00
Quentin McGaw
920ad8b54b chore(errors): review all errors in codebase 2022-02-20 02:58:16 +00:00
Quentin McGaw (desktop)
cf95692b93 Maint: package local narrow Logger interfaces 2021-09-23 17:06:09 +00:00
Quentin McGaw (desktop)
ffeeae91ab Maint: merge subnet.FindSubnetsToAdd and subnet.FindSubnetsToRemove in subnet.FindSubnetsToChange 2021-08-25 17:25:36 +00:00
Quentin McGaw (desktop)
04fad1b781 Maint: internal/subnet package 2021-08-25 17:22:48 +00:00
Quentin McGaw (desktop)
bec8ff27ae Feat: OPENVPN_INTERFACE defaulting to tun0 
- Fix: custom config with custom network interface name for firewall
- Keep VPN tunnel interface in firewall state
- Vul fix: only allow traffic through vpn interface when needed
- Adapt code to adapt to network interface name
- Remove outdated TUN and TAP constants
 2021-08-19 23:22:55 +00:00
Quentin McGaw (desktop)
3d8e61900b Maint: make VPN connection not specific to OpenVPN 
- Add VPN field to ServerSelection struct
- Set VPN type to server selection at start using VPN_TYPE
- Change OpenVPNConnection to Connection with Type field
- Rename Provider GetOpenVPNConnection to GetConnection
- Rename GetTargetIPOpenVPNConnection to GetTargetIPConnection
- Rename PickRandomOpenVPNConnection to PickRandomConnection
- Add 'OpenVPN' prefix to OpenVPN specific methods on connection
 2021-08-19 14:09:41 +00:00
Quentin McGaw (desktop)
10b270f742 Maint: remove routing from firewall configurator 2021-07-26 16:17:01 +00:00
Quentin McGaw (laptop)
3f1fb52fcb Maint: upgrade qdm12 dependencies 
- Upgrade qdm12/golibs
- Upgrade qdm12/dns to v1.11.0
 2021-07-24 17:59:22 +00:00
Quentin McGaw (desktop)
2ddc784965 Maint: firewall package interface rework 
- return concrete struct type
- split interface is sub-interfaces
 2021-07-23 19:12:16 +00:00
Quentin McGaw (desktop)
122647b39d Maint: pass network values to firewall constructor 2021-07-23 19:04:17 +00:00
Quentin McGaw (desktop)
c5d92ae02c Maint: inject Commander to openvpn and firewall 2021-07-23 18:25:30 +00:00
Quentin McGaw (desktop)
94b60d9f70 Maint: firewall and routing use logger.Debug 
- Remove SetVerbose and SetDebug from both
- Log routing teardown
- Default logging level set to info
 2021-07-23 18:20:18 +00:00
Quentin McGaw (desktop)
3c44214d01 Maint: pass only single strings to logger methods 
- Do not assume formatting from logger's interface
- Allow to change golibs in the future to accept only strings for logger methods
 2021-07-23 17:36:08 +00:00
Quentin McGaw (desktop)
21f4cf7ab5 Maint: do not mock os functions 
- Use filepaths with /tmp for tests instead
- Only mock functions where filepath can't be specified such as user.Lookup
 2021-07-23 16:06:19 +00:00
Quentin McGaw (desktop)
7c44188130 Fix: controlled interrupt exit for subprograms 
- Openvpn and Unbound do not receive OS signals
- Openvpn and Unbound run in a different process group than the entrypoint
- Openvpn and Unbound are gracefully shutdown by the entrypoint
- Update golibs with a modified command package
- Update dns to v1.9.0 where Unbound is luanched in its own group
 2021-07-16 20:04:17 +00:00
Quentin McGaw (desktop)
876563c492 Maintenance: improve error wrapping 2021-05-30 16:14:08 +00:00
Quentin McGaw (desktop)
be22c8547f Maintenance: use io instead of ioutil if possible 2021-05-30 03:13:19 +00:00
Quentin McGaw
7d6763cde7 Maintenance: upgrade golibs (affects logger) 2021-05-14 14:07:16 +00:00
Quentin McGaw
e0e56595c6 Fix: only run ip6tables if it is supported by the Kernel (#431) 
- Fix #430
 2021-04-19 14:35:29 -04:00
Quentin McGaw
282c1e53ec Clear firewall rules on shutdown, fix #276 2021-04-19 14:27:38 +00:00
Quentin McGaw
7ba98af1cc Feature/Bugfix: IPv6 blocking (#428) 
- Feature/Bugfix: Block all IPv6 traffic with `ip6tables` by default
- Feature: Adapt existing firewall code to handle IPv4 and IPv6, depending on user inputs and environment
- Maintenance: improve error wrapping in the firewall package
 2021-04-19 09:24:46 -04:00
Michael Robbins
69f9461bcd Fix: restricting route listing to IPv4 only (#419) 2021-04-11 08:50:59 -04:00
Quentin McGaw
d1558a3472 Fix lint error from PR merge 2021-04-09 17:44:22 +00:00
Michael Robbins
8230596f98 Feature: uplift the 'localSubnet' concept to cover all local ethernet interfaces (#413) 2021-04-09 13:08:20 -04:00
Quentin McGaw
c54ee71e1d Maintenance: new logging, shorter with less deps 2021-02-25 23:51:29 +00:00
Quentin McGaw
7ca9d445f1 Maintenance: package comments 2021-02-06 16:26:23 +00:00
Quentin McGaw
dd5a9c6067 Fix: empty connection for NordVPN and Windscribe 2021-01-31 18:45:58 +00:00
Quentin McGaw
4abb8cd87f Add panic checks 2021-01-29 00:32:43 +00:00