admin/gluetun
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Rename ENCRYPTION to PIA_ENCRYPTION (#98)

Browse Source
This commit is contained in:
Quentin McGaw
2020-03-26 08:11:50 -04:00
committed by GitHub
parent 0b997fe6c8
commit 98b076e2cb
5 changed files with 73 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/buildx-branch.yml vendored
View File

@@ -1,4 +1,4 @@
name: Buildx latest name: Buildx branch
on: on:
push: push:
branches: branches:

2
Dockerfile
View File

@@ -39,7 +39,7 @@ ENV VPNSP=pia \
# PIA only # PIA only
PASSWORD= \ PASSWORD= \
REGION="CA Montreal" \ REGION="CA Montreal" \
ENCRYPTION=strong \ PIA_ENCRYPTION=strong \
PORT_FORWARDING=off \ PORT_FORWARDING=off \
PORT_FORWARDING_STATUS_FILE="/forwarded_port" \ PORT_FORWARDING_STATUS_FILE="/forwarded_port" \
# Mullvad only # Mullvad only

10
README.md
View File

@@ -73,10 +73,10 @@
- Allow outbound TCP 443 to github.com - Allow outbound TCP 443 to github.com
- If `DOT=on`, allow outbound TCP 853 to allow Unbound to resolve github.com and the PIA subdomain name if you use PIA. - If `DOT=on`, allow outbound TCP 853 to allow Unbound to resolve github.com and the PIA subdomain name if you use PIA.
- If `DOT=off` and `VPNSP=pia`, allow outbound UDP 53 to your DNS provider to resolve the PIA subdomain name. - If `DOT=off` and `VPNSP=pia`, allow outbound UDP 53 to your DNS provider to resolve the PIA subdomain name.
- If `VPNSP=pia`, `ENCRYPTION=strong` and `PROTOCOL=udp`: allow outbound UDP 1197 to the corresponding VPN server IPs - If `VPNSP=pia`, `PIA_ENCRYPTION=strong` and `PROTOCOL=udp`: allow outbound UDP 1197 to the corresponding VPN server IPs
- If `VPNSP=pia`, `ENCRYPTION=normal` and `PROTOCOL=udp`: allow outbound UDP 1198 to the corresponding VPN server IPs - If `VPNSP=pia`, `PIA_ENCRYPTION=normal` and `PROTOCOL=udp`: allow outbound UDP 1198 to the corresponding VPN server IPs
- If `VPNSP=pia`, `ENCRYPTION=strong` and `PROTOCOL=tcp`: allow outbound TCP 501 to the corresponding VPN server IPs - If `VPNSP=pia`, `PIA_ENCRYPTION=strong` and `PROTOCOL=tcp`: allow outbound TCP 501 to the corresponding VPN server IPs
- If `VPNSP=pia`, `ENCRYPTION=normal` and `PROTOCOL=tcp`: allow outbound TCP 502 to the corresponding VPN server IPs - If `VPNSP=pia`, `PIA_ENCRYPTION=normal` and `PROTOCOL=tcp`: allow outbound TCP 502 to the corresponding VPN server IPs
- If `VPNSP=mullvad` and `PORT=`, please refer to the mapping of Mullvad servers in [these source code lines](https://github.com/qdm12/private-internet-access-docker/blob/master/internal/constants/mullvad.go#L64-L667) to find the corresponding UDP port number and IP address(es) of your choice - If `VPNSP=mullvad` and `PORT=`, please refer to the mapping of Mullvad servers in [these source code lines](https://github.com/qdm12/private-internet-access-docker/blob/master/internal/constants/mullvad.go#L64-L667) to find the corresponding UDP port number and IP address(es) of your choice
- If `VPNSP=mullvad` and `PORT=53`, allow outbound UDP 53 to the corresponding VPN server IPs, which you can fine in [the mapping of Mullvad servers](https://github.com/qdm12/private-internet-access-docker/blob/master/internal/constants/mullvad.go#L64-L667) - If `VPNSP=mullvad` and `PORT=53`, allow outbound UDP 53 to the corresponding VPN server IPs, which you can fine in [the mapping of Mullvad servers](https://github.com/qdm12/private-internet-access-docker/blob/master/internal/constants/mullvad.go#L64-L667)
- If `VPNSP=mullvad` and `PORT=80`, allow outbound TCP 80 to the corresponding VPN server IPs, which you can fine in [the mapping of Mullvad servers](https://github.com/qdm12/private-internet-access-docker/blob/master/internal/constants/mullvad.go#L64-L667) - If `VPNSP=mullvad` and `PORT=80`, allow outbound TCP 80 to the corresponding VPN server IPs, which you can fine in [the mapping of Mullvad servers](https://github.com/qdm12/private-internet-access-docker/blob/master/internal/constants/mullvad.go#L64-L667)
@@ -131,7 +131,7 @@ docker run --rm --network=container:pia alpine:3.11 wget -qO- https://ipinfo.io
| `ISP` | | (Mullvad only, *optional*) one of the [Mullvad ISP](https://mullvad.net/en/servers/#openvpn) | | `ISP` | | (Mullvad only, *optional*) one of the [Mullvad ISP](https://mullvad.net/en/servers/#openvpn) |
| `PORT` | | (Mullvad only, *optional*) For TCP, `80` or `443`, or `53` for UDP. Leave blank for default Mullvad server port | | `PORT` | | (Mullvad only, *optional*) For TCP, `80` or `443`, or `53` for UDP. Leave blank for default Mullvad server port |
| `PROTOCOL` | `udp` | `tcp` or `udp` | | `PROTOCOL` | `udp` | `tcp` or `udp` |
| `ENCRYPTION` | `strong` | (PIA only) `normal` or `strong` | | `PIA_ENCRYPTION` | `strong` | (PIA only) `normal` or `strong` or `custom` |
| `USER` | | PIA username **or** Mullvad user ID | | `USER` | | PIA username **or** Mullvad user ID |
| `PASSWORD` | | Your PIA password | | `PASSWORD` | | Your PIA password |
| `DOT` | `on` | `on` or `off`, to activate DNS over TLS to 1.1.1.1 | | `DOT` | `on` | `on` or `off`, to activate DNS over TLS to 1.1.1.1 |

110
docker-compose.yml
View File

@@ -1,55 +1,55 @@
version: "3.7" version: "3.7"
services: services:
pia: pia:
image: qmcgaw/private-internet-access image: qmcgaw/private-internet-access
container_name: pia container_name: pia
cap_add: cap_add:
- NET_ADMIN - NET_ADMIN
network_mode: bridge network_mode: bridge
init: true init: true
ports: ports:
- 8888:8888/tcp - 8888:8888/tcp
- 8388:8388/tcp - 8388:8388/tcp
- 8388:8388/udp - 8388:8388/udp
# command: # command:
environment: environment:
# More variables are available, see the readme table # More variables are available, see the readme table
- VPNSP=pia - VPNSP=pia
- USER=js89ds7 - USER=js89ds7
- PROTOCOL=udp - PROTOCOL=udp
- OPENVPN_VERBOSITY=1 - OPENVPN_VERBOSITY=1
- OPENVPN_ROOT=no - OPENVPN_ROOT=no
- OPENVPN_TARGET_IP= - OPENVPN_TARGET_IP=
- TZ= - TZ=
# PIA only # PIA only
- REGION=CA Montreal - REGION=CA Montreal
- PASSWORD=8fd9s239G - PASSWORD=8fd9s239G
- ENCRYPTION=strong - PIA_ENCRYPTION=strong
- PORT_FORWARDING=off - PORT_FORWARDING=off
# Mullvad only # Mullvad only
- COUNTRY=Sweden - COUNTRY=Sweden
- CITY= - CITY=
- ISP= - ISP=
- PORT= - PORT=
# DNS over TLS # DNS over TLS
- DOT=on - DOT=on
- DOT_PROVIDERS=cloudflare - DOT_PROVIDERS=cloudflare
- DOT_IPV6=on - DOT_IPV6=on
- DOT_VERBOSITY=1 - DOT_VERBOSITY=1
- BLOCK_MALICIOUS=on - BLOCK_MALICIOUS=on
- BLOCK_SURVEILLANCE=off - BLOCK_SURVEILLANCE=off
- BLOCK_ADS=off - BLOCK_ADS=off
- UNBLOCK= - UNBLOCK=
# Firewall # Firewall
- EXTRA_SUBNETS= - EXTRA_SUBNETS=
# Shadowsocks # Shadowsocks
- SHADOWSOCKS=off - SHADOWSOCKS=off
- SHADOWSOCKS_PASSWORD= - SHADOWSOCKS_PASSWORD=
# Tinyproxy # Tinyproxy
- TINYPROXY=off - TINYPROXY=off
- TINYPROXY_USER= - TINYPROXY_USER=
- TINYPROXY_PASSWORD= - TINYPROXY_PASSWORD=
restart: always restart: always

13
internal/params/pia.go
View File

@@ -33,9 +33,18 @@ func (p *paramsReader) GetPortForwardingStatusFilepath() (filepath models.Filepa
} }
// GetPIAEncryption obtains the encryption level for the PIA connection // GetPIAEncryption obtains the encryption level for the PIA connection
// from the environment variable ENCRYPTION // from the environment variable PIA_ENCRYPTION, and using ENCRYPTION for
// retro compatibility
func (p *paramsReader) GetPIAEncryption() (models.PIAEncryption, error) { func (p *paramsReader) GetPIAEncryption() (models.PIAEncryption, error) {
s, err := p.envParams.GetValueIfInside("ENCRYPTION", []string{"normal", "strong"}, libparams.Default("strong")) // Retro-compatibility
s, err := p.envParams.GetValueIfInside("ENCRYPTION", []string{"normal", "strong", ""})
if err != nil {
return "", err
} else if len(s) != 0 {
p.logger.Warn("You are using the old environment variable ENCRYPTION, please consider changing it to PIA_ENCRYPTION")
return models.PIAEncryption(s), nil
}
s, err = p.envParams.GetValueIfInside("PIA_ENCRYPTION", []string{"normal", "strong"}, libparams.Default("strong"))
return models.PIAEncryption(s), err return models.PIAEncryption(s), err
} }