admin/gluetun
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,110 Commits 18 Branches 75 Tags
9f39d471505a2ef2f9b04b3620d996404f53ee3c
Commit Graph

1377 Commits

Author SHA1 Message Date
Quentin McGaw
7a51c211cd fix(publicip): respect PUBLICIP_ENABLED 2025-10-23 19:49:21 +00:00
Quentin McGaw
c48189c1c4 feat(health/icmp): log out return address on errors 2025-10-23 19:22:31 +00:00
Quentin McGaw
9803fa1cfd hotfix(health): info log on healthcheck passing after failure 2025-10-23 18:58:19 +00:00
Quentin McGaw
cf756f561a feat(health): info log when healthcheck passes after failure for the case of HEALTH_VPN_RESTART=off 2025-10-21 18:42:33 +00:00
Quentin McGaw
a4021fedc3 feat(health): HEALTH_RESTART_VPN option 
- You should really leave it to `on` ⚠️
- Turn it to `off` if you have trust issues with the healthcheck. Don't then report issues if the connection is dead though.
 2025-10-21 15:36:15 +00:00
Quentin McGaw
31a36a9250 hotfix(health): increase timeout values and periods 
- run small check every 60s, from 15s
- small check (icmp/dns) initial timeout from 3s to 10s
- small check (icmp/dns) timeout increase from 1s to 10s
- full check initial timeout increased from 10s to 20s
- full check extra timeout increase from 3s to 10s
 2025-10-19 23:27:02 +00:00
Quentin McGaw
669feb45f1 hotfix(healthcheck): correct error string for DNS plain lookup fallback 2025-10-17 18:08:24 +00:00
Quentin McGaw
85890520ab feat(healthcheck): combination of ICMP and TCP+TLS checks (#2923) 
- New option: `HEALTH_ICMP_TARGET_IP` defaults to `0.0.0.0` meaning use the VPN server public IP address.
- Options removed: `HEALTH_VPN_INITIAL_DURATION` and `HEALTH_VPN_ADDITIONAL_DURATION` - times and retries are handpicked and hardcoded.
- Less aggressive checks and less false positive detection
 2025-10-17 01:45:50 +02:00
Matthew Bennett
ef523df42c feat(expressvpn): update hardcoded servers data (#2888) 2025-10-06 13:33:36 +02:00
Quentin McGaw
5306e3bab1 feat(mullvad): update servers data 2025-10-03 15:25:12 +00:00
Vahin M
72a49afd2b docs(healthcheck): fix grammar issue in log (#2773) 2025-09-26 18:58:08 +02:00
Quentin McGaw
9b8edbb81e hotfix(vpnunlimited): fix formatting of certificates 2025-09-24 12:55:45 +00:00
mutschler
8c113f5268 fix(vpnunlimited): update certificate values (#2835) 2025-09-11 21:15:20 +02:00
Quentin McGaw
b0c4a28be6 chore(lint): upgrade linter to v2.4.0 
- migrate configuration file
- fix existing code issues
- add exclusion rules
- update linter names
 2025-08-16 20:10:19 +00:00
Quentin McGaw
8dae352ccc fix(cli): fix openvpnconfig command panic due to missing SetDefaults call 2024-12-27 09:31:04 +00:00
Quentin McGaw
e890c50da6 feat(firewall): support icmp rules 2024-12-25 20:05:55 +00:00
Quentin McGaw
ddd9f4d021 chore(natpmp): fix determinism for test Test_Client_ExternalAddress 2024-12-14 21:04:07 +00:00
Quentin McGaw
fdd499146c fix(wireguard): point to Kubernetes wiki page when encountering IP rule add file exists error (#2526) 2024-11-15 18:47:06 +01:00
Quentin McGaw
37900341cf hotfix(firewall): fix unit test for previous PR 2024-11-15 17:46:10 +00:00
Jean-François Roy
36bb368cad fix(firewall): iptables list uses -n flag for testing iptables path (#2574) 
Signed-off-by: Jean-Francois Roy <jf@devklog.net>
 2024-11-15 16:47:08 +01:00
Quentin McGaw
0374c14e42 feat(portforwarding): VPN_PORT_FORWARDING_DOWN_COMMAND option 2024-11-10 10:18:29 +00:00
Alex Lavallee
a035a151bd feat(portforwarding): allow running script upon port forwarding success (#2399) 2024-11-10 09:49:02 +01:00
Quentin McGaw
e69966381d feat(fastestvpn): add aes-256-gcm to ciphers list 2024-11-09 15:44:05 +00:00
Quentin McGaw
94dfb2b1f2 fix(ipvanish): fix openvpn configuration 
- update CA value
- add `comp-lzo` option
 2024-11-09 15:43:51 +00:00
Quentin McGaw
92011205be feat(publicip): support custom API url echoip#https://... (#2529) 2024-11-08 17:37:08 +01:00
Quentin McGaw
ad6c52dc4c feat(ipvanish): update servers data 2024-11-07 20:21:12 +00:00
Quentin McGaw
5f182febae fix(ipvanish): update openvpn zip file url for updater 2024-11-07 20:21:10 +00:00
Quentin McGaw
842b9004da chore(routing): remove redundant rule ip rule in error messages 2024-11-07 20:19:24 +00:00
Quentin McGaw
6ac7ca4f0f feat(healthcheck): log out last error when auto healing VPN 2024-11-05 13:35:58 +00:00
Quentin McGaw
ddfcbe1bee feat(healthcheck): run TLS handshake after TCP dial if address has 443 port 2024-11-05 13:35:58 +00:00
Quentin McGaw
88fd9388e4 chore(lint): remove canonicalheader since it's not reliable 2024-11-05 13:35:58 +00:00
Quentin McGaw
69aafa53c9 fix(server/auth): fix wiki link to authentication section 2024-11-05 13:35:58 +00:00
Quentin McGaw
3473fe9c15 fix(openvpn): set default mssfix to 1320 for all providers with no default 
- Partially address #2533
 2024-11-05 13:35:54 +00:00
Quentin McGaw
c655500045 fix(wireguard): change default WIREGUARD_MTU from 1400 to 1320 
- Partially address #2533
 2024-11-05 09:57:03 +00:00
Quentin McGaw
96a8015af6 feat(netlink): debug rule logs contain the ip family 2024-11-03 20:14:41 +00:00
Quentin McGaw
ddd3876f92 chore(dns): upgrade dependency from v2.0.0-rc7 to v2.0.0-rc8 
- do not log dial error twice
- DNS subserver shuts down without waiting for connections to finish (UDP server would hang sometimes)
- DNS over TLS dialer uses tls.Dialer instead of wrapping connection with tls.Client
- connection type is just `tls` instead of `dns over tls` to reduce repetition in logs
- exchange errors contain the request question in their context
 2024-11-03 12:35:01 +00:00
Quentin McGaw
f1f34722ee feat(tun): mention in 'operation not permitted' error the user should specify --device /dev/net/tun 2024-10-28 09:22:08 +00:00
Quentin McGaw
937c667ca8 hotfix(perfectprivacy): fix formatting from previous commit 2024-10-27 17:20:30 +00:00
Christoph Kehl
3c45f57aaa fix(perfectprivacy): update openvpn expired certificates (#2542) 2024-10-27 11:45:25 +01:00
Quentin McGaw
30640eefe2 chore(deps): upgrade dns to v2.0.0-cr7 2024-10-25 14:01:29 +00:00
Quentin McGaw
a61302f135 feat(publicip): resilient public ip fetcher (#2518) 
- `PUBLICIP_API` accepts a comma separated list of ip data sources, where the first one is the base default one, and sources after it are backup sources used if we are rate limited.
- `PUBLICIP_API` defaults to `ipinfo,ifconfigco,ip2location,cloudflare` such that it now has `ifconfigco,ip2location,cloudflare` as backup ip data sources.
- `PUBLICIP_API_TOKEN` accepts a comma separated list of ip data source tokens, each corresponding by position to the APIs listed in `PUBLICIP_API`.
- logs ip data source when logging public ip information
- assume a rate limiting error is for 30 days (no persistence)
- ready for future live settings updates
  - consider an ip data source no longer banned if the token changes
  - keeps track of ban times when updating the list of fetchers
 2024-10-19 15:21:14 +02:00
Quentin McGaw
3dfb43e117 chore(netlink): debug log ip rule commands in netlink instead of routing package 2024-10-19 12:43:26 +00:00
Quentin McGaw
2388e0550b hotfix(publicip): return an error if trying to use cloudflare as ip provider for updating servers data 2024-10-11 21:57:25 +00:00
Quentin McGaw
a7d70dd9a3 fix(publicip): lock settings during entire update 
- to prevent race conditions when data is cleared when vpn goes down
 2024-10-11 21:24:18 +00:00
Quentin McGaw
76a4bb5dc3 chore: use gofumpt for code formatting 2024-10-11 19:27:29 +00:00
Quentin McGaw
3daf15a612 chore(lint): fix gopls govet errors 2024-10-11 19:14:50 +00:00
Quentin McGaw
abe9dcbe33 chore(lint): add new linters and update codebase 
- add canonicalheader
- add copyloopvar
- add fatcontext
- add intrange
 2024-10-11 18:28:00 +00:00
Quentin McGaw
3c8e80a1a4 chore(lint): upgrade linter from v1.56.2 to v1.61.0 
- Remove no longer needed exclude rules
- Add new exclude rules for printf govet errors
- Remove deprecated linters `execinquery` and `exportloopref`
- Rename linter `goerr113` to `err113`
- Rename linter `gomnd` to `mnd`
 2024-10-11 18:05:54 +00:00
Quentin McGaw
5b2923ca65 feat(publicip): add ifconfigco option 2024-10-08 19:03:10 +00:00
Quentin McGaw
432eaa6c04 feat(vpn): run WaitForDNS before querying the public ip address 
- Fix #2325 better
 2024-10-08 11:30:35 +00:00