admin/gluetun
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
162 Commits 18 Branches 75 Tags
a21bb009e5f19a3695636b43bb5965cc80d05ec2
Commit Graph

54 Commits

Author SHA1 Message Date
Quentin McGaw
0d41564f7d Fixes several small bugs regarding #48 
- Proxies are `off` by default so `SHADOWSOCKS_PASSWORD` is not required
- Documentation fixed and clarified
- `PORT_FORWARDING` should be `on` or `off` only now (although it's backward compatible with `false` and `true`)
 2019-09-10 09:05:49 -04:00
Quentin McGaw
eee538ab52 Proxy parameters check only done when proxy is on 2019-09-10 00:10:18 -04:00
Quentin McGaw
bea809778b Shadowsocks proxy built-in, fixes #30 (#46) 
* Added ShadowSocks proxy to container

* Updated docker-compose.yml example

* Updated readme with new instructions for Shadowsocks proxy
 2019-09-09 20:39:47 -04:00
Quentin McGaw
72f126f18e Fixed missing brackets in entrypoint (sorry!) 2019-09-09 14:17:27 -04:00
Quentin McGaw
87c84afb4c Small fixes 2019-09-09 13:56:50 -04:00
Quentin McGaw
aca632ab94 Tinyproxy variables renamed 2019-09-09 12:40:00 -04:00
Quentin McGaw
f4b618cb94 Additional port forwarding parameters checks in entrypoint 2019-09-09 12:34:05 -04:00
Quentin McGaw
44ae5632ef Tinyproxy log output is merged in Docker logs (#45) 2019-09-09 12:26:30 -04:00
Quentin McGaw
856234c02c Cleaned entrypoint.sh 2019-08-31 20:27:33 -04:00
Quentin McGaw
105637192f Mute replay warnings enabled by default, fixes #34 2019-08-31 20:27:10 -04:00
Quentin McGaw
f1427e4aad Merge remote-tracking branch 'origin/master' 2019-07-25 10:24:03 -04:00
Quentin McGaw
7823a148da Might fix #34 by reducing MTU size 2019-07-25 10:23:42 -04:00
Gauthier Delacroix
55492015cb Fix/improve port forwarding handling 2019-07-15 22:02:40 +02:00
Quentin McGaw
e4336c02d7 Fixes #28 allowing to set the port of Tinyproxy 2019-07-03 11:07:37 +02:00
Quentin McGaw
8e8885e8ea A few changes and issue #27 fixed (external fix) 2019-07-02 23:46:55 +02:00
Quentin McGaw
cb7bba6d42 Large refactoring: proxy+firewall+readme 
- Cleaner logs
- HTTP proxy is working... finally
- Firewall was adjusted
- Firewall cannot be turned off anymore
- portforward script changes the firewall
- readme reworked
- Possibility to pass commands to Openvpn with Docker command
 2019-06-29 13:42:44 +02:00
Quentin McGaw
1879909d59 Added firewall rules to connect to port 8888 of tinyproxy 2019-06-27 15:27:57 +02:00
Quentin McGaw
8ce905bd1d Added web HTTP proxy 2019-06-27 13:12:03 +02:00
Quentin McGaw
95e69b5c9c More modularity and reworked readme 
- Docker's init added to avoid zombie processes (i.e. Unbound)
- Added environment variables to enable or disable features: `DOT`, `FIREWALL`
- Reworked readme
 2019-06-27 13:10:51 +02:00
Quentin McGaw
305b5954f9 Upgrade to Alpine 3.9 2019-04-23 10:32:31 +02:00
Quentin McGaw
aad11510f5 More defaults and fixing typos 2019-04-23 10:32:15 +02:00
Quentin McGaw
b26cb508de Splitted BLOCK_MALICIOUS with BLOCK_NSA and UNBLOCK env variable 2019-04-23 10:29:44 +02:00
Quentin McGaw
27802ba886 Runs OpenVPN as root by default, fixes #19 2019-03-18 11:27:36 +01:00
Quentin McGaw
2b45ba3425 The target files are created in /openvpn/target 
- More resilience to failure
- Less verbose
- Works with start/stop
 2018-11-27 17:50:08 +02:00
Quentin McGaw
0f02500a85 Moved all OpenVPN parameters to conf file + fixing AUTH_FAILED messages 2018-11-20 09:28:48 +02:00
Quentin McGaw
d1ebddb029 Fixed auth_failed error 
- Removed nonrootgroup
- File directories are slightly different
- Resolv-retry is removed as pointless as IP addresses are used
- Fixed some arguments to openvpn
 2018-11-17 14:44:17 +02:00
Quentin McGaw
9c6afff973 Healthcheck checks your IP is in the VPN configuration file 2018-11-14 16:25:23 +02:00
Quentin McGaw
d3dc6c74d8 Multiple additions and fixes #12 
- Unbound ran as `nonrootuser`
- Readme updated
- auth.conf replaced by `USER` and `PASSWORD` env variables
- Removed Nginx section from readme for now
- Reworked entrypoint with more checks
- Malicious IPs and hostnames building is done at Docker build to gain time at launch
- docker-compose updated to reflect changes
 2018-11-14 14:38:10 +02:00
Quentin McGaw
3c79ba33bb Fixes #13 2018-11-06 18:26:24 +01:00
Quentin McGaw
7b4c216fc8 Reworked project overall 2018-11-06 14:55:11 +01:00
Quentin McGaw
4bcaec6a33 Big refactoring (more secured, more modular) 
- Region change to "CA Montreal"
- Using external data images for malicious hostnames
- Added malicious IP addresses blocking with Unbound
- Unbound has DNS rebinding protection
 2018-10-28 14:08:14 +01:00
Tomasz Janowski
1af242f773 Don't insert duplicate ip addresses to the openvpn config file 
A new set of ip addresses is appended on every restart of the container which eventually results in openvpn error "Maximum number of 'remote' options (64) exceeded."
 2018-10-28 16:43:55 +11:00
Quentin McGaw
3bc45d930c Hostnames block is done in memory only 2018-10-10 10:24:15 +02:00
Quentin McGaw
d12f44fd6b Fixes #6 (forgot quotes for $REGION.ovpn) 2018-10-08 08:45:11 +02:00
Quentin McGaw
e0f201a334 Openvpn runs as non root user and tries all IP addresses 2018-10-05 12:43:16 +02:00
Quentin McGaw
b73ad75cde Multiple additions and fixes #5 
- Multi stage build
- Download and checks Unbound Root anchors
- Download and build malicious hostnames block list for Unbound
- Healthcheck only based on the current IP being different from the initial IP
- IPv6 related completely removed
- Multiple checks at launch with $?
- Launch openvpn as root (can't change user)
- Unbound configured with DNS SEC for DNS over TLS
 2018-10-04 22:24:43 +02:00
Quentin McGaw
b8dbf0761f Moved DNS over TLS at start as DNS is required in firewall anyway 2018-09-28 19:51:30 +02:00
Quentin McGaw
cfd1bab58d Checks for TUN device to be opened (useful after a reboot) 2018-09-21 17:00:52 +02:00
Quentin McGaw
2b7c7cc62a Restarts on fail; DNS over TLS only when connected to VPN; readme update 2018-09-21 16:39:08 +02:00
Quentin McGaw
6929947611 Runs openvpn as non-root user 2018-09-21 11:39:00 +02:00
Quentin McGaw
706050619d Re-added Unbound DNS over TLS 
It turns out you can't use a local DNS server once connected with the VPN, so running the DNS over TLS in the PIA container is the best.
 2018-09-21 11:28:23 +02:00
Quentin McGaw
de981c3566 Fixed firewall (iptables) and added ip6tables for ipv6 2018-09-21 09:33:37 +02:00
Quentin McGaw
41d7ca9824 Removed useless DNS shell code 2018-09-20 20:42:37 +02:00
Quentin McGaw
bf6401da23 New line after encryption 2018-09-12 19:23:02 +02:00
Quentin McGaw
081227edf2 Scans through corresponding REGION.OVPN file to find domain name and port 2018-06-07 18:33:03 -04:00
Quentin McGaw
7aa43274b1 Killswitch added with firewall, fixes #3 2018-06-06 22:44:11 -04:00
Quentin McGaw
ede5979541 Reverted back to creating tun device manually 2018-06-01 14:38:27 -04:00
Quentin McGaw
88dac5bdee Tun device is created inside the container, fixes #2 2018-05-27 21:00:42 -04:00
Quentin McGaw
bcc39a97f0 IP detection only relies on duckduck.go 2018-05-27 20:38:43 -04:00
Quentin McGaw
e4d7dea676 Trying to fix bug with space value for REGION 2018-04-18 18:02:36 -04:00