admin/gluetun
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,937 Commits 18 Branches 75 Tags
a2e76e16830b6509993a0d7b11537e98de6e9b26
Commit Graph

90 Commits

Author SHA1 Message Date
Quentin McGaw
a2b3d7e30c chore(deps): implement github.com/qdm12/golibs/command locally (#2418) 2024-08-21 15:21:31 +02:00
Quentin McGaw
3f130931d2 hotfix(firewall): fix ip prefix parsing for ipv6 (again) 2024-08-19 17:06:45 +00:00
Quentin McGaw
946f055fed hotfix(firewall): handle iptables CIDR ranges with 3 digits for IPv6 2024-08-19 14:02:53 +00:00
Quentin McGaw
bc55c25e73 fix(firewall): delete chain rules by line number (#2411) 
- Fix #2334 
- Parsing of iptables chains, contributing to progress for #1856
 2024-08-17 20:12:22 +02:00
Quentin McGaw
74ea1a0f5a hotfix(firewall): prefer ip6tables (nft) instead of ip6tables-legacy 2024-08-05 14:01:27 +00:00
Quentin McGaw
2a9ab29e7d fix(firewall): VPN_PORT_FORWARDING_LISTENING_PORT behavior fixed again 
- allow redirection destination port in INPUT table
 2024-08-05 13:57:30 +00:00
Quentin McGaw
f6165d206a fix(firewall): VPN_PORT_FORWARDING_LISTENING_PORT behavior fixed 
by not restricting the destination address to 127.0.0.1
 2024-08-05 13:37:49 +00:00
Quentin McGaw
26705f5a23 hotfix(firewall): re-add iptables-legacy for setups with nft kernel support 2024-07-29 05:43:34 +00:00
Quentin McGaw
ddbfdc9f14 feat(firewall): prefer using iptables nft instead of legacy 2024-07-28 14:29:00 +00:00
Quentin McGaw
73832d8b49 hotfix(firewall): add iptables -m flag for input port instructions 2024-07-26 11:40:12 +00:00
Quentin McGaw
06c9bc55d3 hotfix(firewall): prefer using ip6tables-legacy 
- Fixes issue #2334
 2024-07-08 08:57:57 +00:00
Quentin McGaw
ce642a6d8b hotfix(firewall): prefer using iptables-legacy over nf_tables 
- due to nf_tables bugs I discovered and reported
 2024-05-09 14:33:34 +00:00
Quentin McGaw
ef6874fe57 fix(firewall): query iptables version for iptables found 2024-05-04 16:19:30 +00:00
Quentin McGaw
fb145d68a0 hotfix(firewall): support iptables-legacy for older kernels 2024-05-02 16:54:29 +00:00
Quentin McGaw
c0621bf381 chore(lint): upgrade linter to v1.56.2 2024-03-21 17:02:11 +00:00
Quentin McGaw
75fd869625 fix(firewall): handle OpenVPN tcp-client as tcp 2023-12-14 15:10:33 +00:00
Quentin McGaw
4105f74ce1 feat(portforward): port redirection with VPN_PORT_FORWARDING_LISTENING_PORT 2023-11-23 08:37:43 +00:00
Quentin McGaw
4ea474b896 fix(routing): change firewall only for matching ip families 2023-09-20 10:45:13 +00:00
Quentin McGaw
0a29337c3b chore(all): replace net.IP with netip.Addr 2023-05-20 20:06:12 +00:00
Quentin McGaw
d21a943779 chore(all): use netip.Prefix for ip networks 
- remove usage of `net.IPNet`
- remove usage of `netaddr.IPPrefix`
 2023-04-27 13:42:50 +00:00
Quentin McGaw
723d0f5e12 chore(lint): upgrade from v1.51.2 to v1.52.2 2023-04-12 09:40:00 +00:00
Quentin McGaw
4ba159e483 chore(all): review error wrappings 
- remove repetitive `cannot` and `failed` prefixes
- rename `unmarshaling` to `decoding`
 2023-04-01 16:57:18 +00:00
Quentin McGaw
5a06d8e155 fix(firewall): iptables detection with permission denied 2022-11-15 12:34:25 +00:00
Quentin McGaw
5aa39be973 fix(firewall): remove previously allowed input ports 2022-11-11 09:19:03 +00:00
EkilDeew
875690ab18 feat(network): enable ipv6 connection and tunneling (#1114) 
Co-authored-by: Quentin McGaw <quentin.mcgaw@gmail.com>
 2022-09-13 17:18:10 -07:00
Quentin McGaw
6826b05d58 chore(all): remove all package comments 2022-07-02 20:58:43 +00:00
Quentin McGaw
578ef768ab chore(all): return concrete types, accept interfaces 
- Remove exported interfaces unused locally
- Define interfaces to accept arguments
- Return concrete types, not interfaces
 2022-06-11 01:34:30 +00:00
Quentin McGaw
fc5cf44b2c fix(firewall): iptables detection improved 
1. Try setting a dummy output rule
2. Remove the dummy output rule
3. Get the INPUT table policy
4. Set the INPUT table policy to its existing policy
 2022-04-22 17:23:57 +00:00
Quentin McGaw
71ab0416b0 fix(iptables): use OUTPUT chain for test instead of INPUT 2022-04-11 21:05:12 +00:00
Quentin McGaw
20f20f051b fix(firewall): iptables support detection 
- Add dummy rule to `INPUT` to test for iptables support
- This may resolve #896
 2022-03-30 09:03:25 +00:00
Quentin McGaw
f99d5e8656 feat(firewall): use all default routes 
- Accept output traffic from all default routes through VPN interface
- Accept output from all default routes to outbound subnets
- Accept all input traffic on ports for all default routes
- Add IP rules for all default routes
 2022-03-13 13:26:33 +00:00
Quentin McGaw
39a62f5db7 feat(firewall): improve error message when NET_ADMIN is missing 2022-03-09 11:16:10 +00:00
Quentin McGaw
006b218ade feat(firewall): auto-detect which iptables 
- On `iptables` error, try to use `iptables-nft`
- On `ip6tables` error, try to use `ip6tables-nft`
 2022-02-26 22:55:22 +00:00
Quentin McGaw
920ad8b54b chore(errors): review all errors in codebase 2022-02-20 02:58:16 +00:00
Quentin McGaw (desktop)
cf95692b93 Maint: package local narrow Logger interfaces 2021-09-23 17:06:09 +00:00
Quentin McGaw (desktop)
ffeeae91ab Maint: merge subnet.FindSubnetsToAdd and subnet.FindSubnetsToRemove in subnet.FindSubnetsToChange 2021-08-25 17:25:36 +00:00
Quentin McGaw (desktop)
04fad1b781 Maint: internal/subnet package 2021-08-25 17:22:48 +00:00
Quentin McGaw (desktop)
bec8ff27ae Feat: OPENVPN_INTERFACE defaulting to tun0 
- Fix: custom config with custom network interface name for firewall
- Keep VPN tunnel interface in firewall state
- Vul fix: only allow traffic through vpn interface when needed
- Adapt code to adapt to network interface name
- Remove outdated TUN and TAP constants
 2021-08-19 23:22:55 +00:00
Quentin McGaw (desktop)
3d8e61900b Maint: make VPN connection not specific to OpenVPN 
- Add VPN field to ServerSelection struct
- Set VPN type to server selection at start using VPN_TYPE
- Change OpenVPNConnection to Connection with Type field
- Rename Provider GetOpenVPNConnection to GetConnection
- Rename GetTargetIPOpenVPNConnection to GetTargetIPConnection
- Rename PickRandomOpenVPNConnection to PickRandomConnection
- Add 'OpenVPN' prefix to OpenVPN specific methods on connection
 2021-08-19 14:09:41 +00:00
Quentin McGaw (desktop)
10b270f742 Maint: remove routing from firewall configurator 2021-07-26 16:17:01 +00:00
Quentin McGaw (laptop)
3f1fb52fcb Maint: upgrade qdm12 dependencies 
- Upgrade qdm12/golibs
- Upgrade qdm12/dns to v1.11.0
 2021-07-24 17:59:22 +00:00
Quentin McGaw (desktop)
2ddc784965 Maint: firewall package interface rework 
- return concrete struct type
- split interface is sub-interfaces
 2021-07-23 19:12:16 +00:00
Quentin McGaw (desktop)
122647b39d Maint: pass network values to firewall constructor 2021-07-23 19:04:17 +00:00
Quentin McGaw (desktop)
c5d92ae02c Maint: inject Commander to openvpn and firewall 2021-07-23 18:25:30 +00:00
Quentin McGaw (desktop)
94b60d9f70 Maint: firewall and routing use logger.Debug 
- Remove SetVerbose and SetDebug from both
- Log routing teardown
- Default logging level set to info
 2021-07-23 18:20:18 +00:00
Quentin McGaw (desktop)
3c44214d01 Maint: pass only single strings to logger methods 
- Do not assume formatting from logger's interface
- Allow to change golibs in the future to accept only strings for logger methods
 2021-07-23 17:36:08 +00:00
Quentin McGaw (desktop)
21f4cf7ab5 Maint: do not mock os functions 
- Use filepaths with /tmp for tests instead
- Only mock functions where filepath can't be specified such as user.Lookup
 2021-07-23 16:06:19 +00:00
Quentin McGaw (desktop)
7c44188130 Fix: controlled interrupt exit for subprograms 
- Openvpn and Unbound do not receive OS signals
- Openvpn and Unbound run in a different process group than the entrypoint
- Openvpn and Unbound are gracefully shutdown by the entrypoint
- Update golibs with a modified command package
- Update dns to v1.9.0 where Unbound is luanched in its own group
 2021-07-16 20:04:17 +00:00
Quentin McGaw (desktop)
876563c492 Maintenance: improve error wrapping 2021-05-30 16:14:08 +00:00
Quentin McGaw (desktop)
be22c8547f Maintenance: use io instead of ioutil if possible 2021-05-30 03:13:19 +00:00