admin/gluetun
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,006 Commits 18 Branches 75 Tags
c930a4e1beaf2c768e6fe5a1b19f7d0efd0d0463
Commit Graph

1320 Commits

Author SHA1 Message Date
Quentin McGaw
c930a4e1be fix(protonvpn): authenticated servers data updating (#2878) 
- `-proton-username` flag for cli update
- `-proton-password` flag for cli update
- `UPDATER_PROTONVPN_USERNAME` option for periodic updates
- `UPDATER_PROTONVPN_PASSWORD` option for periodic updates
 2025-11-15 17:11:12 +00:00
Quentin McGaw
22834e9477 fix(server/log): log out full URL path not just bottom request URI 2025-11-15 17:03:53 +00:00
Quentin McGaw
62c2679da2 fix(cyberghost): log warnings from updater resolver 2025-11-15 17:03:53 +00:00
Quentin McGaw
5e9ae9fa1f fix(wireguard): specify IP family for new route (#2629) 2025-11-15 17:03:53 +00:00
Quentin McGaw
0f19bcfebd fix(port-forward): clear port file instead of removing it 
- Prevent port forwarding loop crash when trying to delete a directly bind mounted file
- See https://github.com/qdm12/gluetun/issues/2942#issuecomment-3468510402
 2025-11-15 17:03:53 +00:00
Quentin McGaw
83fc91d3c6 fix(publicip): respect PUBLICIP_ENABLED 2025-11-15 17:03:53 +00:00
mutschler
4adeec8223 fix(vpnunlimited): update certificate values (#2835) 2025-11-15 17:03:53 +00:00
Quentin McGaw
64bfbaa45d fix(cli): fix openvpnconfig command panic due to missing SetDefaults call 2025-11-15 17:03:53 +00:00
Quentin McGaw
e890c50da6 feat(firewall): support icmp rules 2024-12-25 20:05:55 +00:00
Quentin McGaw
ddd9f4d021 chore(natpmp): fix determinism for test Test_Client_ExternalAddress 2024-12-14 21:04:07 +00:00
Quentin McGaw
fdd499146c fix(wireguard): point to Kubernetes wiki page when encountering IP rule add file exists error (#2526) 2024-11-15 18:47:06 +01:00
Quentin McGaw
37900341cf hotfix(firewall): fix unit test for previous PR 2024-11-15 17:46:10 +00:00
Jean-François Roy
36bb368cad fix(firewall): iptables list uses -n flag for testing iptables path (#2574) 
Signed-off-by: Jean-Francois Roy <jf@devklog.net>
 2024-11-15 16:47:08 +01:00
Quentin McGaw
0374c14e42 feat(portforwarding): VPN_PORT_FORWARDING_DOWN_COMMAND option 2024-11-10 10:18:29 +00:00
Alex Lavallee
a035a151bd feat(portforwarding): allow running script upon port forwarding success (#2399) 2024-11-10 09:49:02 +01:00
Quentin McGaw
e69966381d feat(fastestvpn): add aes-256-gcm to ciphers list 2024-11-09 15:44:05 +00:00
Quentin McGaw
94dfb2b1f2 fix(ipvanish): fix openvpn configuration 
- update CA value
- add `comp-lzo` option
 2024-11-09 15:43:51 +00:00
Quentin McGaw
92011205be feat(publicip): support custom API url echoip#https://... (#2529) 2024-11-08 17:37:08 +01:00
Quentin McGaw
ad6c52dc4c feat(ipvanish): update servers data 2024-11-07 20:21:12 +00:00
Quentin McGaw
5f182febae fix(ipvanish): update openvpn zip file url for updater 2024-11-07 20:21:10 +00:00
Quentin McGaw
842b9004da chore(routing): remove redundant rule ip rule in error messages 2024-11-07 20:19:24 +00:00
Quentin McGaw
6ac7ca4f0f feat(healthcheck): log out last error when auto healing VPN 2024-11-05 13:35:58 +00:00
Quentin McGaw
ddfcbe1bee feat(healthcheck): run TLS handshake after TCP dial if address has 443 port 2024-11-05 13:35:58 +00:00
Quentin McGaw
88fd9388e4 chore(lint): remove canonicalheader since it's not reliable 2024-11-05 13:35:58 +00:00
Quentin McGaw
69aafa53c9 fix(server/auth): fix wiki link to authentication section 2024-11-05 13:35:58 +00:00
Quentin McGaw
3473fe9c15 fix(openvpn): set default mssfix to 1320 for all providers with no default 
- Partially address #2533
 2024-11-05 13:35:54 +00:00
Quentin McGaw
c655500045 fix(wireguard): change default WIREGUARD_MTU from 1400 to 1320 
- Partially address #2533
 2024-11-05 09:57:03 +00:00
Quentin McGaw
96a8015af6 feat(netlink): debug rule logs contain the ip family 2024-11-03 20:14:41 +00:00
Quentin McGaw
ddd3876f92 chore(dns): upgrade dependency from v2.0.0-rc7 to v2.0.0-rc8 
- do not log dial error twice
- DNS subserver shuts down without waiting for connections to finish (UDP server would hang sometimes)
- DNS over TLS dialer uses tls.Dialer instead of wrapping connection with tls.Client
- connection type is just `tls` instead of `dns over tls` to reduce repetition in logs
- exchange errors contain the request question in their context
 2024-11-03 12:35:01 +00:00
Quentin McGaw
f1f34722ee feat(tun): mention in 'operation not permitted' error the user should specify --device /dev/net/tun 2024-10-28 09:22:08 +00:00
Quentin McGaw
937c667ca8 hotfix(perfectprivacy): fix formatting from previous commit 2024-10-27 17:20:30 +00:00
Christoph Kehl
3c45f57aaa fix(perfectprivacy): update openvpn expired certificates (#2542) 2024-10-27 11:45:25 +01:00
Quentin McGaw
30640eefe2 chore(deps): upgrade dns to v2.0.0-cr7 2024-10-25 14:01:29 +00:00
Quentin McGaw
a61302f135 feat(publicip): resilient public ip fetcher (#2518) 
- `PUBLICIP_API` accepts a comma separated list of ip data sources, where the first one is the base default one, and sources after it are backup sources used if we are rate limited.
- `PUBLICIP_API` defaults to `ipinfo,ifconfigco,ip2location,cloudflare` such that it now has `ifconfigco,ip2location,cloudflare` as backup ip data sources.
- `PUBLICIP_API_TOKEN` accepts a comma separated list of ip data source tokens, each corresponding by position to the APIs listed in `PUBLICIP_API`.
- logs ip data source when logging public ip information
- assume a rate limiting error is for 30 days (no persistence)
- ready for future live settings updates
  - consider an ip data source no longer banned if the token changes
  - keeps track of ban times when updating the list of fetchers
 2024-10-19 15:21:14 +02:00
Quentin McGaw
3dfb43e117 chore(netlink): debug log ip rule commands in netlink instead of routing package 2024-10-19 12:43:26 +00:00
Quentin McGaw
2388e0550b hotfix(publicip): return an error if trying to use cloudflare as ip provider for updating servers data 2024-10-11 21:57:25 +00:00
Quentin McGaw
a7d70dd9a3 fix(publicip): lock settings during entire update 
- to prevent race conditions when data is cleared when vpn goes down
 2024-10-11 21:24:18 +00:00
Quentin McGaw
76a4bb5dc3 chore: use gofumpt for code formatting 2024-10-11 19:27:29 +00:00
Quentin McGaw
3daf15a612 chore(lint): fix gopls govet errors 2024-10-11 19:14:50 +00:00
Quentin McGaw
abe9dcbe33 chore(lint): add new linters and update codebase 
- add canonicalheader
- add copyloopvar
- add fatcontext
- add intrange
 2024-10-11 18:28:00 +00:00
Quentin McGaw
3c8e80a1a4 chore(lint): upgrade linter from v1.56.2 to v1.61.0 
- Remove no longer needed exclude rules
- Add new exclude rules for printf govet errors
- Remove deprecated linters `execinquery` and `exportloopref`
- Rename linter `goerr113` to `err113`
- Rename linter `gomnd` to `mnd`
 2024-10-11 18:05:54 +00:00
Quentin McGaw
5b2923ca65 feat(publicip): add ifconfigco option 2024-10-08 19:03:10 +00:00
Quentin McGaw
432eaa6c04 feat(vpn): run WaitForDNS before querying the public ip address 
- Fix #2325 better
 2024-10-08 11:30:35 +00:00
Quentin McGaw
5fd0af9395 feat(publicip): retry fetching information when connection refused error is encountered 
- Fix #2325
 2024-10-08 11:30:35 +00:00
Quentin McGaw
03deb9aed0 feat(publicip): PUBLICIP_ENABLED replaces PUBLICIP_PERIOD 
- No point periodically fetch the public IP address. Could not find anything mentioning why this was added.
- Simplification of the publicip loop code
- `PUBLICIP_ENABLED` (on, off) can be set to enable or not public ip data fetching on VPN connection
- `PUBLICIP_PERIOD=0` still works to indicate to disable public ip fetching
- `PUBLICIP_PERIOD` != 0 means to enable public ip fetching
- Warnings logged when using `PUBLICIP_PERIOD`
 2024-10-08 11:30:31 +00:00
Jeremy Lin
cbdd1a933c feat(publicip): cloudflare API support (#2502) 2024-10-06 15:30:33 +02:00
Quentin McGaw
99e9bc87cf fix(firewall): deduplicate VPN address accept rule for multiple default routes with the same network interface 2024-10-06 09:48:07 +00:00
Quentin McGaw
9ef14ee070 fix(firewall): deduplicate ipv6 multicast output accept rules 2024-10-06 09:46:47 +00:00
Quentin McGaw
7842ff4cdc fix(firewall): ipv6 multicast output address value 2024-10-06 09:28:39 +00:00
Quentin McGaw
3d6d03b327 fix(firewall): log warning if ipv6 nat filter not supported instead of returning an error 
- Allow to port forward redirect for IPv4 and not IPv6 if IPv6 NAT is not supported
- Fix #2503
 2024-10-05 07:52:30 +00:00