admin/gluetun
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
483 Commits 18 Branches 75 Tags
cb1520cb18b30a7f551a634ad356251973145ddd
Commit Graph

483 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Quentin McGaw
79d8cca525 Updated readme 2019-01-14 13:28:11 +01:00
Quentin McGaw
26c04af7c4 Corrected arm32v7 to arm32v6 2019-01-14 09:57:57 +01:00
Quentin McGaw
5b81e34a90 Added ARM images for 32 bit v6 (Rasberry Pi) and 64 bit v8 2019-01-14 09:55:46 +01:00
Quentin McGaw
80d5f7a661 Removed empty ticks from readme table 2019-01-14 09:55:14 +01:00
Quentin McGaw
4077b27d92 Unbound has TLS cert specified (just in case) 2019-01-14 09:54:49 +01:00
Quentin McGaw
63eae489c7 Reduced image size by removing unbound useless binaries 2019-01-14 09:54:33 +01:00
Quentin McGaw
a8e88cc7fc Replaced external docker images with Github hosted files 2019-01-01 23:14:36 +02:00
Quentin McGaw
24ba0958ac Fixed healthcheck 2018-11-27 21:09:21 +02:00
Quentin McGaw
2b45ba3425 The target files are created in /openvpn/target 
- More resilience to failure
- Less verbose
- Works with start/stop
 2018-11-27 17:50:08 +02:00
Quentin McGaw
0f02500a85 Moved all OpenVPN parameters to conf file + fixing AUTH_FAILED messages 2018-11-20 09:28:48 +02:00
Quentin McGaw
6c062eaee1 Fixed docker-compose to use bridge network 2018-11-20 09:27:25 +02:00
Quentin McGaw
7149688b2c Added section on docker-compose services to publish ports 2018-11-20 09:27:10 +02:00
Quentin McGaw
91e55d8884 Re-added section on publishing ports of containers connected to PIA 2018-11-18 19:31:09 +02:00
Quentin McGaw
d1ebddb029 Fixed auth_failed error 
- Removed nonrootgroup
- File directories are slightly different
- Resolv-retry is removed as pointless as IP addresses are used
- Fixed some arguments to openvpn
 2018-11-17 14:44:17 +02:00
Quentin McGaw
9ba7f5969c Fixed healthcheck 2018-11-15 14:41:39 +02:00
Quentin McGaw
9c6afff973 Healthcheck checks your IP is in the VPN configuration file 2018-11-14 16:25:23 +02:00
Quentin McGaw
eb1dc371c5 Added dummy credentials 2018-11-14 16:24:56 +02:00
Quentin McGaw
d3dc6c74d8 Multiple additions and fixes #12 
- Unbound ran as `nonrootuser`
- Readme updated
- auth.conf replaced by `USER` and `PASSWORD` env variables
- Removed Nginx section from readme for now
- Reworked entrypoint with more checks
- Malicious IPs and hostnames building is done at Docker build to gain time at launch
- docker-compose updated to reflect changes
 2018-11-14 14:38:10 +02:00
Quentin McGaw
3c79ba33bb Fixes #13 2018-11-06 18:26:24 +01:00
Quentin McGaw
7b4c216fc8 Reworked project overall 2018-11-06 14:55:11 +01:00
Quentin McGaw
f5919d0aab Readme update 2018-10-29 17:03:24 +01:00
Quentin McGaw
08d1afccfe Reworked labels, readme and added License 2018-10-29 16:32:11 +01:00
Quentin McGaw
4bcaec6a33 Big refactoring (more secured, more modular) 
- Region change to "CA Montreal"
- Using external data images for malicious hostnames
- Added malicious IP addresses blocking with Unbound
- Unbound has DNS rebinding protection
 2018-10-28 14:08:14 +01:00
Quentin McGaw
e6b5166c7f Merge pull request #8 from janaz/update-md5 
Update Dockerfile to contain newer `named.roots` and newer packages (forgot `--update` flag, thanks @janaz )
 2018-10-28 10:35:27 +01:00
Quentin McGaw
d5e15f3011 Merge pull request #7 from janaz/fix-duplicate-remote 
Don't insert duplicate ip addresses to the openvpn config file
 2018-10-28 10:34:46 +01:00
Tomasz Janowski
559bec0ba0 Update md5 hash of the named.root file 2018-10-28 16:46:18 +11:00
Tomasz Janowski
867992f435 Run apk with --update --no-cache flags to fetch a fresh list of dependencies 2018-10-28 16:45:56 +11:00
Tomasz Janowski
1af242f773 Don't insert duplicate ip addresses to the openvpn config file 
A new set of ip addresses is appended on every restart of the container which eventually results in openvpn error "Maximum number of 'remote' options (64) exceeded."
 2018-10-28 16:43:55 +11:00
Quentin McGaw
3bc45d930c Hostnames block is done in memory only 2018-10-10 10:24:15 +02:00
Quentin McGaw
d12f44fd6b Fixes #6 (forgot quotes for $REGION.ovpn) 2018-10-08 08:45:11 +02:00
Quentin McGaw
e0f201a334 Openvpn runs as non root user and tries all IP addresses 2018-10-05 12:43:16 +02:00
Quentin McGaw
b73ad75cde Multiple additions and fixes #5 
- Multi stage build
- Download and checks Unbound Root anchors
- Download and build malicious hostnames block list for Unbound
- Healthcheck only based on the current IP being different from the initial IP
- IPv6 related completely removed
- Multiple checks at launch with $?
- Launch openvpn as root (can't change user)
- Unbound configured with DNS SEC for DNS over TLS
 2018-10-04 22:24:43 +02:00
Quentin McGaw
b8dbf0761f Moved DNS over TLS at start as DNS is required in firewall anyway 2018-09-28 19:51:30 +02:00
Quentin McGaw
93ea50bd49 Fixed non root permission issue 2018-09-21 17:39:03 +02:00
Quentin McGaw
cfd1bab58d Checks for TUN device to be opened (useful after a reboot) 2018-09-21 17:00:52 +02:00
Quentin McGaw
2b7c7cc62a Restarts on fail; DNS over TLS only when connected to VPN; readme update 2018-09-21 16:39:08 +02:00
Quentin McGaw
6929947611 Runs openvpn as non-root user 2018-09-21 11:39:00 +02:00
Quentin McGaw
706050619d Re-added Unbound DNS over TLS 
It turns out you can't use a local DNS server once connected with the VPN, so running the DNS over TLS in the PIA container is the best.
 2018-09-21 11:28:23 +02:00
Quentin McGaw
de981c3566 Fixed firewall (iptables) and added ip6tables for ipv6 2018-09-21 09:33:37 +02:00
Quentin McGaw
41d7ca9824 Removed useless DNS shell code 2018-09-20 20:42:37 +02:00
Quentin McGaw
b652823d89 Removed Unbound from image 
Better use it in another Docker container, it caused quite some problems with my firewall so I thought it would be better to only
 2018-09-20 20:35:29 +02:00
Quentin McGaw
bf6401da23 New line after encryption 2018-09-12 19:23:02 +02:00
Quentin McGaw
852748ec81 Update to Alpine 3.8 2018-09-08 16:04:05 +02:00
Quentin McGaw
081227edf2 Scans through corresponding REGION.OVPN file to find domain name and port 2018-06-07 18:33:03 -04:00
Quentin McGaw
7aa43274b1 Killswitch added with firewall, fixes #3 2018-06-06 22:44:11 -04:00
Quentin McGaw
f6d6b69043 Cloudflare certificate is checked by unbound 2018-06-04 11:50:42 -04:00
Quentin McGaw
72ef2e99e7 Updated readme with more on Extra section 2018-06-03 18:05:10 -04:00
Quentin McGaw
6984842da9 Updated Readme for installing tun depending on OS (insmod or modprobe) 2018-06-01 16:04:13 -04:00
Quentin McGaw
56121106a9 Added modprobe doc for raspbian, fixes #2 2018-06-01 15:02:07 -04:00
Quentin McGaw
ede5979541 Reverted back to creating tun device manually 2018-06-01 14:38:27 -04:00