admin/gluetun
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,980 Commits 18 Branches 75 Tags
ec284c17f4b4279c4eb756cd5325d3b7cda66275
Commit Graph

1980 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
dependabot[bot]
ec284c17f4 Chore(deps): Bump github.com/klauspost/compress from 1.17.9 to 1.17.11 (#2550) 2024-11-07 12:28:04 -08:00
Quentin McGaw
ad6c52dc4c feat(ipvanish): update servers data 2024-11-07 20:21:12 +00:00
Quentin McGaw
5f182febae fix(ipvanish): update openvpn zip file url for updater 2024-11-07 20:21:10 +00:00
Quentin McGaw
86d82c1098 chore(main): let system handle OS signals after first one to stop program 2024-11-07 20:19:24 +00:00
Quentin McGaw
842b9004da chore(routing): remove redundant rule ip rule in error messages 2024-11-07 20:19:24 +00:00
Quentin McGaw
6ac7ca4f0f feat(healthcheck): log out last error when auto healing VPN 2024-11-05 13:35:58 +00:00
Quentin McGaw
ddfcbe1bee feat(healthcheck): run TLS handshake after TCP dial if address has 443 port 2024-11-05 13:35:58 +00:00
Quentin McGaw
88fd9388e4 chore(lint): remove canonicalheader since it's not reliable 2024-11-05 13:35:58 +00:00
Quentin McGaw
69aafa53c9 fix(server/auth): fix wiki link to authentication section 2024-11-05 13:35:58 +00:00
Quentin McGaw
3473fe9c15 fix(openvpn): set default mssfix to 1320 for all providers with no default 
- Partially address #2533
 2024-11-05 13:35:54 +00:00
Quentin McGaw
c655500045 fix(wireguard): change default WIREGUARD_MTU from 1400 to 1320 
- Partially address #2533
 2024-11-05 09:57:03 +00:00
Quentin McGaw
96a8015af6 feat(netlink): debug rule logs contain the ip family 2024-11-03 20:14:41 +00:00
Quentin McGaw
ddd3876f92 chore(dns): upgrade dependency from v2.0.0-rc7 to v2.0.0-rc8 
- do not log dial error twice
- DNS subserver shuts down without waiting for connections to finish (UDP server would hang sometimes)
- DNS over TLS dialer uses tls.Dialer instead of wrapping connection with tls.Client
- connection type is just `tls` instead of `dns over tls` to reduce repetition in logs
- exchange errors contain the request question in their context
 2024-11-03 12:35:01 +00:00
Quentin McGaw
f1f34722ee feat(tun): mention in 'operation not permitted' error the user should specify --device /dev/net/tun 2024-10-28 09:22:08 +00:00
Quentin McGaw
937c667ca8 hotfix(perfectprivacy): fix formatting from previous commit 2024-10-27 17:20:30 +00:00
Christoph Kehl
3c45f57aaa fix(perfectprivacy): update openvpn expired certificates (#2542) 2024-10-27 11:45:25 +01:00
Quentin McGaw
30640eefe2 chore(deps): upgrade dns to v2.0.0-cr7 2024-10-25 14:01:29 +00:00
Quentin McGaw
8567522594 chore(dev): pin godevcontainer image to tag v0.20-alpine 2024-10-20 16:18:52 +00:00
Quentin McGaw
bd8214e648 docs(dev): minor fixes to devcontainer readme 2024-10-20 12:57:58 +00:00
Quentin McGaw
a61302f135 feat(publicip): resilient public ip fetcher (#2518) 
- `PUBLICIP_API` accepts a comma separated list of ip data sources, where the first one is the base default one, and sources after it are backup sources used if we are rate limited.
- `PUBLICIP_API` defaults to `ipinfo,ifconfigco,ip2location,cloudflare` such that it now has `ifconfigco,ip2location,cloudflare` as backup ip data sources.
- `PUBLICIP_API_TOKEN` accepts a comma separated list of ip data source tokens, each corresponding by position to the APIs listed in `PUBLICIP_API`.
- logs ip data source when logging public ip information
- assume a rate limiting error is for 30 days (no persistence)
- ready for future live settings updates
  - consider an ip data source no longer banned if the token changes
  - keeps track of ban times when updating the list of fetchers
 2024-10-19 15:21:14 +02:00
Quentin McGaw
3dfb43e117 chore(netlink): debug log ip rule commands in netlink instead of routing package 2024-10-19 12:43:26 +00:00
Quentin McGaw
2388e0550b hotfix(publicip): return an error if trying to use cloudflare as ip provider for updating servers data 2024-10-11 21:57:25 +00:00
Quentin McGaw
a7d70dd9a3 fix(publicip): lock settings during entire update 
- to prevent race conditions when data is cleared when vpn goes down
 2024-10-11 21:24:18 +00:00
Quentin McGaw
76a4bb5dc3 chore: use gofumpt for code formatting 2024-10-11 19:27:29 +00:00
Quentin McGaw
3daf15a612 chore(lint): fix gopls govet errors 2024-10-11 19:14:50 +00:00
Quentin McGaw
81ffbaf057 feat(build): upgrade Go from 1.22 to 1.23 2024-10-11 18:58:10 +00:00
Quentin McGaw
abe9dcbe33 chore(lint): add new linters and update codebase 
- add canonicalheader
- add copyloopvar
- add fatcontext
- add intrange
 2024-10-11 18:28:00 +00:00
Quentin McGaw
3c8e80a1a4 chore(lint): upgrade linter from v1.56.2 to v1.61.0 
- Remove no longer needed exclude rules
- Add new exclude rules for printf govet errors
- Remove deprecated linters `execinquery` and `exportloopref`
- Rename linter `goerr113` to `err113`
- Rename linter `gomnd` to `mnd`
 2024-10-11 18:05:54 +00:00
Quentin McGaw
694988b32f chore(devcontainer): drop requirement for docker-compose and use devcontainer.json settings directly 2024-10-10 08:34:56 +00:00
Quentin McGaw
ea31886299 docs(devcontainer): update readme 
- remove Windows without WSL step
- update 'remote containers extension' to 'dev containers extension'
- remove invalid warning on directories creation
- simplify customizations section
  - remove "publish a port" since it can be done at runtime now
  - remove "run other services" since it's rather unneeded in this case
  - expand documentation on custom welcome script and where to specify the bind mount
    - use bullet points instead of subsections headings
 2024-10-10 08:33:33 +00:00
Quentin McGaw
5b2923ca65 feat(publicip): add ifconfigco option 2024-10-08 19:03:10 +00:00
Quentin McGaw
432eaa6c04 feat(vpn): run WaitForDNS before querying the public ip address 
- Fix #2325 better
 2024-10-08 11:30:35 +00:00
Quentin McGaw
5fd0af9395 feat(publicip): retry fetching information when connection refused error is encountered 
- Fix #2325
 2024-10-08 11:30:35 +00:00
Quentin McGaw
03deb9aed0 feat(publicip): PUBLICIP_ENABLED replaces PUBLICIP_PERIOD 
- No point periodically fetch the public IP address. Could not find anything mentioning why this was added.
- Simplification of the publicip loop code
- `PUBLICIP_ENABLED` (on, off) can be set to enable or not public ip data fetching on VPN connection
- `PUBLICIP_PERIOD=0` still works to indicate to disable public ip fetching
- `PUBLICIP_PERIOD` != 0 means to enable public ip fetching
- Warnings logged when using `PUBLICIP_PERIOD`
 2024-10-08 11:30:31 +00:00
Jeremy Lin
cbdd1a933c feat(publicip): cloudflare API support (#2502) 2024-10-06 15:30:33 +02:00
Quentin McGaw
99e9bc87cf fix(firewall): deduplicate VPN address accept rule for multiple default routes with the same network interface 2024-10-06 09:48:07 +00:00
Quentin McGaw
9ef14ee070 fix(firewall): deduplicate ipv6 multicast output accept rules 2024-10-06 09:46:47 +00:00
Quentin McGaw
7842ff4cdc fix(firewall): ipv6 multicast output address value 2024-10-06 09:28:39 +00:00
Quentin McGaw
3d6d03b327 fix(firewall): log warning if ipv6 nat filter not supported instead of returning an error 
- Allow to port forward redirect for IPv4 and not IPv6 if IPv6 NAT is not supported
- Fix #2503
 2024-10-05 07:52:30 +00:00
Quentin McGaw
7ebbaf4351 docs(Dockerfile): add OPENVPN_MSSFIX environment variable 2024-09-29 18:01:20 +00:00
Quentin McGaw
c665b13cec fix(settings): prevent using FREE_ONLY and PORT_FORWARD_ONLY together with protonvpn (see #2470) 2024-09-28 17:51:47 +00:00
Quentin McGaw
970b21a6eb docs(Dockerfile): add missing option definitions 
- `STREAM_ONLY`
- `FREE_ONLY`
- Document `PORT_FORWARD_ONLY` is for both PIA and ProtonVPN
 2024-09-28 17:49:03 +00:00
Quentin McGaw
62747f1eb8 fix(storage): add missing selection fields to build noServerFoundError 
- `STREAM_ONLY`, `PORT_FORWARD_ONLY`, `SECURE_CORE_ONLY`, `TOR_ONLY` and target ip options affected
- Refers to issue #2470
 2024-09-28 17:47:56 +00:00
Quentin McGaw
a2e76e1683 feat(server): role based authentication system (#2434) 
- Parse toml configuration file, see https://github.com/qdm12/gluetun-wiki/blob/main/setup/advanced/control-server.md#authentication
- Retro-compatible with existing AND documented routes, until after v3.41 release
- Log a warning if an unprotected-by-default route is accessed unprotected
- Authentication methods: none, apikey, basic
- `genkey` command to generate API keys

Co-authored-by: Joe Jose <45399349+joejose97@users.noreply.github.com>
 2024-09-18 13:29:36 +02:00
Quentin McGaw
07651683f9 feat(providers): add giganews support (#2479) 2024-09-18 13:01:37 +02:00
Quentin McGaw
429aea8e0f docs(github): change and add labels 
- change "config problem" to "user error"
- add "performance" category
- add "investigation" category
 2024-08-25 07:06:33 +00:00
Quentin McGaw
01fa9934bc hotfix(routing): detect vpn local gateway with new routes listing 2024-08-25 07:01:33 +00:00
Quentin McGaw
ff7cadb43b chore(server): move log middleware to internal/server/middlewares/log 2024-08-23 13:46:52 +00:00
Quentin McGaw
540acc915d chore(deps): upgrade vishvananda/netlink from v1.2.1-beta.2 to v1.2.1 2024-08-23 13:46:09 +00:00
dependabot[bot]
703a546c1d Chore(deps): Bump google.golang.org/protobuf from 1.30.0 to 1.33.0 (#2428) 2024-08-22 17:24:39 +02:00