bitmask-dev.git - [bitmask-dev]

Age	Commit message (Collapse)	Author
2018-09-06	[bug] get openvpn from snap, disable ipv6 workaround	Kali Kaneko
	when using snap, at least in qubes there's an error if we pick openvpn from the system. if we're executing from a snap, we should pick the snap's openpvn. also disabling for now the ipv6 workaround, since it fails when attempting to setup the i6 addr on the interface. --pull-filter should work here, see https://community.openvpn.net/openvpn/ticket/849
2018-09-06	[bug] disable temporarily ipv6 as part of the firewall	Kali Kaneko
	Since we're blocking ipv6, it's nice to avoid resolving dual-stack sites to ipv6, because many tools don't work otherwise. - Resolves: #9027
2018-09-06	[bug] search for any openvpn process, the binary name might not match	Ruben Pollan

2018-06-12	[feat] add support for tcp management in bitmask-root	Ruben Pollan

2018-03-02	[pkg] add snap openvpn to bitmask-root	Kali Kaneko

2018-01-25	[feat] hardcode tcp4 in vpn connections	Kali Kaneko
	for now, we'll be hardcoding tcp as a more reliable alternative, no matter what the provider announces. explicitely specifying ipv4 should fix the case in which vpn fails to start because ipv6 is disabled. -Resolves: #9181, #9129
2018-01-16	[bug] fix the systemctl run	Ruben Pollan

2018-01-12	[feat] bump bitmask-root version	Ruben Pollan

2018-01-12	Add Qubes DNS support, fixes	Christopher Laprise

2018-01-12	Add anti-leak rules for qubes-firewall	Christopher Laprise

2018-01-09	[bug] fix issues with dns resolution with systemd-resolved	Ruben Pollan
	In ubuntu 17.10 some changes with systemd-resolved broke our firewall, blocking all DNS queries. The masquerade rules in the firewall, that are used to rewrite the source IP address of the DNS queries, were wrongly modifying the queries to systemd-resolved. Let's apply masquerade only to the packets addressed to the nameserver. - Resolves: #9137
2018-01-08	[feat] try other gateways if the main one fails	Ruben Pollan
	Removing '--persist-ip' param on openvpn it will try to connect to a different gateway if the first one fails. This means, that in case of network disconnection for some minutes bitmask will keep rotating between the different gateways and one the network comes back it will not connect anymore to the first one, but to the one that was trying at this moment. - Resolves: #9188
2017-12-21	[doc] add note about expected paths to bitmask-root itself	Kali Kaneko
	I should remember this change when we merge elijah's fix again. Hopefully that happens soon enough.
2017-12-21	[bug] temporarily revert dnsmasq firewall fix	Kali Kaneko
	It has been reported that, after this fix, dns leaks happen under some circumstances not yet clear. Preparing for a release, we have decided to revert this change until the problem can be properly triaged. This means a broken vpn aartful support for the time being, but a non-leaking master. https://0xacab.org/leap/bitmask-dev/issues/9137 - Related: #9137
2017-12-05	[bug] change bitmask-root to work with dnsmasq	elijah

2017-09-15	[bug] get the VPN restart working again	Ruben Pollan
	Don't persist-tun on the vpn, so it can restart properly. Also let's match better the options that are sent and taken into account from bitmask-root. - Resolves: #9048
2017-08-30	[bug] flatten args to allow keepalive params	Kali Kaneko

2017-08-30	[refactor] restart by allowing to send SIGUSR1 to openvpn process	Kali Kaneko
	by properly allowing openvpn to restart when receiving SIGUSR1, we can reserve the hard process restarts for cases in which the process is aborted. this depends on bitmask-root adding --persist-tun and --persist-key as mandatory/allowed parameters.
2017-02-23	[feature] add install/uninstall command for helpers	Kali Kaneko (leap communications)