Age | Commit message (Collapse) | Author |
|
|
|
|
|
|
|
|
|
in systems with newer openssl, tls 1.0 has been disabled.
however, this breaks the ability of a client in a newer system to
connect with the openvpn servers on providers that are still on stretch.
platform needs to be upgraded.
-Related: https://0xacab.org/leap/bitmask-vpn/issues/105
|
|
-Resolves: #9378
|
|
|
|
when using snap, at least in qubes there's an error if we pick openvpn
from the system. if we're executing from a snap, we should pick the
snap's openpvn.
also disabling for now the ipv6 workaround, since it fails when
attempting to setup the i6 addr on the interface. --pull-filter should
work here, see https://community.openvpn.net/openvpn/ticket/849
|
|
Since we're blocking ipv6, it's nice to avoid resolving dual-stack sites
to ipv6, because many tools don't work otherwise.
- Resolves: #9027
|
|
|
|
|
|
- move snap folder to root folder, to allow automated builds
- install only polkit file outside of snap
- change path of bitmask-root accordingly in bitmask
- fix check for polkit file inside snap
- change and document the algorithm for picking bitmask-root in linux
- add LD_LIBRARY_PATH as an environment entry for bitmask-systray
|
|
|
|
also refactor and move polkit_agent so that it does not depend on having
bitmask on the path.
|
|
for now, we'll be hardcoding tcp as a more reliable alternative, no
matter what the provider announces.
explicitely specifying ipv4 should fix the case in which vpn fails to
start because ipv6 is disabled.
-Resolves: #9181, #9129
|
|
|
|
|
|
|
|
|
|
In ubuntu 17.10 some changes with systemd-resolved broke our firewall,
blocking all DNS queries. The masquerade rules in the firewall, that
are used to rewrite the source IP address of the DNS queries, were
wrongly modifying the queries to systemd-resolved.
Let's apply masquerade only to the packets addressed to the nameserver.
- Resolves: #9137
|
|
Removing '--persist-ip' param on openvpn it will try to connect to a
different gateway if the first one fails. This means, that in case of
network disconnection for some minutes bitmask will keep rotating
between the different gateways and one the network comes back it will
not connect anymore to the first one, but to the one that was trying at
this moment.
- Resolves: #9188
|
|
I should remember this change when we merge elijah's fix again.
Hopefully that happens soon enough.
|
|
It has been reported that, after this fix, dns leaks happen under some
circumstances not yet clear. Preparing for a release, we have decided to
revert this change until the problem can be properly triaged.
This means a broken vpn aartful support for the time being, but a
non-leaking master.
https://0xacab.org/leap/bitmask-dev/issues/9137
- Related: #9137
|
|
|
|
-Resolves: #9119
|
|
Apparently, this would allow us to run in Elementary OS.
-Resolves: #9076
|
|
|
|
|
|
|
|
Don't persist-tun on the vpn, so it can restart properly. Also let's
match better the options that are sent and taken into account from
bitmask-root.
- Resolves: #9048
|
|
|
|
by properly allowing openvpn to restart when receiving SIGUSR1, we can
reserve the hard process restarts for cases in which the process is
aborted.
this depends on bitmask-root adding --persist-tun and --persist-key as
mandatory/allowed parameters.
|
|
|
|
this commit is porting the polkit launcher from the legacy bitmask
client. if no polkit authentication agent is running, it will try to run
one that is found in the system.
- Resolves: #8836
|
|
|