Age | Commit message (Collapse) | Author |
|
|
|
|
|
|
|
We don't update the polkit file normally, for now let's check if it's
installed. It should be more clever, detecting wich file is needed,
depending on wich bitmask-root will be executed. But for now it's just a
dummy check.
|
|
polkit doesn't work inside docker.
|
|
also refactor and move polkit_agent so that it does not depend on having
bitmask on the path.
|
|
for now, we'll be hardcoding tcp as a more reliable alternative, no
matter what the provider announces.
explicitely specifying ipv4 should fix the case in which vpn fails to
start because ipv6 is disabled.
-Resolves: #9181, #9129
|
|
|
|
|
|
|
|
|
|
In ubuntu 17.10 some changes with systemd-resolved broke our firewall,
blocking all DNS queries. The masquerade rules in the firewall, that
are used to rewrite the source IP address of the DNS queries, were
wrongly modifying the queries to systemd-resolved.
Let's apply masquerade only to the packets addressed to the nameserver.
- Resolves: #9137
|
|
Removing '--persist-ip' param on openvpn it will try to connect to a
different gateway if the first one fails. This means, that in case of
network disconnection for some minutes bitmask will keep rotating
between the different gateways and one the network comes back it will
not connect anymore to the first one, but to the one that was trying at
this moment.
- Resolves: #9188
|
|
I should remember this change when we merge elijah's fix again.
Hopefully that happens soon enough.
|
|
It has been reported that, after this fix, dns leaks happen under some
circumstances not yet clear. Preparing for a release, we have decided to
revert this change until the problem can be properly triaged.
This means a broken vpn aartful support for the time being, but a
non-leaking master.
https://0xacab.org/leap/bitmask-dev/issues/9137
- Related: #9137
|
|
|
|
Chech the hash of the installed bitmask root and sign as not installed
if doesn't match the one we have in the bundle. Also for running
bitmask-root, if there is more than one (in /usr/local/sbin and
/usr/sbin) run the one with higher version number.
- Resolves: #9020
|
|
|
|
|
|
-Resolves: #9119
|
|
Apparently, this would allow us to run in Elementary OS.
-Resolves: #9076
|
|
|
|
|
|
- Resolves: #9099
|
|
|
|
|
|
- Resolves: #9084
|
|
Check it before starting the vpn.
- Resolves: #8895
|
|
|
|
|
|
Don't persist-tun on the vpn, so it can restart properly. Also let's
match better the options that are sent and taken into account from
bitmask-root.
- Resolves: #9048
|
|
the debian package was failing because of a bad polkit policy file name.
|
|
|
|
|
|
by properly allowing openvpn to restart when receiving SIGUSR1, we can
reserve the hard process restarts for cases in which the process is
aborted.
this depends on bitmask-root adding --persist-tun and --persist-key as
mandatory/allowed parameters.
|
|
the restarting flag was not being set.
- Resolves: #8959
|
|
this was producing a bug with parsing options in a recent enough
openvpn.
- Resolves: #8945
|
|
|
|
- use relative paths
- there's still an absolute path (hardcoded, the REFERENCE FOLDER PATH).
This should be changed (sed!) if we want to automate this for CI or for
building in different environments: STILL NEEDS SOME MANUAL WORK.
- Avoid deleting the build folders by default
- Move the plist file to a subfolder
|
|
- plus general pep8 cleanup.
|
|
|
|
|
|
with these fixes, I'm able to finally launch openvpn and firewall on
osx. :)
all that's left for a minimum vpn release is packaging and installing
all the helpers in the proper place.
|
|
|
|
|
|
this commit is porting the polkit launcher from the legacy bitmask
client. if no polkit authentication agent is running, it will try to run
one that is found in the system.
- Resolves: #8836
|
|
|
|
- Resolves: #8786
|
|
|
|
|