| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2018-01-12 | Add Qubes DNS support, fixes | Christopher Laprise | |
| 2018-01-12 | Add anti-leak rules for qubes-firewall | Christopher Laprise | |
| 2018-01-09 | [bug] fix issues with dns resolution with systemd-resolved | Ruben Pollan | |
| In ubuntu 17.10 some changes with systemd-resolved broke our firewall, blocking all DNS queries. The masquerade rules in the firewall, that are used to rewrite the source IP address of the DNS queries, were wrongly modifying the queries to systemd-resolved. Let's apply masquerade only to the packets addressed to the nameserver. - Resolves: #9137 | |||
| 2018-01-08 | [feat] try other gateways if the main one fails | Ruben Pollan | |
| Removing '--persist-ip' param on openvpn it will try to connect to a different gateway if the first one fails. This means, that in case of network disconnection for some minutes bitmask will keep rotating between the different gateways and one the network comes back it will not connect anymore to the first one, but to the one that was trying at this moment. - Resolves: #9188 | |||
| 2017-12-21 | [doc] add note about expected paths to bitmask-root itself | Kali Kaneko | |
| I should remember this change when we merge elijah's fix again. Hopefully that happens soon enough. | |||
| 2017-12-21 | [bug] temporarily revert dnsmasq firewall fix | Kali Kaneko | |
| It has been reported that, after this fix, dns leaks happen under some circumstances not yet clear. Preparing for a release, we have decided to revert this change until the problem can be properly triaged. This means a broken vpn aartful support for the time being, but a non-leaking master. https://0xacab.org/leap/bitmask-dev/issues/9137 - Related: #9137 | |||
| 2017-12-20 | [bug] add lock in command dispatcher | Kali Kaneko | |
| 2017-12-08 | [docs] add comment about python interpreter | Kali Kaneko | |
| 2017-12-07 | [feat] update bitmask-root if needed | Ruben Pollan | |
| Chech the hash of the installed bitmask root and sign as not installed if doesn't match the one we have in the bundle. Also for running bitmask-root, if there is more than one (in /usr/local/sbin and /usr/sbin) run the one with higher version number. - Resolves: #9020 | |||
| 2017-12-05 | [bug] change bitmask-root to work with dnsmasq | elijah | |
| 2017-11-30 | [refactor] use /var/run for osx helper socket | Kali Kaneko | |
| 2017-11-02 | [style] fix formatting | Kali Kaneko | |
| 2017-11-02 | [feature] support deepin polkit agent | Kali Kaneko | |
| -Resolves: #9119 | |||
| 2017-11-01 | [docs] document systray in changelog | Kali Kaneko | |
| - Resolves: #9094 | |||
| 2017-11-01 | [refactor] refactor status object | Kali Kaneko | |
| 2017-11-01 | [feature] display vpn status on systray | Kali Kaneko | |
| 2017-10-25 | [feat] support pantheon polkit agent | Kali Kaneko | |
| Apparently, this would allow us to run in Elementary OS. -Resolves: #9076 | |||
| 2017-10-11 | [style] pep8 | Kali Kaneko | |
| 2017-10-11 | [bug] import linux specific constants inside if block | kali | |
| 2017-10-09 | [bug] properly check for local openvpn path | Kali Kaneko | |
| - Resolves: #9099 | |||
| 2017-10-06 | [style] pep80.10.1 | Kali Kaneko | |
| 2017-10-06 | [bug] use sytem-wide bitmask-root, if found | Kali Kaneko | |
| we make a distinction between the system-wide bitmask-root, which should be placed there by the maintainers of whatever packages your distribution uses, and the bitmask-root that is placed by the bundles (using polkit). since the bundles copying over the helper from user-writeable folders is a potential attack vector, we prefer to use the package's version if present. also, if we cannot find either, we abort the launching of the VPN. we've discussed that this might move to the service initialization instead, but I think the cases in which this is needed should be rare. I fix also a corner-case in which we were using getcwd() at import time. if you execute code and then remove the installation path, this will raise a traceback in bitmaskctl. I think it's nicer to catch the error properly when starting. | |||
| 2017-10-03 | [feat] Update polkit options | Ruben Pollan | |
| 2017-09-29 | [style] pep8 | Kali Kaneko | |
| 2017-09-29 | [bug] look also from bitmask-root in the debian path | Kali Kaneko | |
| 2017-09-29 | [bug] fixes needed to launch vpn on mac after refactor | kali | |
| 2017-09-29 | [bug] check for pkexec only in linux | kali | |
| 2017-09-29 | [bug] create /usr/local/sbin folder if it does not exist | Kali Kaneko | |
| - Resolves: #9084 | |||
| 2017-09-20 | [feat] detect if pkexec is present in the system | Ruben Pollan | |
| Check it before starting the vpn. - Resolves: #8895 | |||
| 2017-09-20 | [bug] flag vpn_ready == false if cert expired | Ruben Pollan | |
| We were not renewing the vpn cert. Now the UI will trigger a cert renewal by telling it that is the vpn is not ready if the cert is expired. - Resolves: #9059 | |||
| 2017-09-15 | [feat] wait up to 20 seconds for polkit to be launched | Ruben Pollan | |
| - Related: #9012 | |||
| 2017-09-15 | [refactor] remove unused 'is_missing_policy_permissions' | Ruben Pollan | |
| 2017-09-15 | [feat] add --nodaemon param to polkit_agent | Ruben Pollan | |
| 2017-09-15 | [docs] having the polkits to try in a list sets already a prio to them | Ruben Pollan | |
| 2017-09-15 | [feat] use psutil to discover polkit process | Ruben Pollan | |
| Better psutil than ps+grep. | |||
| 2017-09-15 | [bug] get the VPN restart working again | Ruben Pollan | |
| Don't persist-tun on the vpn, so it can restart properly. Also let's match better the options that are sent and taken into account from bitmask-root. - Resolves: #9048 | |||
| 2017-09-10 | [bug] add the error as an upper level attribute of the dict | Kali Kaneko | |
| the UI is expecting it there, not inside the result data. we probably could delete it from the later. | |||
| 2017-09-10 | [bug] avoid bogus failed status | Kali Kaneko | |
| there was an exception catched, AttributeError, that showed up as a transient "failed" state. - Resolves: #9044 | |||
| 2017-09-10 | [bug] mark vpn as failed if it had some problem starting | Kali Kaneko | |
| 2017-09-10 | [bug] fix policykit helper paths | Kali Kaneko | |
| the debian package was failing because of a bad polkit policy file name. | |||
| 2017-08-31 | [feat] expose an API to set/get/list gateway preferences | Ruben Pollan | |
| - Related: #9010 | |||
| 2017-08-31 | [feat] list vpn gateways in the order that they are going to be used | Ruben Pollan | |
| 2017-08-31 | [refactor] make the VPN location formating in the cli | Ruben Pollan | |
| 2017-08-30 | [refactor] remove verbose debug info | Kali Kaneko | |
| 2017-08-30 | [bug] catch data tuple with len 5 | Kali Kaneko | |
| 2017-08-30 | [bug] fix typo in logger usage | Kali Kaneko | |
| 2017-08-30 | [bug] add initial ts assignment | Kali Kaneko | |
| 2017-08-30 | [bug] assign initial empty state | Kali Kaneko | |
| 2017-08-30 | [bug] assert vpn management folder exists | Kali Kaneko | |
| 2017-08-30 | [bug] return if cannot parse state | Kali Kaneko | |
 |
index : bitmask-dev.git | |
| [bitmask-dev] | git repository hosting |
| summaryrefslogtreecommitdiff |