Age | Commit message (Collapse) | Author |
|
Some systems remove firewall rules, is usefull to be able to script the
reload of those rules in hooks or other custom systems.
- Resolves: #9289
|
|
|
|
|
|
- move snap folder to root folder, to allow automated builds
- install only polkit file outside of snap
- change path of bitmask-root accordingly in bitmask
- fix check for polkit file inside snap
- change and document the algorithm for picking bitmask-root in linux
- add LD_LIBRARY_PATH as an environment entry for bitmask-systray
|
|
All the logic to autostart bitmask should not be vpn dependent.
|
|
The IS_${platform} constants are used in more places than the vpn
module. Let's define them in leap.bitmask.
|
|
- duplicate the scripts folder for riseupvpn
- fix renaming of helper
- set openvpn path for riseupvpn
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
We don't update the polkit file normally, for now let's check if it's
installed. It should be more clever, detecting wich file is needed,
depending on wich bitmask-root will be executed. But for now it's just a
dummy check.
|
|
polkit doesn't work inside docker.
|
|
Since bonafide was not catching the error 401, an attempt to bootstrap a
provider that does not support anonvpn with the new setup was resulting
in a json that was containing only an error message.
this was producing an error when trying to access the configuration for
that provider's EIP section.
we now avoid writing a json config file if an error 401 is found, and
also catch the exception for a ValueError when the EIP section is not
found in the provider's configuration.
|
|
|
|
also refactor and move polkit_agent so that it does not depend on having
bitmask on the path.
|
|
|
|
|
|
|
|
|
|
for now, we'll be hardcoding tcp as a more reliable alternative, no
matter what the provider announces.
explicitely specifying ipv4 should fix the case in which vpn fails to
start because ipv6 is disabled.
-Resolves: #9181, #9129
|
|
honor the anonymous certificate for the providers that offer it.
this still needs a change in bonafide, in which if provider supports
anonymous access we still have to download eip-service.json
for testing, I assume this has been already manually downloaded.
|
|
|
|
|
|
|
|
|
|
|
|
In ubuntu 17.10 some changes with systemd-resolved broke our firewall,
blocking all DNS queries. The masquerade rules in the firewall, that
are used to rewrite the source IP address of the DNS queries, were
wrongly modifying the queries to systemd-resolved.
Let's apply masquerade only to the packets addressed to the nameserver.
- Resolves: #9137
|
|
Removing '--persist-ip' param on openvpn it will try to connect to a
different gateway if the first one fails. This means, that in case of
network disconnection for some minutes bitmask will keep rotating
between the different gateways and one the network comes back it will
not connect anymore to the first one, but to the one that was trying at
this moment.
- Resolves: #9188
|
|
I should remember this change when we merge elijah's fix again.
Hopefully that happens soon enough.
|
|
It has been reported that, after this fix, dns leaks happen under some
circumstances not yet clear. Preparing for a release, we have decided to
revert this change until the problem can be properly triaged.
This means a broken vpn aartful support for the time being, but a
non-leaking master.
https://0xacab.org/leap/bitmask-dev/issues/9137
- Related: #9137
|
|
|
|
|
|
Chech the hash of the installed bitmask root and sign as not installed
if doesn't match the one we have in the bundle. Also for running
bitmask-root, if there is more than one (in /usr/local/sbin and
/usr/sbin) run the one with higher version number.
- Resolves: #9020
|
|
|
|
|