bitmask-vpn.git/helpers, branch main

[pkg] allow colon in tls-ciphers

2022-06-08T12:50:58+00:00

[pkg] keep backwards-compatibility for helper location

2022-06-08T12:41:07+00:00

I am honestly amazed at all the things that went wrong with the commit
a0f8afb97d2218b4f987779c5b2b by sam:

- attempted to fix something that was not broken
- bumped the build dependency from go 1.14 to go 1.17, even when he had
  been warned that we try to keep backward compatibility to be able to
  build the client in standard or limited enviroments.
- if you (meaning, any future maintainer) are tempted to bump the go
  version we depend on again, please make sure that the snap, win and
  mac build procedures are updated accordingly.
- removing one extra dependency is ok, but maintaining compabilitiy for
  builds is even more importan-ter.
- you cannot just change paths of a top-level folder without grepping
  for the use of those paths. period. I see you fixed linux in
  5ed27792f38e974922a8u, but branding/ scripts still depend on that.
- if you are going to do this, please open a review process and wait for
  others to chime in.
- if you are not sure, just fucking ask.

(I better won't mention how many hours were invoiced for this commit,
because that's fucking unprofessional, lol).

on the positive side, i've learned a few things that can go to a style
guide in the near future. that's something, I guess :)

Remove dependency on statik and use go:embed

2022-03-15T13:32:05+00:00

This removes a dependency by using the built-in go:embed functionality
introduce in Go 1.16 instead of statik for embedding files.
This means that Go 1.16+ would now be required to build the VPN.

Signed-off-by: Sam Whited

[feat] whitelist log file

2021-12-08T18:54:34+00:00

[bug] let's float

2021-11-30T20:22:39+00:00

[feat] pass udp flag to bitmask-root

2021-11-23T20:51:20+00:00

helpers/bitmask-root: the ip command is sometimes in /bin/

2021-09-23T09:55:41+00:00

Upstreamed patch from Gentoo Linux

We put bin before sbin because we want sbin to have the
higher priority

Signed-off-by: Andrew Ammerlaan

[bug] ignore ip/routes if ipv6 is disabled

2021-07-06T17:40:37+00:00

- Resolves: #457

[feat] allow to define explicitely allowed private address

2021-06-14T19:45:58+00:00

By default, bitmask-root allows traffic to devices in local networks.

However, this behavior depends on it correctly identifying the local
network of the default route, and it can fail on more complex network
setups (one common failure mode is when one of the ifaces gets a
link-local ip).

This commit introduces an explicit mechanism, by parsing lines in

/etc/bitmask/ipv4.allow
/etc/bitmask/ipv6.allow

If valid private ips are defined in either of the files, the behavior
will change to fail close for local devices, and allow traffic (both tcp
and udp) to the defined ips, on all ports.

- Resolves: #503

allow route command, needed for obfs4

2021-05-17T15:52:43+00:00