feat: Switch to WireGuard and add systemd integrations #186
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
tprasadtp
added
enhancement
tprasadtp
added
s/done
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
🎉 New client written from scratch. Please try rc/beta tags and report bugs if any.
To see docs for OpenVPN based container after the PR is merged, see https://github.com/tprasadtp/protonvpn-docker/tree/release/v5.
To try the docker image use
ghcr.io/tprasadtp/protonwire:unstable🎉 New Features 🎉
This should (also close Clarify settings, specially user/pass #182).
systemd-resolvedintegration.🔥 New Experimental Features 🔥
of ufw/iptable/nftables. This uses ip rules to create a sinkhole routing table which blocks all
internet bound outgoing connections. More specifically, this blocks all subnets specified via
PROTONVPN_ALLOWED_SUBNETS_IPV4andPROTONVPN_ALLOWED_SUBNETS_IPV6You don't need to tweak these twoenv variables unless required, sane defaults are used if not specified. (Closes [BUG] - Network traffic leaks during reconnections #122)
are not suffiecient, one can overrride
PROTONVPN_ALLOWED_SUBNETS_IPV4andPROTONVPN_ALLOWED_SUBNETS_IPV6.Both use use comma separated list of CIDRS.
PROTONVPN_EXCLUDE_CIDRSas protonwire will exclude IPV4 addresses from Special-Purpose Address Registry and non-routable IPv6 addresses from being routed over VPN by default. (Closes [BUG] - Webinterfaces not available when connection container through ProtonVPN #146, [BUG] - Cannot connect to port in another network #141, Question: #176)is no longer supported. You can add
--p2p,--streaming,--tor--countryflag to enable client side validation of server features, butclient can no longer select the "best" server as its variable and non-deterministic, depending on
like server load, client IP and client latency and this cannot be supported.
This closes Question #174, and also Adding options for SECURE_CORE and TOR Connections, modified healthch… #161 as partially resolved.
🐛 Bug Fixes 🐛
bundling ping command, nevertheless closes fix: Install iputils-ping #109.
portinstead ofexpose.exposewas used as portpublishes the port and can potentially bypass firewall rules. (Closes [BUG] - Webinterfaces not available when connection container through ProtonVPN #146, [HELP] How does this exactly work? How can I access services behind VPN? #105).
🚧 Known Issues 🚧
Reverts Added natpmpc #179, as static port forwarding is not supported by ProtonVPN (for now) and alpine
repositories do not contain natpmpc. Thus, [RFE] - Port Forwarding #125 (and its duplicate [RFE] - Port Forwarding #142), is still unresolved.
ip route, those routes may bypass killswitch!