-
Notifications
You must be signed in to change notification settings - Fork 69
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Not linux, but Debian #2
Comments
@evadogstar Thank you for testing my program. As you have noticed that this program only works on Debian based OS, not Redhat based. Making it work on Fedora requires a lot of code changing and testing. For started, could you tell me which Fedora version are you using? And why is resolvconf requested? |
@evadogstar I've just tested it on Fedora25 (64bit). In the source code, replacing only When it didn't work for you. Exactly what did you do and what is the error message? |
@Dragon2fly Fedora24 Maybe it is possible to add the additional option to use
Need only to add to your script config $usercriptpath, and if it is defined by user then no need of resolvconf and user can set up his own up and down vpn-handler script, portable to his system (openvpn way). other procs:
take a look at the example of vpn-handler script here: https://www.qubes-os.org/doc/vpn/ (search for |
@evadogstar I rechecked the I updated the code. Now Fedora/CentOS user only need to install About executing a About notification, the code already provided an I will make the code use Can use test both |
@Dragon2fly Thanks for fast update. I will test it now, but about the up/down script as "advanced option". Please, If possible add this possibility. I'm on Qubes (with Fedora template) and as already expected my system and config need some additional actions to be executed on connect/disconnect to prevent vpn leaks. The documentation page https://www.qubes-os.org/doc/vpn/ where anti leak script is available and described perfectly. Paragraph: Again. Thank you! p.s. Tested and now script works fine! THANKS! To make it more customize need the up/down script and run openvpn client from specific usergroup (described below), but maybe it's hard to archive. |
@Dragon2fly Oh. Sorry. I started re-write the original anti-leak script from Qubes and have troubles. I'm not advanced unix user to rewrite iptables rules from Qubes example for any regular system unix based. My system already have some specific The original idea of Qubes is to set up To test openvpn up/down script we do not need all of this. We can test that it works with something like this: ~/vpn-handler.sh:
Then Then add to extra optionsto (
vpn-handler.sh - must be variable from config (sorry, does not know how to do it on python) UPDATE
Then I connect to vpn with your script and check the process list with UPDATE Sorry for this big comments and my speak mistakes :) |
@evadogstar I updated my program again. You just need to modify the
Yes, it is possible. You can always write another Again, I hope you can test the updated program and report if it work or not. |
Thanks :) It works! But I need to do more tests. Now, I see only one problem: UPDATE UPDATE Maybe change
This need to add each DNS to iptables to give access only to such ips to prevent any access to other IPs by firewall. |
Hasn't it already worked that way? No matter how the vpn tunnel is terminated,
DNS values are stored in If you want to change DNS within Currently, since all settings are must be store in |
Maybe it's my bad English or some misunderstanding :) But I'm also offered to get DNS from the main program and per-define environment variable with DNS list to I'm about something like this: Sorry for trouble you :) |
Sorry for misunderstanding you. So you need the DNS appeared in the dns=$(cat config.ini | grep -o -P '(?<=^dns = ).*')
dns="${dns//,/}"
echo $dns Then, just use your Perhaps, you should write about your use-case somewhere for other people to follow. Thanks :) |
Thanks! I will test it soon! |
Perfect. Thank you! Now it work fine 👍 p.s. is it ok if i will create new issue to discuss? |
Feel free to do it :) . This issue is about running on Redhat based OS and has been solved. I'll close it now. |
Unfortunately, It's only Debian client, not linux :( It does not work on fedora :( and request at least resolvconf to be installed (Debial package)
The text was updated successfully, but these errors were encountered: