Merge pull request #70 from corrad1nho/develop

Develop

CHANGELOG.md

@@ -1,5 +1,29 @@
 ## Changelog
 
+version 0.8.2:
+- [new] added AzireVPN
+- [new] option to specify key for Airvpn
+- [change] fast/random option added to profiles
+- [change] order of latency checks now based on previous results
+- [change] tidied up directory structure
+- [change] checks if ipv6 is available
+- [change] auto-updates for different providers won't run concurrently
+- [change] check if IPv6 is available before setting iptables rules
+- [change] don't generate new WireGuard keys on auto-update
+- [change] allow importing new servers if firewall is active but VPN is not
+- [bugfix] firewall not deactivating after gui exit (if the respective option is set)
+- [bugfix] detection of service crashes is not reliable
+- [bugfix] Windscribe auto-update fails because of authentication error
+- [bugfix] compatibility with older Qt5 versions 
+- [bugfix] previous iptables rules not always restored
+- [bugfix] crashes if ipv6 stack not available
+- [bugfix] OpenVPN config changes overwritten on update
+- [bugfix] Debian packages remove /usr/share/qomui directory on update
+
+##### Additional notes:
+- Re-importing config files from supported providers is strongly recommended as they are now saved in a different location. 
+- If you are using Debian/Ubuntu packages Qomui must be removed (sudo apt purge qomui) and then installed again due to a bug in the postrm script. 
+
 version 0.8.1:
 - [change] option to restart qomui-service from gui if it crashes
 - [change] added exceptions for all DBus calls

README.md

@@ -4,18 +4,15 @@
 Qomui (Qt OpenVPN Management UI) is an easy-to-use OpenVPN/WireGuard gui for GNU/Linux with some unique features such as provider-independent support for double-hop connections. Qomui supports multiple providers with added convenience when using AirVPN, PIA, ProtonVPN, Windscribe or Mullvad. 
 
 ### Features
-- should work with all VPN providers that offer OpenVPN config files
-- automatic download function for Mullvad, Private Internet Access, Windscribe, ProtonVPN and AirVPN 
-- support for OpenVPN over SSL and SSH for AirVPN and OpenVPN over SSL for Windscribe (Stealth Mode)
+- works with all VPN providers that offer OpenVPN/WireGuard config files
+- easy-to-use gui written in PyQt5
+- automatic download function for Mullvad, Private Internet Access, Windscribe, ProtonVPN and AirVPN including support for OpenVPN over SSL and SSH for AirVPN and OpenVPN over SSL for Windscribe (Stealth Mode)
 - allows double-hop VPN connections (VPN chains) between different providers
-- gui written in PyQt including option to minimize application to system tray 
+- killswitch & leak protection via an iptables-based, configurable firewall that blocks all outgoing network traffic in case the VPN connection breaks down
+- provides the possibility to allow applications to bypass the VPN tunnel, open a second VPN tunnel or use the VPN only for specific applications
+- supports WireGuard
+- command-line interface 
 - security-conscious separation of the gui and a D-Bus service that handles commands that require root privileges
-- protection against DNS leaks/ipv6 leaks
-- iptables-based, configurable firewall that blocks all outgoing network traffic in case the VPN connection breaks down
-- allow applications to bypass the VPN tunnel, open a second VPN tunnel or use the VPN only for specific applications
-- experimental support for WireGuard
-- command-line interface
-- automatic weekly updates of server configurations for supported providers - experimental
 
 ### Screenshots
 Screenshots were taken on Arch Linux/Plasma Arc Dark Theme - Qomui will adapt to your theme.<br/>
@@ -43,9 +40,22 @@ Qomui contains two components: qomui-gui and qomui-service (and qomui-cli: see b
 
 Current configurations for AirVPN, Mullvad, ProtonVPN, PIA and Windscribe can be automatically downloaded via the provider tab. Qomui will update these once a week if you choose to enable the respective setting in the options tab. For all other providers you can conveniently add a config file folder. Qomui will automatically resolve host names, determine the location of servers (using geoip-database) and save your username and password (in a file readable only by root). 
 
-Once you added server configurations, you can browse and filter them in the server tab. Furthermore, you can mark servers as favourites and connect to one of them randomly. To see a list of all favourited servers click on the star in the upper right. 
-
-### Firewall - Network lock
+Once you added server configurations, you can browse and filter them in the server tab. Furthermore, you can mark servers as favourites and connect to one of them randomly. To see a list of all favourited servers click on the star in the upper right. There is also an option to create connection profiles in the respective tab. Profiles will select a server automatically based on the criteria you set. Criteria include protocol (OpenVPN or WireGuard), countries, providers and one of the following selection modes:
+- ***Random:*** Chooses a random server among all servers matching the profile
+- ***Fastest:*** Chooses the fastest server matching the profile based on latency. For this option to work properly the "Perform latency checks" option needs to be ticked.
+- ***Fast/Random:*** Chooses a random server among the fastest twenty percent. If you profile includes more than one country, the algorithm also increases the chance to select a server from a different country next. 
+
+### Options
+- ***Autoconnect/reconnect:*** Automatically connect to the last server/last profile once a new internet connection has been detected or after the OpenVPN process has died unexpectedly.
+- ***Start minimized:*** Hides the application window on startup. This only works if your desktop environment supports tray icons.
+- ***Auto-update:*** Updates server configurations for supported providers automatically every five days.
+- ***Perform latency check:*** Checks server latency and sorts servers accordingly.
+- ***Disable IPv6:*** Completely disables the IPv6 stack systemwide. This is not recommended unless you know what you are doing.
+- ***Allow OpenVPN bypass:*** See bypass section below.
+- ***Activate Firewall:*** See firewall section below.
+- ***Alternative DNS Servers***: Enforces the usage of custom DNS servers instead of those by your provider. The DNS servers set here will also be used for bypass mode if you don't launch a secondary VPN tunnel.
+
+### Firewall (Killswitch)
 It is highly recommended to activate the firewall to prevent against ipv6 and DNS leaks. By default, once qomui-service has been started, all internet connectivity outside the VPN tunnel will be blocked whether or not the gui is running. Hence, your system will be always protected if you enable qomui-service via systemd. Depending on your distribution, it might be necessary to disable preinstalled firewall services such as ufw or firewalld to avoid conflicts. Alternatively, the "Edit firewall" dialog in the options tab offers a setting to enable/disable the firewall only if you start/quit the gui. You can also add custom iptables rules there. 
 
 ### Double-Hop
@@ -67,7 +77,7 @@ The bypass feature also allows you to open a second OpenVPN tunnel (this does cu
 You can add WireGuard config files from any provider as easily as OpenVPN files. WireGuard configs for Mullvad are now downloaded automatically alongside their OpenVPN configs as long as WireGuard is installed. If you choose to manually import WireGuard config files, Qomui will automatically recognize the type of file. As of now, WireGuard will not be installed automatically with DEB and RPM packages. You can find the official installation guidelines for different distributions [here](https://www.wireguard.com/install/).
 
 ### Cli
-The cli interface is still experimental and missing some features, e.g. automatic reconnects. Avoid using the cli and the Gui concurrently. 
+The cli interface is still experimental and missing some features, e.g. automatic reconnects. Avoid using the cli and the gui concurrently. 
 
 #### Example usage
 
@@ -97,23 +107,33 @@ Qomui has been my first ever programming experience and a practical challenge fo
 
 ### Changelog
 
+#### version 0.8.2:
+- [new] added AzireVPN
+- [new] option to specify key for Airvpn
+- [change] fast/random option added to profiles
+- [change] order of latency checks now based on previous results
+- [change] tidied up directory structure
+- [change] checks if ipv6 is available
+- [change] auto-updates for different providers won't run concurrently
+- [change] check if IPv6 is available before setting iptables rules
+- [change] don't generate new WireGuard keys on auto-update
+- [change] allow importing new servers if firewall is active but VPN is not
+- [bugfix] firewall not deactivating after gui exit (if the respective option is set)
+- [bugfix] detection of service crashes is not reliable
+- [bugfix] Windscribe auto-update fails because of authentication error
+- [bugfix] compatibility with older Qt5 versions 
+- [bugfix] previous iptables rules not always restored
+- [bugfix] crashes if ipv6 stack not available
+- [bugfix] OpenVPN config changes overwritten on update
+- [bugfix] Debian packages remove /usr/share/qomui directory on update
+
+##### Additional notes:
+- Re-importing config files from supported providers is strongly recommended as they are now saved in a different location. 
+- If you are using Debian/Ubuntu packages Qomui must be removed (sudo apt purge qomui) and then installed again due to a bug in the postrm script. 
+
 #### version 0.8.1:
 - [change] option to restart qomui-service from gui if it crashes
 - [change] added exceptions for all DBus calls
 - [change] improved support for non-systemd distributions
 - [change] detecting and closing simultaneously running instances
 - [bugfix] Airvpn auto-download fixed
-
-#### version 0.8.0:
-- [new] connection profiles 
-- [new] support for custom scripts
-- [change] configurations for Airvpn are now downloaded directly
-- [change] removed minimize option if system tray not available
-- [change] download new Mullvad config/certificates  
-- [change] added scroll areas to some tabs
-- [change] added options for profiles to tray menu
-- [change] window state now recognized correctly
-- [bugfix] improved stability and reliability of network detection 
-- [bugfix] manually imported WireGuard servers don't connect
-- [bugfix] Qomui crashes when downloading Airvpn configs
-- [bugfix] fixed Mullvad & Windscribe configs

VERSION

@@ -1 +1 @@
-0.8.1
+0.8.2

qomui/bypass.py

@@ -45,12 +45,9 @@ def create_cgroup(user, group, interface, gw=None,  gw_6=None, default_int=None)
             rt_tables.write("11 bypass_qomui\n")
         logging.debug("Bypass: Created new routing table")
 
-    for rule in cgroup_iptables:
-        firewall.add_rule(rule)
-
+    firewall.batch_rule(cgroup_iptables)
     if gw_6 != "None" and default_int == interface:
-        for rule in cgroup_iptables:
-            firewall.add_rule_6(rule)
+        firewall.batch_rule_6(cgroup_iptables)
 
     else:
         logging.debug("Blocking ipv6 via bypass_qomui")
@@ -61,9 +58,7 @@ def create_cgroup(user, group, interface, gw=None,  gw_6=None, default_int=None)
         cgroup_iptables.insert(2, ["-I", "OUTPUT", "1", "-m", "cgroup", "--cgroup", "0x00110011", "-j", "DROP"])
         cgroup_iptables.pop(3)
         cgroup_iptables.insert(3, ["-I", "INPUT", "1", "-m", "cgroup", "--cgroup", "0x00110011", "-j", "DROP"])
-
-        for rule in cgroup_iptables:
-            firewall.add_rule_6(rule)
+        firewall.batch_rule_6(cgroup_iptables)
 
     try:
         check_call(["ip", "rule", "add", "fwmark", "11", "table", "bypass_qomui"])
@@ -126,11 +121,8 @@ def delete_cgroup(interface):
     except CalledProcessError:
         pass
 
-    for rule in cgroup_iptables_del:
-        firewall.add_rule(rule)
-
-    for rule in cgroup_iptables_del:
-        firewall.add_rule_6(rule)
+    firewall.batch_rule(cgroup_iptables_del)
+    firewall.batch_rule_6(cgroup_iptables_del)
 
     try:
         os.rmdir(cgroup_path)
@@ -152,8 +144,7 @@ def set_bypass_vpn(interface, interface_cmd, tun, tun_cmd):
                     "-o", interface, "-j", "MASQUERADE"
                     ]]
 
-    for rule in postroutes:
-        firewall.add_rule(rule)
-        firewall.add_rule_6(rule)
+    firewall.batch_rule(postroutes)
+    firewall.batch_rule_6(postroutes)
 
 

qomui/dns_manager.py

@@ -56,12 +56,12 @@ def dns_request_exception(action, dns_1, dns_2, port):
         logging.info("iptables: removing exception for DNS requests")
 
     for p in protocols:
-        rules.append([action, 'OUTPUT', '1', '-p', p, '--dport', port, '-j', 'ACCEPT'])
-        rules.append([action, 'INPUT', '1', '-p', p, '--sport', port, '-j', 'ACCEPT'])
+        rules.append([action, 'OUTPUT',  '-p', p, '--dport', port, '-j', 'ACCEPT'])
+        rules.append([action, 'INPUT', '-p', p, '--sport', port, '-j', 'ACCEPT'])
 
     for rule in rules:
         firewall.add_rule(rule)
-        firewall.add_rule_6(rule)
+        firewall.add_rule(rule, ipt="ip6")
 
     #set_dns(dns_1, server_2=dns_2)