Fix IPv4/IPv6 dual stack (wasn't forwarding IPv6 traffic)

Author: dan-v

README.md

@@ -13,6 +13,7 @@
 * No additional software required for OSX/iPhone - uses native VPN client.
 * Simple Web or CLI installation methods.
 * Automated OS and VPN software updates.
+* Dual stack IPv4/IPv6 enabled.
 
 ## Web Installer (OSX) 
 1. Download the latest pre-built app from the [GitHub Releases](https://github.com/dan-v/dosxvpn/releases) page.
@@ -55,9 +56,10 @@
 5. <b>What is the bandwidth limit?</b> The 512MB DigitalOcean droplet has a 1TB bandwidth limit. This does not appear to be strictly enforced.
 6. <b>Where does dosxvpn store VPN configuration files?</b> You can find all deployed VPN configuration files in your ~/.dosxvpn directory.
 7. <b>How do I SSH into the deployed droplet?</b> Assuming you had public SSH keys uploaded to your DigitalOcean account when the VPN was deployed, all of those keys should be authorized for access. You can SSH using any of those keys: `ssh -i <ssh-private-key> core@<vpn-ip>`. If you had no SSH keys uploaded to your DigitalOcean account, then a temporary key was autogenerated for you and you will need to redeploy if you want SSH access. 
-8. <b>Are you going to support other VPS providers?</b> Not right now.
-9. <b>Will this make me completely anonymous?</b> No, absolutely not. All of your traffic is going through a VPS which could be traced back to your account. You can also be tracked still with [browser fingerprinting](https://panopticlick.eff.org/), etc. Your [IP address may still leak](https://ipleak.net/) due to WebRTC, Flash, etc.
-10. <b>How do I uninstall this thing on OSX?</b> You can uninstall through the Web interface, which will also remove the running droplet in your DigitalOcean account. Alternatively go to System Preferences->Network, click on dosxvpn-* and click the '-' button in the bottom left to delete the VPN. Don't forget to also remove the droplet that is deployed in your DigitalOcean account.
+8. <b>What is the password to login to Pi-hole?</b> The password is `dosxvpn`.
+9. <b>Are you going to support other VPS providers?</b> Not right now.
+10. <b>Will this make me completely anonymous?</b> No, absolutely not. All of your traffic is going through a VPS which could be traced back to your account. You can also be tracked still with [browser fingerprinting](https://panopticlick.eff.org/), etc. Your [IP address may still leak](https://ipleak.net/) due to WebRTC, Flash, etc.
+11. <b>How do I uninstall this thing on OSX?</b> You can uninstall through the Web interface, which will also remove the running droplet in your DigitalOcean account. Alternatively go to System Preferences->Network, click on dosxvpn-* and click the '-' button in the bottom left to delete the VPN. Don't forget to also remove the droplet that is deployed in your DigitalOcean account.
 
 # Powered By
 * [strongSwan](https://strongswan.org/) - IPsec-based VPN software
@@ -68,8 +70,8 @@
 
 # Acknowledgements
 * [trailofbits/algo](https://github.com/trailofbits/algo) - strongSwan configuration is borrowed from this project
-* [jbowens/dochaincore](https://github.com/jbowens/dochaincore) - Deployment code is borrowed from this project
-* [vimagick/strongswan](https://github.com/vimagick/dockerfiles/tree/master/strongswan) - Using a forked version of this docker image for VPN server
+* [jbowens/dochaincore](https://github.com/jbowens/dochaincore) - web deployment code is borrowed from this project
+* [vimagick/strongswan](https://github.com/vimagick/dockerfiles/tree/master/strongswan) - using a forked version of this docker image for VPN server
 
 # Building Source
 1. Install dependency [platypus cli](http://www.sveinbjorn.org/platypus)

services/dosxvpn/dosxvpn.go

@@ -6,6 +6,7 @@ func (s Service) UserData() string {
 	return `
     - name: dosxvpn-sysctl.service
       enable: true
+      command: start
       content: |
         [Unit]
         Description=Handles settings for sysctl
@@ -14,6 +15,8 @@ func (s Service) UserData() string {
         Type=oneshot
         User=root
         ExecStartPre=/usr/sbin/sysctl -w net.ipv4.ip_forward=1
+        ExecStartPre=/usr/sbin/sysctl -w net.ipv4.conf.all.forwarding=1
+        ExecStartPre=/usr/sbin/sysctl -w net.ipv6.conf.all.forwarding=1
         ExecStartPre=/usr/sbin/sysctl -w net.ipv4.conf.all.accept_source_route=0
         ExecStartPre=/usr/sbin/sysctl -w net.ipv4.conf.default.accept_source_route=0
         ExecStartPre=/usr/sbin/sysctl -w net.ipv4.conf.all.accept_redirects=0
@@ -24,7 +27,10 @@ func (s Service) UserData() string {
         ExecStartPre=/usr/sbin/sysctl -w net.ipv4.conf.all.rp_filter=1
         ExecStartPre=/usr/sbin/sysctl -w net.ipv4.conf.default.rp_filter=1
         ExecStartPre=/usr/sbin/sysctl -w net.ipv4.conf.all.send_redirects=0
-        ExecStart=-/usr/bin/echo echo 1 > /proc/sys/net/ipv4/route/flush
+        ExecStartPre=/usr/sbin/sysctl -w net.ipv4.conf.all.send_redirects=0
+        ExecStartPre=/usr/bin/echo 1 > /proc/sys/net/ipv4/route/flush
+        ExecStartPre=/usr/bin/echo 1 > /proc/sys/net/ipv6/route/flush
+        ExecStart=/usr/bin/echo
     - name: dosxvpn-update.service
       content: |
         [Unit]
@@ -35,6 +41,7 @@ func (s Service) UserData() string {
         ExecStartPre=/usr/bin/docker pull dosxvpn/strongswan-updater
         ExecStart=/usr/bin/docker run --rm --privileged -v /var/run/docker.sock:/var/run/docker.sock dosxvpn/strongswan-updater
     - name: dosxvpn-update.timer
+      enable: true
       command: start
       content: |
         [Unit]

services/pihole/pihole.go

@@ -9,6 +9,7 @@ func (s Service) UserData() string {
       content: |
         [Unit]
         Description=pihole /etc/hosts entry
+        ConditionFirstBoot=true
 
         [Service]
         User=root