Skip to content

1.0.0
Compare
Choose a tag to compare
@Waldz Waldz released this 22 Dec 10:01
1.0.0
5edb42d
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

This release contains breaking changes, so the forwarder needs to be run differently.

Before it was run on Docker's "bridge" network and you mapped a transparent proxy port to host:

docker run -p 127.0.0.1:8443:8443 --cap-add NET_ADMIN mysteriumnetwork/openvpn-forwarder

Now forwarder MUST be run on the host network:

docker run --name forwarder --network host --cap-add NET_ADMIN mysteriumnetwork/openvpn-forwarder \
    --proxy.bind=0.0.0.0:8443 \
    --proxy.allow=10.13.0.0/16

Also, don't forget to restrict access with --proxy.allow flag, the otherwise transparent proxy port will be accessible from outside

Before traffic was redirected by changing DST address:

iptables -t nat -A PREROUTING -s 10.13.0.0/16 -p tcp -m multiport --dports 80,443 -j DNAT --to-destination 127.0.0.1:8443

Now you need to preserve DST address of IP packets:

iptables -t nat -A PREROUTING -s 10.13.0.0/16 -p tcp -m multiport --dports 80,443 -j REDIRECT --to-ports 8443

1.0.0 (2022-12-20)

Changelog

Full Changelog

Merged pull requests:

  • Handle HTTPS requests without SNI #27 (Waldz)
  • Recover original destination address of redirected requests #26 (Waldz)
  • Implement access log #25 (Waldz)
Assets 2
Loading