Commit graph

9 commits

Author SHA1 Message Date
Ivan Bondarev
702d3aff5b
Release v5.18.1: --force port change, full-tunnel iOS ::/0, dual DNS, low ports
Some checks failed
Docs consistency / docs-consistency (push) Has been cancelled
ShellCheck / Lint and syntax check (push) Has been cancelled
Tests / unit-tests (push) Has been cancelled
Bug-fix release. Four fixes plus documentation.

- install --force --port=N now changes the server port (was silently ignored: the render re-read the old ListenPort).
- full-tunnel clients get 0.0.0.0/0, ::/0 so AmneziaVPN on iOS accepts the all-traffic mode; manage regen upgrades non-customized clients too.
- default client DNS is now the 1.1.1.1, 1.0.0.1 pair.
- --port accepts ports 1-65535 (was 1024-65535) so 443/80/53 work for DPI evasion on mobile carriers.

Docs: CHANGELOG, S3/S4 range fix, stale issue link cleanup, Ubuntu 26.04 in the subtitle, --force re-run FAQ, a mobile-port note.
Live-tested on Debian 13 (x86_64) and Ubuntu 26.04 (ARM64, native IPv6).
2026-06-28 09:20:07 +03:00
Ivan Bondarev
ed8945d54d
feat(obfuscation): pass special-junk params I2-I5 through to clients (#71)
Some checks are pending
Docs consistency / docs-consistency (push) Waiting to run
ShellCheck / Lint and syntax check (push) Waiting to run
Tests / unit-tests (push) Waiting to run
Wire all five CPS special-junk params I1-I5 from the server awg0.conf into client configs (.conf, QR, vpn://). Previously only I1 reached clients; I2-I5 were hard-coded empty and undeliverable. Scope = variant 1 of #71: the admin sets I2-I5 in awg0.conf and manage regen distributes them; no new CLI flags. RU/EN in lockstep, SHA pins recomputed, docs (ADVANCED/ROADMAP/CHANGELOG RU+EN), new bats coverage. Release v5.18.0.
2026-06-27 11:26:07 +03:00
Ivan Bondarev
313b0007d1
feat(firewall): clamp TCP MSS to the tunnel MTU (v5.17.0) (#139)
Some checks failed
Docs consistency / docs-consistency (push) Waiting to run
ShellCheck / Lint and syntax check (push) Waiting to run
Tests / unit-tests (push) Has been cancelled
Add an automatic TCPMSS --set-mss rule (mangle FORWARD, both directions, SYN only) to the server PostUp/PostDown, derived from AWG_MTU (1240 v4 / 1220 v6), fixing the PMTU blackhole on mobile/double-NAT/cascade paths. Ships v5.17.0 with tests, SHA pins, CHANGELOG and docs. Smoke-tested on x86_64 and ARM64 (IPv4 + IPv6).
2026-06-24 19:03:24 +03:00
Ivan Bondarev
8152bd21c0
docs: refresh ROADMAP recently-shipped with v5.16 themes and companion guides (#126)
Add three evergreen themes to Recently shipped / Уже сделано (RU+EN):
security and reliability hardening, correct iOS behavior in the default
routing mode, and the companion guides (official-app comparison and the
two-server cascade). Keeps the page theme-based, not a dated changelog.
2026-06-16 17:50:00 +03:00
Ivan Bondarev
902f4d787b
release: v5.15.6 - input validation, atomicity and a JSON status field
A hardening and quality release that finalizes two accumulated workstreams.

Code-audit hardening (manage/awg_common/install):
- modify validates DNS as real IPv4/IPv6; octet-range check on the detected public IP
- --expires validated before client creation; --psk fails closed
- atomic .vpnuri and QR writes via the shared safe-temp helper; one shared client-artifact cleanup
- content-aware expiry cron; restore guards for an empty server/clients backup
- INT/TERM abort the script with exit 130/143 instead of falling through

Machine-readable status (additive, backward-compatible):
- list --json and stats --json also emit a stable status_code enum
  (active | recent | inactive | no_handshake | key_error | no_data);
  the localized status field is kept

Docs and process:
- accurate CLI help (--endpoint FQDN/IPv4/[IPv6], --no-tweaks note), README diagnose/repair-module rows
- ARM coverage for Ubuntu 26.04 (DKMS); docs-check enforces the OS x arch x prebuilt-target matrix
- CI badges, signing-doc cleanup, clearer issue/PR templates

Release mechanics: version and date bumped to 5.15.6 across the six scripts,
helper SHA pins recomputed, CHANGELOG (RU + EN) updated, pinned raw-URL tags and
README badges bumped. Default install behavior and the support matrix are unchanged.
2026-06-08 14:40:03 +03:00
Ivan Bondarev
13203c6293
v5.15.3 - maintenance release (validator hardening, audit fixes, CI tooling) (#100)
Hardening release after four rounds of external code and documentation audits: installer input validators brought to canonical parity, manage restore/modify correctness fixes, atomic file operations, reproducible ARM builds with a pinned module ref and build manifest, bilingual release notes built by release.yml, an 8x faster Unicode-aware docs consistency check, and documentation accuracy fixes across README, INSTALL_VPS, ADVANCED, RELEASE_PROCESS and the Code of Conduct. Test suite grows to 788 checks; live-tested on clean Ubuntu 24.04 x86_64, Ubuntu 26.04 ARM64 and Debian 13 VPSes including real cross-continent AWG 2.0 handshakes.
2026-06-04 05:14:46 +03:00
Ivan Bondarev
1cbee098ca
v5.15.1 - maintenance release (audit fixes, IPv6 hardening, release gate)
Maintenance release after external code and documentation audits. No new
features; hardens the v5.15.0 dual-stack IPv6 work, tightens several manage
commands, fixes correctness and robustness issues, and adds a release
preflight gate plus a docs-consistency check.

Behavior change: split tunnel + IPv6 mirrors the IPv4 intent - a custom
ALLOWED_IPS keeps that IPv4 split and adds only the tunnel ULA for IPv6
instead of forcing a full ::/0 route. A full tunnel still gets ::/0 (native
IPv6) or the ULA.

Fixed: vpn:// URI carries the server's real MTU/keepalive/DNS; stricter
native-IPv6 detection (global non-ULA address and default route) with the
host IPv6 stack re-enabled before detection; install fails fast on apt update
errors; manage modify validates Endpoint/AllowedIPs; manage add is safe
against name reuse and cleans partial artifacts; manage restore prunes stale
clients/keys and recreates the expiry dir; manage help exit codes; manage
--json keeps stdout pure JSON; log messages stop doubling percent signs.

Docs/process: subnet and OS help accuracy, list --json documented, changelog
compare-links and anchors restored, SECURITY/CONTRIBUTING refreshed, public
RELEASE_PROCESS.md, release publish gated behind a full preflight job, new
docs-consistency workflow, signing design aligned with the asset draft.

Version bumped to 5.15.1 across all six scripts; SHA pins recomputed.
2026-06-02 14:08:36 +03:00
Ivan Bondarev
3d974af9e7 fix: address second-pass review findings (HIGH/MEDIUM bundle)
Second independent review of the three preceding commits surfaced:

1. (HIGH) tests/test_v5140_public_ip_services.bats - SC2318 in curl mocks:
   `local args=("$@") url="${args[$((${#args[@]} - 1))]}"` references the
   array on the same `local` line where it is being assigned. ShellCheck
   flags this and the assignment is unreliable. Split into two `local`
   statements. Bats suite still passes 11/11 after the fix.

2. (MEDIUM) ADVANCED.md / ADVANCED.en.md - the legacy split-tunneling
   paragraph still claimed the default AllowedIPs = 0.0.0.0/0 covers the
   tunnel subnet automatically. README was already corrected in edf4f7b;
   ADVANCED is now mirrored: coverage depends on --route-all vs the
   default --route-amnezia (Amnezia List excludes 10.0.0.0/8) vs custom.

3. (HIGH) docs/SIGNING_DESIGN.md - threat model overclaimed coverage of a
   GitHub-account compromise. KEYS.txt is fetched from the same trust
   domain, so a first-time user in a single compromised session is in a
   TOFU window. Reworded "Covered" / "Partially covered" / "NOT covered"
   sections, added the recommendation to publish the public-key
   fingerprint via at least one out-of-band channel.

4. (MEDIUM) docs/SIGNING_DESIGN.md - added rollback / misbinding to NOT
   covered, plus a minisign trusted-comment binding (tag + filename) in
   the signing flow so an old signature paired with a different file or
   release fails verification.

5. (MEDIUM) docs/SIGNING_DESIGN.md - changed the README "Verifying
   releases" checklist item from DONE to TODO. README has no minisign
   section yet; will be added when KEYS.txt is published so the section
   is actionable rather than vapor.

6. (LOW) docs/SIGNING_DESIGN.md - narrowed the GPG comparison to "does
   not protect the curl-to-raw or release-asset download path" (verified
   tags do cover the blobs they point at if the user verifies the tag
   first). Replaced two broken references (NixOS signing-prefixes and
   minisign #why-not-gpg anchor) with the minisign source repo and
   OpenBSD signify man page - both stable and on-topic.

No behavior change in scripts; only test ergonomics + docs accuracy.
2026-05-18 22:48:01 +03:00
Ivan Bondarev
8c14921f32 docs(security): release signing design (minisign) - planning for v5.14+
Spec for adding detached minisign signatures to installer/management
scripts and tagged releases. The proposal:

- Keypair generated offline by the maintainer, public key published as
  KEYS.txt in the repo root, private key NEVER exposed to GitHub Actions
  (this is the whole point - signing must be local to the maintainer).
- Per-release signing happens on the maintainer's machine before
  'git push origin vX.Y.Z'; .minisig files attached to the GitHub Release
  as assets either manually (gh release upload) or via the draft workflow
  at docs/release-sign.yml.draft.
- User-side verification: 'minisign -V -p KEYS.txt -m <script> -x <sig>'.

This commit is design + drafts only. Workflow stays under docs/ until the
public key is committed and signatures of pre-release assets are tested.
SECURITY.md gains a 'Release integrity (planned)' section.

Activation is user-action-blocked (maintainer must generate the offline
keypair). Closes implementation gap surfaced by competitor analysis
2026-05-18 (pwnnex/ByeByeVPN ships signed releases + SBOM).

Files added:
  docs/SIGNING_DESIGN.md       - threat model, tool choice, signing flow
  docs/release-sign.yml.draft  - GitHub Actions workflow draft
  SECURITY.md +6                - 'Release integrity (planned)' section
2026-05-18 22:37:31 +03:00