rickjames 106 Posted ... I understand many of these features fall well beyond the scope of simply providing vpn connectivity and would most likely require substantial coding but here's my wishlist. -A simple way to download the config files for your Operating system then add them to the client.This could possibly remove the login requirement - and if the resolve hosts in files option was used it might also remove the need for dns lookups before entering the tunnel. -Linux only - the use of conntrack via check box, drop down ect.Possibly check if conntrack is installed then give the option to use it for eth0 tun0 connections with NEW, ESTABLISHED / RELATED and INVALID ect. -Tighter firewall rules after connection is made.Only allow out on eth0 to the single server + port/protocol from the current machines ip.Drop everything else on eth0 in / reject on out. -Option to allow a minimal and/or possibly customizable rule set for tun0.Allow out on tun0 from locally/internally assigned ip on port 80 tcp -> anyAllow out on tun0 from locally/internally assigned ip on port 53 udp/tcp -> air dns serverAllow out on tun0 from locally/internally assigned ip on port 443 tcp -> anyAllow custom port option ?Drop everything else on tun0 in / reject on out. -Linux only - Option to choose user and group connectivity on tun0--uid-owner your_user --gid-owner your_groupThis can cause issues with system updates if run as root. Just tossing it out there. -Linux only - Temporally add sysctl.conf tweaks.-the short listrp_filter 1accept_redirects 0accept_source_route 0disable_ipv6 1tcp_timestamps 0log_martians 1Possibly a icmp_echo_ignore 1 option.Realistic conntrack timeout options if conntrack is used. -Linux and friends with tcp wrappersTemporarily add tcp wrapper rules Deny all / Allow openvpn. Again I don't expect any of these options to be added as its really not up to a vpn provider to provide such features. That, and many of these options are very situational. But since the Eddie client already has features I never thought I'd see in a vpn client, I figured it couldn't hurt to toss these out there. Even if this thread only sparks ideas in others I'll consider it a win. 1 NbK reacted to this Quote Share this post Link to post
zhang888 1066 Posted ... it won't require any substantial coding - and they are actually "already available".How about adding them all to one single shell script, and then asking Eddie calling a specific script after connection?The setup you posted above seem to consist from some iptables,sysctl and setuid parameters. Seems much easier to accomplish your task this way, instead of hard-coding it for everyone, isn't it? Just 2 cents. 1 rickjames reacted to this Quote Hide zhang888's signature Hide all signatures Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees. Share this post Link to post
rickjames 106 Posted ... it won't require any substantial coding - and they are actually "already available".How about adding them all to one single shell script, and then asking Eddie calling a specific script after connection?The setup you posted above seem to consist from some iptables,sysctl and setuid parameters. Seems much easier to accomplish your task this way, instead of hard-coding it for everyone, isn't it? Just 2 cents.Indeed, having a script to apply the changes would be easy. Rolling the settings back after disconnect using system specific/original settings would a bit trickier but not impossible. The Eddie client dev/s already have a nice bit of code for rewrite/replace in linux. I just figured why reinvent the wheel. A thread for hardening would probably be more appropriate. But my feeling is - if something was built into the client, tested by the staff/dev's users might be more likely to trust it. Rather than it coming from me aka ./'a random person on the interwebs lol'. 1 NbK reacted to this Quote Share this post Link to post
Clodo 176 Posted ... As explained by zhang888, if a feature can be a benefit for all users, it can be implemented in Eddie. Otherwise, supporting an enormous list of features that only a little percent of users will use (or understand) is not a recommended approach: it requires UI, docs, testing the support in any OS & versions, and is the road to bloatware. But if someone have a necessity, it MUST be possibile to do it. So, I think that the best approach is allowing this kind of feature requests by adding specific events linked to external script, or maybe think about a plugin-system in Eddie to allow people to implement feature extensions. When a community-script or extension reaches stability and people like it, it can be moved inside the official Eddie. I think this is the best way. But it requires collaboration. 1 rickjames reacted to this Quote Share this post Link to post
Clodo 176 Posted ... -A simple way to download the config files for your Operating system then add them to the client. This could possibly remove the login requirement - and if the resolve hosts in files option was used it might also remove the need for dns lookups before entering the tunnel.DNS lookups are currently not used in Eddie. Eddie downloads a manifest file with the list of servers, and contacts them directly with the entry-IP address in it. I don't understand why you need to download config files: Eddie already builds them internally, and the list is updated in realtime. What you mean with 'login requirement' ? Storing login & password with the remember option is (security) the same as having .ovpn files with the user keys inside.Linux only - the use of conntrack via check box, drop down ect. and Tighter firewall rules after connection is made. and Option to allow a minimal and/or possibly customizable rule set for tun0Thinking about that. Maybe it's useful, but it's difficult to create an UI for settings options like that. Eddie removes the current iptables rules and creates new rules when Network Lock is activated under Linux. Otherwise, by default, people connects to VPN and Eddie doesn't touch the original iptables. If this kind of options is inside the Network Lock feature, it can be implemented, otherwise it's difficult to understand priority (insert or append in current iptables rules).Linux only - Temporally add sysctl.conf tweaks.Can be advanced options. But you use the work "Temporally"... for example, if I set disable_ipv6 to 1 and then I restore it to 0, there are a lot of issues, like route loss. For this reason, ONLY in Eddie under Linux, if IPv6 is enabled, Eddie doesn't turn it off automatically, but asks the user to do it. It's possibile to implement any kind of tweaking, but it MUST be reversible (applied only during the connection or life of the app, restored at end). 1 rickjames reacted to this Quote Share this post Link to post
rickjames 106 Posted ... So, I think that the best approach is allowing this kind of feature requests by adding specific events linked to external script, or maybe think about a plugin-system in Eddie to allow people to implement feature extensions.When a community-script or extension reaches stability and people like it, it can be moved inside the official Eddie.I think this is the best way. But it requires collaboration. As mentioned I really don't expect any of these features to be added to the client. Maintaining compatibility across systems would be a nightmare with a few of these options. But a plugin-system would be very interesting and there's several very knowledgeable users here that would probably contribute. DNS lookups are currently not used in Eddie.Eddie downloads a manifest file with the list of servers, and contacts them directly with the entry-IP address in it. I don't understand why you need to download config files: Eddie already builds them internally, and the list is updated in realtime.I was under the impression dns lookups were required. Thank you for that information Out of curiosity does the client create a tunnel before downloading the manifest/config files? If not could it? What you mean with 'login requirement' ? Storing login & password with the remember option is (security) the same as having .ovpn files with the user keys inside.I was only thinking of users that may want to store the config files in a sudo jail system or a restrictive container of some sort. Linux only - the use of conntrack via check box, drop down ect.andTighter firewall rules after connection is made.andOption to allow a minimal and/or possibly customizable rule set for tun0 Thinking about that. Maybe it's useful, but it's difficult to create an UI for settings options like that.Eddie removes the current iptables rules and creates new rules when Network Lock is activated under Linux.I agree. Difficult and very situational. Tbh I have no idea how to achieve tight tun0 rules across such a wide user base without causing issues for possibly hundreds of users. zhang888's idea for a script system or a plugin-system are both promising. Maybe some sort of security 'slider' option? Tbh I got nuttin lol. -just brainstorming Linux only - Temporally add sysctl.conf tweaks.Can be advanced options. But you use the work "Temporally"... for example, if I set disable_ipv6 to 1 and then I restore it to 0, there are a lot of issues, like route loss.For this reason, ONLY in Eddie under Linux, if IPv6 is enabled, Eddie doesn't turn it off automatically, but asks the user to do it.It's possibile to implement any kind of tweaking, but it MUST be reversible (applied only during the connection or life of the app, restored at end).Agreed, making it reversible without a reboot is the hitch. And offhand I don't recall if ifdown/ifup restores it either. That and the current network lock already works well for killing ip6 traffic. Out of all of this the sysctl settings would probably be the easiest to implement for the systems the eddie client supports. Given the particular settings are easily reversible. I'm not intentionally leaving out windows and mac. I've just been out of the windows loop for so long / I wouldn't even know where to start. And I was never really in the loop for mac. Making a 'hardening' thread would probably be easier. But it seems like only a small percentage of users browse the forums. And many newer linux users aren't terminal savvy or become overwhelmed when looking at pages of settings. If this ends up going the direction of a thread I'll contribute what I can 1 NbK reacted to this Quote Share this post Link to post
bigdaddy 1 Posted ... I wish the developers would work on getting 2.10 to work on El Capitan, OS X users are stuck with 2.9 version when the update comes out. 1 rickjames reacted to this Quote Share this post Link to post
encrypted 13 Posted ... Very simple console GUI (like ncurses, new and exciting v6.0 was released just recently! ) with just the most important functions like status, on-off, network lock, server selection drop-down, logs etc. User could use the currently-less-flaky but relatively bloated (sorry Eddie!) mono GUI for initial setup before killing mono and just having the ncurses GUI around for managing the connection. 1 rickjames reacted to this Quote Share this post Link to post
mr.Rhee 16 Posted ... It has been mentioned elsewhere, I'll stick it in here again anyway (I'm not really nagging... ): The ability to enlarge the fonts (or maginify the entire Eddie interface) would be much appreciated my those of us who use 1080p res' (& other high res' displays too). Not being able to see as well as one once could (if you were once blessed with good vision) is not a problem until it is. Fortunately or unfortunately, as the case may be, that is when most of us find out about this one... That is, when our vision deteriorates with age. Many of us won't use OS/X machines due to the lack of font sizing available in that system. Windows is better, & changing the dpi will get around such problems fairly easily (though that solution is inconvenient at times). Linux gives a great deal more control, though sometimes we just can't adjust the fonts of some apps. Eddie is one of those programs (as wonderful at it is) that I at least, can't find a way to enlarge the fonts of. 1 rickjames reacted to this Quote Share this post Link to post
Staff 9973 Posted ... Linux gives a great deal more control, though sometimes we just can't adjust the fonts of some apps. Eddie is one of those programs (as wonderful at it is) that I at least, can't find a way to enlarge the fonts of. Hello! We're glad to inform you that Eddie developer has put this issue as a priority for the next Eddie release. Kind regards 2 gurejoks and rickjames reacted to this Quote Share this post Link to post
hungryghost 3 Posted ... There are 2 things that would be great to add for eddie client in my opinion: 1. If it was a service (systemd service file, whatever mac calls a service, windows service, init.d etc...)2. Ability to connect to a certain server at startup. I mean one I can specify as opposed to last server used or best server. On that note if best server option is picked then option to completely disconnect and then pick the best server by latency. Also, I agree with this: "Tighter firewall rules after connection is made"I am not 100% sure but I think traffic is going around the vpn sometimes as I see no traffic going through eddie. When I close it and then open it and then close and open my internet applications it works. Quote Share this post Link to post
mr.Rhee 16 Posted ... Linux gives a great deal more control, though sometimes we just can't adjust the fonts of some apps. Eddie is one of those programs (as wonderful at it is) that I at least, can't find a way to enlarge the fonts of. Hello! We're glad to inform you that Eddie developer has put this issue as a priority for the next Eddie release. Kind regards That is great news! All of us who are somewhat sight impaired, truly give our sincere thanks to the one above. 1 rickjames reacted to this Quote Share this post Link to post
hungryghost 3 Posted ... After thinking about it and using the eddie (gnu/linux) client I have a new feature request (if there is already a way to do this please let me know): An additional tab for "my servers" or "preferred servers" or similar. My reasoning is that when I open eddie and I want to connect to another server I have a usual few that I pick from / like. My guess is that I am not alone in this behavior. So, it would be nice to be able to save which servers I like so that I can pick between them without going through the whole list. Okay, thanks for reading. Quote Share this post Link to post
Staff 9973 Posted ... After thinking about it and using the eddie (gnu/linux) client I have a new feature request (if there is already a way to do this please let me know): An additional tab for "my servers" or "preferred servers" or similar. My reasoning is that when I open eddie and I want to connect to another server I have a usual few that I pick from / like. My guess is that I am not alone in this behavior. So, it would be nice to be able to save which servers I like so that I can pick between them without going through the whole list. Okay, thanks for reading. Hello, isn't the white list a good solution for your purpose? Kind regards 1 rickjames reacted to this Quote Share this post Link to post
John D. 1 Posted ... After thinking about it and using the eddie (gnu/linux) client I have a new feature request (if there is already a way to do this please let me know): An additional tab for "my servers" or "preferred servers" or similar. My reasoning is that when I open eddie and I want to connect to another server I have a usual few that I pick from / like. My guess is that I am not alone in this behavior. So, it would be nice to be able to save which servers I like so that I can pick between them without going through the whole list. Okay, thanks for reading. As Staff mentionned whitelist your preferred servers then untick "Show all" below. That's how I set up my favourites servers list. @Staff: It would be nice to have the same "Show All" filter for the "Countries" tab in next Eddie version. Quote Share this post Link to post
UncleHunto 6 Posted ... Work on Linux, with the most recent version of mono ;-) Quote Share this post Link to post
hanswurst77 1 Posted ... @Staff: It would be nice to have the same "Show All" filter for the "Countries" tab in next Eddie version. yes, me too. Quote Share this post Link to post