ivpn / ivpn.net Goto Github PK
View Code? Open in Web Editor NEWOfficial IVPN Website
Home Page: https://www.ivpn.net/
License: Other
Official IVPN Website
Home Page: https://www.ivpn.net/
License: Other
Add caching policy for static assets:
Test result: FAILED - (No max-age or expires)
Upgrade dependencies in package.json
.
This upgrade will introduce breaking changes for webpack.mix.js
config.
As all JavaScript dependencies and build script are upgraded, sanity check for both static website and client area is required.
I recently switched to IVPN because my DD-WRT router has Wireguard built in. After setting Wireguard up for my entire home, I found that websites would load slowly, or not even load at all. I messed with a combination of things, including changing DNS servers, switching Wireguard servers, etc and still had no luck. I found an article about this same problem, and the solution found was to adjust the MTU size from the default 1460 to 1420. Reason for this - Wireguard as a standard apparently sends packets at that 1420 size. After changing this value, every website was loading without a hitch.
Add additional documentation to the Wireguard setup guide to adjust the MTU to a smaller size (1420 or 1412 worked best).
Simple, not sure if this was an intended slang or not but the second major graphic on the website showing the VPN being used on the phone has a misspelling. The first line is "Yur network is". This is supposed to be "Your". At first I thought it was on purpose until I looked at the desktop version graphic above and it said "Your network is". That's about it, hope I'm not making a fool of myself and missing something; other then that this looks like a great provider :)
We need to update content in CONTRIBUTING.md
:
Home page
Pricing page
Change:
We offer different plans to better suit your needs. Please select one to create your account. You'll be able to switch it anytime in the future with one click.
Change to:
Select a plan to create your account instantly. You can switch between IVPN Standard and Pro any time in the future.
Change:
All IVPN plans include:
Change to:
All IVPN plans include:
Why trust IVPN?
Account page
new client area post creation state
App download drop down is not working in iOS Safari.
JavaScript should detect browser OS and update the Apps URL in the main menu respectively.
Support building Docker image on multiple architectures.
The instructions for starting ivpn at sytem boot using systemd have a couple of problems.
Arch, Headless server. Installed from the AUR.
The unit file in the example depends on ivpn-service.service.
This service uses Type=simple
. system assumes that the service is available the instant the process is spawned. In reality, it takes a fraction of a second before the process begins listening on local TCP sockets.
systemd will then instantly run the ivpn-autoconnect.service
.
Sometimes, this script fails, because ivpn-service is not yet listening.
No VPN connection is activated.
A second problem, is that ivpn-autoconnect.service also uses Type=simple.
The script can fail, but, systemd will assume its success, and move on to the next unit files as soon as the process has started, and not yet failed.
I have my own systemd service, that i only want to start, IF the vpn has successfully connected.
And I only want my service started after the VPN connection is fully established.
When I follow these instructions in their unmodified form, even though my service is set:
Requires=ivpn-autoconnect.service
After=ivpn-autoconnect.service
My service is started, regardless of whether the VPN connected successfully.
Sometimes, ivpn-autoconnect
failed to connect to ivpn-service, because altho the process was running, it had not yet started to listen on local TCP sockets.
Any services that depended on ivpn-autoconnect had eroniously started, because Type=simple
is the wrong choice of service Type for this type of action.
The VPN should have started.
In the event that it did not start for any reason, and dependant services should not have started.
sudo systemctl edit ivpn-service
[Service]
ExecStartPost=sleep 2
[Unit]
Description=Connect to iVPN
After=network.target ivpn-service.service
Requires=network-online.target ivpn-service.service
[Service]
Type=oneshot
ExecStart=ivpn connect -fastest -p OpenVPN
ExecStop=ivpn disconnect
RemainAfterExit=yes
RemainAfterExit=yes
is needed to keep the service marked available after the ivpn cli has exited.
Type=oneshot
means that any dependant unit files will not be processed untill after the ivpn cli has finished connecting.
This also means, that any failed attempt at connecting would prevent dependant units from running.
Which is certainly what a user would expect, and desire. (Otherwise, they would have used Wants=
)
https://www.ivpn.net/knowledgebase/linux/linux-how-do-i-prevent-vpn-leaks-using-iptables/
Styles for code block with instructions needs to be fixed.
On production, on small devices such as iPhone 5S, there is a cutoff in the Home screen, the issue doesn't seem to happen in other pages throughout the website.
Note:
See attached screenshot for further details.
Cutoff in the Home screen on small devices.
The text should be visible, not cutoff issues should be present throughout the website.
This probably involves 2 features:
Publish pre-release builds somewhere on the site and enable users to conveniently install them (eg. adding a custom repo to f-droid given official f-droid can be tedious RE: ivpn/android-app#27). Similar setup for pre-release builds on other platforms.
A guide page for ^
To improve page load performance, we need to disable RocketChat LiveChat widget for mobile devices.
Add IVPN to winget-pkgs
Hey! I was wondering if it'd be possible to add IVPN to Winget -- would love to be able to deploy it on Windows via the native package manager.
I can manually install it just fine, but I've recently moved over from macOS, and IVPN worked on Homebrew there. Either way, thanks for the work you do on this!
Implement support for Braintree 3D Secure.
More info:
https://developers.braintreepayments.com/guides/3d-secure/client-side/javascript/v3
We want to handle a specific Authentication Required (2099)
Braintree error response and display a more specific error message in the UI.
In the new static website, in the login form, the auth validation does not ignore spaces before and/or after the account ID/Email address.
This issue easily reproducible when copying an account ID from the client etc. which sometimes takes an extra space, consequently this could be mislead users to believe that the login has failed for other reasons and increase their frustration.
Login fields, both for the account ID and email login options, should ignore spaces before and/or after the account ID/Email address.
It would be great to see the list of devices that have logged in with an account id. For example, when I try to login with my tablet, I get the message I have exceeded the number of devices allowed, but I'm sure I'm not using it on those many devices. But maybe I logged in on the same device more than once and that's why I get that message(?).
Currently, I see the option to log out of all other sessions
, but I cannot selectively terminate/log out of individual sessions. Basically, I'm hoping for this selective removal.
Not sure if this is the right place to file this issue as it would be nice to see it in other apps too.
Using apt-key
to add a repo key to a Debian or Debian-like system is deprecated because of security implications. Using gpg
directly offers a way to limit security implications. This requires updates to the Linux page on the website and .list files on the repo server at the same time.
https://manpages.debian.org/testing/apt/apt-key.8.en.html
https://wiki.debian.org/DebianRepository/UseThirdParty
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851774
https://www.mail-archive.com/[email protected]/msg764545.html
On this page:
https://www.ivpn.net/apps-linux/
src/content/pages/apps-linux.md
Change the # Add IVPN's GPG key
command from one line to two for the Ubuntu, Debian and Mint code block sections:
curl -fsSL https://repo.ivpn.net/stable/ubuntu/generic.gpg | gpg --dearmor > ~/ivpn-archive-keyring.gpg
sudo mv ~/ivpn-archive-keyring.gpg /usr/share/keyrings/ivpn-archive-keyring.gpg
It would be nice to condense the two line above to one line, though gpg --dearmor
produces binary-like output that can cause unwanted terminal behaviour (can be fixed by typing reset
) and tee
does not seem to have a way to suppress output and output redirection with >
plus sudo
tends not to work as expected.
Updates to the contents of the generic.list
files for Ubuntu, Debian and Mint on the repo server are required as well, which will likely require concurrent co-operation with someone with direct access to the repo server:
https://repo.ivpn.net/stable/ubuntu/generic.list
https://repo.ivpn.net/stable/debian/generic.list
https://repo.ivpn.net/stable/mint/generic.list
Update the contents of the []
section to include a path pointing to the signing key. Here is the change for Ubuntu, for example:
deb [arch=amd64 signed-by=/usr/share/keyrings/ivpn-archive-keyring.gpg] https://repo.ivpn.net/stable/ubuntu ./generic main
I have tested these changes on Debian 10, Ubuntu 16.04 LTS, 20.10, and Mint 20.1.
Upgrade dependencies in package.json
.
As all JavaScript dependencies and build script are upgraded, sanity check for both static website and client area is required.
Make the QR code on the account section bigger as I had trouble scanning.
It would be nice have an RSS feed for the blog so that we could get that content into our RSS reader of choice. :) Apparently it's in the works, but I wanted to open an issue here for more visibility.
Upgrade dependencies in package.json
to the latest version.
Client area should show number of devices logged. It can allow authentic users to verify in real time if their account is not misused without authorisation.
As central authetication server hold record of number of devices logged already, this info can be mirrored into client area in real time.
None in mind yet.
Currently, number of digits after decimal point is inconsistent in the 'load' column on the server status page:
https://ivpn.net/status
For example, some server load is shown as '8%' and some '5.03%', this makes it more difficult to parse these values on a glance.
Expected behaviour
Values in the load column should have fixed number of digits after decimal point across all servers.
On mobile, certain pages in the Guides section have some content cutoff, we need to optimise the tables in order to fix the issue.
Tested on iPhone XR, Safari and Firefox browsers.
Update favicon to new black/red style of IVPN logo.
IVPN Desktop app GitHub repos have been migrated to a mono repo:
https://github.com/ivpn/desktop-app
Change log URLs need to be updated on pages:
https://www.ivpn.net/apps-windows/
https://www.ivpn.net/apps-macos/
https://www.ivpn.net/apps-linux/
Add IPv6 address in Account Settings -> WireGuard -> WireGuard Keys.
Braintree authentication_unavailable
error should not be rejected if 3DS is required.
Liability Shift Possible: false
Liability Shifted: false
Enrolled Value: "U"
Is there any installation tutorial?
I want to regenerate account ID from Client area on my own whenever I desire so.
Client area should offer option to regenerate account ID. So that accounts will be more protected against unfortunate credential thefts.
Ask staff for same which I feel cumbersome and also feels uncomfortable with.
Add a link to the RSS feed in the sidebar of the blog, below Tags.
Hey there, so i was browsing your guys's website and i saw a little typo of sorts, i just want to let all of you know about it.
Here bellow you'll find a screenshot of the the issue talked about above.
Above you'll find a screenshot of the problem i'm talking about.
If for any reason you don't understand the problem of what i'm talk about, then don't hesitate to comment or contact me in any way.
In some cases, when navigating through the main menu and returning to the Home page, the connection info bar displays previous and incorrect state cached by the browser.
https://www.ivpn.net/status/
On the status page, we want to load the flag icons from IVPN server.
We want to show a specific error message for 3D Secure failure.
Based on Braintree documentation:
https://developer.paypal.com/braintree/docs/guides/3d-secure/server-side/ruby
Posts with WireGuard tag render the tag erroneously under blog post body: "Wire guard" instead of the correct format "WireGuard".
E.g: https://www.ivpn.net/blog/ipv6-over-ipv4-available-for-testing/
Displays correctly in blog sidebar.
Add server speed limit in servers status page.
This info should be located in server details, in the following form Line Speed / Configured Speed
.
When enabling 2FA in the client area, we want to add a warning that 2FA is also applied to authentication in the IVPN apps.
After Bob's example stuff, the sentence "As soon as you’re connected, all of your online activity is encrypted and untraceable." can be misleading. I recommend to put there "from the ISP side" at the end.
See: As soon as you’re connected, all of your online activity is encrypted, and untraceable from the ISP side.
In order to copy a WG server's public key, the server has to be expanded, but clicking the WG key to highlight text causes the server details to collapse.
The expanded details tend to collapse before the copying can occur.
The expanded details should remain open to allow for copying the WG public key.
// TODO(you): code here to reproduce the problem
Servers status page update:
/etc/wireguard/ivpn.conf
with only ipv4 configuredsystemctl restart [email protected]
ipv4 continues to work as expected. No ipv6 though.
$ curl -6 ifconfig.co
curl: (7) Couldn't connect to server
Should display my ipv6 address (I guess).
$ cat /etc/wireguard/ivpn.conf
[Interface]
PrivateKey = *HIDDEN*
Address = 172.16.x.y/32, fd00:4956:504e:ffff::xx:yy/128
DNS = 10.0.254.2
[Peer]
PublicKey = rg+GGDmjM4Vxo1hURvKmgm9yonb6qcoKbPCP/DNDBnI=
Endpoint = ca1.wg.ivpn.net:2049
AllowedIPs = 0.0.0.0/0, ::0
$ sudo systemctl restart [email protected]
It is great that bitcoin payment is accepted. However with the current mempool size it is very inefficient to make a on-chain payment. Even the 3-year IVPN PRO plan 220 USD is madness to pay right now.
You have already implemented BTCPay server, so it should be easy to implement LND, C-lightning or Eclair. I would consider implementing CADR (Cryptoanarchy Debian Repository). It is super easy to install and implement. (sudo apt install lnd btcpayserver)
The other option maybe faster to implement for you is to install LND right away. Don't forget to open channels and arrange inbound liquidity.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.