- 19 Feb, 2026 2 commits
-
-
Vitaly Lipatov authored
antifilter lists contain IPs with /32 suffix, other lists without. This caused duplicates in resolved file (1.1.1.1 vs 1.1.1.1/32). Strip /32 before sort -u to properly deduplicate. Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
ip route show omits /32 suffix for host routes, but resolved lists from antifilter contain explicit /32. This mismatch caused comm to mark all host routes as stale and delete them immediately after loading. Normalize both sides by stripping /32 before comparison. Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
- 18 Feb, 2026 30 commits
-
-
Vitaly Lipatov authored
Same issue as vlog() — [ -n "$EXTRA_DNS" ] && cmd returns exit code 1 when EXTRA_DNS is empty, which can affect callers. Add || true to all four occurrences. Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
vlog() { [ -n "$VERBOSE" ] && log "..." } returns exit code 1 when VERBOSE is empty, causing &&/|| chains to take wrong branch. This made "Extra DNS unreachable" message appear even when DNS works. Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
- Add new container bydpi.ogw (CT 690, .129) with byedpi DPI bypass - Add ovpn.vdska.egw (CT 688, .128) to documentation - Update ikev2.beget.ogw IP from .12 to .130 - Update mermaid diagram with all new containers Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
- Mark CT 670 (cloak.ovpn.sprintbox) and CT 672 (nfqws.ovpn.sprintbox) as running - Rename CT 677 from ikev2.egw to ikev2.hetzner.egw, move to hetzner group - Rename beget.egw.eterhost.ru to beget.ogw.eterhost.ru - Add DPI blocking note for CT 673 (amneziawg.hetzner.egw) - Update mermaid diagram connections Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
Move from "Остановленные" to "Работающие" section, update mermaid diagram (remove
⏸ , add connections to hetzner and igw routing). Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
Minimal script that only configures interface IP (IPv4+IPv6) without touching routing tables. Used by openconnect-egw.service. Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
Use grep '^[^[:space:]]' instead of wc -l for consistent counting when routes have multipath nexthop lines (3 lines per route). Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
The routes/rules existence check only ran when the hash matched. When the hash changed (e.g. DNS availability) but resolved IPs were unchanged, routes were not reloaded even if empty in kernel. Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
IPv6 addresses like 2a03:5a00:c:20::122 contain hex letters (a-f), matching the *[a-zA-Z]* hostname pattern. Check for colon first to handle IPv6 as literal addresses. Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
grep '\t' in bracket expression matches literal backslash+t, not tab. Use [^[:space:]] which works correctly with multipath nexthop lines. Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
Add check_extra_dns() to probe external DNS (8.8.8.8) reachability. Skip it when unreachable to avoid timeouts. Include availability in route-update.sh hash so routes re-resolve when DNS comes back. Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
Timeout errors from adnshost (especially via 8.8.8.8) should not trigger dig fallback — retrying will also timeout. This was causing 10+ minute delays on hosts where 8.8.8.8 is unreachable. Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
Remove duplicated log/has_option, use read_value, ipcmd_for, table_by_name, resolve_default_gw from shared functions. Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
Replace inline definitions with shared functions: log, has_option, rule_pref, resolve_gw, resolve_default_gw. Use read_value/read_values instead of grep -v '^#' | grep -m1, ipcmd_for instead of manual detection, table_by_name inside lookup_table. Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
Extract common functions used by both route-update.sh and route-health.sh: - log, read_value, read_values, ipcmd_for, has_option, rule_pref - table_by_name, resolve_default_gw, resolve_gw Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
route-update.service: loads/restores policy routes at boot and periodically (5min) route-health.service: monitors gateway health and manages failover (1min) Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
The default (no args) mode already detects missing ip rules and empty routing tables, making --set-rules redundant. This simplifies the interface and service configuration. Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
When a group has set-default in options, route-health.sh now reads gateways in priority order and picks the first healthy one as default. Also refactored health checking into get_health() helper and added rt_tables lookup fallback for table resolution. Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
The set-default option in group options is now handled exclusively by route-health.sh which has access to gateway health data from InfluxDB and can make informed failover decisions. Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
Gateway file now accepts hostnames in addition to IPs and "default". Hostnames are resolved via dig (A for IPv4, AAAA for IPv6). Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
Filter out nexthop continuation lines (starting with tab) when counting routes and detecting stale entries. Fixes incorrect count with multipath. Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
Replace flush+load with replace-all+remove-stale approach: routes are never missing during reload. Add post-update route count verification. Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
Separate lists_hash tracks list file changes independently. When only gateway or options file changed, reuse saved resolved IPs instead of re-resolving all domains. Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
When saved table number differs from current (e.g. after manual rt_tables edit), flush old table and ip rule before reloading into new table. Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
Table number is now resolved by: 1) legacy table file, 2) rt_tables by group name, 3) last octet of gateway IP (auto-registered in rt_tables). New options file support: set-default flag sets system default route via group's gateway. Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
- 17 Feb, 2026 8 commits
-
-
Vitaly Lipatov authored
Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
System Administrator authored
-
Vitaly Lipatov authored
Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
- Update routes6.d structure: replace ogw with gre group (table 222) - Fix NETMAP prefix /120 → /118, show igw as gateway (not egw) - Add OpenVPN NAT66 and Xray L7 proxy sections - Update ip rule show to include gre (pref 2220), add IPv6 packet flow - Document --verbose flag and partial route loss detection (1% tolerance) Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
Previously auto-recovery only triggered when routing table was completely empty. Now it also reloads when route count drops below 99% of expected (from resolved state file). Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-