NordVPN verison update, IP-NF tables check, NordWhisper

MattsBos · MattsBos · commit 3dd17c0db43f · 2025-02-23T15:45:29.000+01:00
diff --git a/docker-compose/.env b/docker-compose/.env
@@ -7,6 +7,8 @@ NORDVPN_TOKEN=abcdefgh12345678
 NORDVPN_TOKENFILE=/path/to/tokenfile
 # Enable debug mode, anything non-empty will ENABLE. Use this if you need more verbose error logging.
 NORDVPN_MESHNET_DEBUG=
+# Enable the NordWhisper protocol, anything non-empty will ENABLE. Do not use this placeholder, NordWhisper is not yet available for Meshnet!
+# NORDVPN_WHISPER=
 # Healthcheck interval in seconds, default is 300.
 NORDVPN_HEALTHCHECK_INTERVAL=300
 # Healthcheck URL to verify if connectivity is up. Replace this with something on your Meshnet (if available), defaults to Google.
diff --git a/docker-compose/docker-compose.yml b/docker-compose/docker-compose.yml
@@ -1,7 +1,7 @@
 version: "3"
 services:
   meshnet:
-    image: ghcr.io/mattstechinfo/meshnet:v3.17.0
+    image: ghcr.io/mattstechinfo/meshnet:v3.20.0
     restart: unless-stopped
     cap_add:
       - NET_ADMIN
diff --git a/fs/etc/services.d/nordvpn/run b/fs/etc/services.d/nordvpn/run
@@ -1,5 +1,21 @@
 #!/bin/bash
 
+legacy_supported=$(lsmod | grep ip_tables >/dev/null 2>&1 && echo yes || echo no)
+nft_supported=$(lsmod | grep nf_tables >/dev/null 2>&1 && echo yes || echo no)
+if [ x$IPTABLES = xlegacy ] ; then
+	if [ x$legacy_supported = xyes ] ; then
+		update-alternatives --set iptables /usr/sbin/iptables-legacy
+	else
+		update-alternatives --set iptables /usr/sbin/iptables-nft
+	fi
+else
+	if [ x$nft_supported = xyes ] ; then
+		update-alternatives --set iptables /usr/sbin/iptables-nft
+	else
+		update-alternatives --set iptables /usr/sbin/iptables-legacy
+	fi
+fi
+
 if [[ ! -d /run/nordvpn ]]; then
   mkdir -m 0770 /run/nordvpn
 fi
diff --git a/fs/usr/bin/meshnet_config b/fs/usr/bin/meshnet_config
@@ -11,6 +11,11 @@ if [[ -n ${NORDVPN_NICKNAME} ]]; then
   nordvpn meshnet set nickname ${NORDVPN_NICKNAME}
 fi
 
+# Enable the new NordWhisper protocol if requested, not yet supported.
+#if [[ -n ${NORDVPN_WHISPER} ]]; then
+#  nordvpn set technology nordwhisper
+#fi
+
 # Iterate through Meshnet peer permissions
 if [[ -n ${NORDVPN_DENY_PEER_ROUTING} ]]; then
   read -ra deny_routing <<< "${NORDVPN_DENY_PEER_ROUTING}"
diff --git a/kubernetes/meshnet-deployment.yaml b/kubernetes/meshnet-deployment.yaml
@@ -17,7 +17,7 @@ spec:
       hostname: meshnet
       containers:
       - name: meshnet
-        image: ghcr.io/mattstechinfo/meshnet:v3.17.0
+        image: ghcr.io/mattstechinfo/meshnet:v3.20.0
         securityContext:
           capabilities:
             add: ["NET_ADMIN","NET_RAW"]
diff --git a/kubernetes/meshnet-env.yaml b/kubernetes/meshnet-env.yaml
@@ -13,6 +13,8 @@ data:
   NORDVPN_TOKENFILE: /path/to/tokenfile
   # Enable debug mode, anything non-empty will ENABLE. Use this if you need more verbose error logging.
   NORDVPN_MESHNET_DEBUG: ""
+  # Enable the NordWhisper protocol, anything non-empty will ENABLE. Do not use this placeholder, NordWhisper is not yet available for Meshnet!
+  # NORDVPN_WHISPER= ""
   # Healthcheck interval in seconds, default is 300.
   NORDVPN_HEALTHCHECK_INTERVAL: 300
   # Healthcheck URL to verify if connectivity is up. Replace this with something on your Meshnet (if available), defaults to Google.
