Minor updates:

* Switch to Cloudflare for primary DNS (1.1.1.1)
* Change IP address of dummy adapter
* Apply iptables fix for slow page loads: https://pi-hole.net/2018/02/02/why-some-pages-load-slow-when-using-pi-hole-and-how-to-fix-it/
* Update dependencies

Author: dan-v

Gopkg.lock

@@ -26,8 +26,8 @@
   version = "1.1.1"
 
 [[constraint]]
-  branch = "master"
   name = "github.com/spf13/cobra"
+  version = "0.0.2"
 
 [[constraint]]
   branch = "master"

Gopkg.toml

@@ -16,11 +16,11 @@
 * Dual stack IPv4/IPv6 enabled.
 
 ## Web Installer (OSX) 
-1. Download the latest pre-built app from the [GitHub Releases](https://github.com/dan-v/dosxvpn/releases) page. <b>Note: if you are on OSX version 10.11 or below - you'll need to use the legacy release version.</b>
+1. Download the latest pre-built app from the [GitHub Releases](https://github.com/dan-v/dosxvpn/releases) page. <b>Note: only OSX 10.12+ is supported.</b>
 2. Open the app and run through the web based installation wizard to setup a new VPN.
 
 ## CLI Usage (OSX)
-1. Download the latest pre-built cli from the [GitHub Releases](https://github.com/dan-v/dosxvpn/releases) page. <b>Note: if you are on OSX version 10.11 or below - you'll need to use the legacy release version.</b>
+1. Download the latest pre-built cli from the [GitHub Releases](https://github.com/dan-v/dosxvpn/releases) page. <b>Note: only OSX 10.12+ is supported.</b>
 2. Make the binary executable
   ```sh
   chmod +x dosxvpn

README.md

@@ -41,8 +41,11 @@ write_files:
       -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 10 --rttl --name SSH -j DROP
       -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT
       -A INPUT -p udp -m multiport --dports 500,4500 -j ACCEPT
-      -A INPUT -d 1.1.1.1 -p udp -j ACCEPT
-      -A INPUT -d 1.1.1.1 -p tcp -j ACCEPT
+      -A INPUT -p tcp --destination-port 443 -j REJECT --reject-with tcp-reset
+      -A INPUT -p udp --destination-port 80 -j REJECT --reject-with icmp-port-unreachable
+      -A INPUT -p udp --destination-port 443 -j REJECT --reject-with icmp-port-unreachable
+      -A INPUT -d 1.1.1.2 -p udp -j ACCEPT
+      -A INPUT -d 1.1.1.2 -p tcp -j ACCEPT
       -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
       -A FORWARD -m conntrack --ctstate NEW -s 192.168.99.0/24 -m policy --pol ipsec --dir in -j ACCEPT
       COMMIT
@@ -74,6 +77,9 @@ write_files:
       -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 10 --rttl --name SSH -j DROP
       -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT
       -A INPUT -p udp -m multiport --dports 500,4500 -j ACCEPT
+      -A INPUT -p tcp --destination-port 443 -j REJECT --reject-with tcp-reset
+      -A INPUT -p udp --destination-port 80 -j REJECT --reject-with icmp6-port-unreachable
+      -A INPUT -p udp --destination-port 443 -j REJECT --reject-with icmp6-port-unreachable
       -A INPUT -d fd9d:bc11:4020::/48 -p udp -j ACCEPT
       -A INPUT -d fd9d:bc11:4020::/48 -p tcp -j ACCEPT
       -A FORWARD -j ICMPV6-CHECK
@@ -94,8 +100,6 @@ coreos:
     window-start: 10:00
     window-length: 1h
   units:
-    - name: etcd2.service
-      command: start
     - name: iptables-restore.service
       enable: true
       command: start
@@ -104,6 +108,7 @@ coreos:
       command: start
     - name: dummy-interface.service
       command: start
+      enable: true
       content: |
         [Unit]
         Description=Creates a dummy local interface
@@ -114,7 +119,10 @@ coreos:
         ExecStartPre=/bin/sh -c "modprobe dummy"
         ExecStartPre=-/bin/sh -c "ip link add dummy0 type dummy"
         ExecStartPre=/bin/sh -c "ip link set dummy0 up"
-        ExecStartPre=-/bin/sh -c "ifconfig dummy0 inet6 add 2001:db8:1:1::1/64"
-        ExecStart=/bin/sh -c "ifconfig dummy0 1.1.1.1/32"
+        ExecStartPre=-/bin/sh -c "ifconfig dummy0 inet6 add fd9d:bc11:4020::/48"
+        ExecStartPre=-/bin/sh -c "ifconfig dummy0 1.1.1.2/32"
+        ExecStartPre=-/bin/sh -c "ifconfig dummy0 inet6 add fd9d:bc11:4020::/48"
+        ExecStartPre=-/bin/sh -c "ifconfig dummy0 1.1.1.2/32"
+        ExecStart=/bin/sh -c "echo"
 `
 }

services/coreos/coreos.go

@@ -65,7 +65,7 @@ func (s Service) UserData() string {
         ExecStartPre=-/usr/bin/docker kill dosxvpn
         ExecStartPre=-/usr/bin/docker rm dosxvpn
         ExecStartPre=/usr/bin/docker pull dosxvpn/strongswan:latest
-        ExecStart=/usr/bin/docker run --name dosxvpn --privileged --net=host -v ipsec.d:/etc/ipsec.d -v strongswan.d:/etc/strongswan.d -v /lib/modules:/lib/modules -v /etc/localtime:/etc/localtime -e VPN_DOMAIN=$public_ipv4 dosxvpn/strongswan:latest
+        ExecStart=/usr/bin/docker run --name dosxvpn -e VPN_DNS="1.1.1.2" -e DUMMY_DEVICE="1.1.1.2/32" -e VPN_DOMAIN=$public_ipv4 --privileged --net=host -v ipsec.d:/etc/ipsec.d -v strongswan.d:/etc/strongswan.d -v /lib/modules:/lib/modules -v /etc/localtime:/etc/localtime dosxvpn/strongswan:latest
         ExecStop=/usr/bin/docker stop dosxvpn
 `
 }

services/dosxvpn/dosxvpn.go

@@ -14,7 +14,7 @@ func (s Service) UserData() string {
         [Service]
         User=root
         Type=oneshot
-        ExecStart=/bin/sh -c "echo 1.1.1.1         pi.hole >> /etc/hosts"
+        ExecStart=/bin/sh -c "echo 1.1.1.2         pi.hole >> /etc/hosts"
     - name: pihole.service
       command: start
       content: |
@@ -31,6 +31,6 @@ func (s Service) UserData() string {
         ExecStartPre=-/usr/bin/docker kill pihole
         ExecStartPre=-/usr/bin/docker rm pihole
         ExecStartPre=/usr/bin/docker pull diginc/pi-hole:latest
-        ExecStart=/usr/bin/docker run --name pihole --net=host -e ServerIP=1.1.1.1 -e ServerIPv6=2001:db8:1:1::1 -e WEBPASSWORD=dosxvpn -v pihole-etc:/etc/pihole -v pihole-dnsmasq.d:/etc/dnsmasq.d diginc/pi-hole:latest
+        ExecStart=/usr/bin/docker run --name pihole --net=host -e DNS1=1.1.1.1 -e ServerIP=1.1.1.2 -e ServerIPv6=fd9d:bc11:4020:: -e WEBPASSWORD=dosxvpn -v pihole-etc:/etc/pihole -v pihole-dnsmasq.d:/etc/dnsmasq.d diginc/pi-hole:latest
         ExecStop=/usr/bin/docker stop pihole`
 }