Posts by Doemela

Ty

For any mod can the title of the thread WireGuard Manager for NordVPN be changed to "WireGuard VPN Manager"? If not please remove thread so that I can make a new thread.

Salute.

Quote from deepee

Great work, thank you.

I've been hoping for something that would fill the gap left by the discontinued development of VPN Manager For OpenVPN.

However, my use case would be for PIA.

Any plans for a PIA (or other) variant, or tips to apply their tokens within your program structure?

Nothing planned, but it was in my head somebody would... will look into it, but I say this I will only do this kinda options, requests if the API of provider is public. Give me some time to get this ready for multi VPN providers I will contact you if I need anything to debug this like a token..., ... or if you capable you could debug a non-public version.

A lightweight, high-performance Kodi service addon for LibreELEC 12+ (Kodi 21 Omega). This tool manages WireGuard connections natively via connmanctl, providing a faster and more stable experience than traditional OpenVPN-based addons.

🚀 Features

• Native WireGuard: Interfaces directly with LibreELEC's network stack for maximum speed and minimal overhead.
• Raspberry Pi 5 Optimized: Specifically tuned timing profiles and multithreaded execution reduce VPN switching and recovery times.
• 1Hz Physical Watchdog: A standalone systemd service monitors hardware carrier status every second for near-instant detection of cable pulls or link loss.
• Aggressive Stream Recovery: Automatically kills "frozen" video players during network blackouts to prevent UI hangs and provide immediate error feedback.
• Intelligent Throttling: Implements a "Safety Fuse" logic that stands down after 10 failed reconnection attempts to preserve system resources and NordVPN API limits.
• Auto-Healing Failover: Detects physical interface changes (Ethernet ⇆ Wi-Fi) and automatically resets retry budgets to ensure seamless recovery.
• High-Visibility Alerts: Enhanced Kodi notifications with ARGB color formatting and custom audio cues (networkerror.wav) for critical network events.
• IPv6 Leak Protection: Kernel-level hardening and dynamic DNS management prevent data leaks during VPN transitions.
• Remote Optimized: Automatically maps F11 to trigger the VPN menu from anywhere in Kodi.
• Smart Auto-Mappings: Dynamically switches VPN locations based on the specific Kodi addon or folder being browsed.

GitHub - BrodjagaRatnik/service.wireguard.manager

Contribute to BrodjagaRatnik/service.wireguard.manager development by creating an account on GitHub.

github.com

If you already know what you're doing, grab the repository installer here:
📦 Download Doemela Repo ZIP

Step 1: Install the Repository

1. Download the Doemela Repo ZIP file to your device (or use a USB stick).
2. Open Kodi and navigate to Add-ons.
3. Click the Box Icon (Add-on Browser) in the top-left corner.
4. Select Install from zip file.
   • If prompted, click 'Settings' and enable 'Unknown Sources', then go back.
5. Locate and select the repository.doemela-x.x.x.zip file.
6. Wait for the "Add-on installed" notification.

Step 2: Install WireGuard Manager

1. While still in the Add-on Browser, select Install from repository.
2. Choose the Doemela Repo.
3. Navigate to Services > WireGuard Manager for NordVPN.
4. Select Install.
5. Once the installation is complete, the Setup Wizard will launch automatically to guide you through the initial configuration and token import.

Quote

Tip: Installing via the Repository is the recommended method. It ensures you receive automatic updates for bug fixes and new Raspberry Pi 5 performance optimizations as soon as they are released.

Quote from heitbaum

Already included in nightlies. https://github.com/LibreELEC/LibreELEC.tv/pull/9048

That was an easy answer but does not solve a critical vulnerability you have in the stable releases that majority of people use. Security wise, this is a very bad policy, the worst!

OpenSSH resolves a critical vulnerability (CVE-2024-6387)that enables remote code execution. The vulnerability affects versions 8.5p1 through 9.7p1. As LibreELEC 12.0 uses OpenSSH version "OpenSSH_9.7p1, OpenSSL 3.2.1 30 Jan 2024" can it be updated? If not, in the meantime, you can mitigate the vulnerability by assigning the value 0 to LoginGraceTime in /etc/ssh/sshd_config. This causes a temporary denial-of-service that prevents code execution.