feat(client/linux): revamp the Linux VPN routing logic

[jyyi1]

This PR simplifies the Linux VPN routing architecture by:

• Removing the daemon service: All routing is now handled by the app process and its backend library.
• Leveraging NetworkManager for routing and DNS: Provides more robust DNS configuration and avoids conflicts with other resolver services; and prevents pollution of the user's default routing table.

This approach minimizes changes to the user's network configuration and improves overall stability.

Next steps: See #2291 (comment)

Tested on Ubuntu 22 and Ubuntu 24

Known Issue: The server connection status is not refreshed when network changes.

TODO: #2312

[jyyi1]

"gconf2", "gconf-service", "libappindicator1" do not exist on Ubuntu 24's apt repositories any more. After removal these dependencies, the app still runs. Maybe we can remove these? (even though electron declares they are required)

[fortuna]

Maybe they are required on newer versions?
I'd say that if it works, let's remove, especially if it blocks support on Ubuntu 24

[sbruens]

Are they needed for earlier Ubuntu versions?

[jyyi1]

From my experiment, nope. App installs and runs.

[jyyi1]

Gemini told me:

gconf2 and gconf-service: These were core parts of GNOME 2. GNOME 3, with its dconf configuration system, became the default in Ubuntu 11.10 (Oneiric Ocelot) released in October 2011. While gconf2 stuck around for backward compatibility, this marked the start of its decline.

libappindicator1: This was tied to the older system tray design. Ubuntu's switch to the Ayatana indicator system began around Ubuntu 10.04 LTS (Lucid Lynx) in April 2010 and continued to evolve in subsequent releases.

Key takeaway: While these packages might still be available in later Ubuntu versions, their core functionalities were effectively superseded around Ubuntu 11.10. You'll mainly encounter them if you're dealing with older applications designed for GNOME 2 or early implementations of the system tray.

[fortuna]

This is looking solid. I like that you are using the NM more.

I think there are a few places that is a bit complex and could be cleaned up.

[fortuna]

The truncate approach requires an additional exchange, though it's all local, so it shouldn't matter much

[fortuna]

This is modifying the base dialer. Imutability > Mutability. They should remain unmodified after creation, this kind of side-effect is hard to track.

I think it will be cleaner if you have a newClientWithFwmark(transport, fwmark), and create the base dialers there.

[fortuna]

This also avoids tying the interface with LinuxOpts. I'd say delete DeviceOpts for now.

[jyyi1]

Removed defaultBaseTCPDialer and defaultBaseUDPDialer.

[fortuna]

Why convert to IPv4? I'd keep them as they are.

[jyyi1]

See the comment below.

[fortuna]

This type is doing a lot. See the other comments. We need to clarify side-effects and some method are better off being standalone.

[fortuna]

It's also not super clear what this type represents, perhaps some comments will help.

[jyyi1]

Added some comments. This is the Linux implementation of VPNConnection. We used Linux-only APIs (which is not compilable on when targeting Windows).

But I may move some common logic (for example, the WaitGroups, and the traffic copying goroutines) to the vpn.go file, because these can be shared between Windows and Linux, but still keep the Linux specific calls in this vpn_linux.go file. Though this move might be done in the next PR (when introducing the callback, because the callback of status change logic is shared).

[jyyi1]

@fortuna @sbruens Any thoughts?

[jyyi1]

@fortuna I cleaned up some the code in the vpn package, and also refactored the architecture according to the review comment. Please take another look.

[fortuna]

Let's just inline these two functions in the caller.

[fortuna]

I wonder if we should just use io.ReadWriterCloser for now and rethink if we need the IPDevice abstraction.