Removed the misleading "Both backends remain installed" line from the
switch_backend confirmation dialog. The remaining messages "Stop X"
and "Start Y" already clearly explain what happens.
The start-both.sh script was sourcing paqctl.conf which doesn't exist.
Changed to settings.conf where LISTEN_PORT and GFK_VIO_PORT are saved.
This caused iptables rules to always use default ports (8443/45000)
even when user configured different ports, resulting in port mismatch.
Debian Trixie and other newer distros use nftables by default
and don't have iptables installed. Add iptables to dependency
check so it gets installed automatically during setup.
Reported-by: @Shaheding
Windows client (paqet-client.ps1):
- Added Update-Paqet function with version tracking
- Added Get-InstalledPaqetVersion and Save-PaqetVersion helpers
- Creates backup before updating, restores on failure
- Added menu option 7 for update, moved About to option 8
All platforms:
- Switched paqet binary downloads from SamNet-dev/paqctl to hanselime/paqet
- Updated paqctl.sh PAQET_REPO to hanselime/paqet
- Updated README.md download URLs to hanselime/paqet
- Users now get paqet updates directly from upstream source
- Allows paqctl script releases without affecting paqet binary updates
- Fix health check to detect both tagged and untagged iptables rules
- Add missing RST DROP rule to install wizard (prevents kernel interference)
- Add missing IPv6 rules to boot script and install wizard
- Add iptables existence check in install wizard with warning
- Improve status display to show partial firewall state
- Use local variables with defaults for robustness
The health check was failing because it looked for untagged rules while
_apply_firewall() adds rules with -m comment --comment "paqctl" tag.
Now checks for both variants for backwards compatibility.
- Update README.md download URLs to match actual release filenames
- Add tar extraction commands for .tar.gz files
- Fix repository links from /paqet to /paqctl
Features:
- Dual backend support: paqet (KCP) and GFW-knocker (violated TCP + QUIC)
- Both backends can run simultaneously when both are installed
- Automatic config.yaml generation for paqet backend
- Windows client support with PowerShell script
- Telegram monitoring integration
- Systemd service management
Backends:
- paqet: Single Go binary with built-in SOCKS5 (port 1080)
- GFW-knocker: Python-based with violated TCP tunneling (port 14000)
