[WIP] paqet initial implementation -- Needs Testing

[shayanb]

Requested Protocol: #10

NEEDS TESTING

Server Setup                                                                  
                                                                                
  # 1. Enable Paqet in .env                                                     
  echo "ENABLE_PAQET=true" >> .env                                              
                                                                                
  # 2. Build the paqet container                                                
  docker compose --profile paqet build paqet                                    
                                                                                
  # 3. Run bootstrap (generates paqet encryption key)                           
  docker compose --profile setup run --rm bootstrap                             
                                                                                
  # 4. Start paqet service                                                      
  docker compose --profile paqet up -d paqet                                    
                                                                                
  # 5. Check paqet logs                                                         
  docker compose logs -f paqet                                                  
                                                                                
  # 6. Verify paqet is running                                                  
  docker compose ps paqet                                                       
                                                                                
  Test Client Connectivity                                                      
                                                                                
  # Build client image (includes paqet binary)                                  
  docker compose --profile client build client                                  
                                                                                
  # Test all protocols for a user (includes paqet config validation)            
  moav test demouser                                                            
                                                                                
  # Or with verbose output                                                      
  moav test demouser -v                                                         
                                                                                
  Client Connection (Manual)                                                    
                                                                                
  # Connect using paqet protocol (requires editing config first)                
  moav client connect demouser --protocol paqet                                 
                                                                                
  Note: Paqet client requires:                                                  
  1. Edit outputs/bundles/demouser/paqet-client.yaml with YOUR network details  
  2. Root/admin privileges                                                      
  3. libpcap installed                                                          
                                                                                
  Quick Validation Commands                                                     
                                                                                
  # Check paqet key was generated                                               
  docker run --rm -v moav_moav_state:/state alpine cat /state/keys/paqet.key    
                                                                                
  # Check user bundle has paqet configs                                         
  ls -la outputs/bundles/demouser/paqet*                                        
                                                                                
  # Verify paqet binary in client image                                         
  docker run --rm moav-client paqet --help                                      
                                                                                
  # Check iptables rules on server (after paqet starts)                         
  docker exec moav-paqet iptables -t raw -L -n | grep 9999                      
                                                                                
  Full Stack Test                                                               
                                                                                
  # Start everything including paqet                                            
  moav start proxy admin paqet                                                  
                                                                                
  # Or start all services                                                       
  moav start all                                                                
                                                                                
 - Check status                                                                
  moav status      

---

New Files:

• Dockerfile.paqet - Builds paqet from source with libpcap
• scripts/paqet-entrypoint.sh - Auto-detects network config, sets up iptables, starts paqet
• configs/paqet/.gitkeep - Directory for paqet configs

Modified Files:

1. docker-compose.yml - Added paqet service with --network host and --privileged, added ENABLE_PAQET to bootstrap
2. scripts/bootstrap.sh - Added paqet key generation when ENABLE_PAQET=true
3. scripts/generate-user.sh - Added paqet client config generation (paqet-client.yaml, paqet-instructions.txt)
4. Dockerfile.client - Added paqet binary and libpcap for client testing
5. scripts/client-test.sh - Added test_paqet() function for config validation
6. scripts/client-connect.sh - Added connect_paqet() function
7. moav.sh - Added paqet to valid profiles and help text
8. .env.example - Added ENABLE_PAQET, PAQET_LOG_LEVEL, PAQET_KCP_MODE, PAQET_ENCRYPTION
9. README.md - Added Paqet to features list and protocol table
10. README-fa.md - Added Paqet in Farsi
11. docs/CLIENTS.md - Added Paqet setup section with full instructions
12. docs/SETUP.md - Added paqet to profiles list
13. docs/TROUBLESHOOTING.md - Added Paqet troubleshooting section (OpenVZ, libpcap, permissions, iptables)
14. CHANGELOG.md - Documented the new Paqet feature

Key Features:

• Profile: --profile paqet to run the paqet service
• Port: 9999/tcp (configurable via PORT_PAQET)
• Auto-detection: Network interface, server IP, gateway MAC
• VPS compatibility check: Detects OpenVZ/LXC and warns users
• iptables: Auto-configures NOTRACK and RST DROP rules
• Client configs: Template with instructions for users to fill in their network details
• Encryption: AES via KCP protocol

[shayanb]

Paqet runs correctly now:

moav-paqet  | 2026-02-04T00:02:43.291251148Z [paqet] Setting up iptables rules for port 9999...
moav-paqet  | 2026-02-04T00:02:43.294181543Z [paqet] iptables rules already configured
moav-paqet  | 2026-02-04T00:02:43.296572815Z [paqet] Generating paqet server configuration...
moav-paqet  | 2026-02-04T00:02:43.299225430Z [paqet] Configuration generated: /etc/paqet/server.yaml
moav-paqet  | 2026-02-04T00:02:43.299421942Z [paqet] Starting paqet server on port 9999...
moav-paqet  | 2026-02-04T00:02:43.401022733Z 2026-02-04 00:02:43.400 [INFO] Starting server...
moav-paqet  | 2026-02-04T00:02:43.431630794Z 2026-02-04 00:02:43.414 [INFO] Server started - listening for packets on :9999

[shayanb]

Replaced by #47