diff options
author | Kali Kaneko <kali@leap.se> | 2017-08-11 00:59:56 +0200 |
---|---|---|
committer | Kali Kaneko <kali@leap.se> | 2017-08-11 14:21:57 -0400 |
commit | d64f3c22c132c5de0d759d1e76ff7ced054bfcaa (patch) | |
tree | cf14b625d1206ccdf44769f3ee2e14985730dc0d /src/leap/bitmask/vpn/service.py | |
parent | 763f88658a4e6d12557c7931f5435ebd35548ca7 (diff) |
[feature] automatic vpn gateway selection, based on timezone
This is a first approach to automatic gateways selection.
More things are missing:
- allow manual selection, by location or country code.
- take the hemisphere into account.
- expose the selected gw to the api/cli
but overall seems this is a good approach to make 0.10 release usable in
terms of vpn.
- Resolves: #8804
Diffstat (limited to 'src/leap/bitmask/vpn/service.py')
-rw-r--r-- | src/leap/bitmask/vpn/service.py | 21 |
1 files changed, 13 insertions, 8 deletions
diff --git a/src/leap/bitmask/vpn/service.py b/src/leap/bitmask/vpn/service.py index 93080feb..8bcee2e8 100644 --- a/src/leap/bitmask/vpn/service.py +++ b/src/leap/bitmask/vpn/service.py @@ -28,6 +28,7 @@ from twisted.logger import Logger from leap.bitmask.hooks import HookableService from leap.bitmask.util import merge_status +from leap.bitmask.vpn.gateways import GatewaySelector from leap.bitmask.vpn.fw.firewall import FirewallManager from leap.bitmask.vpn.tunnel import TunnelManager from leap.bitmask.vpn._checks import is_service_ready, get_vpn_cert_path @@ -198,14 +199,15 @@ class VPNService(HookableService): bonafide = self.parent.getServiceNamed("bonafide") config = yield bonafide.do_provider_read(provider, "eip") - # TODO - add gateway selection ability. - # First thing, we should port the TimezonSelector - remotes = [(gw["ip_address"], gw["capabilities"]["ports"][0]) - for gw in config.gateways] + sorted_gateways = GatewaySelector( + config.gateways, config.locations).select_gateways() + + # TODO - add manual gateway selection ability. + extra_flags = config.openvpn_configuration - prefix = os.path.join(self._basepath, "leap", "providers", provider, - "keys") + prefix = os.path.join( + self._basepath, "leap", "providers", provider, "keys") cert_path = key_path = os.path.join(prefix, "client", "openvpn.pem") ca_path = os.path.join(prefix, "ca", "cacert.pem") @@ -217,13 +219,16 @@ class VPNService(HookableService): 'Cannot find provider certificate. ' 'Please configure provider.') + # TODO add remote ports, according to preferred sequence + remotes = tuple([(ip, '443') for ip in sorted_gateways]) self._tunnel = TunnelManager( provider, remotes, cert_path, key_path, ca_path, extra_flags) self._firewall = FirewallManager(remotes) def _cert_expires(self, provider): - path = os.path.join(self._basepath, "leap", "providers", provider, - "keys", "client", "openvpn.pem") + path = os.path.join( + self._basepath, "leap", "providers", provider, + "keys", "client", "openvpn.pem") with open(path, 'r') as f: cert = f.read() _, to = get_cert_time_boundaries(cert) |