[feat] hardcode tcp4 in vpn connections

for now, we'll be hardcoding tcp as a more reliable alternative, no
matter what the provider announces.

explicitely specifying ipv4 should fix the case in which vpn fails to
start because ipv6 is disabled.

-Resolves: #9181, #9129

2 files changed, 7 insertions, 3 deletions

diff --git a/src/leap/bitmask/vpn/helpers/linux/bitmask-root b/src/leap/bitmask/vpn/helpers/linux/bitmask-root
index b39be582..6b9870e7 100755
--- a/src/leap/bitmask/vpn/helpers/linux/bitmask-root
+++ b/src/leap/bitmask/vpn/helpers/linux/bitmask-root
@@ -84,7 +84,10 @@ def get_no_group_name():
 
 VERSION = "8"
 SCRIPT = "bitmask-root"
-NAMESERVER = "10.42.0.1"
+NAMESERVER_TCP = "10.41.0.1"
+NAMESERVER_UDP = "10.42.0.1"
+# for the time being, we're hardcoding tcp on connection params.
+NAMESERVER = NAMESERVER_TCP
 BITMASK_CHAIN = "bitmask"
 BITMASK_CHAIN_NAT_OUT = "bitmask"
 BITMASK_CHAIN_NAT_POST = "bitmask_postrouting"
@@ -138,7 +141,7 @@ ALLOWED_FLAGS = {
 
 PARAM_FORMATS = {
     "NUMBER": lambda s: re.match("^\d+$", s),
-    "PROTO": lambda s: re.match("^(tcp|udp)$", s),
+    "PROTO": lambda s: re.match("^(tcp|udp|tcp4|udp4)$", s),
     "IP": lambda s: is_valid_address(s),
     "CIPHER": lambda s: re.match("^[A-Z0-9-]+$", s),
     "USER": lambda s: re.match(
diff --git a/src/leap/bitmask/vpn/launcher.py b/src/leap/bitmask/vpn/launcher.py
index a8e7c1f5..48146453 100644
--- a/src/leap/bitmask/vpn/launcher.py
+++ b/src/leap/bitmask/vpn/launcher.py
@@ -153,7 +153,8 @@ class VPNLauncher(object):
         gateways = remotes
 
         for ip, port in gateways:
-            args += ['--remote', ip, port, 'udp']
+            # we're hardcoding tcpv4 for now
+            args += ['--remote', ip, port, 'tcp4']
 
         args += [
             '--client',