docs/vpn/index.rst


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138

:LastChangedDate: $LastChangedDate$
:LastChangedRevision: $LastChangedRevision$
:LastChangedBy: $LastChangedBy$

.. _vpn:


Bitmask VPN
================================

The Bitmask VPN Module

Gateway Selection
-----------------------------------

By default, the Gateway Selector will apply a heuristic based on the configured
timezone of the system.  This will choose the closest gateway based on the
timezones that the provider states in the ``eip-config.json`` file.

If the locations section is not properly set by the provider, or if the user
wants to manually override the selection, the only way to do this for the
``0.10`` version of Bitmask is to add a section to the ``bitmaskd.cfg``
configuration file::

  [vpn]
  locations = ["rio__br"]
  countries = ["BR", "AR", "UY"]

Take into account that the locations entry has precedence over the country codes enumeration.

Also, the normalization is done so that any non-alphabetic character is substituted by an underscore ('``_``).

You can list all the configured locations using the CLI::

  % bitmaskctl vpn list
  demo.bitmask.net      [DE] Frankfurt (UTC+1)
  demo.bitmask.net      [US] Seattle, WA (UTC-7)

This manual override functionality will be exposed through the UI and the CLI in release ``0.11``.

Gateway failures
-----------------------------------

If Bitmask VPN fails to connect to one gateway it will try with the next
following gateway selection order.

In case of connection loss Bitmask will keep trying to connect to each of the
gateways again and again until the connection comes back. When the connection
is back Bitmask will connect to the gateway that was trying at the moment.
In practice after a reconnection the gateway that Bitmask gets connected is
practically random.

Turning the VPN down and up again after a reconnection ensures that Bitmask
will try again the first gateway.

In the future Bitmask should become more in control of the reconnect process,
that currently is handled by openvpn, and detect reconnections to select the
gateways better.

Autostart
---------
Autostart is not implemented yet in the 0.10 versions of Bitmask, but you can probably use 
a systemd script to launch vpn. If you have the latest master installed from a debian package::

  [Unit]
  Description=Bitmask VPN
  Documentation=https://bitmask.net/en/help

  [Service]
  Type=oneshot
  WorkingDirectory=/var/run/bitmask

  ExecStart=bitmaskctl vpn start demo.bitmask.net
  ExecStop=bitmaskctl vpn stop

  RemainAfterExit=yes

  [Install]
  WantedBy=default.target

Another option is to autostart it adding a ``~/.config/autostart/bitmask.desktop``::

  [Desktop Entry]
  Version=1.0
  Encoding=UTF-8
  Type=Application
  Name=Bitmask
  Comment=Secure Communication
  Exec=bitmaskctl vpn start
  Terminal=false
  Icon=bitmask

Qubes i3 status
---------------
The following script can be used to add the bitmask status to the i3 status bar in qubes::

  status_bitmask() {
      local status=$(qvm-run "sys-bitmask" -p 'bitmaskctl vpn status --json' 2>/dev/null)
      local error=$(parse_json 'error')
  
      if [[ $error -ne "None" ]]; then
          json bitmask "VPN: $error" '#ff0000'
      else
          local domain=$(parse_json 'result' 'domain')
          local sttus=$(parse_json 'result' 'status')
          local up=$(parse_json 'result' 'up')
          local down=$(parse_json 'result' 'down')
          local error=$(parse_json 'result' 'error')
  
          case $sttus in
              "on")
                  local text="$domain: ↑$up ↓$down"
                  local color=""
                  ;;
              "starting")
                  local text="$domain: starting"
                  local color="#00ff00"
                  ;;
              "off"|"stopping")
                  local text="VPN: off"
                  local color='#ffff00'
                  ;;
              "failed")
                  local text="VPN: $error"
                  local color="#ff0000"
                  ;;
          esac
          json bitmask "$text" $color
      fi
  }
  
  parse_json() {
      local item=""
      for param in $@; do
          item=${item}"['${param}']"
      done
      echo -n $(python -c "import json; j=json.loads(\"\"\"$status\"\"\"); print j${item}")
  }