[feat] use firewall status to check if the vpn is in failed status

If openvpn is off, but the firewall is up, we are in a fail-close status
and we should report it properly.

- Resolves: #97

3 files changed, 18 insertions, 0 deletions

diff --git a/standalone/launcher.go b/standalone/launcher.go
index 03178c5..0a95dd1 100644
--- a/standalone/launcher.go
+++ b/standalone/launcher.go
@@ -68,6 +68,16 @@ func (l *launcher) firewallStop() error {
 	return l.send("/firewall/stop", nil)
 }
 
+func (l *launcher) firewallIsUp() bool {
+	res, err := http.Post(helperAddr+"/firewall/isup", "", nil)
+	if err != nil {
+		return false
+	}
+	defer res.Body.Close()
+
+	return res.StatusCode == http.StatusOK
+}
+
 func (l *launcher) send(path string, body []byte) error {
 	var reader io.Reader
 	if body != nil {
diff --git a/standalone/launcher_linux.go b/standalone/launcher_linux.go
index a434ecd..5266fa1 100644
--- a/standalone/launcher_linux.go
+++ b/standalone/launcher_linux.go
@@ -75,6 +75,11 @@ func (l *launcher) firewallStop() error {
 	return runBitmaskRoot("firewall", "stop")
 }
 
+func (l *launcher) firewallIsUp() bool {
+	err := runBitmaskRoot("firewall", "isup")
+	return err == nil
+}
+
 func (l *launcher) openvpnRunner(arg ...string) {
 	running := false
 	runOpenvpn := func(arg []string) {
diff --git a/standalone/vpn.go b/standalone/vpn.go
index e3ecca4..0ff090c 100644
--- a/standalone/vpn.go
+++ b/standalone/vpn.go
@@ -88,6 +88,9 @@ func (b *Bitmask) GetStatus() (string, error) {
 	if err != nil {
 		status = Off
 	}
+	if status == Off && b.launch.firewallIsUp() {
+		return Failed, nil
+	}
 	return status, nil
 }