diff options
author | kali kaneko (leap communications) <kali@leap.se> | 2022-06-26 19:13:51 +0200 |
---|---|---|
committer | kali kaneko (leap communications) <kali@leap.se> | 2022-06-26 19:13:51 +0200 |
commit | 2fcbf99dc308e3d8c83505ec4600c8e337582426 (patch) | |
tree | b469121e4ac6aac82ac27598606d1acda0f0e845 | |
parent | 9d591cc8ad3ecf01fb511edc4cfcc9a9c3d7fe09 (diff) |
[feat] use obfsvpn
-rw-r--r-- | pkg/pickle/helpers/bitmask-root | 4 | ||||
-rw-r--r-- | pkg/vpn/main.go | 5 | ||||
-rw-r--r-- | pkg/vpn/openvpn.go | 79 |
3 files changed, 41 insertions, 47 deletions
diff --git a/pkg/pickle/helpers/bitmask-root b/pkg/pickle/helpers/bitmask-root index e55a354..f9208d9 100644 --- a/pkg/pickle/helpers/bitmask-root +++ b/pkg/pickle/helpers/bitmask-root @@ -138,8 +138,7 @@ FIXED_FLAGS = [ "--management-signal", "--script-security", "1", "--user", "nobody", - "--persist-key", - "--persist-local-ip", + "--auth-nocache", "--tls-version-min", "1.2", ] @@ -170,6 +169,7 @@ ALLOWED_FLAGS = { "--tun-ipv6": [], "--log": ["LOGFILE"], "--pull-filter": ["ignore", "route"], + "--socks-proxy": ["IP", "NUMBER"], } PARAM_FORMATS = { diff --git a/pkg/vpn/main.go b/pkg/vpn/main.go index cd21b1b..a97ab25 100644 --- a/pkg/vpn/main.go +++ b/pkg/vpn/main.go @@ -27,7 +27,8 @@ import ( "0xacab.org/leap/bitmask-vpn/pkg/motd" "0xacab.org/leap/bitmask-vpn/pkg/snowflake" "0xacab.org/leap/bitmask-vpn/pkg/vpn/bonafide" - "0xacab.org/leap/shapeshifter" + obfsvpn "0xacab.org/leap/obfsvpn/client" + "github.com/apparentlymart/go-openvpn-mgmt/openvpn" ) @@ -41,7 +42,7 @@ type Bitmask struct { bonafide *bonafide.Bonafide launch *launcher transport string - shapes *shapeshifter.ShapeShifter + obfsvpnProxy *obfsvpn.Client certPemPath string openvpnArgs []string udp bool diff --git a/pkg/vpn/openvpn.go b/pkg/vpn/openvpn.go index fcd4aee..a114980 100644 --- a/pkg/vpn/openvpn.go +++ b/pkg/vpn/openvpn.go @@ -27,7 +27,7 @@ import ( "strings" "0xacab.org/leap/bitmask-vpn/pkg/config" - "0xacab.org/leap/shapeshifter" + obfsvpn "0xacab.org/leap/obfsvpn/client" ) const ( @@ -62,10 +62,12 @@ func (b *Bitmask) CanStartVPN() bool { } func (b *Bitmask) startTransport(host string) (proxy string, err error) { - // TODO configure port if not available - proxy = "127.0.0.1:4430" - if b.shapes != nil { - return proxy, nil + // TODO configure socks port if not available + // TODO get port from UI/config file + proxyAddr := "127.0.0.1:8080" + + if b.obfsvpnProxy != nil { + return proxyAddr, nil } gateways, err := b.bonafide.GetGateways(b.transport) @@ -85,38 +87,26 @@ func (b *Bitmask) startTransport(host string) (proxy string, err error) { continue } log.Println("Selected Gateway:", gw.Host, gw.IPAddress) - b.shapes = &shapeshifter.ShapeShifter{ - Cert: gw.Options["cert"], - Target: gw.IPAddress + ":" + gw.Ports[0], - SocksAddr: proxy, + + kcpMode := false + if os.Getenv("LEAP_KCP") == "1" { + kcpMode = true } - go b.listenShapeErr() - if iatMode, ok := gw.Options["iat-mode"]; ok { - b.shapes.IatMode, err = strconv.Atoi(iatMode) + + log.Println("connecting with cert:", gw.Options["cert"]) + + b.obfsvpnProxy = obfsvpn.NewClient(kcpMode, proxyAddr, gw.Options["cert"]) + go func() { + _, err = b.obfsvpnProxy.Start() if err != nil { - b.shapes.IatMode = 0 + log.Printf("Can't connect to transport %s: %v", b.transport, err) } - } - err = b.shapes.Open() - if err != nil { - log.Printf("Can't connect to transport %s: %v", b.transport, err) - continue - } - log.Println("Connected via obfs4 to", gw.IPAddress, "(", gw.Host, ")") - return proxy, nil - } - return "", fmt.Errorf("No working gateway for transport %s: %v", b.transport, err) -} + log.Println("Connected via obfs4 to", gw.IPAddress, "(", gw.Host, ")") + }() -func (b *Bitmask) listenShapeErr() { - ch := b.shapes.GetErrorChannel() - for { - err, more := <-ch - if !more { - return - } - log.Printf("Error from shappeshifter: %v", err) + return proxyAddr, nil } + return "", fmt.Errorf("No working gateway for transport %s: %v", b.transport, err) } func (b *Bitmask) startOpenVPN() error { @@ -133,11 +123,14 @@ func (b *Bitmask) startOpenVPN() error { } gw := gateways[0] + b.ptGateway = gw + proxy, err := b.startTransport(gw.Host) if err != nil { + // TODO this is not going to return the error since it blocks + // we need to get an error channel from obfsvpn. return err } - b.ptGateway = gw err = b.launch.firewallStart(gateways) if err != nil { @@ -145,7 +138,8 @@ func (b *Bitmask) startOpenVPN() error { } proxyArgs := strings.Split(proxy, ":") - arg = append(arg, "--remote", proxyArgs[0], proxyArgs[1], "tcp4") + arg = append(arg, "--socks-proxy", proxyArgs[0], proxyArgs[1]) + arg = append(arg, "--remote", gw.IPAddress, gw.Ports[0], "tcp4") arg = append(arg, "--route", gw.IPAddress, "255.255.255.255", "net_gateway") } else { log.Println("args passed to bitmask-root:", arg) @@ -191,8 +185,8 @@ func (b *Bitmask) startOpenVPN() error { "--ca", b.getTempCaCertPath(), "--cert", b.certPemPath, "--key", b.certPemPath, - "--persist-tun", - "--float") + "--persist-tun") // needed for reconnects + // "--float") if verb > 3 { arg = append( arg, @@ -203,7 +197,6 @@ func (b *Bitmask) startOpenVPN() error { arg, "--pull-filter", "ignore", "route") } - /* persist-tun is needed for reconnects */ return b.launch.openvpnStart(arg...) } @@ -268,9 +261,9 @@ func (b *Bitmask) StopVPN() error { if err != nil { return err } - if b.shapes != nil { - b.shapes.Close() - b.shapes = nil + if b.obfsvpnProxy != nil { + b.obfsvpnProxy.Stop() + b.obfsvpnProxy = nil } return b.launch.openvpnStop() } @@ -288,9 +281,9 @@ func (b *Bitmask) Reconnect() error { log.Println("DEBUG Reconnecting") if status != Off { b.statusCh <- Stopping - if b.shapes != nil { - b.shapes.Close() - b.shapes = nil + if b.obfsvpnProxy != nil { + b.obfsvpnProxy.Stop() + b.obfsvpnProxy = nil } err = b.launch.openvpnStop() if err != nil { |