[feat] private bridges via env vars

19 files changed, 1310 insertions, 43 deletions

diff --git a/go.mod b/go.mod
index 60c2d29..f4c3a42 100644
--- a/go.mod
+++ b/go.mod
@@ -2,18 +2,14 @@ module 0xacab.org/leap/bitmask-vpn
 
 go 1.17
 
-replace 0xacab.org/leap/obfsvpn => ../obfsvpn
-
 require (
 	0xacab.org/leap/obfsvpn v0.0.0-20220626143947-feff527c00e5
 	git.torproject.org/pluggable-transports/goptlib.git v1.2.0
 	git.torproject.org/pluggable-transports/snowflake.git v1.1.0
-	github.com/ProtonMail/go-autostart v0.0.0-20181114175602-c5272053443a
 	github.com/ProtonMail/go-autostart v0.0.0-20210130080809-00ed301c8e9a
-	github.com/agl/ed25519 v0.0.0-20170116200512-5312a6153412 // indirect
 	github.com/apparentlymart/go-openvpn-mgmt v0.0.0-20200929191752-4d2ce95ae600
 	github.com/cretz/bine v0.2.0
-	github.com/dchest/siphash v1.2.1 // indirect
+	github.com/dchest/siphash v1.2.3 // indirect
 	github.com/kardianos/osext v0.0.0-20190222173326-2bc1f35cddc0 // indirect
 	github.com/keybase/go-ps v0.0.0-20190827175125-91aafc93ba19
 	github.com/pion/webrtc/v3 v3.1.41
@@ -22,18 +18,18 @@ require (
 	github.com/xtaci/kcp-go/v5 v5.6.1
 	github.com/xtaci/smux v1.5.16
 	// Do not update obfs4 past e330d1b7024b, a backwards incompatible change was
-	// made that will break negotiation.
+	// made that will break negotiation!! riseup should move to the newest asap.
 	gitlab.com/yawning/obfs4.git v0.0.0-20210511220700-e330d1b7024b // indirect
 	golang.org/x/sys v0.0.0-20220624220833-87e55d714810
 )
 
+require github.com/natefinch/npipe v0.0.0-20160621034901-c1b8fa8bdcce
+
 require (
-	github.com/dchest/siphash v1.2.3 // indirect
 	github.com/google/uuid v1.3.0 // indirect
 	github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1 // indirect
 	github.com/jtolds/gls v4.20.0+incompatible // indirect
 	github.com/kalikaneko/socks5 v1.0.1 // indirect
-	github.com/kardianos/osext v0.0.0-20190222173326-2bc1f35cddc0 // indirect
 	github.com/klauspost/cpuid/v2 v2.0.14 // indirect
 	github.com/klauspost/reedsolomon v1.10.0 // indirect
 	github.com/pion/datachannel v1.5.2 // indirect
@@ -62,4 +58,5 @@ require (
 	github.com/xtaci/kcp-go v5.4.20+incompatible // indirect
 	golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d // indirect
 	golang.org/x/net v0.0.0-20220624214902-1bab6f366d9e // indirect
+	gopkg.in/natefinch/npipe.v2 v2.0.0-20160621034901-c1b8fa8bdcce // indirect
 )
diff --git a/go.sum b/go.sum
index e26076d..4336ab9 100644
--- a/go.sum
+++ b/go.sum
@@ -215,6 +215,8 @@ github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lN
 github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
 github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
 github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
+github.com/natefinch/npipe v0.0.0-20160621034901-c1b8fa8bdcce h1:TqjP/BTDrwN7zP9xyXVuLsMBXYMt6LLYi55PlrIcq8U=
+github.com/natefinch/npipe v0.0.0-20160621034901-c1b8fa8bdcce/go.mod h1:ifHPsLndGGzvgzcaXUvzmt6LxKT4pJ+uzEhtnMt+f7A=
 github.com/nats-io/jwt v0.3.0/go.mod h1:fRYCDE99xlTsqUzISS1Bi75UBJ6ljOJQOAAu5VglpSg=
 github.com/nats-io/jwt v0.3.2/go.mod h1:/euKqTS1ZD+zzjYrY7pseZrTtWQSjujC7xjPc8wL6eU=
 github.com/nats-io/nats-server/v2 v2.1.2/go.mod h1:Afk+wRZqkMQs/p45uXdrVLuab3gwv3Z8C4HTBu8GD/k=
@@ -616,6 +618,8 @@ gopkg.in/cheggaaa/pb.v1 v1.0.25/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qS
 gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
 gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
 gopkg.in/gcfg.v1 v1.2.3/go.mod h1:yesOnuUOFQAhST5vPY4nbZsb/huCgGGXlipJsBn0b3o=
+gopkg.in/natefinch/npipe.v2 v2.0.0-20160621034901-c1b8fa8bdcce h1:+JknDZhAj8YMt7GC73Ei8pv4MzjDUNPHgQWJdtMAaDU=
+gopkg.in/natefinch/npipe.v2 v2.0.0-20160621034901-c1b8fa8bdcce/go.mod h1:5AcXVHNjg+BDxry382+8OKon8SEWiKktQR07RKPsv1c=
 gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
 gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI=
diff --git a/pkg/vpn/launcher_linux.go b/pkg/vpn/launcher_linux.go
index 4925a17..64fdc00 100644
--- a/pkg/vpn/launcher_linux.go
+++ b/pkg/vpn/launcher_linux.go
@@ -44,7 +44,7 @@ type launcher struct {
 }
 
 func newLauncher() (*launcher, error) {
-	l := launcher{make(chan []string, 1), false}
+	l := launcher{make(chan []string, 1), false, ""}
 	go l.openvpnRunner()
 	return &l, nil
 }
diff --git a/pkg/vpn/main.go b/pkg/vpn/main.go
index d0df2c6..dcf62c3 100644
--- a/pkg/vpn/main.go
+++ b/pkg/vpn/main.go
@@ -29,7 +29,6 @@ import (
 	"0xacab.org/leap/bitmask-vpn/pkg/vpn/bonafide"
 	"0xacab.org/leap/bitmask-vpn/pkg/vpn/management"
 	obfsvpn "0xacab.org/leap/obfsvpn/client"
-	"github.com/apparentlymart/go-openvpn-mgmt/openvpn"
 )
 
 // Bitmask holds the bitmask client data
diff --git a/pkg/vpn/openvpn.go b/pkg/vpn/openvpn.go
index d98c45c..29ecac5 100644
--- a/pkg/vpn/openvpn.go
+++ b/pkg/vpn/openvpn.go
@@ -30,6 +30,7 @@ import (
 	"strings"
 
 	"0xacab.org/leap/bitmask-vpn/pkg/config"
+	"0xacab.org/leap/bitmask-vpn/pkg/vpn/bonafide"
 	obfsvpn "0xacab.org/leap/obfsvpn/client"
 )
 
@@ -65,6 +66,24 @@ func (b *Bitmask) CanStartVPN() bool {
 	return !b.bonafide.NeedsCredentials()
 }
 
+func (b *Bitmask) startTransportForPrivateBridge(gw bonafide.Gateway) (proxy string, err error) {
+	proxyAddr := "127.0.0.1:8080"
+	kcpMode := false
+	if os.Getenv("LEAP_KCP") == "1" {
+		kcpMode = true
+	}
+	b.obfsvpnProxy = obfsvpn.NewClient(kcpMode, proxyAddr, gw.Options["cert"])
+	go func() {
+		_, err = b.obfsvpnProxy.Start()
+		if err != nil {
+			log.Printf("Can't connect to transport %s: %v", b.transport, err)
+		}
+		log.Println("Connected via obfs4 to", gw.IPAddress, "(", gw.Host, ")")
+	}()
+
+	return proxyAddr, nil
+}
+
 func (b *Bitmask) startTransport(host string) (proxy string, err error) {
 	// TODO configure socks port if not available
 	// TODO get port from UI/config file
@@ -113,6 +132,25 @@ func (b *Bitmask) startTransport(host string) (proxy string, err error) {
 	return "", fmt.Errorf("No working gateway for transport %s: %v", b.transport, err)
 }
 
+func maybeGetPrivateGateway() (bonafide.Gateway, bool) {
+	gw := bonafide.Gateway{}
+	privateBridge := os.Getenv("LEAP_PRIVATE_BRIDGE")
+	if privateBridge == "" {
+		return gw, false
+	}
+	obfs4Cert := os.Getenv("LEAP_PRIVATE_BRIDGE_CERT")
+	if privateBridge == "" {
+		return gw, false
+	}
+	bridgeArgs := strings.Split(privateBridge, ":")
+	gw.Host = bridgeArgs[0]
+	gw.Ports = []string{bridgeArgs[1]}
+	opt := make(map[string]string)
+	opt["cert"] = obfs4Cert
+	gw.Options = opt
+	return gw, true
+}
+
 // generates a password and returns the path for a temporary file where this password is written
 func (b *Bitmask) generateManagementPassword() string {
 	pass := getRandomPass(12)
@@ -143,26 +181,47 @@ func (b *Bitmask) startOpenVPN() error {
 	*/
 	b.statusCh <- Starting
 	if b.GetTransport() == "obfs4" {
-		gateways, err := b.bonafide.GetGateways("obfs4")
-		if err != nil {
-			return err
-		}
-		if len(gateways) == 0 {
-			log.Printf("ERROR No gateway for transport %s in provider", b.transport)
-			return errors.New("ERROR: cannot find any gateway for selected transport")
-		}
+		var gw bonafide.Gateway
+		var gateways []bonafide.Gateway
+		var proxy string
+
+		gw, gotPrivate := maybeGetPrivateGateway()
+		if gotPrivate {
+			var err error
+			log.Println("Got a private bridge:", gw.Host, gw.Options)
+			gateways = []bonafide.Gateway{gw}
+			proxy, err = b.startTransportForPrivateBridge(gw)
+			if err != nil {
+				// TODO this is not going to return the error since it blocks
+				// we need to get an error channel from obfsvpn.
+				return err
+			}
+		} else {
+			// get a gateway from bonafide looking at the services announced in eip-service
 
-		gw := gateways[0]
-		b.ptGateway = gw
+			log.Println("Getting a gateway with obfs4 transport...")
 
-		proxy, err := b.startTransport(gw.Host)
-		if err != nil {
-			// TODO this is not going to return the error since it blocks
-			// we need to get an error channel from obfsvpn.
-			return err
+			gateways, err := b.bonafide.GetGateways("obfs4")
+			if err != nil {
+				return err
+			}
+			if len(gateways) == 0 {
+				log.Printf("ERROR No gateway for transport %s in provider", b.transport)
+				return errors.New("ERROR: cannot find any gateway for selected transport")
+			}
+
+			gw = gateways[0]
+			b.ptGateway = gw
+
+			proxy, err = b.startTransport(gw.Host)
+			if err != nil {
+				// TODO this is not going to return the error since it blocks
+				// we need to get an error channel from obfsvpn.
+				return err
+			}
 		}
 
-		err = b.launch.firewallStart(gateways)
+		err := b.launch.firewallStart(gateways)
 		if err != nil {
 			return err
 		}
diff --git a/vendor/0xacab.org/leap/obfsvpn/.gitignore b/vendor/0xacab.org/leap/obfsvpn/.gitignore
index 59de507..0ab024c 100644
--- a/vendor/0xacab.org/leap/obfsvpn/.gitignore
+++ b/vendor/0xacab.org/leap/obfsvpn/.gitignore
@@ -1,5 +1,5 @@
 client/client
 server/server
-obfsvpn-client
+/obfsvpn-client
 *.swp
 *.swo
diff --git a/vendor/0xacab.org/leap/obfsvpn/.gitlab-ci.yml b/vendor/0xacab.org/leap/obfsvpn/.gitlab-ci.yml
index 91814f3..9d54c04 100644
--- a/vendor/0xacab.org/leap/obfsvpn/.gitlab-ci.yml
+++ b/vendor/0xacab.org/leap/obfsvpn/.gitlab-ci.yml
@@ -3,6 +3,7 @@
 stages:
   - test
   - validate
+  - integration-test
 
 test:
   image: golang:alpine
@@ -18,7 +19,7 @@ validate:
   image: golang:alpine
   stage: test
   script: |
-      apk add build-base git
+      apk add build-base git jq curl
       go version
       go env
 
@@ -31,10 +32,20 @@ validate:
       gofmt -s -l . && [ -z "$(gofmt -s -l .)" ]
 
       # See: https://staticcheck.io/docs/checks
-      staticcheck -checks inherit,ST1000,ST1016,ST1020,ST1021,ST1022,ST1023 ./...
+      staticcheck -checks inherit,ST1016,ST1020,ST1021,ST1022,ST1023 ./...
       # gosec does not handle modules correctly.
       # See: https://github.com/securego/gosec/issues/622
       gosec ./...
+      make check-yawning-obfs4
 
       go mod tidy
       git diff --exit-code -- go.mod go.sum
+
+integration-test:
+  image: debian
+  stage: test
+  script:
+    - apt-get -q update && env DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends docker docker.io make
+    - make integration
+  tags:
+    - linux
diff --git a/vendor/0xacab.org/leap/obfsvpn/Makefile b/vendor/0xacab.org/leap/obfsvpn/Makefile
index 7a7f8f3..06aca8f 100644
--- a/vendor/0xacab.org/leap/obfsvpn/Makefile
+++ b/vendor/0xacab.org/leap/obfsvpn/Makefile
@@ -1,13 +1,16 @@
 OBFS4_ENDPOINT ?= 
 OBFS4_CERT ?= 
+TAG ?= 0.1
+OBFSVPN_IMAGE_NAME ?= leap/obfsvpn-test-server
+OBFSVPN_CLIENT_IMAGE_NAME ?= leap/obfsvpn-test-client
 
 certs:
-	curl -k https://black.riseup.net/ca.crt > /tmp/ca.crt
+	#curl -k https://black.riseup.net/ca.crt > /tmp/ca.crt
 	curl -k https://api.black.riseup.net/3/cert > /tmp/cert.pem
 
 build-client:
 	go get ./...
-	go build -o obfsvpn-client ./cmd/client/
+	CGO_ENABLED=0 go build -o obfsvpn-client ./cmd/client/
 
 run-client:
 	./obfsvpn-client -c ${OBFS4_CERT}
@@ -43,3 +46,23 @@ build-android:
 test:
 	go test ./...
 
+check-yawning-obfs4:
+	./scripts/check-obfs4-ver.sh
+
+obfsvpn-server-container:
+	docker build -t ${OBFSVPN_IMAGE_NAME}:${TAG} -f images/obfsvpn/Dockerfile \
+		. --no-cache
+
+obfsvpn-client-container:
+	docker build -t ${OBFSVPN_CLIENT_IMAGE_NAME}:${TAG} \
+		-f images/obfsvpn-client/Dockerfile \
+		. --no-cache
+
+integration: obfsvpn-server-container obfsvpn-client-container
+	docker network create test-net
+	docker run -d --rm --privileged -p 4430:4430/tcp \
+		-v obfsvpn_data:/opt/Dockovpn_data:Z -e OBFS4_HOST=0.0.0.0 \
+		--name obfsvpn-server --net test-net ${OBFSVPN_IMAGE_NAME}:${TAG}
+	docker run --rm --privileged -v obfsvpn_data:/vpn:Z --net test-net \
+		--name obfsvpn-client ${OBFSVPN_CLIENT_IMAGE_NAME}:${TAG}
+
diff --git a/vendor/0xacab.org/leap/obfsvpn/client/client.go b/vendor/0xacab.org/leap/obfsvpn/client/client.go
index 4b10ab2..005d68b 100644
--- a/vendor/0xacab.org/leap/obfsvpn/client/client.go
+++ b/vendor/0xacab.org/leap/obfsvpn/client/client.go
@@ -21,7 +21,7 @@ var (
 
 type Client struct {
 	kcp         bool
-	socksAddr   string
+	SocksAddr   string
 	obfs4Cert   string
 	server      *socks5.Server
 	EventLogger EventLogger
@@ -35,14 +35,14 @@ type EventLogger interface {
 func NewClient(kcp bool, socksAddr, obfs4Cert string) *Client {
 	return &Client{
 		kcp:       kcp,
-		socksAddr: socksAddr,
+		SocksAddr: socksAddr,
 		obfs4Cert: obfs4Cert,
 	}
 }
 
 func (c *Client) Start() (bool, error) {
 	defer func() {
-		c.log("STOPPED", "", nil)
+		c.log("STOPPED", "")
 	}()
 
 	if c.IsStarted() {
@@ -51,7 +51,7 @@ func (c *Client) Start() (bool, error) {
 	}
 
 	c.server = &socks5.Server{
-		Addr:   c.socksAddr,
+		Addr:   c.SocksAddr,
 		BindIP: "127.0.0.1",
 	}
 
@@ -70,7 +70,7 @@ func (c *Client) Start() (bool, error) {
 
 	c.server.Dial = dialer.Dial
 
-	c.log("RUNNING", "[+] Starting socks5 proxy at %s\n", c.socksAddr)
+	c.log("RUNNING", "[+] Starting socks5 proxy at %s\n", c.SocksAddr)
 	if err := c.server.ListenAndServe(); err != nil {
 		c.error("error while listening: %v\n", err)
 		c.server = nil
@@ -98,8 +98,11 @@ func (c *Client) log(state string, format string, a ...interface{}) {
 		c.EventLogger.Log(state, fmt.Sprintf(format, a...))
 		return
 	}
+	if format == "" {
+		log.Print(a...)
+		return
+	}
 	log.Printf(format, a...)
-
 }
 
 func (c *Client) error(format string, a ...interface{}) {
@@ -107,6 +110,10 @@ func (c *Client) error(format string, a ...interface{}) {
 		c.EventLogger.Error(fmt.Sprintf(format, a...))
 		return
 	}
+	if format == "" {
+		log.Print(a...)
+		return
+	}
 	log.Printf(format, a...)
 }
 
diff --git a/vendor/0xacab.org/leap/obfsvpn/dialer.go b/vendor/0xacab.org/leap/obfsvpn/dialer.go
index c7a51be..402ac7e 100644
--- a/vendor/0xacab.org/leap/obfsvpn/dialer.go
+++ b/vendor/0xacab.org/leap/obfsvpn/dialer.go
@@ -5,7 +5,6 @@ import (
 	"encoding/base64"
 	"errors"
 	"fmt"
-	"log"
 	"net"
 	"strconv"
 
@@ -64,10 +63,8 @@ func packCert(node *ntor.NodeID, public *ntor.PublicKey) string {
 }
 
 func unpackCert(cert string) (*ntor.NodeID, *ntor.PublicKey, error) {
-	log.Println("DEBUG unpack:", cert, len(cert))
-
 	if l := base64.RawStdEncoding.DecodedLen(len(cert)); l != certLength {
-		return nil, nil, fmt.Errorf("invalid cert len: got %d, expected %d", l, certLength)
+		return nil, nil, fmt.Errorf("cert length %d is invalid", l)
 	}
 	decoded, err := base64.RawStdEncoding.DecodeString(cert)
 	if err != nil {
diff --git a/vendor/0xacab.org/leap/obfsvpn/listener.go b/vendor/0xacab.org/leap/obfsvpn/listener.go
index 1a360cf..52c08fd 100644
--- a/vendor/0xacab.org/leap/obfsvpn/listener.go
+++ b/vendor/0xacab.org/leap/obfsvpn/listener.go
@@ -18,7 +18,6 @@ import (
 
 const (
 	netKCP = "kcp"
-	netUDP = "udp"
 )
 
 // ListenConfig contains options for listening to an address.
@@ -126,7 +125,6 @@ func (lc *ListenConfig) Listen(ctx context.Context, network, address string) (*L
 	default:
 		ln, err = lc.ListenConfig.Listen(ctx, network, address)
 		if err != nil {
-			log.Println("Error on listen:", err)
 			return nil, err
 		}
 	}
diff --git a/vendor/github.com/natefinch/npipe/.gitignore b/vendor/github.com/natefinch/npipe/.gitignore
new file mode 100644
index 0000000..0026861
--- /dev/null
+++ b/vendor/github.com/natefinch/npipe/.gitignore
@@ -0,0 +1,22 @@
+# Compiled Object files, Static and Dynamic libs (Shared Objects)
+*.o
+*.a
+*.so
+
+# Folders
+_obj
+_test
+
+# Architecture specific extensions/prefixes
+*.[568vq]
+[568vq].out
+
+*.cgo1.go
+*.cgo2.c
+_cgo_defun.c
+_cgo_gotypes.go
+_cgo_export.*
+
+_testmain.go
+
+*.exe
diff --git a/vendor/github.com/natefinch/npipe/LICENSE.txt b/vendor/github.com/natefinch/npipe/LICENSE.txt
new file mode 100644
index 0000000..a4a1104
--- /dev/null
+++ b/vendor/github.com/natefinch/npipe/LICENSE.txt
@@ -0,0 +1,8 @@
+The MIT License (MIT)
+Copyright (c) 2013 npipe authors
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
\ No newline at end of file
diff --git a/vendor/github.com/natefinch/npipe/README.md b/vendor/github.com/natefinch/npipe/README.md
new file mode 100644
index 0000000..420a4d1
--- /dev/null
+++ b/vendor/github.com/natefinch/npipe/README.md
@@ -0,0 +1,308 @@
+npipe  [![Build status](https://ci.appveyor.com/api/projects/status/00vuepirsot29qwi)](https://ci.appveyor.com/project/natefinch/npipe) [![GoDoc](https://godoc.org/gopkg.in/natefinch/npipe.v2?status.svg)](https://godoc.org/gopkg.in/natefinch/npipe.v2)
+=====
+Package npipe provides a pure Go wrapper around Windows named pipes.
+
+Windows named pipe documentation: http://msdn.microsoft.com/en-us/library/windows/desktop/aa365780
+
+Note that the code lives at https://github.com/natefinch/npipe (v2 branch)
+but should be imported as gopkg.in/natefinch/npipe.v2 (the package name is
+still npipe).
+
+npipe provides an interface based on stdlib's net package, with Dial, Listen,
+and Accept functions, as well as associated implementations of net.Conn and
+net.Listener.  It supports rpc over the connection.
+
+### Notes
+* Deadlines for reading/writing to the connection are only functional in Windows Vista/Server 2008 and above, due to limitations with the Windows API.
+
+* The pipes support byte mode only (no support for message mode)
+
+### Examples
+The Dial function connects a client to a named pipe:
+
+
+	conn, err := npipe.Dial(`\\.\pipe\mypipename`)
+	if err != nil {
+		<handle error>
+	}
+	fmt.Fprintf(conn, "Hi server!\n")
+	msg, err := bufio.NewReader(conn).ReadString('\n')
+	...
+
+The Listen function creates servers:
+
+
+	ln, err := npipe.Listen(`\\.\pipe\mypipename`)
+	if err != nil {
+		// handle error
+	}
+	for {
+		conn, err := ln.Accept()
+		if err != nil {
+			// handle error
+			continue
+		}
+		go handleConnection(conn)
+	}
+
+
+
+
+
+## Variables
+``` go
+var ErrClosed = PipeError{"Pipe has been closed.", false}
+```
+ErrClosed is the error returned by PipeListener.Accept when Close is called
+on the PipeListener.
+
+
+
+## type PipeAddr
+``` go
+type PipeAddr string
+```
+PipeAddr represents the address of a named pipe.
+
+
+
+
+
+
+
+
+
+
+
+### func (PipeAddr) Network
+``` go
+func (a PipeAddr) Network() string
+```
+Network returns the address's network name, "pipe".
+
+
+
+### func (PipeAddr) String
+``` go
+func (a PipeAddr) String() string
+```
+String returns the address of the pipe
+
+
+
+## type PipeConn
+``` go
+type PipeConn struct {
+    // contains filtered or unexported fields
+}
+```
+PipeConn is the implementation of the net.Conn interface for named pipe connections.
+
+
+
+
+
+
+
+
+
+### func Dial
+``` go
+func Dial(address string) (*PipeConn, error)
+```
+Dial connects to a named pipe with the given address. If the specified pipe is not available,
+it will wait indefinitely for the pipe to become available.
+
+The address must be of the form \\.\\pipe\<name> for local pipes and \\<computer>\pipe\<name>
+for remote pipes.
+
+Dial will return a PipeError if you pass in a badly formatted pipe name.
+
+Examples:
+
+
+	// local pipe
+	conn, err := Dial(`\\.\pipe\mypipename`)
+	
+	// remote pipe
+	conn, err := Dial(`\\othercomp\pipe\mypipename`)
+
+
+### func DialTimeout
+``` go
+func DialTimeout(address string, timeout time.Duration) (*PipeConn, error)
+```
+DialTimeout acts like Dial, but will time out after the duration of timeout
+
+
+
+
+### func (\*PipeConn) Close
+``` go
+func (c *PipeConn) Close() error
+```
+Close closes the connection.
+
+
+
+### func (\*PipeConn) LocalAddr
+``` go
+func (c *PipeConn) LocalAddr() net.Addr
+```
+LocalAddr returns the local network address.
+
+
+
+### func (\*PipeConn) Read
+``` go
+func (c *PipeConn) Read(b []byte) (int, error)
+```
+Read implements the net.Conn Read method.
+
+
+
+### func (\*PipeConn) RemoteAddr
+``` go
+func (c *PipeConn) RemoteAddr() net.Addr
+```
+RemoteAddr returns the remote network address.
+
+
+
+### func (\*PipeConn) SetDeadline
+``` go
+func (c *PipeConn) SetDeadline(t time.Time) error
+```
+SetDeadline implements the net.Conn SetDeadline method.
+Note that timeouts are only supported on Windows Vista/Server 2008 and above
+
+
+
+### func (\*PipeConn) SetReadDeadline
+``` go
+func (c *PipeConn) SetReadDeadline(t time.Time) error
+```
+SetReadDeadline implements the net.Conn SetReadDeadline method.
+Note that timeouts are only supported on Windows Vista/Server 2008 and above
+
+
+
+### func (\*PipeConn) SetWriteDeadline
+``` go
+func (c *PipeConn) SetWriteDeadline(t time.Time) error
+```
+SetWriteDeadline implements the net.Conn SetWriteDeadline method.
+Note that timeouts are only supported on Windows Vista/Server 2008 and above
+
+
+
+### func (\*PipeConn) Write
+``` go
+func (c *PipeConn) Write(b []byte) (int, error)
+```
+Write implements the net.Conn Write method.
+
+
+
+## type PipeError
+``` go
+type PipeError struct {
+    // contains filtered or unexported fields
+}
+```
+PipeError is an error related to a call to a pipe
+
+
+
+
+
+
+
+
+
+
+
+### func (PipeError) Error
+``` go
+func (e PipeError) Error() string
+```
+Error implements the error interface
+
+
+
+### func (PipeError) Temporary
+``` go
+func (e PipeError) Temporary() bool
+```
+Temporary implements net.AddrError.Temporary()
+
+
+
+### func (PipeError) Timeout
+``` go
+func (e PipeError) Timeout() bool
+```
+Timeout implements net.AddrError.Timeout()
+
+
+
+## type PipeListener
+``` go
+type PipeListener struct {
+    // contains filtered or unexported fields
+}
+```
+PipeListener is a named pipe listener. Clients should typically
+use variables of type net.Listener instead of assuming named pipe.
+
+
+
+
+
+
+
+
+
+### func Listen
+``` go
+func Listen(address string) (*PipeListener, error)
+```
+Listen returns a new PipeListener that will listen on a pipe with the given
+address. The address must be of the form \\.\pipe\<name>
+
+Listen will return a PipeError for an incorrectly formatted pipe name.
+
+
+
+
+### func (\*PipeListener) Accept
+``` go
+func (l *PipeListener) Accept() (net.Conn, error)
+```
+Accept implements the Accept method in the net.Listener interface; it
+waits for the next call and returns a generic net.Conn.
+
+
+
+### func (\*PipeListener) AcceptPipe
+``` go
+func (l *PipeListener) AcceptPipe() (*PipeConn, error)
+```
+AcceptPipe accepts the next incoming call and returns the new connection.
+
+
+
+### func (\*PipeListener) Addr
+``` go
+func (l *PipeListener) Addr() net.Addr
+```
+Addr returns the listener's network address, a PipeAddr.
+
+
+
+### func (\*PipeListener) Close
+``` go
+func (l *PipeListener) Close() error
+```
+Close stops listening on the address.
+Already Accepted connections are not closed.
diff --git a/vendor/github.com/natefinch/npipe/doc.go b/vendor/github.com/natefinch/npipe/doc.go
new file mode 100644
index 0000000..3445773
--- /dev/null
+++ b/vendor/github.com/natefinch/npipe/doc.go
@@ -0,0 +1,50 @@
+// Copyright 2013 Nate Finch. All rights reserved.
+// Use of this source code is governed by an MIT-style
+// license that can be found in the LICENSE file.
+
+// Package npipe provides a pure Go wrapper around Windows named pipes.
+//
+// !! Note, this package is Windows-only.  There is no code to compile on linux.
+//
+// Windows named pipe documentation: http://msdn.microsoft.com/en-us/library/windows/desktop/aa365780
+//
+// Note that the code lives at https://github.com/natefinch/npipe (v2 branch)
+// but should be imported as gopkg.in/natefinch/npipe.v2 (the package name is
+// still npipe).
+//
+// npipe provides an interface based on stdlib's net package, with Dial, Listen,
+// and Accept functions, as well as associated implementations of net.Conn and
+// net.Listener.  It supports rpc over the connection.
+//
+// Notes
+//
+// * Deadlines for reading/writing to the connection are only functional in Windows Vista/Server 2008 and above, due to limitations with the Windows API.
+//
+// * The pipes support byte mode only (no support for message mode)
+//
+// Examples
+//
+// The Dial function connects a client to a named pipe:
+//   conn, err := npipe.Dial(`\\.\pipe\mypipename`)
+//   if err != nil {
+//   	<handle error>
+//   }
+//   fmt.Fprintf(conn, "Hi server!\n")
+//   msg, err := bufio.NewReader(conn).ReadString('\n')
+//   ...
+//
+// The Listen function creates servers:
+//
+//   ln, err := npipe.Listen(`\\.\pipe\mypipename`)
+//   if err != nil {
+//   	// handle error
+//   }
+//   for {
+//   	conn, err := ln.Accept()
+//   	if err != nil {
+//   		// handle error
+//   		continue
+//   	}
+//   	go handleConnection(conn)
+//   }
+package npipe
diff --git a/vendor/github.com/natefinch/npipe/npipe_windows.go b/vendor/github.com/natefinch/npipe/npipe_windows.go
new file mode 100644
index 0000000..5e7cf13
--- /dev/null
+++ b/vendor/github.com/natefinch/npipe/npipe_windows.go
@@ -0,0 +1,531 @@
+package npipe
+
+//sys createNamedPipe(name *uint16, openMode uint32, pipeMode uint32, maxInstances uint32, outBufSize uint32, inBufSize uint32, defaultTimeout uint32, sa *syscall.SecurityAttributes) (handle syscall.Handle, err error)  [failretval==syscall.InvalidHandle] = CreateNamedPipeW
+//sys connectNamedPipe(handle syscall.Handle, overlapped *syscall.Overlapped) (err error) = ConnectNamedPipe
+//sys disconnectNamedPipe(handle syscall.Handle) (err error) = DisconnectNamedPipe
+//sys waitNamedPipe(name *uint16, timeout uint32) (err error) = WaitNamedPipeW
+//sys createEvent(sa *syscall.SecurityAttributes, manualReset bool, initialState bool, name *uint16) (handle syscall.Handle, err error) [failretval==syscall.InvalidHandle] = CreateEventW
+//sys getOverlappedResult(handle syscall.Handle, overlapped *syscall.Overlapped, transferred *uint32, wait bool) (err error) = GetOverlappedResult
+//sys cancelIoEx(handle syscall.Handle, overlapped *syscall.Overlapped) (err error) = CancelIoEx
+
+import (
+	"fmt"
+	"io"
+	"net"
+	"sync"
+	"syscall"
+	"time"
+)
+
+const (
+	// openMode
+	pipe_access_duplex   = 0x3
+	pipe_access_inbound  = 0x1
+	pipe_access_outbound = 0x2
+
+	// openMode write flags
+	file_flag_first_pipe_instance = 0x00080000
+	file_flag_write_through       = 0x80000000
+	file_flag_overlapped          = 0x40000000
+
+	// openMode ACL flags
+	write_dac              = 0x00040000
+	write_owner            = 0x00080000
+	access_system_security = 0x01000000
+
+	// pipeMode
+	pipe_type_byte    = 0x0
+	pipe_type_message = 0x4
+
+	// pipeMode read mode flags
+	pipe_readmode_byte    = 0x0
+	pipe_readmode_message = 0x2
+
+	// pipeMode wait mode flags
+	pipe_wait   = 0x0
+	pipe_nowait = 0x1
+
+	// pipeMode remote-client mode flags
+	pipe_accept_remote_clients = 0x0
+	pipe_reject_remote_clients = 0x8
+
+	pipe_unlimited_instances = 255
+
+	nmpwait_wait_forever = 0xFFFFFFFF
+
+	// the two not-an-errors below occur if a client connects to the pipe between
+	// the server's CreateNamedPipe and ConnectNamedPipe calls.
+	error_no_data        syscall.Errno = 0xE8
+	error_pipe_connected syscall.Errno = 0x217
+	error_pipe_busy      syscall.Errno = 0xE7
+	error_sem_timeout    syscall.Errno = 0x79
+
+	error_bad_pathname syscall.Errno = 0xA1
+	error_invalid_name syscall.Errno = 0x7B
+
+	error_io_incomplete syscall.Errno = 0x3e4
+)
+
+var _ net.Conn = (*PipeConn)(nil)
+var _ net.Listener = (*PipeListener)(nil)
+
+// ErrClosed is the error returned by PipeListener.Accept when Close is called
+// on the PipeListener.
+var ErrClosed = PipeError{"Pipe has been closed.", false}
+
+// PipeError is an error related to a call to a pipe
+type PipeError struct {
+	msg     string
+	timeout bool
+}
+
+// Error implements the error interface
+func (e PipeError) Error() string {
+	return e.msg
+}
+
+// Timeout implements net.AddrError.Timeout()
+func (e PipeError) Timeout() bool {
+	return e.timeout
+}
+
+// Temporary implements net.AddrError.Temporary()
+func (e PipeError) Temporary() bool {
+	return false
+}
+
+// Dial connects to a named pipe with the given address. If the specified pipe is not available,
+// it will wait indefinitely for the pipe to become available.
+//
+// The address must be of the form \\.\\pipe\<name> for local pipes and \\<computer>\pipe\<name>
+// for remote pipes.
+//
+// Dial will return a PipeError if you pass in a badly formatted pipe name.
+//
+// Examples:
+//   // local pipe
+//   conn, err := Dial(`\\.\pipe\mypipename`)
+//
+//   // remote pipe
+//   conn, err := Dial(`\\othercomp\pipe\mypipename`)
+func Dial(address string) (*PipeConn, error) {
+	for {
+		conn, err := dial(address, nmpwait_wait_forever)
+		if err == nil {
+			return conn, nil
+		}
+		if isPipeNotReady(err) {
+			<-time.After(100 * time.Millisecond)
+			continue
+		}
+		return nil, err
+	}
+}
+
+// DialTimeout acts like Dial, but will time out after the duration of timeout
+func DialTimeout(address string, timeout time.Duration) (*PipeConn, error) {
+	deadline := time.Now().Add(timeout)
+
+	now := time.Now()
+	for now.Before(deadline) {
+		millis := uint32(deadline.Sub(now) / time.Millisecond)
+		conn, err := dial(address, millis)
+		if err == nil {
+			return conn, nil
+		}
+		if err == error_sem_timeout {
+			// This is WaitNamedPipe's timeout error, so we know we're done
+			return nil, PipeError{fmt.Sprintf(
+				"Timed out waiting for pipe '%s' to come available", address), true}
+		}
+		if isPipeNotReady(err) {
+			left := deadline.Sub(time.Now())
+			retry := 100 * time.Millisecond
+			if left > retry {
+				<-time.After(retry)
+			} else {
+				<-time.After(left - time.Millisecond)
+			}
+			now = time.Now()
+			continue
+		}
+		return nil, err
+	}
+	return nil, PipeError{fmt.Sprintf(
+		"Timed out waiting for pipe '%s' to come available", address), true}
+}
+
+// isPipeNotReady checks the error to see if it indicates the pipe is not ready
+func isPipeNotReady(err error) bool {
+	// Pipe Busy means another client just grabbed the open pipe end,
+	// and the server hasn't made a new one yet.
+	// File Not Found means the server hasn't created the pipe yet.
+	// Neither is a fatal error.
+
+	return err == syscall.ERROR_FILE_NOT_FOUND || err == error_pipe_busy
+}
+
+// newOverlapped creates a structure used to track asynchronous
+// I/O requests that have been issued.
+func newOverlapped() (*syscall.Overlapped, error) {
+	event, err := createEvent(nil, true, true, nil)
+	if err != nil {
+		return nil, err
+	}
+	return &syscall.Overlapped{HEvent: event}, nil
+}
+
+// waitForCompletion waits for an asynchronous I/O request referred to by overlapped to complete.
+// This function returns the number of bytes transferred by the operation and an error code if
+// applicable (nil otherwise).
+func waitForCompletion(handle syscall.Handle, overlapped *syscall.Overlapped) (uint32, error) {
+	_, err := syscall.WaitForSingleObject(overlapped.HEvent, syscall.INFINITE)
+	if err != nil {
+		return 0, err
+	}
+	var transferred uint32
+	err = getOverlappedResult(handle, overlapped, &transferred, true)
+	return transferred, err
+}
+
+// dial is a helper to initiate a connection to a named pipe that has been started by a server.
+// The timeout is only enforced if the pipe server has already created the pipe, otherwise
+// this function will return immediately.
+func dial(address string, timeout uint32) (*PipeConn, error) {
+	name, err := syscall.UTF16PtrFromString(string(address))
+	if err != nil {
+		return nil, err
+	}
+	// If at least one instance of the pipe has been created, this function
+	// will wait timeout milliseconds for it to become available.
+	// It will return immediately regardless of timeout, if no instances
+	// of the named pipe have been created yet.
+	// If this returns with no error, there is a pipe available.
+	if err := waitNamedPipe(name, timeout); err != nil {
+		if err == error_bad_pathname {
+			// badly formatted pipe name
+			return nil, badAddr(address)
+		}
+		return nil, err
+	}
+	pathp, err := syscall.UTF16PtrFromString(address)
+	if err != nil {
+		return nil, err
+	}
+	handle, err := syscall.CreateFile(pathp, syscall.GENERIC_READ|syscall.GENERIC_WRITE,
+		uint32(syscall.FILE_SHARE_READ|syscall.FILE_SHARE_WRITE), nil, syscall.OPEN_EXISTING,
+		syscall.FILE_FLAG_OVERLAPPED, 0)
+	if err != nil {
+		return nil, err
+	}
+	return &PipeConn{handle: handle, addr: PipeAddr(address)}, nil
+}
+
+// Listen returns a new PipeListener that will listen on a pipe with the given
+// address. The address must be of the form \\.\pipe\<name>
+//
+// Listen will return a PipeError for an incorrectly formatted pipe name.
+func Listen(address string) (*PipeListener, error) {
+	handle, err := createPipe(address, true)
+	if err == error_invalid_name {
+		return nil, badAddr(address)
+	}
+	if err != nil {
+		return nil, err
+	}
+
+	return &PipeListener{
+		addr:   PipeAddr(address),
+		handle: handle,
+	}, nil
+}
+
+// PipeListener is a named pipe listener. Clients should typically
+// use variables of type net.Listener instead of assuming named pipe.
+type PipeListener struct {
+	mu sync.Mutex
+
+	addr   PipeAddr
+	handle syscall.Handle
+	closed bool
+
+	// acceptHandle contains the current handle waiting for
+	// an incoming connection or nil.
+	acceptHandle syscall.Handle
+	// acceptOverlapped is set before waiting on a connection.
+	// If not waiting, it is nil.
+	acceptOverlapped *syscall.Overlapped
+}
+
+// Accept implements the Accept method in the net.Listener interface; it
+// waits for the next call and returns a generic net.Conn.
+func (l *PipeListener) Accept() (net.Conn, error) {
+	c, err := l.AcceptPipe()
+	for err == error_no_data {
+		// Ignore clients that connect and immediately disconnect.
+		c, err = l.AcceptPipe()
+	}
+	if err != nil {
+		return nil, err
+	}
+	return c, nil
+}
+
+// AcceptPipe accepts the next incoming call and returns the new connection.
+// It might return an error if a client connected and immediately cancelled
+// the connection.
+func (l *PipeListener) AcceptPipe() (*PipeConn, error) {
+	if l == nil {
+		return nil, syscall.EINVAL
+	}
+
+	l.mu.Lock()
+	defer l.mu.Unlock()
+
+	if l.addr == "" || l.closed {
+		return nil, syscall.EINVAL
+	}
+
+	// the first time we call accept, the handle will have been created by the Listen
+	// call. This is to prevent race conditions where the client thinks the server
+	// isn't listening because it hasn't actually called create yet. After the first time, we'll
+	// have to create a new handle each time
+	handle := l.handle
+	if handle == 0 {
+		var err error
+		handle, err = createPipe(string(l.addr), false)
+		if err != nil {
+			return nil, err
+		}
+	} else {
+		l.handle = 0
+	}
+
+	overlapped, err := newOverlapped()
+	if err != nil {
+		return nil, err
+	}
+	defer syscall.CloseHandle(overlapped.HEvent)
+	err = connectNamedPipe(handle, overlapped)
+	if err == nil || err == error_pipe_connected {
+		return &PipeConn{handle: handle, addr: l.addr}, nil
+	}
+
+	if err == error_io_incomplete || err == syscall.ERROR_IO_PENDING {
+		l.acceptOverlapped = overlapped
+		l.acceptHandle = handle
+		// unlock here so close can function correctly while we wait (we'll
+		// get relocked via the defer below, before the original defer
+		// unlock happens.)
+		l.mu.Unlock()
+		defer func() {
+			l.mu.Lock()
+			l.acceptOverlapped = nil
+			l.acceptHandle = 0
+			// unlock is via defer above.
+		}()
+		_, err = waitForCompletion(handle, overlapped)
+	}
+	if err == syscall.ERROR_OPERATION_ABORTED {
+		// Return error compatible to net.Listener.Accept() in case the
+		// listener was closed.
+		return nil, ErrClosed
+	}
+	if err != nil {
+		return nil, err
+	}
+	return &PipeConn{handle: handle, addr: l.addr}, nil
+}
+
+// Close stops listening on the address.
+// Already Accepted connections are not closed.
+func (l *PipeListener) Close() error {
+	l.mu.Lock()
+	defer l.mu.Unlock()
+
+	if l.closed {
+		return nil
+	}
+	l.closed = true
+	if l.handle != 0 {
+		err := disconnectNamedPipe(l.handle)
+		if err != nil {
+			return err
+		}
+		err = syscall.CloseHandle(l.handle)
+		if err != nil {
+			return err
+		}
+		l.handle = 0
+	}
+	if l.acceptOverlapped != nil && l.acceptHandle != 0 {
+		// Cancel the pending IO. This call does not block, so it is safe
+		// to hold onto the mutex above.
+		if err := cancelIoEx(l.acceptHandle, l.acceptOverlapped); err != nil {
+			return err
+		}
+		err := syscall.CloseHandle(l.acceptOverlapped.HEvent)
+		if err != nil {
+			return err
+		}
+		l.acceptOverlapped.HEvent = 0
+		err = syscall.CloseHandle(l.acceptHandle)
+		if err != nil {
+			return err
+		}
+		l.acceptHandle = 0
+	}
+	return nil
+}
+
+// Addr returns the listener's network address, a PipeAddr.
+func (l *PipeListener) Addr() net.Addr { return l.addr }
+
+// PipeConn is the implementation of the net.Conn interface for named pipe connections.
+type PipeConn struct {
+	handle syscall.Handle
+	addr   PipeAddr
+
+	// these aren't actually used yet
+	readDeadline  *time.Time
+	writeDeadline *time.Time
+}
+
+type iodata struct {
+	n   uint32
+	err error
+}
+
+// completeRequest looks at iodata to see if a request is pending. If so, it waits for it to either complete or to
+// abort due to hitting the specified deadline. Deadline may be set to nil to wait forever. If no request is pending,
+// the content of iodata is returned.
+func (c *PipeConn) completeRequest(data iodata, deadline *time.Time, overlapped *syscall.Overlapped) (int, error) {
+	if data.err == error_io_incomplete || data.err == syscall.ERROR_IO_PENDING {
+		var timer <-chan time.Time
+		if deadline != nil {
+			if timeDiff := deadline.Sub(time.Now()); timeDiff > 0 {
+				timer = time.After(timeDiff)
+			}
+		}
+		done := make(chan iodata)
+		go func() {
+			n, err := waitForCompletion(c.handle, overlapped)
+			done <- iodata{n, err}
+		}()
+		select {
+		case data = <-done:
+		case <-timer:
+			syscall.CancelIoEx(c.handle, overlapped)
+			data = iodata{0, timeout(c.addr.String())}
+		}
+	}
+	// Windows will produce ERROR_BROKEN_PIPE upon closing
+	// a handle on the other end of a connection. Go RPC
+	// expects an io.EOF error in this case.
+	if data.err == syscall.ERROR_BROKEN_PIPE {
+		data.err = io.EOF
+	}
+	return int(data.n), data.err
+}
+
+// Read implements the net.Conn Read method.
+func (c *PipeConn) Read(b []byte) (int, error) {
+	// Use ReadFile() rather than Read() because the latter
+	// contains a workaround that eats ERROR_BROKEN_PIPE.
+	overlapped, err := newOverlapped()
+	if err != nil {
+		return 0, err
+	}
+	defer syscall.CloseHandle(overlapped.HEvent)
+	var n uint32
+	err = syscall.ReadFile(c.handle, b, &n, overlapped)
+	return c.completeRequest(iodata{n, err}, c.readDeadline, overlapped)
+}
+
+// Write implements the net.Conn Write method.
+func (c *PipeConn) Write(b []byte) (int, error) {
+	overlapped, err := newOverlapped()
+	if err != nil {
+		return 0, err
+	}
+	defer syscall.CloseHandle(overlapped.HEvent)
+	var n uint32
+	err = syscall.WriteFile(c.handle, b, &n, overlapped)
+	return c.completeRequest(iodata{n, err}, c.writeDeadline, overlapped)
+}
+
+// Close closes the connection.
+func (c *PipeConn) Close() error {
+	return syscall.CloseHandle(c.handle)
+}
+
+// LocalAddr returns the local network address.
+func (c *PipeConn) LocalAddr() net.Addr {
+	return c.addr
+}
+
+// RemoteAddr returns the remote network address.
+func (c *PipeConn) RemoteAddr() net.Addr {
+	// not sure what to do here, we don't have remote addr....
+	return c.addr
+}
+
+// SetDeadline implements the net.Conn SetDeadline method.
+// Note that timeouts are only supported on Windows Vista/Server 2008 and above
+func (c *PipeConn) SetDeadline(t time.Time) error {
+	c.SetReadDeadline(t)
+	c.SetWriteDeadline(t)
+	return nil
+}
+
+// SetReadDeadline implements the net.Conn SetReadDeadline method.
+// Note that timeouts are only supported on Windows Vista/Server 2008 and above
+func (c *PipeConn) SetReadDeadline(t time.Time) error {
+	c.readDeadline = &t
+	return nil
+}
+
+// SetWriteDeadline implements the net.Conn SetWriteDeadline method.
+// Note that timeouts are only supported on Windows Vista/Server 2008 and above
+func (c *PipeConn) SetWriteDeadline(t time.Time) error {
+	c.writeDeadline = &t
+	return nil
+}
+
+// PipeAddr represents the address of a named pipe.
+type PipeAddr string
+
+// Network returns the address's network name, "pipe".
+func (a PipeAddr) Network() string { return "pipe" }
+
+// String returns the address of the pipe
+func (a PipeAddr) String() string {
+	return string(a)
+}
+
+// createPipe is a helper function to make sure we always create pipes
+// with the same arguments, since subsequent calls to create pipe need
+// to use the same arguments as the first one. If first is set, fail
+// if the pipe already exists.
+func createPipe(address string, first bool) (syscall.Handle, error) {
+	n, err := syscall.UTF16PtrFromString(address)
+	if err != nil {
+		return 0, err
+	}
+	mode := uint32(pipe_access_duplex | syscall.FILE_FLAG_OVERLAPPED)
+	if first {
+		mode |= file_flag_first_pipe_instance
+	}
+	return createNamedPipe(n,
+		mode,
+		pipe_type_byte,
+		pipe_unlimited_instances,
+		512, 512, 0, nil)
+}
+
+func badAddr(addr string) PipeError {
+	return PipeError{fmt.Sprintf("Invalid pipe address '%s'.", addr), false}
+}
+func timeout(addr string) PipeError {
+	return PipeError{fmt.Sprintf("Pipe IO timed out waiting for '%s'", addr), true}
+}
diff --git a/vendor/github.com/natefinch/npipe/znpipe_windows_386.go b/vendor/github.com/natefinch/npipe/znpipe_windows_386.go
new file mode 100644
index 0000000..c283e6c
--- /dev/null
+++ b/vendor/github.com/natefinch/npipe/znpipe_windows_386.go
@@ -0,0 +1,124 @@
+// +build windows
+// go build mksyscall_windows.go && ./mksyscall_windows npipe_windows.go
+// MACHINE GENERATED BY THE COMMAND ABOVE; DO NOT EDIT
+
+package npipe
+
+import "unsafe"
+import "syscall"
+
+var (
+	modkernel32 = syscall.NewLazyDLL("kernel32.dll")
+
+	procCreateNamedPipeW    = modkernel32.NewProc("CreateNamedPipeW")
+	procConnectNamedPipe    = modkernel32.NewProc("ConnectNamedPipe")
+	procDisconnectNamedPipe = modkernel32.NewProc("DisconnectNamedPipe")
+	procWaitNamedPipeW      = modkernel32.NewProc("WaitNamedPipeW")
+	procCreateEventW        = modkernel32.NewProc("CreateEventW")
+	procGetOverlappedResult = modkernel32.NewProc("GetOverlappedResult")
+	procCancelIoEx          = modkernel32.NewProc("CancelIoEx")
+)
+
+func createNamedPipe(name *uint16, openMode uint32, pipeMode uint32, maxInstances uint32, outBufSize uint32, inBufSize uint32, defaultTimeout uint32, sa *syscall.SecurityAttributes) (handle syscall.Handle, err error) {
+	r0, _, e1 := syscall.Syscall9(procCreateNamedPipeW.Addr(), 8, uintptr(unsafe.Pointer(name)), uintptr(openMode), uintptr(pipeMode), uintptr(maxInstances), uintptr(outBufSize), uintptr(inBufSize), uintptr(defaultTimeout), uintptr(unsafe.Pointer(sa)), 0)
+	handle = syscall.Handle(r0)
+	if handle == syscall.InvalidHandle {
+		if e1 != 0 {
+			err = error(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func cancelIoEx(handle syscall.Handle, overlapped *syscall.Overlapped) (err error) {
+	r1, _, e1 := syscall.Syscall(procCancelIoEx.Addr(), 2, uintptr(handle), uintptr(unsafe.Pointer(overlapped)), 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = error(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func connectNamedPipe(handle syscall.Handle, overlapped *syscall.Overlapped) (err error) {
+	r1, _, e1 := syscall.Syscall(procConnectNamedPipe.Addr(), 2, uintptr(handle), uintptr(unsafe.Pointer(overlapped)), 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = error(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func disconnectNamedPipe(handle syscall.Handle) (err error) {
+	r1, _, e1 := syscall.Syscall(procDisconnectNamedPipe.Addr(), 1, uintptr(handle), 0, 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = error(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func waitNamedPipe(name *uint16, timeout uint32) (err error) {
+	r1, _, e1 := syscall.Syscall(procWaitNamedPipeW.Addr(), 2, uintptr(unsafe.Pointer(name)), uintptr(timeout), 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = error(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func createEvent(sa *syscall.SecurityAttributes, manualReset bool, initialState bool, name *uint16) (handle syscall.Handle, err error) {
+	var _p0 uint32
+	if manualReset {
+		_p0 = 1
+	} else {
+		_p0 = 0
+	}
+	var _p1 uint32
+	if initialState {
+		_p1 = 1
+	} else {
+		_p1 = 0
+	}
+	r0, _, e1 := syscall.Syscall6(procCreateEventW.Addr(), 4, uintptr(unsafe.Pointer(sa)), uintptr(_p0), uintptr(_p1), uintptr(unsafe.Pointer(name)), 0, 0)
+	handle = syscall.Handle(r0)
+	if handle == syscall.InvalidHandle {
+		if e1 != 0 {
+			err = error(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func getOverlappedResult(handle syscall.Handle, overlapped *syscall.Overlapped, transferred *uint32, wait bool) (err error) {
+	var _p0 uint32
+	if wait {
+		_p0 = 1
+	} else {
+		_p0 = 0
+	}
+	r1, _, e1 := syscall.Syscall6(procGetOverlappedResult.Addr(), 4, uintptr(handle), uintptr(unsafe.Pointer(overlapped)), uintptr(unsafe.Pointer(transferred)), uintptr(_p0), 0, 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = error(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
diff --git a/vendor/github.com/natefinch/npipe/znpipe_windows_amd64.go b/vendor/github.com/natefinch/npipe/znpipe_windows_amd64.go
new file mode 100644
index 0000000..c283e6c
--- /dev/null
+++ b/vendor/github.com/natefinch/npipe/znpipe_windows_amd64.go
@@ -0,0 +1,124 @@
+// +build windows
+// go build mksyscall_windows.go && ./mksyscall_windows npipe_windows.go
+// MACHINE GENERATED BY THE COMMAND ABOVE; DO NOT EDIT
+
+package npipe
+
+import "unsafe"
+import "syscall"
+
+var (
+	modkernel32 = syscall.NewLazyDLL("kernel32.dll")
+
+	procCreateNamedPipeW    = modkernel32.NewProc("CreateNamedPipeW")
+	procConnectNamedPipe    = modkernel32.NewProc("ConnectNamedPipe")
+	procDisconnectNamedPipe = modkernel32.NewProc("DisconnectNamedPipe")
+	procWaitNamedPipeW      = modkernel32.NewProc("WaitNamedPipeW")
+	procCreateEventW        = modkernel32.NewProc("CreateEventW")
+	procGetOverlappedResult = modkernel32.NewProc("GetOverlappedResult")
+	procCancelIoEx          = modkernel32.NewProc("CancelIoEx")
+)
+
+func createNamedPipe(name *uint16, openMode uint32, pipeMode uint32, maxInstances uint32, outBufSize uint32, inBufSize uint32, defaultTimeout uint32, sa *syscall.SecurityAttributes) (handle syscall.Handle, err error) {
+	r0, _, e1 := syscall.Syscall9(procCreateNamedPipeW.Addr(), 8, uintptr(unsafe.Pointer(name)), uintptr(openMode), uintptr(pipeMode), uintptr(maxInstances), uintptr(outBufSize), uintptr(inBufSize), uintptr(defaultTimeout), uintptr(unsafe.Pointer(sa)), 0)
+	handle = syscall.Handle(r0)
+	if handle == syscall.InvalidHandle {
+		if e1 != 0 {
+			err = error(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func cancelIoEx(handle syscall.Handle, overlapped *syscall.Overlapped) (err error) {
+	r1, _, e1 := syscall.Syscall(procCancelIoEx.Addr(), 2, uintptr(handle), uintptr(unsafe.Pointer(overlapped)), 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = error(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func connectNamedPipe(handle syscall.Handle, overlapped *syscall.Overlapped) (err error) {
+	r1, _, e1 := syscall.Syscall(procConnectNamedPipe.Addr(), 2, uintptr(handle), uintptr(unsafe.Pointer(overlapped)), 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = error(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func disconnectNamedPipe(handle syscall.Handle) (err error) {
+	r1, _, e1 := syscall.Syscall(procDisconnectNamedPipe.Addr(), 1, uintptr(handle), 0, 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = error(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func waitNamedPipe(name *uint16, timeout uint32) (err error) {
+	r1, _, e1 := syscall.Syscall(procWaitNamedPipeW.Addr(), 2, uintptr(unsafe.Pointer(name)), uintptr(timeout), 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = error(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func createEvent(sa *syscall.SecurityAttributes, manualReset bool, initialState bool, name *uint16) (handle syscall.Handle, err error) {
+	var _p0 uint32
+	if manualReset {
+		_p0 = 1
+	} else {
+		_p0 = 0
+	}
+	var _p1 uint32
+	if initialState {
+		_p1 = 1
+	} else {
+		_p1 = 0
+	}
+	r0, _, e1 := syscall.Syscall6(procCreateEventW.Addr(), 4, uintptr(unsafe.Pointer(sa)), uintptr(_p0), uintptr(_p1), uintptr(unsafe.Pointer(name)), 0, 0)
+	handle = syscall.Handle(r0)
+	if handle == syscall.InvalidHandle {
+		if e1 != 0 {
+			err = error(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func getOverlappedResult(handle syscall.Handle, overlapped *syscall.Overlapped, transferred *uint32, wait bool) (err error) {
+	var _p0 uint32
+	if wait {
+		_p0 = 1
+	} else {
+		_p0 = 0
+	}
+	r1, _, e1 := syscall.Syscall6(procGetOverlappedResult.Addr(), 4, uintptr(handle), uintptr(unsafe.Pointer(overlapped)), uintptr(unsafe.Pointer(transferred)), uintptr(_p0), 0, 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = error(e1)
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 459f7fa..0282cb3 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -55,6 +55,9 @@ github.com/klauspost/cpuid/v2
 # github.com/klauspost/reedsolomon v1.10.0
 ## explicit; go 1.15
 github.com/klauspost/reedsolomon
+# github.com/natefinch/npipe v0.0.0-20160621034901-c1b8fa8bdcce
+## explicit
+github.com/natefinch/npipe
 # github.com/pion/datachannel v1.5.2
 ## explicit; go 1.13
 github.com/pion/datachannel
@@ -237,4 +240,6 @@ golang.org/x/sys/windows/svc
 golang.org/x/sys/windows/svc/debug
 golang.org/x/sys/windows/svc/eventlog
 golang.org/x/sys/windows/svc/mgr
+# gopkg.in/natefinch/npipe.v2 v2.0.0-20160621034901-c1b8fa8bdcce
+## explicit
 # 0xacab.org/leap/obfsvpn => ../obfsvpn