summaryrefslogtreecommitdiff
path: root/pkg/standalone/vpn.go
diff options
context:
space:
mode:
authorRuben Pollan <meskio@sindominio.net>2019-07-22 17:47:08 +0200
committerRuben Pollan <meskio@sindominio.net>2019-08-16 22:58:46 +0200
commit1de7bb124a5e502945712ef34f924ca4d1d0ca45 (patch)
tree346cc319f8dc3013fc9b9e0654d19e0720d388e7 /pkg/standalone/vpn.go
parent35aaba1e0da53aed44a5741ca9a3a1e2de21baf5 (diff)
[feat] be able to use obfs4
Diffstat (limited to 'pkg/standalone/vpn.go')
-rw-r--r--pkg/standalone/vpn.go106
1 files changed, 97 insertions, 9 deletions
diff --git a/pkg/standalone/vpn.go b/pkg/standalone/vpn.go
index 260eec1..e593f59 100644
--- a/pkg/standalone/vpn.go
+++ b/pkg/standalone/vpn.go
@@ -16,9 +16,15 @@
package standalone
import (
+ "fmt"
"io/ioutil"
+ "log"
"os"
"path"
+ "strconv"
+ "strings"
+
+ "0xacab.org/leap/shapeshifter"
)
const (
@@ -28,26 +34,95 @@ const (
// StartVPN for provider
func (b *Bitmask) StartVPN(provider string) error {
- gateways, err := b.bonafide.GetGateways("openvpn")
- if err != nil {
- return err
+ var proxy string
+ if b.transport != "" {
+ var err error
+ proxy, err = b.startTransport()
+ if err != nil {
+ return err
+ }
}
- certPemPath, err := b.getCert()
+
+ return b.startOpenVPN(proxy)
+}
+
+func (b *Bitmask) startTransport() (proxy string, err error) {
+ proxy = "127.0.0.1:4430"
+ if b.shapes != nil {
+ return proxy, nil
+ }
+
+ gateways, err := b.bonafide.GetGateways(b.transport)
if err != nil {
- return err
+ return "", err
+ }
+ if len(gateways) == 0 {
+ log.Printf("No gateway for transport %s in provider", b.transport)
+ return "", nil
+ }
+
+ for _, gw := range gateways {
+ if _, ok := gw.Options["cert"]; !ok {
+ continue
+ }
+ b.shapes = &shapeshifter.ShapeShifter{
+ Cert: gw.Options["cert"],
+ Target: gw.IPAddress + ":" + gw.Ports[0],
+ SocksAddr: proxy,
+ }
+ if iatMode, ok := gw.Options["iat-mode"]; ok {
+ b.shapes.IatMode, err = strconv.Atoi(iatMode)
+ if err != nil {
+ b.shapes.IatMode = 0
+ }
+ }
+ err = b.shapes.Open()
+ if err != nil {
+ log.Printf("Can't connect to transport %s: %v", b.transport, err)
+ continue
+ }
+ return proxy, nil
}
+ return "", fmt.Errorf("No working gateway for transport %s: %v", b.transport, err)
+}
- err = b.launch.firewallStart(gateways)
+func (b *Bitmask) startOpenVPN(proxy string) error {
+ certPemPath, err := b.getCert()
if err != nil {
return err
}
-
arg, err := b.bonafide.GetOpenvpnArgs()
if err != nil {
return err
}
- for _, gw := range gateways {
- arg = append(arg, "--remote", gw.IPAddress, "443", "tcp4")
+
+ if proxy == "" {
+ gateways, err := b.bonafide.GetGateways("openvpn")
+ if err != nil {
+ return err
+ }
+ err = b.launch.firewallStart(gateways)
+ if err != nil {
+ return err
+ }
+
+ for _, gw := range gateways {
+ for _, port := range gw.Ports {
+ arg = append(arg, "--remote", gw.IPAddress, port, "tcp4")
+ }
+ }
+ } else {
+ gateways, err := b.bonafide.GetGateways(b.transport)
+ if err != nil {
+ return err
+ }
+ err = b.launch.firewallStart(gateways)
+ if err != nil {
+ return err
+ }
+
+ proxyArgs := strings.Split(proxy, ":")
+ arg = append(arg, "--remote", proxyArgs[0], proxyArgs[1], "tcp4")
}
arg = append(arg,
"--verb", "1",
@@ -79,6 +154,10 @@ func (b *Bitmask) StopVPN() error {
if err != nil {
return err
}
+ if b.shapes != nil {
+ b.shapes.Close()
+ b.shapes = nil
+ }
return b.launch.openvpnStop()
}
@@ -146,6 +225,15 @@ func (b *Bitmask) UseGateway(name string) error {
return nil
}
+// UseTransport selects an obfuscation transport to use
+func (b *Bitmask) UseTransport(transport string) error {
+ if transport != "obfs4" {
+ return fmt.Errorf("Transport %s not implemented", transport)
+ }
+ b.transport = transport
+ return nil
+}
+
func (b *Bitmask) getCertPemPath() string {
return path.Join(b.tempdir, "openvpn.pem")
}