summaryrefslogtreecommitdiff
path: root/pkg/vpn/openvpn.go
diff options
context:
space:
mode:
authorkali kaneko (leap communications) <kali@leap.se>2021-05-28 12:26:11 +0200
committerkali kaneko (leap communications) <kali@leap.se>2021-06-01 12:31:48 +0200
commit1bd2637e3133d895d1e73931f8b3466a5761d9ef (patch)
tree1bd75f2a91f30d996030a8531fefbb29f7c41831 /pkg/vpn/openvpn.go
parentc6c0209ad45fb7d2e45370ee3a39f2dd437603b0 (diff)
[feat] expose set transport
webapi mainly for tests, but it's usable too
Diffstat (limited to 'pkg/vpn/openvpn.go')
-rw-r--r--pkg/vpn/openvpn.go59
1 files changed, 37 insertions, 22 deletions
diff --git a/pkg/vpn/openvpn.go b/pkg/vpn/openvpn.go
index 244195b..d69f4e6 100644
--- a/pkg/vpn/openvpn.go
+++ b/pkg/vpn/openvpn.go
@@ -121,26 +121,8 @@ func (b *Bitmask) listenShapeErr() {
func (b *Bitmask) startOpenVPN() error {
arg := []string{}
- // Empty transport means we get only the openvpn gateways
- if b.transport == "" {
- arg = b.openvpnArgs
- gateways, err := b.bonafide.GetGateways("openvpn")
- if err != nil {
- return err
- }
- err = b.launch.firewallStart(gateways)
- if err != nil {
- return err
- }
-
- for _, gw := range gateways {
- for _, port := range gw.Ports {
- arg = append(arg, "--remote", gw.IPAddress, port, "tcp4")
- }
- }
- } else {
- // For now, obf4 is the only supported Pluggable Transport
- gateways, err := b.bonafide.GetGateways(b.transport)
+ if b.GetTransport() == "obfs4" {
+ gateways, err := b.bonafide.GetGateways("obfs4")
if err != nil {
return err
}
@@ -164,6 +146,22 @@ func (b *Bitmask) startOpenVPN() error {
proxyArgs := strings.Split(proxy, ":")
arg = append(arg, "--remote", proxyArgs[0], proxyArgs[1], "tcp4")
arg = append(arg, "--route", gw.IPAddress, "255.255.255.255", "net_gateway")
+ } else {
+ arg = b.openvpnArgs
+ gateways, err := b.bonafide.GetGateways("openvpn")
+ if err != nil {
+ return err
+ }
+ err = b.launch.firewallStart(gateways)
+ if err != nil {
+ return err
+ }
+
+ for _, gw := range gateways {
+ for _, port := range gw.Ports {
+ arg = append(arg, "--remote", gw.IPAddress, port, "tcp4")
+ }
+ }
}
arg = append(arg,
"--verb", "3",
@@ -171,8 +169,8 @@ func (b *Bitmask) startOpenVPN() error {
"--management", openvpnManagementAddr, openvpnManagementPort,
"--ca", b.getTempCaCertPath(),
"--cert", b.certPemPath,
- "--key", b.certPemPath,
- "--persist-tun")
+ "--key", b.certPemPath)
+ //"--persist-tun")
return b.launch.openvpnStart(arg...)
}
@@ -330,6 +328,23 @@ func (b *Bitmask) UseTransport(transport string) error {
return nil
}
+func (b *Bitmask) GetTransport() string {
+ if b.transport == "obfs4" {
+ return "obfs4"
+ } else {
+ return "openvpn"
+ }
+}
+
+func (b *Bitmask) SetTransport(t string) error {
+ if t != "openvpn" && t != "obfs4" {
+ return errors.New("Transport not supported: " + t)
+ }
+ log.Println("Setting transport to", t)
+ b.transport = t
+ return nil
+}
+
func (b *Bitmask) getTempCertPemPath() string {
return path.Join(b.tempdir, "openvpn.pem")
}