diff options
author | kali kaneko (leap communications) <kali@leap.se> | 2021-05-16 21:21:30 +0200 |
---|---|---|
committer | kali kaneko (leap communications) <kali@leap.se> | 2021-05-17 17:52:44 +0200 |
commit | 4eee08d520b73fb96a43cf4888972e502c6c1fa3 (patch) | |
tree | 24cd97c658b7a369389f3980aa6a986bf78b72e2 /pkg/vpn | |
parent | b5b55b0b54588ad95d66fc7acfab0b9cb76c93e6 (diff) |
[feat] store pt gateway for connection info
Diffstat (limited to 'pkg/vpn')
-rw-r--r-- | pkg/vpn/main.go | 3 | ||||
-rw-r--r-- | pkg/vpn/openvpn.go | 30 | ||||
-rw-r--r-- | pkg/vpn/status.go | 15 |
3 files changed, 36 insertions, 12 deletions
diff --git a/pkg/vpn/main.go b/pkg/vpn/main.go index 5f5117a..f40366c 100644 --- a/pkg/vpn/main.go +++ b/pkg/vpn/main.go @@ -30,6 +30,7 @@ import ( type Bitmask struct { tempdir string onGateway bonafide.Gateway + ptGateway bonafide.Gateway statusCh chan string managementClient *openvpn.MgmtClient bonafide *bonafide.Bonafide @@ -52,7 +53,7 @@ func Init() (*Bitmask, error) { if err != nil { return nil, err } - b := Bitmask{tempdir, bonafide.Gateway{}, statusCh, nil, bf, launch, "", nil, "", []string{}} + b := Bitmask{tempdir, bonafide.Gateway{}, bonafide.Gateway{}, statusCh, nil, bf, launch, "", nil, "", []string{}} b.launch.firewallStop() /* diff --git a/pkg/vpn/openvpn.go b/pkg/vpn/openvpn.go index 2e552a1..4dad0e2 100644 --- a/pkg/vpn/openvpn.go +++ b/pkg/vpn/openvpn.go @@ -59,7 +59,8 @@ func (b *Bitmask) CanStartVPN() bool { return !b.bonafide.NeedsCredentials() } -func (b *Bitmask) startTransport() (proxy string, err error) { +func (b *Bitmask) startTransport(host string) (proxy string, err error) { + // TODO configure port if not available proxy = "127.0.0.1:4430" if b.shapes != nil { return proxy, nil @@ -75,9 +76,13 @@ func (b *Bitmask) startTransport() (proxy string, err error) { } for _, gw := range gateways { + if gw.Host != host { + continue + } if _, ok := gw.Options["cert"]; !ok { continue } + log.Println("Selected Gateway:", gw.Host, gw.IPAddress) b.shapes = &shapeshifter.ShapeShifter{ Cert: gw.Options["cert"], Target: gw.IPAddress + ":" + gw.Ports[0], @@ -95,6 +100,7 @@ func (b *Bitmask) startTransport() (proxy string, err error) { log.Printf("Can't connect to transport %s: %v", b.transport, err) continue } + log.Println("Connected via obfs4 to", gw.IPAddress, "(", gw.Host, ")") return proxy, nil } return "", fmt.Errorf("No working gateway for transport %s: %v", b.transport, err) @@ -112,8 +118,10 @@ func (b *Bitmask) listenShapeErr() { } func (b *Bitmask) startOpenVPN() error { - arg := b.openvpnArgs + arg := []string{} + // Empty transport means we get only the openvpn gateways if b.transport == "" { + arg = b.openvpnArgs gateways, err := b.bonafide.GetGateways("openvpn") if err != nil { return err @@ -129,15 +137,23 @@ func (b *Bitmask) startOpenVPN() error { } } } else { - proxy, err := b.startTransport() + // For now, obf4 is the only supported Pluggable Transport + gateways, err := b.bonafide.GetGateways(b.transport) if err != nil { return err } + if len(gateways) == 0 { + log.Printf("ERROR No gateway for transport %s in provider", b.transport) + return errors.New("ERROR: cannot find any gateway for selected transport") + } - gateways, err := b.bonafide.GetGateways(b.transport) + gw := gateways[0] + proxy, err := b.startTransport(gw.Host) if err != nil { return err } + b.ptGateway = gw + err = b.launch.firewallStart(gateways) if err != nil { return err @@ -145,14 +161,16 @@ func (b *Bitmask) startOpenVPN() error { proxyArgs := strings.Split(proxy, ":") arg = append(arg, "--remote", proxyArgs[0], proxyArgs[1], "tcp4") + arg = append(arg, "--route", gw.IPAddress, "255.255.255.255", "net_gateway") } arg = append(arg, - "--verb", "1", + "--verb", "3", "--management-client", "--management", openvpnManagementAddr, openvpnManagementPort, "--ca", b.getCaCertPath(), "--cert", b.certPemPath, - "--key", b.certPemPath) + "--key", b.certPemPath, + "--persist-tun") return b.launch.openvpnStart(arg...) } diff --git a/pkg/vpn/status.go b/pkg/vpn/status.go index 647cf27..0b04c3b 100644 --- a/pkg/vpn/status.go +++ b/pkg/vpn/status.go @@ -74,12 +74,17 @@ func (b *Bitmask) eventHandler(eventCh <-chan openvpn.Event) { } if statusName == "CONNECTED" { ip := strings.Split(stateEvent.String(), ": ")[1] - gw, err := b.bonafide.GetGatewayByIP(ip) - if err == nil { - b.onGateway = gw - log.Println("Connected to gateway:", b.onGateway.Host) + if ip == "127.0.0.1" { + // we're using pluggable transports + b.onGateway = b.ptGateway } else { - log.Println("ERROR: connected to unknown gateway", ip) + gw, err := b.bonafide.GetGatewayByIP(ip) + if err == nil { + b.onGateway = gw + log.Println("Connected to gateway:", b.onGateway.Host) + } else { + log.Println("ERROR: connected to unknown gateway", ip) + } } } } |