summaryrefslogtreecommitdiff
path: root/pkg/vpn
diff options
context:
space:
mode:
authorkali kaneko (leap communications) <kali@leap.se>2021-05-16 21:21:30 +0200
committerkali kaneko (leap communications) <kali@leap.se>2021-05-17 17:52:44 +0200
commit4eee08d520b73fb96a43cf4888972e502c6c1fa3 (patch)
tree24cd97c658b7a369389f3980aa6a986bf78b72e2 /pkg/vpn
parentb5b55b0b54588ad95d66fc7acfab0b9cb76c93e6 (diff)
[feat] store pt gateway for connection info
Diffstat (limited to 'pkg/vpn')
-rw-r--r--pkg/vpn/main.go3
-rw-r--r--pkg/vpn/openvpn.go30
-rw-r--r--pkg/vpn/status.go15
3 files changed, 36 insertions, 12 deletions
diff --git a/pkg/vpn/main.go b/pkg/vpn/main.go
index 5f5117a..f40366c 100644
--- a/pkg/vpn/main.go
+++ b/pkg/vpn/main.go
@@ -30,6 +30,7 @@ import (
type Bitmask struct {
tempdir string
onGateway bonafide.Gateway
+ ptGateway bonafide.Gateway
statusCh chan string
managementClient *openvpn.MgmtClient
bonafide *bonafide.Bonafide
@@ -52,7 +53,7 @@ func Init() (*Bitmask, error) {
if err != nil {
return nil, err
}
- b := Bitmask{tempdir, bonafide.Gateway{}, statusCh, nil, bf, launch, "", nil, "", []string{}}
+ b := Bitmask{tempdir, bonafide.Gateway{}, bonafide.Gateway{}, statusCh, nil, bf, launch, "", nil, "", []string{}}
b.launch.firewallStop()
/*
diff --git a/pkg/vpn/openvpn.go b/pkg/vpn/openvpn.go
index 2e552a1..4dad0e2 100644
--- a/pkg/vpn/openvpn.go
+++ b/pkg/vpn/openvpn.go
@@ -59,7 +59,8 @@ func (b *Bitmask) CanStartVPN() bool {
return !b.bonafide.NeedsCredentials()
}
-func (b *Bitmask) startTransport() (proxy string, err error) {
+func (b *Bitmask) startTransport(host string) (proxy string, err error) {
+ // TODO configure port if not available
proxy = "127.0.0.1:4430"
if b.shapes != nil {
return proxy, nil
@@ -75,9 +76,13 @@ func (b *Bitmask) startTransport() (proxy string, err error) {
}
for _, gw := range gateways {
+ if gw.Host != host {
+ continue
+ }
if _, ok := gw.Options["cert"]; !ok {
continue
}
+ log.Println("Selected Gateway:", gw.Host, gw.IPAddress)
b.shapes = &shapeshifter.ShapeShifter{
Cert: gw.Options["cert"],
Target: gw.IPAddress + ":" + gw.Ports[0],
@@ -95,6 +100,7 @@ func (b *Bitmask) startTransport() (proxy string, err error) {
log.Printf("Can't connect to transport %s: %v", b.transport, err)
continue
}
+ log.Println("Connected via obfs4 to", gw.IPAddress, "(", gw.Host, ")")
return proxy, nil
}
return "", fmt.Errorf("No working gateway for transport %s: %v", b.transport, err)
@@ -112,8 +118,10 @@ func (b *Bitmask) listenShapeErr() {
}
func (b *Bitmask) startOpenVPN() error {
- arg := b.openvpnArgs
+ arg := []string{}
+ // Empty transport means we get only the openvpn gateways
if b.transport == "" {
+ arg = b.openvpnArgs
gateways, err := b.bonafide.GetGateways("openvpn")
if err != nil {
return err
@@ -129,15 +137,23 @@ func (b *Bitmask) startOpenVPN() error {
}
}
} else {
- proxy, err := b.startTransport()
+ // For now, obf4 is the only supported Pluggable Transport
+ gateways, err := b.bonafide.GetGateways(b.transport)
if err != nil {
return err
}
+ if len(gateways) == 0 {
+ log.Printf("ERROR No gateway for transport %s in provider", b.transport)
+ return errors.New("ERROR: cannot find any gateway for selected transport")
+ }
- gateways, err := b.bonafide.GetGateways(b.transport)
+ gw := gateways[0]
+ proxy, err := b.startTransport(gw.Host)
if err != nil {
return err
}
+ b.ptGateway = gw
+
err = b.launch.firewallStart(gateways)
if err != nil {
return err
@@ -145,14 +161,16 @@ func (b *Bitmask) startOpenVPN() error {
proxyArgs := strings.Split(proxy, ":")
arg = append(arg, "--remote", proxyArgs[0], proxyArgs[1], "tcp4")
+ arg = append(arg, "--route", gw.IPAddress, "255.255.255.255", "net_gateway")
}
arg = append(arg,
- "--verb", "1",
+ "--verb", "3",
"--management-client",
"--management", openvpnManagementAddr, openvpnManagementPort,
"--ca", b.getCaCertPath(),
"--cert", b.certPemPath,
- "--key", b.certPemPath)
+ "--key", b.certPemPath,
+ "--persist-tun")
return b.launch.openvpnStart(arg...)
}
diff --git a/pkg/vpn/status.go b/pkg/vpn/status.go
index 647cf27..0b04c3b 100644
--- a/pkg/vpn/status.go
+++ b/pkg/vpn/status.go
@@ -74,12 +74,17 @@ func (b *Bitmask) eventHandler(eventCh <-chan openvpn.Event) {
}
if statusName == "CONNECTED" {
ip := strings.Split(stateEvent.String(), ": ")[1]
- gw, err := b.bonafide.GetGatewayByIP(ip)
- if err == nil {
- b.onGateway = gw
- log.Println("Connected to gateway:", b.onGateway.Host)
+ if ip == "127.0.0.1" {
+ // we're using pluggable transports
+ b.onGateway = b.ptGateway
} else {
- log.Println("ERROR: connected to unknown gateway", ip)
+ gw, err := b.bonafide.GetGatewayByIP(ip)
+ if err == nil {
+ b.onGateway = gw
+ log.Println("Connected to gateway:", b.onGateway.Host)
+ } else {
+ log.Println("ERROR: connected to unknown gateway", ip)
+ }
}
}
}