diff options
Diffstat (limited to 'pkg/standalone/vpn.go')
| -rw-r--r-- | pkg/standalone/vpn.go | 106 |
1 files changed, 97 insertions, 9 deletions
diff --git a/pkg/standalone/vpn.go b/pkg/standalone/vpn.go index 260eec1..e593f59 100644 --- a/pkg/standalone/vpn.go +++ b/pkg/standalone/vpn.go @@ -16,9 +16,15 @@ package standalone import ( + "fmt" "io/ioutil" + "log" "os" "path" + "strconv" + "strings" + + "0xacab.org/leap/shapeshifter" ) const ( @@ -28,26 +34,95 @@ const ( // StartVPN for provider func (b *Bitmask) StartVPN(provider string) error { - gateways, err := b.bonafide.GetGateways("openvpn") - if err != nil { - return err + var proxy string + if b.transport != "" { + var err error + proxy, err = b.startTransport() + if err != nil { + return err + } } - certPemPath, err := b.getCert() + + return b.startOpenVPN(proxy) +} + +func (b *Bitmask) startTransport() (proxy string, err error) { + proxy = "127.0.0.1:4430" + if b.shapes != nil { + return proxy, nil + } + + gateways, err := b.bonafide.GetGateways(b.transport) if err != nil { - return err + return "", err + } + if len(gateways) == 0 { + log.Printf("No gateway for transport %s in provider", b.transport) + return "", nil + } + + for _, gw := range gateways { + if _, ok := gw.Options["cert"]; !ok { + continue + } + b.shapes = &shapeshifter.ShapeShifter{ + Cert: gw.Options["cert"], + Target: gw.IPAddress + ":" + gw.Ports[0], + SocksAddr: proxy, + } + if iatMode, ok := gw.Options["iat-mode"]; ok { + b.shapes.IatMode, err = strconv.Atoi(iatMode) + if err != nil { + b.shapes.IatMode = 0 + } + } + err = b.shapes.Open() + if err != nil { + log.Printf("Can't connect to transport %s: %v", b.transport, err) + continue + } + return proxy, nil } + return "", fmt.Errorf("No working gateway for transport %s: %v", b.transport, err) +} - err = b.launch.firewallStart(gateways) +func (b *Bitmask) startOpenVPN(proxy string) error { + certPemPath, err := b.getCert() if err != nil { return err } - arg, err := b.bonafide.GetOpenvpnArgs() if err != nil { return err } - for _, gw := range gateways { - arg = append(arg, "--remote", gw.IPAddress, "443", "tcp4") + + if proxy == "" { + gateways, err := b.bonafide.GetGateways("openvpn") + if err != nil { + return err + } + err = b.launch.firewallStart(gateways) + if err != nil { + return err + } + + for _, gw := range gateways { + for _, port := range gw.Ports { + arg = append(arg, "--remote", gw.IPAddress, port, "tcp4") + } + } + } else { + gateways, err := b.bonafide.GetGateways(b.transport) + if err != nil { + return err + } + err = b.launch.firewallStart(gateways) + if err != nil { + return err + } + + proxyArgs := strings.Split(proxy, ":") + arg = append(arg, "--remote", proxyArgs[0], proxyArgs[1], "tcp4") } arg = append(arg, "--verb", "1", @@ -79,6 +154,10 @@ func (b *Bitmask) StopVPN() error { if err != nil { return err } + if b.shapes != nil { + b.shapes.Close() + b.shapes = nil + } return b.launch.openvpnStop() } @@ -146,6 +225,15 @@ func (b *Bitmask) UseGateway(name string) error { return nil } +// UseTransport selects an obfuscation transport to use +func (b *Bitmask) UseTransport(transport string) error { + if transport != "obfs4" { + return fmt.Errorf("Transport %s not implemented", transport) + } + b.transport = transport + return nil +} + func (b *Bitmask) getCertPemPath() string { return path.Join(b.tempdir, "openvpn.pem") } |