summaryrefslogtreecommitdiff
path: root/standalone/vpn.go
blob: 44fa768a769d663118fe3b7dc070ec54a1ddaf18 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
// Copyright (C) 2018 LEAP
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program.  If not, see <http://www.gnu.org/licenses/>.

package bitmask

import (
	"path"
	"runtime"
)

const (
	openvpnManagementAddr = "127.0.0.1"
	openvpnManagementPort = "6061"
)

// StartVPN for provider
func (b *Bitmask) StartVPN(provider string) error {
	gateways, err := b.bonafide.getGateways()
	if err != nil {
		return err
	}
	err = b.launch.firewallStart(gateways)
	if err != nil {
		return err
	}

	arg, err := b.bonafide.getOpenvpnArgs()
	if err != nil {
		return err
	}
	for _, gw := range gateways {
		arg = append(arg, "--remote", gw.IPAddress, "443", "tcp4")
	}
	certPemPath := b.getCertPemPath()
	arg = append(arg,
		"--nobind",
		"--verb", "1",
		"--dev", "tun",
		"--client",
		"--tls-client",
		"--remote-cert-tls", "server",
		"--script-security", "1",
		"--management-client",
		"--management", openvpnManagementAddr, openvpnManagementPort,
		"--ca", b.getCaCertPath(),
		"--cert", certPemPath,
		"--key", certPemPath)
	if runtime.GOOS == "windows" {
		arg = append(arg, "--log", `C:\bitmask\openvp.log`)
	}
	return b.launch.openvpnStart(arg...)
}

// StopVPN or cancel
func (b *Bitmask) StopVPN() error {
	err := b.launch.firewallStop()
	if err != nil {
		return err
	}
	return b.launch.openvpnStop()
}

// GetStatus returns the VPN status
func (b *Bitmask) GetStatus() (string, error) {
	status, err := b.getOpenvpnState()
	if err != nil {
		status = Off
	}
	return status, nil
}

// InstallHelpers into the system
func (b *Bitmask) InstallHelpers() error {
	// TODO
	return nil
}

// VPNCheck returns if the helpers are installed and up to date and if polkit is running
func (b *Bitmask) VPNCheck() (helpers bool, priviledge bool, err error) {
	// TODO
	return true, true, nil
}

// ListGateways return the names of the gateways
func (b *Bitmask) ListGateways(provider string) ([]string, error) {
	gateways, err := b.bonafide.getGateways()
	if err != nil {
		return nil, err
	}
	gatewayNames := make([]string, len(gateways))
	for i, gw := range gateways {
		gatewayNames[i] = gw.Location
	}
	return gatewayNames, nil
}

// UseGateway selects name as the default gateway
func (b *Bitmask) UseGateway(name string) error {
	b.bonafide.setDefaultGateway(name)
	return nil
}

func (b *Bitmask) getCertPemPath() string {
	return path.Join(b.tempdir, "openvpn.pem")
}

func (b *Bitmask) getCaCertPath() string {
	return path.Join(b.tempdir, "cacert.pem")
}