pass gateways to firewall up

3 files changed, 49 insertions, 20 deletions

diff --git a/src/leap/bitmask/services/eip/linuxvpnlauncher.py b/src/leap/bitmask/services/eip/linuxvpnlauncher.py
index ef670303..e1c8e680 100644
--- a/src/leap/bitmask/services/eip/linuxvpnlauncher.py
+++ b/src/leap/bitmask/services/eip/linuxvpnlauncher.py
@@ -220,6 +220,7 @@ class LinuxVPNLauncher(VPNLauncher):
         # we use `super` in order to send the class to use
         command = super(LinuxVPNLauncher, kls).get_vpn_command(
             eipconfig, providerconfig, socket_host, socket_port, openvpn_verb)
+        command.insert(0, kls.BITMASK_ROOT + "openvpn start")
 
         pkexec = kls.maybe_pkexec()
         if pkexec:
diff --git a/src/leap/bitmask/services/eip/vpnlauncher.py b/src/leap/bitmask/services/eip/vpnlauncher.py
index ab423bcd..c95545a2 100644
--- a/src/leap/bitmask/services/eip/vpnlauncher.py
+++ b/src/leap/bitmask/services/eip/vpnlauncher.py
@@ -107,10 +107,43 @@ class VPNLauncher(object):
 
     @classmethod
     @abstractmethod
+    def get_gateways(kls, eipconfig, providerconfig):
+        """
+        Return the selected gateways for a given provider, looking at the EIP
+        config file.
+
+        :param eipconfig: eip configuration object
+        :type eipconfig: EIPConfig
+
+        :param providerconfig: provider specific configuration
+        :type providerconfig: ProviderConfig
+
+        :rtype: list
+        """
+        gateways = []
+        leap_settings = LeapSettings()
+        domain = providerconfig.get_domain()
+        gateway_conf = leap_settings.get_selected_gateway(domain)
+
+        if gateway_conf == leap_settings.GATEWAY_AUTOMATIC:
+            gateway_selector = VPNGatewaySelector(eipconfig)
+            gateways = gateway_selector.get_gateways()
+        else:
+            gateways = [gateway_conf]
+
+        if not gateways:
+            logger.error('No gateway was found!')
+            raise VPNLauncherException('No gateway was found!')
+
+        logger.debug("Using gateways ips: {0}".format(', '.join(gateways)))
+        return gateways
+
+    @classmethod
+    @abstractmethod
     def get_vpn_command(kls, eipconfig, providerconfig,
                         socket_host, socket_port, openvpn_verb=1):
         """
-        Returns the platform dependant vpn launching command
+        Return the platform-dependant vpn command for launching openvpn.
 
         Might raise:
             OpenVPNNotFoundException,
@@ -154,22 +187,7 @@ class VPNLauncher(object):
         if openvpn_verb is not None:
             args += ['--verb', '%d' % (openvpn_verb,)]
 
-        gateways = []
-        leap_settings = LeapSettings()
-        domain = providerconfig.get_domain()
-        gateway_conf = leap_settings.get_selected_gateway(domain)
-
-        if gateway_conf == leap_settings.GATEWAY_AUTOMATIC:
-            gateway_selector = VPNGatewaySelector(eipconfig)
-            gateways = gateway_selector.get_gateways()
-        else:
-            gateways = [gateway_conf]
-
-        if not gateways:
-            logger.error('No gateway was found!')
-            raise VPNLauncherException('No gateway was found!')
-
-        logger.debug("Using gateways ips: {0}".format(', '.join(gateways)))
+        gateways = kls.get_gateways(providerconfig)
 
         for gw in gateways:
             args += ['--remote', gw, '1194', 'udp']
diff --git a/src/leap/bitmask/services/eip/vpnprocess.py b/src/leap/bitmask/services/eip/vpnprocess.py
index 71a21cdb..cbcdd5c6 100644
--- a/src/leap/bitmask/services/eip/vpnprocess.py
+++ b/src/leap/bitmask/services/eip/vpnprocess.py
@@ -185,7 +185,8 @@ class VPN(object):
 
         # XXX we try to bring the firewall up
         if IS_LINUX:
-            firewall_up = self._launch_firewall()
+            gateways = vpnproc.getGateways()
+            firewall_up = self._launch_firewall(gateways)
             if not firewall_up:
                 logger.error("Could not bring firewall up, "
                              "aborting openvpn launch.")
@@ -208,10 +209,13 @@ class VPN(object):
         self._pollers.extend(poll_list)
         self._start_pollers()
 
-    def _launch_firewall(self):
+    def _launch_firewall(self, gateways):
         """
         Launch the firewall using the privileged wrapper.
 
+        :param gateways:
+        :type gateways: list
+
         :returns: True if the exitcode of calling the root helper in a
                   subprocess is 0.
         :rtype: bool
@@ -223,7 +227,7 @@ class VPN(object):
         # XXX could check that the iptables rules are in place.
 
         BM_ROOT = linuxvpnlauncher.LinuxVPNLauncher.BITMASK_ROOT
-        exitCode = subprocess.call([BM_ROOT, "firewall", "start"])
+        exitCode = subprocess.call([BM_ROOT, "firewall", "start"] + gateways)
         return True if exitCode is 0 else False
 
     def _kill_if_left_alive(self, tries=0):
@@ -861,6 +865,12 @@ class VPNProcess(protocol.ProcessProtocol, VPNManager):
         logger.debug("Running VPN with command: {0}".format(command))
         return command
 
+    def getGateways(self):
+        gateways = self._launcher.get_gateways(
+            self._eipconfig, self._providerconfig)
+        print "getGateways --> ", gateways
+        return gateways
+
     # shutdown
 
     def killProcess(self):