summaryrefslogtreecommitdiff
path: root/src/leap/services/eip
diff options
context:
space:
mode:
Diffstat (limited to 'src/leap/services/eip')
-rw-r--r--src/leap/services/eip/eipconfig.py33
-rw-r--r--src/leap/services/eip/vpnlaunchers.py24
-rw-r--r--src/leap/services/eip/vpnprocess.py28
3 files changed, 53 insertions, 32 deletions
diff --git a/src/leap/services/eip/eipconfig.py b/src/leap/services/eip/eipconfig.py
index f7d03963..a85fe64a 100644
--- a/src/leap/services/eip/eipconfig.py
+++ b/src/leap/services/eip/eipconfig.py
@@ -52,33 +52,32 @@ class VPNGatewaySelector(object):
self._set_local_offset()
self._eipconfig = eipconfig
- def _get_best_gateway(self):
+ def get_gateways(self):
"""
- Returns index of the closest gateway, using timezones offsets.
+ Returns the 4 best gateways, sorted by timezone proximity.
- :rtype: int
+ :rtype: list of IPv4Address or IPv6Address object.
"""
- best_gateway = (-1, 99) # gateway, distance
+ gateways_timezones = []
locations = self._eipconfig.get_locations()
gateways = self._eipconfig.get_gateways()
+
for idx, gateway in enumerate(gateways):
- gateway_offset = int(locations[gateway['location']]['timezone'])
- gateway_distance = self._get_timezone_distance(gateway_offset)
- if gateway_distance < best_gateway[1]:
- best_gateway = (idx, gateway_distance)
+ gateway_location = gateway.get('location')
+ gateway_distance = 99 # if hasn't location -> should go last
- return best_gateway[0]
+ if gateway_location is not None:
+ gw_offset = int(locations[gateway['location']]['timezone'])
+ gateway_distance = self._get_timezone_distance(gw_offset)
- def get_best_gateway_ip(self):
- """
- Returns the ip of the best possible gateway.
+ ip = self._eipconfig.get_gateway_ip(idx)
+ gateways_timezones.append((ip, gateway_distance))
- :rtype: An IPv4Address or IPv6Address object.
- """
- best_gateway = self._get_best_gateway()
- gateway_ip = self._eipconfig.get_gateway_ip(best_gateway)
+ gateways_timezones = sorted(gateways_timezones,
+ key=lambda gw: gw[1])[:4]
- return gateway_ip
+ gateways = [ip for ip, dist in gateways_timezones]
+ return gateways
def _get_timezone_distance(self, offset):
'''
diff --git a/src/leap/services/eip/vpnlaunchers.py b/src/leap/services/eip/vpnlaunchers.py
index 436072d2..af77c146 100644
--- a/src/leap/services/eip/vpnlaunchers.py
+++ b/src/leap/services/eip/vpnlaunchers.py
@@ -321,16 +321,18 @@ class LinuxVPNLauncher(VPNLauncher):
# TODO: handle verbosity
gateway_selector = VPNGatewaySelector(eipconfig)
- gateway_ip = gateway_selector.get_best_gateway_ip()
+ gateways = gateway_selector.get_gateways()
- logger.debug("Using gateway ip %s" % (gateway_ip,))
+ logger.debug("Using gateways ips: {}".format(', '.join(gateways)))
+
+ for gw in gateways:
+ args += ['--remote', gw, '1194', 'udp']
args += [
'--client',
'--dev', 'tun',
'--persist-tun',
'--persist-key',
- '--remote', gateway_ip, '1194', 'udp',
'--tls-client',
'--remote-cert-tls',
'server'
@@ -474,16 +476,18 @@ class DarwinVPNLauncher(VPNLauncher):
# TODO: handle verbosity
gateway_selector = VPNGatewaySelector(eipconfig)
- gateway_ip = gateway_selector.get_best_gateway_ip()
+ gateways = gateway_selector.get_gateways()
+
+ logger.debug("Using gateways ips: {}".format(', '.join(gateways)))
- logger.debug("Using gateway ip %s" % (gateway_ip,))
+ for gw in gateways:
+ args += ['--remote', gw, '1194', 'udp']
args += [
'--client',
'--dev', 'tun',
'--persist-tun',
'--persist-key',
- '--remote', gateway_ip, '1194', 'udp',
'--tls-client',
'--remote-cert-tls',
'server'
@@ -617,16 +621,18 @@ class WindowsVPNLauncher(VPNLauncher):
# TODO: handle verbosity
gateway_selector = VPNGatewaySelector(eipconfig)
- gateway_ip = gateway_selector.get_best_gateway_ip()
+ gateways = gateway_selector.get_gateways()
+
+ logger.debug("Using gateways ips: {}".format(', '.join(gateways)))
- logger.debug("Using gateway ip %s" % (gateway_ip,))
+ for gw in gateways:
+ args += ['--remote', gw, '1194', 'udp']
args += [
'--client',
'--dev', 'tun',
'--persist-tun',
'--persist-key',
- '--remote', gateway_ip, '1194', 'udp',
'--tls-client',
'--remote-cert-tls',
'server'
diff --git a/src/leap/services/eip/vpnprocess.py b/src/leap/services/eip/vpnprocess.py
index 162dc7f0..f3443533 100644
--- a/src/leap/services/eip/vpnprocess.py
+++ b/src/leap/services/eip/vpnprocess.py
@@ -20,8 +20,8 @@ VPN Manager, spawned in a custom processProtocol.
import logging
import os
import psutil
+import shutil
import socket
-import time
from PySide import QtCore
@@ -143,7 +143,7 @@ class VPN(object):
logger.debug("Process did not died. Sending a SIGKILL.")
self._vpnproc.killProcess()
- def terminate(self):
+ def terminate(self, shutdown=False):
"""
Stops the openvpn subprocess.
@@ -156,15 +156,13 @@ class VPN(object):
# First we try to be polite and send a SIGTERM...
if self._vpnproc:
self._sentterm = True
- self._vpnproc.terminate_openvpn()
+ self._vpnproc.terminate_openvpn(shutdown=shutdown)
# ...but we also trigger a countdown to be unpolite
# if strictly needed.
reactor.callLater(
self.TERMINATE_WAIT, self._kill_if_left_alive)
- # TODO: should also cleanup tempfiles!!!
-
def _start_pollers(self):
"""
Iterate through the registered observers
@@ -482,12 +480,30 @@ class VPNManager(object):
"""
return self._launcher.get_vpn_env(self._providerconfig)
- def terminate_openvpn(self):
+ def terminate_openvpn(self, shutdown=False):
"""
Attempts to terminate openvpn by sending a SIGTERM.
"""
if self.is_connected():
self._send_command("signal SIGTERM")
+ if shutdown:
+ self._cleanup_tempfiles()
+
+ def _cleanup_tempfiles(self):
+ """
+ Remove all temporal files we might have left behind.
+
+ Iif self.port is 'unix', we have created a temporal socket path that,
+ under normal circumstances, we should be able to delete.
+ """
+ if self._socket_port == "unix":
+ logger.debug('cleaning socket file temp folder')
+ tempfolder = os.path.split(self._socket_host)[0] # XXX use `first`
+ if os.path.isdir(tempfolder):
+ try:
+ shutil.rmtree(tempfolder)
+ except OSError:
+ logger.error('could not delete tmpfolder %s' % tempfolder)
# ---------------------------------------------------
# XXX old methods, not adapted to twisted process yet