summaryrefslogtreecommitdiff
path: root/src/leap/bitmask/vpn
diff options
context:
space:
mode:
authorKali Kaneko <kali@leap.se>2017-08-24 01:31:23 -0400
committerKali Kaneko <kali@leap.se>2017-08-30 16:18:06 -0400
commit116af66d410ee3a4ee69a8fa25c6036ed1c2411f (patch)
tree189771e66ca4ef0d62096d14eb6638e6fd05eec2 /src/leap/bitmask/vpn
parent34d59f070d13ec2ac09c07cc7e0ec6a5d559fef9 (diff)
[refactor] restart by allowing to send SIGUSR1 to openvpn process
by properly allowing openvpn to restart when receiving SIGUSR1, we can reserve the hard process restarts for cases in which the process is aborted. this depends on bitmask-root adding --persist-tun and --persist-key as mandatory/allowed parameters.
Diffstat (limited to 'src/leap/bitmask/vpn')
-rwxr-xr-xsrc/leap/bitmask/vpn/helpers/linux/bitmask-root9
-rw-r--r--src/leap/bitmask/vpn/process.py3
-rw-r--r--src/leap/bitmask/vpn/tunnel.py22
3 files changed, 19 insertions, 15 deletions
diff --git a/src/leap/bitmask/vpn/helpers/linux/bitmask-root b/src/leap/bitmask/vpn/helpers/linux/bitmask-root
index 80ac12e..cad082b 100755
--- a/src/leap/bitmask/vpn/helpers/linux/bitmask-root
+++ b/src/leap/bitmask/vpn/helpers/linux/bitmask-root
@@ -73,7 +73,7 @@ def get_no_group_name():
return None
-VERSION = "6"
+VERSION = "7"
SCRIPT = "bitmask-root"
NAMESERVER = "10.42.0.1"
BITMASK_CHAIN = "bitmask"
@@ -105,7 +105,8 @@ FIXED_FLAGS = [
"--management-signal",
"--script-security", "1",
"--user", "nobody",
- "--remap-usr1", "SIGTERM",
+ "--persist-key",
+ "--persist-tun",
]
if OPENVPN_GROUP is not None:
@@ -121,7 +122,8 @@ ALLOWED_FLAGS = {
"--cert": ["FILE"],
"--key": ["FILE"],
"--ca": ["FILE"],
- "--fragment": ["NUMBER"]
+ "--fragment": ["NUMBER"],
+ "--keepalive": ["NUMBER", "NUMBER"],
}
PARAM_FORMATS = {
@@ -964,6 +966,7 @@ def main():
else:
bail("ERROR: No such command")
+
if __name__ == "__main__":
debug(" ".join(sys.argv))
main()
diff --git a/src/leap/bitmask/vpn/process.py b/src/leap/bitmask/vpn/process.py
index 19115d6..b9c8456 100644
--- a/src/leap/bitmask/vpn/process.py
+++ b/src/leap/bitmask/vpn/process.py
@@ -252,7 +252,8 @@ class _VPNProcess(protocol.ProcessProtocol):
# shutdown
def terminate(self):
- self.proto.signal('SIGTERM')
+ if self.proto:
+ self.proto.signal('SIGTERM')
def kill(self):
try:
diff --git a/src/leap/bitmask/vpn/tunnel.py b/src/leap/bitmask/vpn/tunnel.py
index d9a8be3..7c2274a 100644
--- a/src/leap/bitmask/vpn/tunnel.py
+++ b/src/leap/bitmask/vpn/tunnel.py
@@ -31,8 +31,6 @@ from .process import VPNProcess
# TODO ----------------- refactor --------------------
-# [ ] register change state listener
-# emit_async(catalog.VPN_STATUS_CHANGED)
# [ ] catch ping-restart
# 'NETWORK_UNREACHABLE': (
# 'Network is unreachable (code=101)',),
@@ -40,6 +38,8 @@ from .process import VPNProcess
# "SIGTERM[soft,tls-error]",),
# TODO ----------------- refactor --------------------
+RESTART_WAIT = 2 # in secs
+
class ConfiguredTunnel(object):
@@ -82,8 +82,8 @@ class ConfiguredTunnel(object):
defer.returnValue(started)
@defer.inlineCallbacks
- def stop(self):
- stopped = yield self._stop_vpn(restart=False)
+ def stop(self, restart=False):
+ stopped = yield self._stop_vpn(restart=restart)
defer.returnValue(stopped)
# status
@@ -110,14 +110,14 @@ class ConfiguredTunnel(object):
vpnproc = VPNProcess(*args, **kwargs)
self._vpnproc = vpnproc
- self.__start_pre_up(vpnproc)
- cmd = self.__start_get_cmd(vpnproc)
-
- running = yield self.__start_spawn_proc(vpnproc, cmd)
- if running:
+ try:
+ self.__start_pre_up(vpnproc)
+ cmd = self.__start_get_cmd(vpnproc)
+ running = yield self.__start_spawn_proc(vpnproc, cmd)
vpnproc.pid = running.pid
defer.returnValue(True)
- else:
+ except Exception:
+ # TODO need to propagate the error message properly.
defer.returnValue(False)
def __start_pre_up(self, proc):
@@ -150,7 +150,7 @@ class ConfiguredTunnel(object):
def _restart_vpn(self):
yield self.stop(restart=True)
reactor.callLater(
- self.RESTART_WAIT, self.start)
+ RESTART_WAIT, self.start)
@defer.inlineCallbacks
def _stop_vpn(self, restart=False):