summaryrefslogtreecommitdiff
path: root/src/leap/bitmask/vpn/tunnel.py
diff options
context:
space:
mode:
Diffstat (limited to 'src/leap/bitmask/vpn/tunnel.py')
-rw-r--r--src/leap/bitmask/vpn/tunnel.py114
1 files changed, 114 insertions, 0 deletions
diff --git a/src/leap/bitmask/vpn/tunnel.py b/src/leap/bitmask/vpn/tunnel.py
new file mode 100644
index 0000000..4236edf
--- /dev/null
+++ b/src/leap/bitmask/vpn/tunnel.py
@@ -0,0 +1,114 @@
+# -*- coding: utf-8 -*-
+# manager.py
+# Copyright (C) 2015 LEAP
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+"""
+VPN Tunnel.
+"""
+
+import os
+import tempfile
+
+from ._control import VPNControl
+from ._config import _TempVPNConfig, _TempProviderConfig
+from .constants import IS_WIN
+
+
+# TODO refactor - this class is still a very light proxy around the
+# underlying VPNControl. The main methods here are start/stop, so this
+# looks like it could better use the Service interface.
+# TODO gateway selection should be done in this class.
+# TODO DO NOT pass VPNConfig/ProviderConfig beyond this class.
+# TODO split sync/async vpn control mechanisms.
+
+
+class VPNTunnel(object):
+
+ """
+ A VPN Tunnel holds the configuration for a VPN connection, and allows to
+ control that connection.
+ """
+
+ def __init__(self, provider, remotes, cert_path, key_path, ca_path,
+ extra_flags):
+ """
+ :param remotes: a list of gateways tuple (ip, port) looking like this:
+ ((ip1, portA), (ip2, portB), ...)
+ :type remotes: tuple of tuple(str, int)
+ """
+ # TODO we can set all the needed ports, gateways and paths in here
+ # TODO need gateways here
+ # sorting them doesn't belong in here
+ # gateways = ((ip1, portA), (ip2, portB), ...)
+
+ ports = []
+
+ self._remotes = remotes
+
+ self._vpnconfig = _TempVPNConfig(extra_flags, cert_path, ports)
+ self._providerconfig = _TempProviderConfig(provider, ca_path)
+
+ host, port = self._get_management_location()
+
+ self._vpn = VPNControl(remotes=remotes,
+ vpnconfig=self._vpnconfig,
+ providerconfig=self._providerconfig,
+ socket_host=host, socket_port=port)
+
+ def start(self):
+ """
+ Start the VPN process.
+ """
+ result = self._vpn.start()
+ return result
+
+ def stop(self):
+ """
+ Bring openvpn down using the privileged wrapper.
+
+ :returns: True if succeeded, False otherwise.
+ :rtype: bool
+ """
+ # TODO how to return False if this fails
+ result = self._vpn.stop(False, False) # TODO review params
+ return result
+
+ @property
+ def status(self):
+ return self._vpn.status
+
+ @property
+ def traffic_status(self):
+ return self._vpn.traffic_status
+
+ def _get_management_location(self):
+ """
+ Return a tuple with the host (socket) and port to be used for VPN.
+
+ :return: (host, port)
+ :rtype: tuple (str, str)
+ """
+ if IS_WIN:
+ host = "localhost"
+ port = "9876"
+ else:
+ # XXX cleanup this on exit too
+ # XXX atexit.register ?
+ host = os.path.join(tempfile.mkdtemp(prefix="leap-tmp"),
+ 'openvpn.socket')
+ port = "unix"
+
+ return host, port