internal/provider/vpnunlimited/openvpnconf.go

package vpnunlimited

import (
	"github.com/qdm12/gluetun/internal/configuration/settings"
	"github.com/qdm12/gluetun/internal/models"
	"github.com/qdm12/gluetun/internal/provider/utils"
)

func (p *Provider) OpenVPNConfig(connection models.Connection,
	settings settings.OpenVPN, ipv6Supported bool) (lines []string) {
	providerSettings := utils.OpenVPNProviderSettings{
		RemoteCertTLS: true,
		AuthUserPass:  false,
		Ping:          5, //nolint:gomnd
		RenegDisabled: true,
		CAs:           []string{"MIID7jCCA1CgAwIBAgIQQTT3w3N+5i8OMfe565xaSjAKBggqhkjOPQQDBDCBojELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk5ZMREwDwYDVQQHDAhOZXcgWW9yazEXMBUGA1UECgwOS2VlcFNvbGlkIEluYy4xGjAYBgNVBAsMEUtlZXBTb2xpZCBSb290IENBMRowGAYDVQQDDBFLZWVwU29saWQgUm9vdCBDQTEiMCAGCSqGSIb3DQEJARYTYWRtaW5Aa2VlcHNvbGlkLmNvbTAeFw0yMDA0MDExNjI3MTRaFw0yNTAzMzExNjI3MTRaMIGgMQswCQYDVQQGEwJVUzELMAkGA1UECAwCTlkxETAPBgNVBAcMCE5ldyBZb3JrMRcwFQYDVQQKDA5LZWVwU29saWQgSW5jLjEVMBMGA1UECwwMS2VlcFNvbGlkIENBMR0wGwYDVQQDDBRPcGVuVlBOIFNlcnZlciBTdWJDQTEiMCAGCSqGSIb3DQEJARYTYWRtaW5Aa2VlcHNvbGlkLmNvbTCBmzAQBgcqhkjOPQIBBgUrgQQAIwOBhgAEAR9nmoZUraRSSPUhYwIQBLSx+phJdIlqU7F7Hszh95ivnWYkwuizKLaUYy6lSISDohlUtQl9URBlRrGroVctOGlOAdpL2ARTljw5gmUcaavc5cvLiAV7fPJ7BFUgVxInmaVcaMlDwGgKLxmjU2Fw85VLROHbWQjYc93x/BTSFcYO/np4o4IBIzCCAR8wDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUrUCjH8xe37lJihyzpqjWwxxNOiswgeIGA1UdIwSB2jCB14AU/LRRnTRaEbxct895Pk9DoymNQIqhgaikgaUwgaIxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJOWTERMA8GA1UEBwwITmV3IFlvcmsxFzAVBgNVBAoMDktlZXBTb2xpZCBJbmMuMRowGAYDVQQLDBFLZWVwU29saWQgUm9vdCBDQTEaMBgGA1UEAwwRS2VlcFNvbGlkIFJvb3QgQ0ExIjAgBgkqhkiG9w0BCQEWE2FkbWluQGtlZXBzb2xpZC5jb22CFEssZFYAz8WhYnIDxLeDgKTLD8p2MAsGA1UdDwQEAwIBBjAKBggqhkjOPQQDBAOBiwAwgYcCQgGuK8UNnpE8k8hAamnT9gxCSs5APqrgmdLe6BxYSz7AptpF2/MPzLFsXgj4YxC6vJP8Rs8e3Hw9VJ7DF0aYgu8DvQJBeyFWjRnk8kmu2zEU+wF9fkvN9AJ7v0xF0iEaFVsdPKv6sJQP1sAL+AIepJQ7TYvh9Q9G/WaRCfItCtcOAEz3SKA="}, //nolint:lll
		ExtraLines: []string{
			"route-metric 1",
		},
	}

	// VPN Unlimited's certificate is sha1WithRSAEncryption and sha1 is now
	// rejected by openssl 3.x.x which is used by OpenVPN >= 2.5.
	// We lower the security level to 0 to allow this algorithm,
	// see https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_security_level.html
	providerSettings.TLSCipher = `"DEFAULT:@SECLEVEL=0"`

	return utils.OpenVPNConfig(providerSettings, connection, settings, ipv6Supported)
}
VPN Unlimited support (#499) - Fixes #420 - Revert to docker/build-push-action@v2.4.0 2021-06-20 09:18:03 -07:00			`package vpnunlimited`

			`import (`
chore(settings): refactor settings processing (#756) - Better settings tree structure logged using `qdm12/gotree` - Read settings from environment variables, then files, then secret files - Settings methods to default them, merge them and override them - `DNS_PLAINTEXT_ADDRESS` default changed to `127.0.0.1` to use DoT. Warning added if set to something else. - `HTTPPROXY_LISTENING_ADDRESS` instead of `HTTPPROXY_PORT` (with retro-compatibility) 2022-01-06 06:40:23 -05:00			`"github.com/qdm12/gluetun/internal/configuration/settings"`
VPN Unlimited support (#499) - Fixes #420 - Revert to docker/build-push-action@v2.4.0 2021-06-20 09:18:03 -07:00			`"github.com/qdm12/gluetun/internal/models"`
			`"github.com/qdm12/gluetun/internal/provider/utils"`
			`)`

chore(provider): rename all `BuildConf` to `OpenVPNConfig` 2022-05-27 22:04:14 +00:00			`func (p *Provider) OpenVPNConfig(connection models.Connection,`
feat(vpn): auto detection of IPv6 support - `OPENVPN_IPV6` removed - Affects OpenVPN - Use the same mechanism for OpenVPN and Wireguard - Check only once at program start since this is unlikely to change at runtime - Log if IPv6 is supported - Remove `IPv6` boolean from settings structs - Move IPv6 detection as a method on NetLinker 2022-09-06 12:16:29 +00:00			`settings settings.OpenVPN, ipv6Supported bool) (lines []string) {`
chore(internal/providers): simplify OpenVPN config building 2022-04-25 07:57:45 +00:00			`providerSettings := utils.OpenVPNProviderSettings{`
			`RemoteCertTLS: true,`
			`AuthUserPass: false,`
			`Ping: 5, //nolint:gomnd`
			`RenegDisabled: true,`
chore(openvpn): support multiple CAs in generated config 2023-12-19 18:21:03 +00:00			CAs: []string{"MIID7jCCA1CgAwIBAgIQQTT3w3N+5i8OMfe565xaSjAKBggqhkjOPQQDBDCBojELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk5ZMREwDwYDVQQHDAhOZXcgWW9yazEXMBUGA1UECgwOS2VlcFNvbGlkIEluYy4xGjAYBgNVBAsMEUtlZXBTb2xpZCBSb290IENBMRowGAYDVQQDDBFLZWVwU29saWQgUm9vdCBDQTEiMCAGCSqGSIb3DQEJARYTYWRtaW5Aa2VlcHNvbGlkLmNvbTAeFw0yMDA0MDExNjI3MTRaFw0yNTAzMzExNjI3MTRaMIGgMQswCQYDVQQGEwJVUzELMAkGA1UECAwCTlkxETAPBgNVBAcMCE5ldyBZb3JrMRcwFQYDVQQKDA5LZWVwU29saWQgSW5jLjEVMBMGA1UECwwMS2VlcFNvbGlkIENBMR0wGwYDVQQDDBRPcGVuVlBOIFNlcnZlciBTdWJDQTEiMCAGCSqGSIb3DQEJARYTYWRtaW5Aa2VlcHNvbGlkLmNvbTCBmzAQBgcqhkjOPQIBBgUrgQQAIwOBhgAEAR9nmoZUraRSSPUhYwIQBLSx+phJdIlqU7F7Hszh95ivnWYkwuizKLaUYy6lSISDohlUtQl9URBlRrGroVctOGlOAdpL2ARTljw5gmUcaavc5cvLiAV7fPJ7BFUgVxInmaVcaMlDwGgKLxmjU2Fw85VLROHbWQjYc93x/BTSFcYO/np4o4IBIzCCAR8wDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUrUCjH8xe37lJihyzpqjWwxxNOiswgeIGA1UdIwSB2jCB14AU/LRRnTRaEbxct895Pk9DoymNQIqhgaikgaUwgaIxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJOWTERMA8GA1UEBwwITmV3IFlvcmsxFzAVBgNVBAoMDktlZXBTb2xpZCBJbmMuMRowGAYDVQQLDBFLZWVwU29saWQgUm9vdCBDQTEaMBgGA1UEAwwRS2VlcFNvbGlkIFJvb3QgQ0ExIjAgBgkqhkiG9w0BCQEWE2FkbWluQGtlZXBzb2xpZC5jb22CFEssZFYAz8WhYnIDxLeDgKTLD8p2MAsGA1UdDwQEAwIBBjAKBggqhkjOPQQDBAOBiwAwgYcCQgGuK8UNnpE8k8hAamnT9gxCSs5APqrgmdLe6BxYSz7AptpF2/MPzLFsXgj4YxC6vJP8Rs8e3Hw9VJ7DF0aYgu8DvQJBeyFWjRnk8kmu2zEU+wF9fkvN9AJ7v0xF0iEaFVsdPKv6sJQP1sAL+AIepJQ7TYvh9Q9G/WaRCfItCtcOAEz3SKA="}, //nolint:lll
chore(internal/providers): simplify OpenVPN config building 2022-04-25 07:57:45 +00:00			`ExtraLines: []string{`
			`"route-metric 1",`
			`},`
			`}`
fix(vpnunlimited): lower TLS security level to 0 (#1476) 2023-04-11 14:08:54 +02:00
change(openvpn): Openvpn 2.4 no longer supported 2023-05-21 13:10:38 +00:00			`// VPN Unlimited's certificate is sha1WithRSAEncryption and sha1 is now`
			`// rejected by openssl 3.x.x which is used by OpenVPN >= 2.5.`
			`// We lower the security level to 0 to allow this algorithm,`
			`// see https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_security_level.html`
			providerSettings.TLSCipher = `"DEFAULT:@SECLEVEL=0"`
fix(vpnunlimited): lower TLS security level to 0 (#1476) 2023-04-11 14:08:54 +02:00
feat(vpn): auto detection of IPv6 support - `OPENVPN_IPV6` removed - Affects OpenVPN - Use the same mechanism for OpenVPN and Wireguard - Check only once at program start since this is unlikely to change at runtime - Log if IPv6 is supported - Remove `IPv6` boolean from settings structs - Move IPv6 detection as a method on NetLinker 2022-09-06 12:16:29 +00:00			`return utils.OpenVPNConfig(providerSettings, connection, settings, ipv6Supported)`
VPN Unlimited support (#499) - Fixes #420 - Revert to docker/build-push-action@v2.4.0 2021-06-20 09:18:03 -07:00			`}`