Feat: specify Openvpn flags with OPENVPN_FLAGS

Dockerfile

@@ -73,6 +73,7 @@ ENV VPNSP=pia \
     PROTOCOL=udp \
     OPENVPN_VERSION=2.5 \
     OPENVPN_VERBOSITY=1 \
+    OPENVPN_FLAGS= \
     OPENVPN_ROOT=yes \
     OPENVPN_TARGET_IP= \
     OPENVPN_IPV6=off \

internal/configuration/openvpn.go

@@ -15,6 +15,7 @@ type OpenVPN struct {
 	User      string   `json:"user"`
 	Password  string   `json:"password"`
 	Verbosity int      `json:"verbosity"`
+	Flags     []string `json:"flags"`
 	MSSFix    uint16   `json:"mssfix"`
 	Root      bool     `json:"run_as_root"`
 	Cipher    string   `json:"cipher"`
@@ -35,6 +36,10 @@ func (settings *OpenVPN) lines() (lines []string) {
 
 	lines = append(lines, indent+lastIndent+"Verbosity level: "+strconv.Itoa(settings.Verbosity))
 
+	if len(settings.Flags) > 0 {
+		lines = append(lines, indent+lastIndent+"Flags: "+strings.Join(settings.Flags, " "))
+	}
+
 	if settings.Root {
 		lines = append(lines, indent+lastIndent+"Run as root: enabled")
 	}
@@ -120,6 +125,15 @@ func (settings *OpenVPN) read(r reader) (err error) {
 		return err
 	}
 
+	settings.Flags = []string{}
+	flagsStr, err := r.env.Get("OPENVPN_FLAGS")
+	if err != nil {
+		return err
+	}
+	if flagsStr != "" {
+		settings.Flags = strings.Fields(flagsStr)
+	}
+
 	settings.Root, err = r.env.YesNo("OPENVPN_ROOT", params.Default("yes"))
 	if err != nil {
 		return err

internal/configuration/openvpn_test.go

@@ -11,7 +11,8 @@ import (
 func Test_OpenVPN_JSON(t *testing.T) {
 	t.Parallel()
 	in := OpenVPN{
-		Root: true,
+		Root:  true,
+		Flags: []string{},
 		Provider: Provider{
 			Name: "name",
 		},
@@ -22,6 +23,7 @@ func Test_OpenVPN_JSON(t *testing.T) {
   "user": "",
   "password": "",
   "verbosity": 0,
+  "flags": [],
   "mssfix": 0,
   "run_as_root": true,
   "cipher": "",

internal/openvpn/command.go

@@ -18,7 +18,7 @@ const (
 	binOpenvpn25 = "openvpn"
 )
 
-func (c *configurator) Start(ctx context.Context, version string) (
+func (c *configurator) Start(ctx context.Context, version string, flags []string) (
 	stdoutLines, stderrLines chan string, waitError chan error, err error) {
 	var bin string
 	switch version {
@@ -32,7 +32,9 @@ func (c *configurator) Start(ctx context.Context, version string) (
 
 	c.logger.Info("starting OpenVPN " + version)
 
-	cmd := exec.CommandContext(ctx, bin, "--config", constants.OpenVPNConf)
+	args := []string{"--config", constants.OpenVPNConf}
+	args = append(args, flags...)
+	cmd := exec.CommandContext(ctx, bin, args...)
 	cmd.SysProcAttr = &syscall.SysProcAttr{Setpgid: true}
 
 	return c.commander.Start(cmd)

internal/openvpn/loop.go

@@ -169,7 +169,8 @@ func (l *looper) Run(ctx context.Context, done chan<- struct{}) {
 
 		openvpnCtx, openvpnCancel := context.WithCancel(context.Background())
 
-		stdoutLines, stderrLines, waitError, err := l.conf.Start(openvpnCtx, settings.Version)
+		stdoutLines, stderrLines, waitError, err := l.conf.Start(
+			openvpnCtx, settings.Version, settings.Flags)
 		if err != nil {
 			openvpnCancel()
 			l.signalOrSetStatus(constants.Crashed)

internal/openvpn/openvpn.go

@@ -17,7 +17,7 @@ type Configurator interface {
 	WriteAuthFile(user, password string, puid, pgid int) error
 	CheckTUN() error
 	CreateTUN() error
-	Start(ctx context.Context, version string) (
+	Start(ctx context.Context, version string, flags []string) (
 		stdoutLines, stderrLines chan string, waitError chan error, err error)
 }