OPENVPN_AUTH variable, refers to #94

.github/workflows/misspell.yml

@@ -1,34 +1,16 @@
 name: Misspells
 on:
-  push:
-    branches:
-      - master
   pull_request:
-    branches:
+    branches: [master]
-      - master
+  push:
+    branches: [master]
 jobs:
   misspell:
     runs-on: ubuntu-latest
     steps:
-      - name: Checkout on push
+      - uses: actions/checkout@v2
-        if: github.event_name == 'push'
+      - uses: reviewdog/action-misspell@v1
-        uses: actions/checkout@v2
-      - name: Checkout on pull_request
-        if: github.event_name == 'pull_request'
-        uses: actions/checkout@v2
-        with:
-          ref: ${{ github.event.pull_request.head.sha }}
-      - name: reviewdog fixer
-        uses: reviewdog/action-misspell@v1
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
           locale: "US"
-      - name: sobolevn fixer
+          level: error
-        uses: sobolevn/misspell-fixer-action@master
-      - uses: peter-evans/create-pull-request@v2.4.4
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-          commit-message: 'Typos fixes'
-          title: "Typos fixes"
-          branch: typos
-          branch-suffix: timestamp

Dockerfile

@@ -40,6 +40,8 @@ ENV VPNSP=pia \
     PASSWORD= \
     REGION="CA Montreal" \
     PIA_ENCRYPTION=strong \
+    OPENVPN_CIPHER= \
+    OPENVPN_AUTH= \
     PORT_FORWARDING=off \
     PORT_FORWARDING_STATUS_FILE="/forwarded_port" \
     # Mullvad only

README.md

@@ -163,6 +163,7 @@ docker run --rm --network=container:pia alpine:3.11 wget -qO- https://ipinfo.io
 | `OPENVPN_ROOT` | `no` | Run OpenVPN as root, `yes` or `no` |
 | `OPENVPN_TARGET_IP` | | Specify a target VPN server IP address to use, valid for Mullvad and Private Internet Access |
 | `OPENVPN_CIPHER` | | Specify a custom cipher to use, use at your own risk. It will also set `ncp-disable` if using AES GCM for PIA |
+| `OPENVPN_AUTH` | | Specify a custom auth algorithm to use (i.e. `sha256`) *for pia only* |
 
 ## Connect to it
 

cmd/main.go

@@ -132,7 +132,7 @@ func main() {
 	case "pia":
 		connections, err = piaConf.GetOpenVPNConnections(allSettings.PIA.Region, allSettings.OpenVPN.NetworkProtocol, allSettings.PIA.Encryption, allSettings.OpenVPN.TargetIP)
 		e.FatalOnError(err)
-		err = piaConf.BuildConf(connections, allSettings.PIA.Encryption, allSettings.OpenVPN.Verbosity, uid, gid, allSettings.OpenVPN.Root, allSettings.OpenVPN.Cipher)
+		err = piaConf.BuildConf(connections, allSettings.PIA.Encryption, allSettings.OpenVPN.Verbosity, uid, gid, allSettings.OpenVPN.Root, allSettings.OpenVPN.Cipher, allSettings.OpenVPN.Auth)
 		e.FatalOnError(err)
 	case "mullvad":
 		connections, err = mullvadConf.GetOpenVPNConnections(allSettings.Mullvad.Country, allSettings.Mullvad.City, allSettings.Mullvad.ISP, allSettings.OpenVPN.NetworkProtocol, allSettings.Mullvad.Port, allSettings.OpenVPN.TargetIP)

docker-compose.yml

@@ -27,6 +27,8 @@ services:
       - PASSWORD=8fd9s239G
       - PIA_ENCRYPTION=strong
       - PORT_FORWARDING=off
+      - OPENVPN_CIPHER=
+      - OPENVPN_AUTH=
 
       # Mullvad only
       - COUNTRY=Sweden

internal/params/openvpn.go

@@ -71,3 +71,10 @@ func (p *paramsReader) GetOpenVPNCipher() (cipher string, err error) {
 	cipher, err = p.envParams.GetEnv("OPENVPN_CIPHER")
 	return strings.ToLower(cipher), err
 }
+
+// GetOpenVPNAuth obtains a custom auth algorithm to use with OpenVPN
+// from the environment variable OPENVPN_AUTH
+func (p *paramsReader) GetOpenVPNAuth() (auth string, err error) {
+	auth, err = p.envParams.GetEnv("OPENVPN_AUTH")
+	return strings.ToLower(auth), err
+}

internal/params/params.go

@@ -39,6 +39,7 @@ type ParamsReader interface {
 	GetOpenVPNRoot() (root bool, err error)
 	GetTargetIP() (ip net.IP, err error)
 	GetOpenVPNCipher() (cipher string, err error)
+	GetOpenVPNAuth() (auth string, err error)
 
 	// PIA getters
 	GetPortForwarding() (activated bool, err error)

internal/pia/conf.go

@@ -66,20 +66,24 @@ func (c *configurator) GetOpenVPNConnections(region models.PIARegion, protocol m
 	return connections, nil
 }
 
-func (c *configurator) BuildConf(connections []models.OpenVPNConnection, encryption models.PIAEncryption, verbosity, uid, gid int, root bool, cipher string) (err error) {
+func (c *configurator) BuildConf(connections []models.OpenVPNConnection, encryption models.PIAEncryption, verbosity, uid, gid int, root bool, cipher, auth string) (err error) {
-	var X509CRL, certificate, authAlgo string
+	var X509CRL, certificate string
 	if encryption == constants.PIAEncryptionNormal {
 		if len(cipher) == 0 {
 			cipher = "aes-128-cbc"
 		}
-		authAlgo = "sha1"
+		if len(auth) == 0 {
+			auth = "sha1"
+		}
 		X509CRL = constants.PIAX509CRL_NORMAL
 		certificate = constants.PIACertificate_NORMAL
 	} else { // strong encryption
 		if len(cipher) == 0 {
 			cipher = "aes-256-cbc"
 		}
-		authAlgo = "sha256"
+		if len(auth) == 0 {
+			auth = "sha256"
+		}
 		X509CRL = constants.PIAX509CRL_STRONG
 		certificate = constants.PIACertificate_STRONG
 	}
@@ -109,7 +113,7 @@ func (c *configurator) BuildConf(connections []models.OpenVPNConnection, encrypt
 		fmt.Sprintf("auth-user-pass %s", constants.OpenVPNAuthConf),
 		fmt.Sprintf("proto %s", string(connections[0].Protocol)),
 		fmt.Sprintf("cipher %s", cipher),
-		fmt.Sprintf("auth %s", authAlgo),
+		fmt.Sprintf("auth %s", auth),
 	}
 	if strings.HasSuffix(cipher, "-gcm") {
 		lines = append(lines, "ncp-disable")

internal/pia/pia.go

@@ -18,7 +18,7 @@ const logPrefix = "PIA configurator"
 type Configurator interface {
 	GetOpenVPNConnections(region models.PIARegion, protocol models.NetworkProtocol,
 		encryption models.PIAEncryption, targetIP net.IP) (connections []models.OpenVPNConnection, err error)
-	BuildConf(connections []models.OpenVPNConnection, encryption models.PIAEncryption, verbosity, uid, gid int, root bool, cipher string) (err error)
+	BuildConf(connections []models.OpenVPNConnection, encryption models.PIAEncryption, verbosity, uid, gid int, root bool, cipher, auth string) (err error)
 	GetPortForward() (port uint16, err error)
 	WritePortForward(filepath models.Filepath, port uint16) (err error)
 	AllowPortForwardFirewall(device models.VPNDevice, port uint16) (err error)

internal/settings/openvpn.go

@@ -16,6 +16,7 @@ type OpenVPN struct {
 	Root            bool
 	TargetIP        net.IP
 	Cipher          string
+	Auth            string
 }
 
 // GetOpenVPNSettings obtains the OpenVPN settings using the params functions
@@ -40,6 +41,10 @@ func GetOpenVPNSettings(params params.ParamsReader) (settings OpenVPN, err error
 	if err != nil {
 		return settings, err
 	}
+	settings.Auth, err = params.GetOpenVPNAuth()
+	if err != nil {
+		return settings, err
+	}
 	return settings, nil
 }
 
@@ -55,6 +60,7 @@ func (o *OpenVPN) String() string {
 		"Run as root: " + runAsRoot,
 		"Target IP address: " + o.TargetIP.String(),
 		"Custom cipher: " + o.Cipher,
+		"Custom auth algorithm: " + o.Auth,
 	}
 	return strings.Join(settingsList, "\n|--")
 }

internal/settings/settings.go

@@ -57,6 +57,11 @@ func GetAllSettings(params params.ParamsReader) (settings Settings, err error) {
 		default:
 			return settings, fmt.Errorf("cipher %q is not supported by Private Internet Access", settings.OpenVPN.Cipher)
 		}
+		switch settings.OpenVPN.Auth {
+		case "", "sha1", "sha256":
+		default:
+			return settings, fmt.Errorf("auth algorithm %q is not supported by Private Internet Access", settings.OpenVPN.Auth)
+		}
 		settings.PIA, err = GetPIASettings(params)
 	case "mullvad":
 		switch settings.OpenVPN.Cipher {
@@ -64,6 +69,11 @@ func GetAllSettings(params params.ParamsReader) (settings Settings, err error) {
 		default:
 			return settings, fmt.Errorf("cipher %q is not supported by Mullvad", settings.OpenVPN.Cipher)
 		}
+		switch settings.OpenVPN.Auth {
+		case "":
+		default:
+			return settings, fmt.Errorf("auth algorithm %q is not supported by Mullvad (not using auth at all)", settings.OpenVPN.Auth)
+		}
 		settings.Mullvad, err = GetMullvadSettings(params)
 	default:
 		return settings, fmt.Errorf("VPN service provider %q is not valid", settings.VPNSP)