chore(internal/providers): simplify OpenVPN config building

2022-04-25 07:57:45 +00:00
parent 4bde50fb3a
commit 7ff14a356c
27 changed files with 596 additions and 1438 deletions
--- a/internal/provider/privateinternetaccess/openvpnconf.go
+++ b/internal/provider/privateinternetaccess/openvpnconf.go
@@ -1,8 +1,6 @@
 package privateinternetaccess

 import (
-	"strconv"
-
 	"github.com/qdm12/gluetun/internal/configuration/settings"
 	"github.com/qdm12/gluetun/internal/constants"
 	"github.com/qdm12/gluetun/internal/models"
@@ -10,87 +8,30 @@ import (
 )

 func (p *PIA) BuildConf(connection models.Connection,
-	settings settings.OpenVPN) (lines []string, err error) {
-	var defaultCipher, defaultAuth, X509CRL, certificate string
+	settings settings.OpenVPN) (lines []string) {
+	providerSettings := utils.OpenVPNProviderSettings{
+		RemoteCertTLS: true,
+		RenegDisabled: true,
+		AuthUserPass:  true,
+	}
+
 	switch *settings.PIAEncPreset {
 	case constants.PIAEncryptionPresetNormal:
-		defaultCipher = constants.AES128cbc
-		defaultAuth = constants.SHA1
-		X509CRL = constants.PiaX509CRLNormal
-		certificate = constants.PiaCANormal
+		providerSettings.Ciphers = []string{constants.AES128cbc}
+		providerSettings.Auth = constants.SHA1
+		providerSettings.CRLVerify = constants.PiaX509CRLNormal
+		providerSettings.CA = constants.PiaCANormal
 	case constants.PIAEncryptionPresetNone:
-		defaultCipher = "none"
-		defaultAuth = "none"
-		X509CRL = constants.PiaX509CRLNormal
-		certificate = constants.PiaCANormal
+		providerSettings.Ciphers = []string{"none"}
+		providerSettings.Auth = "none"
+		providerSettings.CRLVerify = constants.PiaX509CRLNormal
+		providerSettings.CA = constants.PiaCANormal
 	default: // strong
-		defaultCipher = constants.AES256cbc
-		defaultAuth = constants.SHA256
-		X509CRL = constants.PiaX509CRLStrong
-		certificate = constants.PiaCAStrong
+		providerSettings.Ciphers = []string{constants.AES256cbc}
+		providerSettings.Auth = constants.SHA256
+		providerSettings.CRLVerify = constants.PiaX509CRLStrong
+		providerSettings.CA = constants.PiaCAStrong
 	}

-	if len(settings.Ciphers) == 0 {
-		settings.Ciphers = []string{defaultCipher}
-	}
-
-	auth := *settings.Auth
-	if auth == "" {
-		auth = defaultAuth
-	}
-
-	lines = []string{
-		"client",
-		"nobind",
-		"tls-exit",
-		"dev " + settings.Interface,
-		"verb " + strconv.Itoa(*settings.Verbosity),
-
-		// PIA specific
-		"remote-cert-tls server",
-		"reneg-sec 0",
-		"auth-user-pass " + constants.OpenVPNAuthConf,
-		"auth " + auth,
-
-		// Added constant values
-		"auth-nocache",
-		"mute-replay-warnings",
-		"pull-filter ignore \"auth-token\"", // prevent auth failed loops
-		"auth-retry nointeract",
-		"suppress-timestamps",
-
-		// Connection variables
-		connection.OpenVPNProtoLine(),
-		connection.OpenVPNRemoteLine(),
-	}
-
-	if len(settings.Ciphers) > 0 {
-		lines = append(lines, utils.CipherLines(settings.Ciphers, settings.Version)...)
-	}
-
-	if connection.Protocol == constants.UDP {
-		lines = append(lines, "explicit-exit-notify")
-	}
-
-	if settings.ProcessUser != "root" {
-		lines = append(lines, "user "+settings.ProcessUser)
-		lines = append(lines, "persist-tun")
-		lines = append(lines, "persist-key")
-	}
-
-	if *settings.MSSFix > 0 {
-		lines = append(lines, "mssfix "+strconv.Itoa(int(*settings.MSSFix)))
-	}
-
-	if !*settings.IPv6 {
-		lines = append(lines, `pull-filter ignore "route-ipv6"`)
-		lines = append(lines, `pull-filter ignore "ifconfig-ipv6"`)
-	}
-
-	lines = append(lines, utils.WrapOpenvpnCA(certificate)...)
-	lines = append(lines, utils.WrapOpenvpnCRLVerify(X509CRL)...)
-
-	lines = append(lines, "")
-
-	return lines, nil
+	return utils.OpenVPNConfig(providerSettings, connection, settings)
 }