admin/gluetun
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(healthcheck): combination of ICMP and TCP+TLS checks (#2923)

Browse Source 
- New option: `HEALTH_ICMP_TARGET_IP` defaults to `0.0.0.0` meaning use the VPN server public IP address.
- Options removed: `HEALTH_VPN_INITIAL_DURATION` and `HEALTH_VPN_ADDITIONAL_DURATION` - times and retries are handpicked and hardcoded.
- Less aggressive checks and less false positive detection
This commit is contained in:
Quentin McGaw
2025-10-17 01:45:50 +02:00
committed by GitHub
parent 340016521e
commit 85890520ab
25 changed files with 722 additions and 366 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
internal/vpn/openvpn.go
View File

@@ -5,6 +5,7 @@ import (
"fmt"
"github.com/qdm12/gluetun/internal/configuration/settings"
"github.com/qdm12/gluetun/internal/models"
"github.com/qdm12/gluetun/internal/openvpn"
"github.com/qdm12/gluetun/internal/provider"
)
@@ -14,39 +15,38 @@ import (
func setupOpenVPN(ctx context.Context, fw Firewall,
openvpnConf OpenVPN, providerConf provider.Provider,
settings settings.VPN, ipv6Supported bool, starter CmdStarter,
logger openvpn.Logger) (runner *openvpn.Runner, serverName string,
canPortForward bool, err error,
logger openvpn.Logger) (runner *openvpn.Runner, connection models.Connection, err error,
) {
connection, err := providerConf.GetConnection(settings.Provider.ServerSelection, ipv6Supported)
connection, err = providerConf.GetConnection(settings.Provider.ServerSelection, ipv6Supported)
if err != nil {
return nil, "", false, fmt.Errorf("finding a valid server connection: %w", err)
return nil, models.Connection{}, fmt.Errorf("finding a valid server connection: %w", err)
}
lines := providerConf.OpenVPNConfig(connection, settings.OpenVPN, ipv6Supported)
if err := openvpnConf.WriteConfig(lines); err != nil {
return nil, "", false, fmt.Errorf("writing configuration to file: %w", err)
return nil, models.Connection{}, fmt.Errorf("writing configuration to file: %w", err)
}
if *settings.OpenVPN.User != "" {
err := openvpnConf.WriteAuthFile(*settings.OpenVPN.User, *settings.OpenVPN.Password)
if err != nil {
return nil, "", false, fmt.Errorf("writing auth to file: %w", err)
return nil, models.Connection{}, fmt.Errorf("writing auth to file: %w", err)
}
}
if *settings.OpenVPN.KeyPassphrase != "" {
err := openvpnConf.WriteAskPassFile(*settings.OpenVPN.KeyPassphrase)
if err != nil {
return nil, "", false, fmt.Errorf("writing askpass file: %w", err)
return nil, models.Connection{}, fmt.Errorf("writing askpass file: %w", err)
}
}
if err := fw.SetVPNConnection(ctx, connection, settings.OpenVPN.Interface); err != nil {
return nil, "", false, fmt.Errorf("allowing VPN connection through firewall: %w", err)
return nil, models.Connection{}, fmt.Errorf("allowing VPN connection through firewall: %w", err)
}
runner = openvpn.NewRunner(settings.OpenVPN, starter, logger)
return runner, connection.ServerName, connection.PortForward, nil
return runner, connection, nil
}