feat(healthcheck): HEALTH_ICMP_TARGET_IP -> HEALTH_ICMP_TARGET_IPS

- Specify fallback ICMP IP addresses - Defaults changed from 1.1.1.1 to 1.1.1.1,8.8.8.8 - Small periodic check cycles through addresses as it fails and moves to retry
2025-11-19 16:00:20 +00:00
parent f9490656eb
commit 9f39d47150
6 changed files with 60 additions and 33 deletions
--- a/internal/configuration/settings/health.go
+++ b/internal/configuration/settings/health.go
@@ -1,6 +1,7 @@
 package settings

 import (
+	"errors"
 	"fmt"
 	"net/netip"
 	"os"
@@ -22,22 +23,38 @@ type Health struct {
 	// Addresses after the first one are used as fallbacks for retries.
 	// It cannot be empty in the internal state.
 	TargetAddresses []string
-	// ICMPTargetIP is the IP address to use for ICMP echo requests
-	// in the health checker. It can be set to an unspecified address (0.0.0.0)
-	// such that the VPN server IP is used, although this can be less reliable.
-	// It defaults to 1.1.1.1, and cannot be left empty (invalid) in the internal state.
-	ICMPTargetIP netip.Addr
+	// ICMPTargetIPs are the IP addresses to use for ICMP echo requests
+	// in the health checker. The slice can be set to a single
+	// unspecified address (0.0.0.0) such that the VPN server IP is used,
+	// although this can be less reliable. It defaults to [1.1.1.1,8.8.8.8],
+	// and cannot be left empty in the internal state.
+	ICMPTargetIPs []netip.Addr
 	// RestartVPN indicates whether to restart the VPN connection
 	// when the healthcheck fails.
 	RestartVPN *bool
 }

+var (
+	ErrICMPTargetIPNotValid       = errors.New("ICMP target IP address is not valid")
+	ErrICMPTargetIPsNotCompatible = errors.New("ICMP target IP addresses are not compatible")
+)
+
 func (h Health) Validate() (err error) {
 	err = validate.ListeningAddress(h.ServerAddress, os.Getuid())
 	if err != nil {
 		return fmt.Errorf("server listening address is not valid: %w", err)
 	}

+	for _, ip := range h.ICMPTargetIPs {
+		switch {
+		case !ip.IsValid():
+			return fmt.Errorf("%w: %s", ErrICMPTargetIPNotValid, ip)
+		case ip.IsUnspecified() && len(h.ICMPTargetIPs) > 1:
+			return fmt.Errorf("%w: only a single IP address must be set if it is to be unspecified",
+				ErrICMPTargetIPsNotCompatible)
+		}
+	}
+
 	return nil
 }

@@ -45,7 +62,7 @@ func (h *Health) copy() (copied Health) {
 	return Health{
 		ServerAddress:   h.ServerAddress,
 		TargetAddresses: h.TargetAddresses,
-		ICMPTargetIP:    h.ICMPTargetIP,
+		ICMPTargetIPs:   gosettings.CopySlice(h.ICMPTargetIPs),
 		RestartVPN:      gosettings.CopyPointer(h.RestartVPN),
 	}
 }
@@ -56,14 +73,17 @@ func (h *Health) copy() (copied Health) {
 func (h *Health) OverrideWith(other Health) {
 	h.ServerAddress = gosettings.OverrideWithComparable(h.ServerAddress, other.ServerAddress)
 	h.TargetAddresses = gosettings.OverrideWithSlice(h.TargetAddresses, other.TargetAddresses)
-	h.ICMPTargetIP = gosettings.OverrideWithComparable(h.ICMPTargetIP, other.ICMPTargetIP)
+	h.ICMPTargetIPs = gosettings.OverrideWithSlice(h.ICMPTargetIPs, other.ICMPTargetIPs)
 	h.RestartVPN = gosettings.OverrideWithPointer(h.RestartVPN, other.RestartVPN)
 }

 func (h *Health) SetDefaults() {
 	h.ServerAddress = gosettings.DefaultComparable(h.ServerAddress, "127.0.0.1:9999")
 	h.TargetAddresses = gosettings.DefaultSlice(h.TargetAddresses, []string{"cloudflare.com:443", "github.com:443"})
-	h.ICMPTargetIP = gosettings.DefaultComparable(h.ICMPTargetIP, netip.AddrFrom4([4]byte{1, 1, 1, 1}))
+	h.ICMPTargetIPs = gosettings.DefaultSlice(h.ICMPTargetIPs, []netip.Addr{
+		netip.AddrFrom4([4]byte{1, 1, 1, 1}),
+		netip.AddrFrom4([4]byte{8, 8, 8, 8}),
+	})
 	h.RestartVPN = gosettings.DefaultPointer(h.RestartVPN, true)
 }

@@ -78,11 +98,14 @@ func (h Health) toLinesNode() (node *gotree.Node) {
 	for _, targetAddr := range h.TargetAddresses {
 		targetAddrs.Append(targetAddr)
 	}
-	icmpTarget := "VPN server IP"
-	if !h.ICMPTargetIP.IsUnspecified() {
-		icmpTarget = h.ICMPTargetIP.String()
+	if len(h.ICMPTargetIPs) == 1 && h.ICMPTargetIPs[0].IsUnspecified() {
+		node.Appendf("ICMP target IP: VPN server IP address")
+	} else {
+		icmpIPs := node.Appendf("ICMP target IPs:")
+		for _, ip := range h.ICMPTargetIPs {
+			icmpIPs.Append(ip.String())
+		}
 	}
-	node.Appendf("ICMP target IP: %s", icmpTarget)
 	node.Appendf("Restart VPN on healthcheck failure: %s", gosettings.BoolToYesNo(h.RestartVPN))
 	return node
 }
@@ -91,7 +114,7 @@ func (h *Health) Read(r *reader.Reader) (err error) {
 	h.ServerAddress = r.String("HEALTH_SERVER_ADDRESS")
 	h.TargetAddresses = r.CSV("HEALTH_TARGET_ADDRESSES",
 		reader.RetroKeys("HEALTH_ADDRESS_TO_PING", "HEALTH_TARGET_ADDRESS"))
-	h.ICMPTargetIP, err = r.NetipAddr("HEALTH_ICMP_TARGET_IP")
+	h.ICMPTargetIPs, err = r.CSVNetipAddresses("HEALTH_ICMP_TARGET_IPS", reader.RetroKeys("HEALTH_ICMP_TARGET_IP"))
 	if err != nil {
 		return err
 	}
--- a/internal/configuration/settings/settings_test.go
+++ b/internal/configuration/settings/settings_test.go
@@ -60,7 +60,9 @@ func Test_Settings_String(t *testing.T) {
 |   ├── Target addresses:
 |   |   ├── cloudflare.com:443
 |   |   └── github.com:443
-|   ├── ICMP target IP: 1.1.1.1
+|   ├── ICMP target IPs:
+|   |   ├── 1.1.1.1
+|   |   └── 8.8.8.8
 |   └── Restart VPN on healthcheck failure: yes
 ├── Shadowsocks server settings:
 |   └── Enabled: no