feat: add VPNsecure.me support (#848)
- `OPENVPN_ENCRYPTED_KEY` environment variable - `OPENVPN_ENCRYPTED_KEY_SECRETFILE` environment variable - `OPENVPN_KEY_PASSPHRASE` environment variable - `OPENVPN_KEY_PASSPHRASE_SECRETFILE` environment variable - `PREMIUM_ONLY` environment variable - OpenVPN user and password not required for vpnsecure provider
This commit is contained in:
Quentin McGaw
@@ -42,7 +42,7 @@ type OpenVPN struct {
|
||||
// It is ignored if it is set to the empty string.
|
||||
Auth *string
|
||||
// Cert is the OpenVPN certificate for the <cert> block.
|
||||
// This is notably used by Cyberghost.
|
||||
// This is notably used by Cyberghost and VPN secure.
|
||||
// It can be set to the empty string to be ignored.
|
||||
// It cannot be nil in the internal state.
|
||||
Cert *string
|
||||
@@ -51,6 +51,15 @@ type OpenVPN struct {
|
||||
// It can be set to the empty string to be ignored.
|
||||
// It cannot be nil in the internal state.
|
||||
Key *string
|
||||
// EncryptedKey is the content of an encrypted
|
||||
// key for OpenVPN. It is used by VPN secure.
|
||||
// It defaults to the empty string meaning it is not
|
||||
// to be used. KeyPassphrase must be set if this one is set.
|
||||
EncryptedKey *string
|
||||
// KeyPassphrase is the key passphrase to be used by OpenVPN
|
||||
// to decrypt the EncryptedPrivateKey. It defaults to the
|
||||
// empty string and must be set if EncryptedPrivateKey is set.
|
||||
KeyPassphrase *string
|
||||
// PIAEncPreset is the encryption preset for
|
||||
// Private Internet Access. It can be set to an
|
||||
// empty string for other providers.
|
||||
@@ -116,6 +125,15 @@ func (o OpenVPN) validate(vpnProvider string) (err error) {
|
||||
return fmt.Errorf("client key: %w", err)
|
||||
}
|
||||
|
||||
err = validateOpenVPNEncryptedKey(vpnProvider, *o.EncryptedKey)
|
||||
if err != nil {
|
||||
return fmt.Errorf("encrypted key: %w", err)
|
||||
}
|
||||
|
||||
if *o.EncryptedKey != "" && *o.KeyPassphrase == "" {
|
||||
return fmt.Errorf("%w", ErrOpenVPNKeyPassphraseIsEmpty)
|
||||
}
|
||||
|
||||
const maxMSSFix = 10000
|
||||
if *o.MSSFix > maxMSSFix {
|
||||
return fmt.Errorf("%w: %d is over the maximum value of %d",
|
||||
@@ -164,6 +182,7 @@ func validateOpenVPNClientCertificate(vpnProvider,
|
||||
switch vpnProvider {
|
||||
case
|
||||
providers.Cyberghost,
|
||||
providers.VPNSecure,
|
||||
providers.VPNUnlimited:
|
||||
if clientCert == "" {
|
||||
return ErrMissingValue
|
||||
@@ -203,23 +222,42 @@ func validateOpenVPNClientKey(vpnProvider, clientKey string) (err error) {
|
||||
return nil
|
||||
}
|
||||
|
||||
func validateOpenVPNEncryptedKey(vpnProvider,
|
||||
encryptedPrivateKey string) (err error) {
|
||||
if vpnProvider == providers.VPNSecure && encryptedPrivateKey == "" {
|
||||
return ErrMissingValue
|
||||
}
|
||||
|
||||
if encryptedPrivateKey == "" {
|
||||
return nil
|
||||
}
|
||||
|
||||
_, err = extract.PEM([]byte(encryptedPrivateKey))
|
||||
if err != nil {
|
||||
return fmt.Errorf("extracting encrypted key: %w", err)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (o *OpenVPN) copy() (copied OpenVPN) {
|
||||
return OpenVPN{
|
||||
Version: o.Version,
|
||||
User: helpers.CopyStringPtr(o.User),
|
||||
Password: helpers.CopyStringPtr(o.Password),
|
||||
ConfFile: helpers.CopyStringPtr(o.ConfFile),
|
||||
Ciphers: helpers.CopyStringSlice(o.Ciphers),
|
||||
Auth: helpers.CopyStringPtr(o.Auth),
|
||||
Cert: helpers.CopyStringPtr(o.Cert),
|
||||
Key: helpers.CopyStringPtr(o.Key),
|
||||
PIAEncPreset: helpers.CopyStringPtr(o.PIAEncPreset),
|
||||
IPv6: helpers.CopyBoolPtr(o.IPv6),
|
||||
MSSFix: helpers.CopyUint16Ptr(o.MSSFix),
|
||||
Interface: o.Interface,
|
||||
ProcessUser: o.ProcessUser,
|
||||
Verbosity: helpers.CopyIntPtr(o.Verbosity),
|
||||
Flags: helpers.CopyStringSlice(o.Flags),
|
||||
Version: o.Version,
|
||||
User: helpers.CopyStringPtr(o.User),
|
||||
Password: helpers.CopyStringPtr(o.Password),
|
||||
ConfFile: helpers.CopyStringPtr(o.ConfFile),
|
||||
Ciphers: helpers.CopyStringSlice(o.Ciphers),
|
||||
Auth: helpers.CopyStringPtr(o.Auth),
|
||||
Cert: helpers.CopyStringPtr(o.Cert),
|
||||
Key: helpers.CopyStringPtr(o.Key),
|
||||
EncryptedKey: helpers.CopyStringPtr(o.EncryptedKey),
|
||||
KeyPassphrase: helpers.CopyStringPtr(o.KeyPassphrase),
|
||||
PIAEncPreset: helpers.CopyStringPtr(o.PIAEncPreset),
|
||||
IPv6: helpers.CopyBoolPtr(o.IPv6),
|
||||
MSSFix: helpers.CopyUint16Ptr(o.MSSFix),
|
||||
Interface: o.Interface,
|
||||
ProcessUser: o.ProcessUser,
|
||||
Verbosity: helpers.CopyIntPtr(o.Verbosity),
|
||||
Flags: helpers.CopyStringSlice(o.Flags),
|
||||
}
|
||||
}
|
||||
|
||||
@@ -234,6 +272,8 @@ func (o *OpenVPN) mergeWith(other OpenVPN) {
|
||||
o.Auth = helpers.MergeWithStringPtr(o.Auth, other.Auth)
|
||||
o.Cert = helpers.MergeWithStringPtr(o.Cert, other.Cert)
|
||||
o.Key = helpers.MergeWithStringPtr(o.Key, other.Key)
|
||||
o.EncryptedKey = helpers.MergeWithStringPtr(o.EncryptedKey, other.EncryptedKey)
|
||||
o.KeyPassphrase = helpers.MergeWithStringPtr(o.KeyPassphrase, other.KeyPassphrase)
|
||||
o.PIAEncPreset = helpers.MergeWithStringPtr(o.PIAEncPreset, other.PIAEncPreset)
|
||||
o.IPv6 = helpers.MergeWithBool(o.IPv6, other.IPv6)
|
||||
o.MSSFix = helpers.MergeWithUint16(o.MSSFix, other.MSSFix)
|
||||
@@ -255,6 +295,8 @@ func (o *OpenVPN) overrideWith(other OpenVPN) {
|
||||
o.Auth = helpers.OverrideWithStringPtr(o.Auth, other.Auth)
|
||||
o.Cert = helpers.OverrideWithStringPtr(o.Cert, other.Cert)
|
||||
o.Key = helpers.OverrideWithStringPtr(o.Key, other.Key)
|
||||
o.EncryptedKey = helpers.OverrideWithStringPtr(o.EncryptedKey, other.EncryptedKey)
|
||||
o.KeyPassphrase = helpers.OverrideWithStringPtr(o.KeyPassphrase, other.KeyPassphrase)
|
||||
o.PIAEncPreset = helpers.OverrideWithStringPtr(o.PIAEncPreset, other.PIAEncPreset)
|
||||
o.IPv6 = helpers.OverrideWithBool(o.IPv6, other.IPv6)
|
||||
o.MSSFix = helpers.OverrideWithUint16(o.MSSFix, other.MSSFix)
|
||||
@@ -277,6 +319,8 @@ func (o *OpenVPN) setDefaults(vpnProvider string) {
|
||||
o.Auth = helpers.DefaultStringPtr(o.Auth, "")
|
||||
o.Cert = helpers.DefaultStringPtr(o.Cert, "")
|
||||
o.Key = helpers.DefaultStringPtr(o.Key, "")
|
||||
o.EncryptedKey = helpers.DefaultStringPtr(o.EncryptedKey, "")
|
||||
o.KeyPassphrase = helpers.DefaultStringPtr(o.KeyPassphrase, "")
|
||||
|
||||
var defaultEncPreset string
|
||||
if vpnProvider == providers.PrivateInternetAccess {
|
||||
@@ -321,6 +365,11 @@ func (o OpenVPN) toLinesNode() (node *gotree.Node) {
|
||||
node.Appendf("Client key: %s", helpers.ObfuscateData(*o.Key))
|
||||
}
|
||||
|
||||
if *o.EncryptedKey != "" {
|
||||
node.Appendf("Encrypted key: %s (key passhrapse %s)",
|
||||
helpers.ObfuscateData(*o.EncryptedKey), helpers.ObfuscatePassword(*o.KeyPassphrase))
|
||||
}
|
||||
|
||||
if *o.PIAEncPreset != "" {
|
||||
node.Appendf("Private Internet Access encryption preset: %s", *o.PIAEncPreset)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user