Feat: OPENVPN_INTERFACE defaulting to tun0

- Fix: custom config with custom network interface name for firewall - Keep VPN tunnel interface in firewall state - Vul fix: only allow traffic through vpn interface when needed - Adapt code to adapt to network interface name - Remove outdated TUN and TAP constants
2021-08-19 23:22:55 +00:00
parent 7191d4e911
commit bec8ff27ae
20 changed files with 219 additions and 89 deletions
--- a/internal/configuration/openvpn.go
+++ b/internal/configuration/openvpn.go
@@ -1,7 +1,9 @@
 package configuration

 import (
+	"errors"
 	"fmt"
+	"regexp"
 	"strconv"
 	"strings"

@@ -26,6 +28,7 @@ type OpenVPN struct {
 	EncPreset string   `json:"encryption_preset"` // PIA
 	IPv6      bool     `json:"ipv6"`              // Mullvad
 	ProcUser  string   `json:"procuser"`          // Process username
+	Interface string   `json:"interface"`
 }

 func (settings *OpenVPN) String() string {
@@ -39,6 +42,8 @@ func (settings *OpenVPN) lines() (lines []string) {

 	lines = append(lines, indent+lastIndent+"Verbosity level: "+strconv.Itoa(settings.Verbosity))

+	lines = append(lines, indent+lastIndent+"Network interface: "+settings.Interface)
+
 	if len(settings.Flags) > 0 {
 		lines = append(lines, indent+lastIndent+"Flags: "+strings.Join(settings.Flags, " "))
 	}
@@ -148,6 +153,11 @@ func (settings *OpenVPN) read(r reader, serviceProvider string) (err error) {
 		return fmt.Errorf("environment variable OPENVPN_IPV6: %w", err)
 	}

+	settings.Interface, err = readInterface(r.env)
+	if err != nil {
+		return err
+	}
+
 	settings.EncPreset, err = getPIAEncryptionPreset(r)
 	if err != nil {
 		return err
@@ -173,3 +183,22 @@ func readProtocol(env params.Env) (tcp bool, err error) {
 	}
 	return protocol == constants.TCP, nil
 }
+
+const openvpnIntfRegexString = `^.*[0-9]$`
+
+var openvpnIntfRegexp = regexp.MustCompile(openvpnIntfRegexString)
+var errInterfaceNameNotValid = errors.New("interface name is not valid")
+
+func readInterface(env params.Env) (intf string, err error) {
+	intf, err = env.Get("OPENVPN_INTERFACE", params.Default("tun0"))
+	if err != nil {
+		return "", fmt.Errorf("environment variable OPENVPN_INTERFACE: %w", err)
+	}
+
+	if !openvpnIntfRegexp.MatchString(intf) {
+		return "", fmt.Errorf("%w: does not match regex %s: %s",
+			errInterfaceNameNotValid, openvpnIntfRegexString, intf)
+	}
+
+	return intf, nil
+}