admin/gluetun
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Feat: OPENVPN_INTERFACE defaulting to tun0

Browse Source 
- Fix: custom config with custom network interface name for firewall
- Keep VPN tunnel interface in firewall state
- Vul fix: only allow traffic through vpn interface when needed
- Adapt code to adapt to network interface name
- Remove outdated TUN and TAP constants
This commit is contained in:
Quentin McGaw (desktop)
2021-08-19 23:22:55 +00:00
parent 7191d4e911
commit bec8ff27ae
20 changed files with 219 additions and 89 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
internal/openvpn/custom/modify.go
View File

@@ -11,7 +11,7 @@ import (
)
func modifyCustomConfig(lines []string, settings configuration.OpenVPN,
connection models.Connection) (modified []string) {
connection models.Connection, intf string) (modified []string) {
// Remove some lines
for _, line := range lines {
switch {
@@ -22,6 +22,7 @@ func modifyCustomConfig(lines []string, settings configuration.OpenVPN,
strings.HasPrefix(line, "user "),
strings.HasPrefix(line, "proto "),
strings.HasPrefix(line, "remote "),
strings.HasPrefix(line, "dev "),
settings.Cipher != "" && strings.HasPrefix(line, "cipher "),
settings.Cipher != "" && strings.HasPrefix(line, "data-ciphers "),
settings.Auth != "" && strings.HasPrefix(line, "auth "),
@@ -35,6 +36,7 @@ func modifyCustomConfig(lines []string, settings configuration.OpenVPN,
// Add values
modified = append(modified, connection.OpenVPNProtoLine())
modified = append(modified, connection.OpenVPNRemoteLine())
modified = append(modified, "dev "+intf)
modified = append(modified, "mute-replay-warnings")
modified = append(modified, "auth-nocache")
modified = append(modified, "pull-filter ignore \"auth-token\"") // prevent auth failed loop