From da65f3b0168a66e5356b4efa2d6ff0d4fc0dba12 Mon Sep 17 00:00:00 2001 From: Quentin McGaw Date: Sun, 23 May 2021 17:40:14 +0000 Subject: [PATCH] Maintenance: generate Openvpn conf for 2.4 or 2.5 --- cmd/gluetun/main.go | 2 + internal/configuration/openvpn.go | 1 + internal/provider/cyberghost/openvpnconf.go | 4 +- internal/provider/fastestvpn/openvpnconf.go | 4 +- internal/provider/hidemyass/openvpnconf.go | 4 +- internal/provider/mullvad/openvpnconf.go | 4 +- internal/provider/nordvpn/openvpnconf.go | 4 +- internal/provider/privado/openvpnconf.go | 4 +- .../privateinternetaccess/openvpnconf.go | 4 +- internal/provider/privatevpn/openvpnconf.go | 4 +- internal/provider/protonvpn/openvpnconf.go | 4 +- internal/provider/purevpn/openvpnconf.go | 4 +- internal/provider/surfshark/openvpnconf.go | 4 +- internal/provider/torguard/openvpnconf.go | 4 +- internal/provider/utils/cipher.go | 15 +++++++ internal/provider/utils/cipher_test.go | 45 +++++++++++++++++++ internal/provider/vyprvpn/openvpnconf.go | 4 +- internal/provider/windscribe/openvpnconf.go | 4 +- 18 files changed, 91 insertions(+), 28 deletions(-) create mode 100644 internal/provider/utils/cipher.go create mode 100644 internal/provider/utils/cipher_test.go diff --git a/cmd/gluetun/main.go b/cmd/gluetun/main.go index ee54bba4..b23fbcd0 100644 --- a/cmd/gluetun/main.go +++ b/cmd/gluetun/main.go @@ -158,6 +158,8 @@ func _main(ctx context.Context, buildInfo models.BuildInformation, } logger.Info(allSettings.String()) + allSettings.OpenVPN.Version, _ = ovpnConf.Version(ctx) + if err := os.MkdirAll("/tmp/gluetun", 0644); err != nil { return err } diff --git a/internal/configuration/openvpn.go b/internal/configuration/openvpn.go index bf06a1b0..ef6c9a3a 100644 --- a/internal/configuration/openvpn.go +++ b/internal/configuration/openvpn.go @@ -21,6 +21,7 @@ type OpenVPN struct { Auth string `json:"auth"` Provider Provider `json:"provider"` Config string `json:"custom_config"` + Version string `json:"-"` // injected at runtime } func (settings *OpenVPN) String() string { diff --git a/internal/provider/cyberghost/openvpnconf.go b/internal/provider/cyberghost/openvpnconf.go index e4bdbf8f..65eeaf70 100644 --- a/internal/provider/cyberghost/openvpnconf.go +++ b/internal/provider/cyberghost/openvpnconf.go @@ -51,11 +51,11 @@ func (c *Cyberghost) BuildConf(connection models.OpenVPNConnection, "auth-user-pass " + constants.OpenVPNAuthConf, connection.ProtoLine(), connection.RemoteLine(), - "data-ciphers-fallback " + settings.Cipher, - "data-ciphers " + settings.Cipher, "auth " + settings.Auth, } + lines = append(lines, utils.CipherLines(settings.Cipher, settings.Version)...) + if strings.HasSuffix(settings.Cipher, "-gcm") { lines = append(lines, "ncp-ciphers AES-256-GCM:AES-256-CBC:AES-128-GCM") } diff --git a/internal/provider/fastestvpn/openvpnconf.go b/internal/provider/fastestvpn/openvpnconf.go index 5e9ea719..5b10b10e 100644 --- a/internal/provider/fastestvpn/openvpnconf.go +++ b/internal/provider/fastestvpn/openvpnconf.go @@ -53,11 +53,11 @@ func (f *Fastestvpn) BuildConf(connection models.OpenVPNConnection, "auth-user-pass " + constants.OpenVPNAuthConf, connection.ProtoLine(), connection.RemoteLine(), - "data-ciphers-fallback " + settings.Cipher, - "data-ciphers " + settings.Cipher, "auth " + settings.Auth, } + lines = append(lines, utils.CipherLines(settings.Cipher, settings.Version)...) + if !settings.Root { lines = append(lines, "user "+username) } diff --git a/internal/provider/hidemyass/openvpnconf.go b/internal/provider/hidemyass/openvpnconf.go index e7b7ffcd..af325586 100644 --- a/internal/provider/hidemyass/openvpnconf.go +++ b/internal/provider/hidemyass/openvpnconf.go @@ -43,10 +43,10 @@ func (h *HideMyAss) BuildConf(connection models.OpenVPNConnection, "auth-user-pass " + constants.OpenVPNAuthConf, "proto " + connection.Protocol, "remote " + connection.IP.String() + strconv.Itoa(int(connection.Port)), - "data-ciphers-fallback " + settings.Cipher, - "data-ciphers " + settings.Cipher, } + lines = append(lines, utils.CipherLines(settings.Cipher, settings.Version)...) + if settings.Auth != "" { lines = append(lines, "auth "+settings.Auth) } diff --git a/internal/provider/mullvad/openvpnconf.go b/internal/provider/mullvad/openvpnconf.go index b9504cd1..0f8f8679 100644 --- a/internal/provider/mullvad/openvpnconf.go +++ b/internal/provider/mullvad/openvpnconf.go @@ -44,10 +44,10 @@ func (m *Mullvad) BuildConf(connection models.OpenVPNConnection, "auth-user-pass " + constants.OpenVPNAuthConf, connection.ProtoLine(), connection.RemoteLine(), - "data-ciphers-fallback " + settings.Cipher, - "data-ciphers " + settings.Cipher, } + lines = append(lines, utils.CipherLines(settings.Cipher, settings.Version)...) + if settings.Auth != "" { lines = append(lines, "auth "+settings.Auth) } diff --git a/internal/provider/nordvpn/openvpnconf.go b/internal/provider/nordvpn/openvpnconf.go index 85a4ed43..788fbccc 100644 --- a/internal/provider/nordvpn/openvpnconf.go +++ b/internal/provider/nordvpn/openvpnconf.go @@ -54,11 +54,11 @@ func (n *Nordvpn) BuildConf(connection models.OpenVPNConnection, "auth-user-pass " + constants.OpenVPNAuthConf, connection.ProtoLine(), connection.RemoteLine(), - "data-ciphers-fallback " + settings.Cipher, - "data-ciphers " + settings.Cipher, "auth " + settings.Auth, } + lines = append(lines, utils.CipherLines(settings.Cipher, settings.Version)...) + if connection.Protocol == constants.UDP { lines = append(lines, "fast-io") } diff --git a/internal/provider/privado/openvpnconf.go b/internal/provider/privado/openvpnconf.go index a19d1697..03f22f45 100644 --- a/internal/provider/privado/openvpnconf.go +++ b/internal/provider/privado/openvpnconf.go @@ -45,11 +45,11 @@ func (p *Privado) BuildConf(connection models.OpenVPNConnection, "auth-user-pass " + constants.OpenVPNAuthConf, connection.ProtoLine(), connection.RemoteLine(), - "data-ciphers-fallback " + settings.Cipher, - "data-ciphers " + settings.Cipher, "auth " + settings.Auth, } + lines = append(lines, utils.CipherLines(settings.Cipher, settings.Version)...) + if !settings.Root { lines = append(lines, "user "+username) } diff --git a/internal/provider/privateinternetaccess/openvpnconf.go b/internal/provider/privateinternetaccess/openvpnconf.go index 41727757..6ddc58d2 100644 --- a/internal/provider/privateinternetaccess/openvpnconf.go +++ b/internal/provider/privateinternetaccess/openvpnconf.go @@ -57,11 +57,11 @@ func (p *PIA) BuildConf(connection models.OpenVPNConnection, "auth-user-pass " + constants.OpenVPNAuthConf, connection.ProtoLine(), connection.RemoteLine(), - "data-ciphers-fallback " + settings.Cipher, - "data-ciphers " + settings.Cipher, "auth " + settings.Auth, } + lines = append(lines, utils.CipherLines(settings.Cipher, settings.Version)...) + if strings.HasSuffix(settings.Cipher, "-gcm") { lines = append(lines, "ncp-disable") } diff --git a/internal/provider/privatevpn/openvpnconf.go b/internal/provider/privatevpn/openvpnconf.go index 4bd23ba0..3fbc4ae4 100644 --- a/internal/provider/privatevpn/openvpnconf.go +++ b/internal/provider/privatevpn/openvpnconf.go @@ -43,11 +43,11 @@ func (p *Privatevpn) BuildConf(connection models.OpenVPNConnection, "auth-user-pass " + constants.OpenVPNAuthConf, connection.ProtoLine(), connection.RemoteLine(), - "data-ciphers-fallback " + settings.Cipher, - "data-ciphers " + settings.Cipher, "auth " + settings.Auth, } + lines = append(lines, utils.CipherLines(settings.Cipher, settings.Version)...) + if connection.Protocol == constants.UDP { lines = append(lines, "key-direction 1") } diff --git a/internal/provider/protonvpn/openvpnconf.go b/internal/provider/protonvpn/openvpnconf.go index e8ade516..b64983b2 100644 --- a/internal/provider/protonvpn/openvpnconf.go +++ b/internal/provider/protonvpn/openvpnconf.go @@ -53,11 +53,11 @@ func (p *Protonvpn) BuildConf(connection models.OpenVPNConnection, "auth-user-pass " + constants.OpenVPNAuthConf, connection.ProtoLine(), connection.RemoteLine(), - "data-ciphers-fallback " + settings.Cipher, - "data-ciphers " + settings.Cipher, "auth " + settings.Auth, } + lines = append(lines, utils.CipherLines(settings.Cipher, settings.Version)...) + if connection.Protocol == constants.UDP { lines = append(lines, "fast-io") } diff --git a/internal/provider/purevpn/openvpnconf.go b/internal/provider/purevpn/openvpnconf.go index b3adec02..421e123c 100644 --- a/internal/provider/purevpn/openvpnconf.go +++ b/internal/provider/purevpn/openvpnconf.go @@ -46,10 +46,10 @@ func (p *Purevpn) BuildConf(connection models.OpenVPNConnection, "auth-user-pass " + constants.OpenVPNAuthConf, connection.ProtoLine(), connection.RemoteLine(), - "data-ciphers-fallback " + settings.Cipher, - "data-ciphers " + settings.Cipher, } + lines = append(lines, utils.CipherLines(settings.Cipher, settings.Version)...) + if connection.Protocol == constants.UDP { lines = append(lines, "explicit-exit-notify") } diff --git a/internal/provider/surfshark/openvpnconf.go b/internal/provider/surfshark/openvpnconf.go index 4f20817e..4adb5ced 100644 --- a/internal/provider/surfshark/openvpnconf.go +++ b/internal/provider/surfshark/openvpnconf.go @@ -55,11 +55,11 @@ func (s *Surfshark) BuildConf(connection models.OpenVPNConnection, "auth-user-pass " + constants.OpenVPNAuthConf, connection.ProtoLine(), connection.RemoteLine(), - "data-ciphers-fallback " + settings.Cipher, - "data-ciphers " + settings.Cipher, "auth " + settings.Auth, } + lines = append(lines, utils.CipherLines(settings.Cipher, settings.Version)...) + if !settings.Root { lines = append(lines, "user "+username) } diff --git a/internal/provider/torguard/openvpnconf.go b/internal/provider/torguard/openvpnconf.go index c1f4fbec..9c30ce90 100644 --- a/internal/provider/torguard/openvpnconf.go +++ b/internal/provider/torguard/openvpnconf.go @@ -57,11 +57,11 @@ func (t *Torguard) BuildConf(connection models.OpenVPNConnection, "auth-user-pass " + constants.OpenVPNAuthConf, connection.ProtoLine(), connection.RemoteLine(), - "data-ciphers-fallback " + settings.Cipher, - "data-ciphers " + settings.Cipher, "auth " + settings.Auth, } + lines = append(lines, utils.CipherLines(settings.Cipher, settings.Version)...) + if !settings.Root { lines = append(lines, "user "+username) } diff --git a/internal/provider/utils/cipher.go b/internal/provider/utils/cipher.go new file mode 100644 index 00000000..2ae51863 --- /dev/null +++ b/internal/provider/utils/cipher.go @@ -0,0 +1,15 @@ +package utils + +import "strings" + +func CipherLines(cipher, version string) (lines []string) { + switch { + case strings.HasPrefix(version, "2.4"): + return []string{"cipher " + cipher} + default: // 2.5 and above + return []string{ + "data-ciphers-fallback " + cipher, + "data-ciphers " + cipher, + } + } +} diff --git a/internal/provider/utils/cipher_test.go b/internal/provider/utils/cipher_test.go new file mode 100644 index 00000000..5d203bca --- /dev/null +++ b/internal/provider/utils/cipher_test.go @@ -0,0 +1,45 @@ +package utils + +import ( + "testing" + + "github.com/stretchr/testify/assert" +) + +func Test_CipherLines(t *testing.T) { + t.Parallel() + testCases := map[string]struct { + version string + lines []string + }{ + "empty version": { + lines: []string{ + "data-ciphers-fallback AES", + "data-ciphers AES", + }, + }, + "2.4.5": { + version: "2.4.5", + lines: []string{"cipher AES"}, + }, + "2.5.3": { + version: "2.5.3", + lines: []string{ + "data-ciphers-fallback AES", + "data-ciphers AES", + }, + }, + } + for name, testCase := range testCases { + testCase := testCase + t.Run(name, func(t *testing.T) { + t.Parallel() + + const cipher = "AES" + + lines := CipherLines(cipher, testCase.version) + + assert.Equal(t, testCase.lines, lines) + }) + } +} diff --git a/internal/provider/vyprvpn/openvpnconf.go b/internal/provider/vyprvpn/openvpnconf.go index 992c9c02..88cf1a24 100644 --- a/internal/provider/vyprvpn/openvpnconf.go +++ b/internal/provider/vyprvpn/openvpnconf.go @@ -47,11 +47,11 @@ func (v *Vyprvpn) BuildConf(connection models.OpenVPNConnection, "auth-user-pass " + constants.OpenVPNAuthConf, connection.ProtoLine(), connection.RemoteLine(), - "data-ciphers-fallback " + settings.Cipher, - "data-ciphers " + settings.Cipher, "auth " + settings.Auth, } + lines = append(lines, utils.CipherLines(settings.Cipher, settings.Version)...) + if !settings.Root { lines = append(lines, "user "+username) } diff --git a/internal/provider/windscribe/openvpnconf.go b/internal/provider/windscribe/openvpnconf.go index 38eadcb2..7c7ebdea 100644 --- a/internal/provider/windscribe/openvpnconf.go +++ b/internal/provider/windscribe/openvpnconf.go @@ -50,11 +50,11 @@ func (w *Windscribe) BuildConf(connection models.OpenVPNConnection, "auth-user-pass " + constants.OpenVPNAuthConf, connection.ProtoLine(), connection.RemoteLine(), - "data-ciphers-fallback " + settings.Cipher, - "data-ciphers " + settings.Cipher, "auth " + settings.Auth, } + lines = append(lines, utils.CipherLines(settings.Cipher, settings.Version)...) + if strings.HasSuffix(settings.Cipher, "-gcm") { lines = append(lines, "ncp-ciphers AES-256-GCM:AES-256-CBC:AES-128-GCM") }