Maintenance: generate Openvpn conf for 2.4 or 2.5

cmd/gluetun/main.go

@@ -158,6 +158,8 @@ func _main(ctx context.Context, buildInfo models.BuildInformation,
 	}
 	logger.Info(allSettings.String())
 
+	allSettings.OpenVPN.Version, _ = ovpnConf.Version(ctx)
+
 	if err := os.MkdirAll("/tmp/gluetun", 0644); err != nil {
 		return err
 	}

internal/configuration/openvpn.go

@@ -21,6 +21,7 @@ type OpenVPN struct {
 	Auth      string   `json:"auth"`
 	Provider  Provider `json:"provider"`
 	Config    string   `json:"custom_config"`
+	Version   string   `json:"-"` // injected at runtime
 }
 
 func (settings *OpenVPN) String() string {

internal/provider/cyberghost/openvpnconf.go

@@ -51,11 +51,11 @@ func (c *Cyberghost) BuildConf(connection models.OpenVPNConnection,
 		"auth-user-pass " + constants.OpenVPNAuthConf,
 		connection.ProtoLine(),
 		connection.RemoteLine(),
-		"data-ciphers-fallback " + settings.Cipher,
-		"data-ciphers " + settings.Cipher,
 		"auth " + settings.Auth,
 	}
 
+	lines = append(lines, utils.CipherLines(settings.Cipher, settings.Version)...)
+
 	if strings.HasSuffix(settings.Cipher, "-gcm") {
 		lines = append(lines, "ncp-ciphers AES-256-GCM:AES-256-CBC:AES-128-GCM")
 	}

internal/provider/fastestvpn/openvpnconf.go

@@ -53,11 +53,11 @@ func (f *Fastestvpn) BuildConf(connection models.OpenVPNConnection,
 		"auth-user-pass " + constants.OpenVPNAuthConf,
 		connection.ProtoLine(),
 		connection.RemoteLine(),
-		"data-ciphers-fallback " + settings.Cipher,
-		"data-ciphers " + settings.Cipher,
 		"auth " + settings.Auth,
 	}
 
+	lines = append(lines, utils.CipherLines(settings.Cipher, settings.Version)...)
+
 	if !settings.Root {
 		lines = append(lines, "user "+username)
 	}

internal/provider/hidemyass/openvpnconf.go

@@ -43,10 +43,10 @@ func (h *HideMyAss) BuildConf(connection models.OpenVPNConnection,
 		"auth-user-pass " + constants.OpenVPNAuthConf,
 		"proto " + connection.Protocol,
 		"remote " + connection.IP.String() + strconv.Itoa(int(connection.Port)),
-		"data-ciphers-fallback " + settings.Cipher,
-		"data-ciphers " + settings.Cipher,
 	}
 
+	lines = append(lines, utils.CipherLines(settings.Cipher, settings.Version)...)
+
 	if settings.Auth != "" {
 		lines = append(lines, "auth "+settings.Auth)
 	}

internal/provider/mullvad/openvpnconf.go

@@ -44,10 +44,10 @@ func (m *Mullvad) BuildConf(connection models.OpenVPNConnection,
 		"auth-user-pass " + constants.OpenVPNAuthConf,
 		connection.ProtoLine(),
 		connection.RemoteLine(),
-		"data-ciphers-fallback " + settings.Cipher,
-		"data-ciphers " + settings.Cipher,
 	}
 
+	lines = append(lines, utils.CipherLines(settings.Cipher, settings.Version)...)
+
 	if settings.Auth != "" {
 		lines = append(lines, "auth "+settings.Auth)
 	}

internal/provider/nordvpn/openvpnconf.go

@@ -54,11 +54,11 @@ func (n *Nordvpn) BuildConf(connection models.OpenVPNConnection,
 		"auth-user-pass " + constants.OpenVPNAuthConf,
 		connection.ProtoLine(),
 		connection.RemoteLine(),
-		"data-ciphers-fallback " + settings.Cipher,
-		"data-ciphers " + settings.Cipher,
 		"auth " + settings.Auth,
 	}
 
+	lines = append(lines, utils.CipherLines(settings.Cipher, settings.Version)...)
+
 	if connection.Protocol == constants.UDP {
 		lines = append(lines, "fast-io")
 	}

internal/provider/privado/openvpnconf.go

@@ -45,11 +45,11 @@ func (p *Privado) BuildConf(connection models.OpenVPNConnection,
 		"auth-user-pass " + constants.OpenVPNAuthConf,
 		connection.ProtoLine(),
 		connection.RemoteLine(),
-		"data-ciphers-fallback " + settings.Cipher,
-		"data-ciphers " + settings.Cipher,
 		"auth " + settings.Auth,
 	}
 
+	lines = append(lines, utils.CipherLines(settings.Cipher, settings.Version)...)
+
 	if !settings.Root {
 		lines = append(lines, "user "+username)
 	}

internal/provider/privateinternetaccess/openvpnconf.go

@@ -57,11 +57,11 @@ func (p *PIA) BuildConf(connection models.OpenVPNConnection,
 		"auth-user-pass " + constants.OpenVPNAuthConf,
 		connection.ProtoLine(),
 		connection.RemoteLine(),
-		"data-ciphers-fallback " + settings.Cipher,
-		"data-ciphers " + settings.Cipher,
 		"auth " + settings.Auth,
 	}
 
+	lines = append(lines, utils.CipherLines(settings.Cipher, settings.Version)...)
+
 	if strings.HasSuffix(settings.Cipher, "-gcm") {
 		lines = append(lines, "ncp-disable")
 	}

internal/provider/privatevpn/openvpnconf.go

@@ -43,11 +43,11 @@ func (p *Privatevpn) BuildConf(connection models.OpenVPNConnection,
 		"auth-user-pass " + constants.OpenVPNAuthConf,
 		connection.ProtoLine(),
 		connection.RemoteLine(),
-		"data-ciphers-fallback " + settings.Cipher,
-		"data-ciphers " + settings.Cipher,
 		"auth " + settings.Auth,
 	}
 
+	lines = append(lines, utils.CipherLines(settings.Cipher, settings.Version)...)
+
 	if connection.Protocol == constants.UDP {
 		lines = append(lines, "key-direction 1")
 	}

internal/provider/protonvpn/openvpnconf.go

@@ -53,11 +53,11 @@ func (p *Protonvpn) BuildConf(connection models.OpenVPNConnection,
 		"auth-user-pass " + constants.OpenVPNAuthConf,
 		connection.ProtoLine(),
 		connection.RemoteLine(),
-		"data-ciphers-fallback " + settings.Cipher,
-		"data-ciphers " + settings.Cipher,
 		"auth " + settings.Auth,
 	}
 
+	lines = append(lines, utils.CipherLines(settings.Cipher, settings.Version)...)
+
 	if connection.Protocol == constants.UDP {
 		lines = append(lines, "fast-io")
 	}

internal/provider/purevpn/openvpnconf.go

@@ -46,10 +46,10 @@ func (p *Purevpn) BuildConf(connection models.OpenVPNConnection,
 		"auth-user-pass " + constants.OpenVPNAuthConf,
 		connection.ProtoLine(),
 		connection.RemoteLine(),
-		"data-ciphers-fallback " + settings.Cipher,
-		"data-ciphers " + settings.Cipher,
 	}
 
+	lines = append(lines, utils.CipherLines(settings.Cipher, settings.Version)...)
+
 	if connection.Protocol == constants.UDP {
 		lines = append(lines, "explicit-exit-notify")
 	}

internal/provider/surfshark/openvpnconf.go

@@ -55,11 +55,11 @@ func (s *Surfshark) BuildConf(connection models.OpenVPNConnection,
 		"auth-user-pass " + constants.OpenVPNAuthConf,
 		connection.ProtoLine(),
 		connection.RemoteLine(),
-		"data-ciphers-fallback " + settings.Cipher,
-		"data-ciphers " + settings.Cipher,
 		"auth " + settings.Auth,
 	}
 
+	lines = append(lines, utils.CipherLines(settings.Cipher, settings.Version)...)
+
 	if !settings.Root {
 		lines = append(lines, "user "+username)
 	}

internal/provider/torguard/openvpnconf.go

@@ -57,11 +57,11 @@ func (t *Torguard) BuildConf(connection models.OpenVPNConnection,
 		"auth-user-pass " + constants.OpenVPNAuthConf,
 		connection.ProtoLine(),
 		connection.RemoteLine(),
-		"data-ciphers-fallback " + settings.Cipher,
-		"data-ciphers " + settings.Cipher,
 		"auth " + settings.Auth,
 	}
 
+	lines = append(lines, utils.CipherLines(settings.Cipher, settings.Version)...)
+
 	if !settings.Root {
 		lines = append(lines, "user "+username)
 	}

internal/provider/utils/cipher.go

@@ -0,0 +1,15 @@
+package utils
+
+import "strings"
+
+func CipherLines(cipher, version string) (lines []string) {
+	switch {
+	case strings.HasPrefix(version, "2.4"):
+		return []string{"cipher " + cipher}
+	default: // 2.5 and above
+		return []string{
+			"data-ciphers-fallback " + cipher,
+			"data-ciphers " + cipher,
+		}
+	}
+}

internal/provider/utils/cipher_test.go

@@ -0,0 +1,45 @@
+package utils
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func Test_CipherLines(t *testing.T) {
+	t.Parallel()
+	testCases := map[string]struct {
+		version string
+		lines   []string
+	}{
+		"empty version": {
+			lines: []string{
+				"data-ciphers-fallback AES",
+				"data-ciphers AES",
+			},
+		},
+		"2.4.5": {
+			version: "2.4.5",
+			lines:   []string{"cipher AES"},
+		},
+		"2.5.3": {
+			version: "2.5.3",
+			lines: []string{
+				"data-ciphers-fallback AES",
+				"data-ciphers AES",
+			},
+		},
+	}
+	for name, testCase := range testCases {
+		testCase := testCase
+		t.Run(name, func(t *testing.T) {
+			t.Parallel()
+
+			const cipher = "AES"
+
+			lines := CipherLines(cipher, testCase.version)
+
+			assert.Equal(t, testCase.lines, lines)
+		})
+	}
+}

internal/provider/vyprvpn/openvpnconf.go

@@ -47,11 +47,11 @@ func (v *Vyprvpn) BuildConf(connection models.OpenVPNConnection,
 		"auth-user-pass " + constants.OpenVPNAuthConf,
 		connection.ProtoLine(),
 		connection.RemoteLine(),
-		"data-ciphers-fallback " + settings.Cipher,
-		"data-ciphers " + settings.Cipher,
 		"auth " + settings.Auth,
 	}
 
+	lines = append(lines, utils.CipherLines(settings.Cipher, settings.Version)...)
+
 	if !settings.Root {
 		lines = append(lines, "user "+username)
 	}

internal/provider/windscribe/openvpnconf.go

@@ -50,11 +50,11 @@ func (w *Windscribe) BuildConf(connection models.OpenVPNConnection,
 		"auth-user-pass " + constants.OpenVPNAuthConf,
 		connection.ProtoLine(),
 		connection.RemoteLine(),
-		"data-ciphers-fallback " + settings.Cipher,
-		"data-ciphers " + settings.Cipher,
 		"auth " + settings.Auth,
 	}
 
+	lines = append(lines, utils.CipherLines(settings.Cipher, settings.Version)...)
+
 	if strings.HasSuffix(settings.Cipher, "-gcm") {
 		lines = append(lines, "ncp-ciphers AES-256-GCM:AES-256-CBC:AES-128-GCM")
 	}