diff --git a/internal/params/openvpn.go b/internal/params/openvpn.go index 4e2631e0..cbb10979 100644 --- a/internal/params/openvpn.go +++ b/internal/params/openvpn.go @@ -76,3 +76,11 @@ func (r *reader) GetOpenVPNAuth() (auth string, err error) { func (r *reader) GetOpenVPNIPv6() (ipv6 bool, err error) { return r.env.OnOff("OPENVPN_IPV6", libparams.Default("off")) } + +func (r *reader) GetOpenVPNMSSFix() (mssFix uint16, err error) { + n, err := r.env.IntRange("OPENVPN_MSSFIX", 0, 10000, libparams.Default("0")) + if err != nil { + return 0, err + } + return uint16(n), nil +} diff --git a/internal/params/params.go b/internal/params/params.go index 6c77c077..475f20b5 100644 --- a/internal/params/params.go +++ b/internal/params/params.go @@ -55,6 +55,7 @@ type Reader interface { GetOpenVPNCipher() (cipher string, err error) GetOpenVPNAuth() (auth string, err error) GetOpenVPNIPv6() (tunnel bool, err error) + GetOpenVPNMSSFix() (mssFix uint16, err error) // PIA getters GetPortForwarding() (activated bool, err error) diff --git a/internal/provider/cyberghost.go b/internal/provider/cyberghost.go index d94a050d..558d2890 100644 --- a/internal/provider/cyberghost.go +++ b/internal/provider/cyberghost.go @@ -6,6 +6,7 @@ import ( "math/rand" "net" "net/http" + "strconv" "strings" "github.com/qdm12/gluetun/internal/constants" @@ -108,6 +109,9 @@ func (c *cyberghost) BuildConf(connection models.OpenVPNConnection, if !settings.Root { lines = append(lines, "user "+username) } + if settings.MSSFix > 0 { + lines = append(lines, "mssfix "+strconv.Itoa(int(settings.MSSFix))) + } lines = append(lines, []string{ "", "-----BEGIN CERTIFICATE-----", diff --git a/internal/provider/mullvad.go b/internal/provider/mullvad.go index 4ae03d69..48aaef31 100644 --- a/internal/provider/mullvad.go +++ b/internal/provider/mullvad.go @@ -6,6 +6,7 @@ import ( "math/rand" "net" "net/http" + "strconv" "github.com/qdm12/gluetun/internal/constants" "github.com/qdm12/gluetun/internal/firewall" @@ -117,6 +118,9 @@ func (m *mullvad) BuildConf(connection models.OpenVPNConnection, if !settings.Root { lines = append(lines, "user "+username) } + if settings.MSSFix > 0 { + lines = append(lines, "mssfix "+strconv.Itoa(int(settings.MSSFix))) + } lines = append(lines, []string{ "", "-----BEGIN CERTIFICATE-----", diff --git a/internal/provider/nordvpn.go b/internal/provider/nordvpn.go index 4d567bbb..93798afd 100644 --- a/internal/provider/nordvpn.go +++ b/internal/provider/nordvpn.go @@ -6,6 +6,7 @@ import ( "math/rand" "net" "net/http" + "strconv" "github.com/qdm12/gluetun/internal/constants" "github.com/qdm12/gluetun/internal/firewall" @@ -87,6 +88,11 @@ func (n *nordvpn) BuildConf(connection models.OpenVPNConnection, if len(settings.Auth) == 0 { settings.Auth = "sha512" } + + const defaultMSSFix = 1450 + if settings.MSSFix == 0 { + settings.MSSFix = defaultMSSFix + } lines = []string{ "client", "dev tun", @@ -97,7 +103,7 @@ func (n *nordvpn) BuildConf(connection models.OpenVPNConnection, // Nordvpn specific "tun-mtu 1500", "tun-mtu-extra 32", - "mssfix 1450", + "mssfix " + strconv.Itoa(int(settings.MSSFix)), "ping 15", "ping-restart 0", "ping-timer-rem", diff --git a/internal/provider/piav4.go b/internal/provider/piav4.go index f209f8a6..78e8ad87 100644 --- a/internal/provider/piav4.go +++ b/internal/provider/piav4.go @@ -12,6 +12,7 @@ import ( "net" "net/http" "net/url" + "strconv" "strings" "time" @@ -164,6 +165,9 @@ func (p *pia) BuildConf(connection models.OpenVPNConnection, if !settings.Root { lines = append(lines, "user "+username) } + if settings.MSSFix > 0 { + lines = append(lines, "mssfix "+strconv.Itoa(int(settings.MSSFix))) + } lines = append(lines, []string{ "", "-----BEGIN X509 CRL-----", diff --git a/internal/provider/privado.go b/internal/provider/privado.go index b51a1cc5..96c7bba4 100644 --- a/internal/provider/privado.go +++ b/internal/provider/privado.go @@ -6,6 +6,7 @@ import ( "math/rand" "net" "net/http" + "strconv" "github.com/qdm12/gluetun/internal/constants" "github.com/qdm12/gluetun/internal/firewall" @@ -107,6 +108,9 @@ func (s *privado) BuildConf(connection models.OpenVPNConnection, if !settings.Root { lines = append(lines, "user "+username) } + if settings.MSSFix > 0 { + lines = append(lines, "mssfix "+strconv.Itoa(int(settings.MSSFix))) + } lines = append(lines, []string{ "", "-----BEGIN CERTIFICATE-----", diff --git a/internal/provider/purevpn.go b/internal/provider/purevpn.go index c778770f..a38a8c94 100644 --- a/internal/provider/purevpn.go +++ b/internal/provider/purevpn.go @@ -6,6 +6,7 @@ import ( "math/rand" "net" "net/http" + "strconv" "github.com/qdm12/gluetun/internal/constants" "github.com/qdm12/gluetun/internal/firewall" @@ -111,6 +112,9 @@ func (p *purevpn) BuildConf(connection models.OpenVPNConnection, if !settings.Root { lines = append(lines, "user "+username) } + if settings.MSSFix > 0 { + lines = append(lines, "mssfix "+strconv.Itoa(int(settings.MSSFix))) + } lines = append(lines, []string{ "", "-----BEGIN CERTIFICATE-----", diff --git a/internal/provider/surfshark.go b/internal/provider/surfshark.go index cbfb5448..85d2cddd 100644 --- a/internal/provider/surfshark.go +++ b/internal/provider/surfshark.go @@ -6,6 +6,7 @@ import ( "math/rand" "net" "net/http" + "strconv" "github.com/qdm12/gluetun/internal/constants" "github.com/qdm12/gluetun/internal/firewall" @@ -82,6 +83,12 @@ func (s *surfshark) BuildConf(connection models.OpenVPNConnection, if len(settings.Auth) == 0 { settings.Auth = "SHA512" } + + const defaultMSSFix = 1450 + if settings.MSSFix == 0 { + settings.MSSFix = defaultMSSFix + } + lines = []string{ "client", "dev tun", @@ -92,7 +99,7 @@ func (s *surfshark) BuildConf(connection models.OpenVPNConnection, // Surfshark specific "tun-mtu 1500", "tun-mtu-extra 32", - "mssfix 1450", + "mssfix " + strconv.Itoa(int(settings.MSSFix)), "ping 15", "ping-restart 60", "ping-timer-rem", diff --git a/internal/provider/vyprvpn.go b/internal/provider/vyprvpn.go index 1db16794..1f3e0014 100644 --- a/internal/provider/vyprvpn.go +++ b/internal/provider/vyprvpn.go @@ -6,6 +6,7 @@ import ( "math/rand" "net" "net/http" + "strconv" "github.com/qdm12/gluetun/internal/constants" "github.com/qdm12/gluetun/internal/firewall" @@ -109,6 +110,9 @@ func (v *vyprvpn) BuildConf(connection models.OpenVPNConnection, if !settings.Root { lines = append(lines, "user "+username) } + if settings.MSSFix > 0 { + lines = append(lines, "mssfix "+strconv.Itoa(int(settings.MSSFix))) + } lines = append(lines, []string{ "", "-----BEGIN CERTIFICATE-----", diff --git a/internal/provider/windscribe.go b/internal/provider/windscribe.go index 35650389..d35d9d1d 100644 --- a/internal/provider/windscribe.go +++ b/internal/provider/windscribe.go @@ -6,6 +6,7 @@ import ( "math/rand" "net" "net/http" + "strconv" "strings" "github.com/qdm12/gluetun/internal/constants" @@ -114,6 +115,9 @@ func (w *windscribe) BuildConf(connection models.OpenVPNConnection, if !settings.Root { lines = append(lines, "user "+username) } + if settings.MSSFix > 0 { + lines = append(lines, "mssfix "+strconv.Itoa(int(settings.MSSFix))) + } lines = append(lines, []string{ "", "-----BEGIN CERTIFICATE-----", diff --git a/internal/settings/openvpn.go b/internal/settings/openvpn.go index 16164d4b..0545c432 100644 --- a/internal/settings/openvpn.go +++ b/internal/settings/openvpn.go @@ -14,6 +14,7 @@ type OpenVPN struct { User string `json:"user"` Password string `json:"password"` Verbosity int `json:"verbosity"` + MSSFix uint16 `json:"mssfix"` Root bool `json:"run_as_root"` Cipher string `json:"cipher"` Auth string `json:"auth"` @@ -52,6 +53,10 @@ func GetOpenVPNSettings(paramsReader params.Reader, vpnProvider models.VPNProvid if err != nil { return settings, err } + settings.MSSFix, err = paramsReader.GetOpenVPNMSSFix() + if err != nil { + return settings, err + } switch vpnProvider { case constants.PrivateInternetAccess: settings.Provider, err = GetPIASettings(paramsReader) diff --git a/internal/settings/openvpn_test.go b/internal/settings/openvpn_test.go index 9e1e7444..c3b0d8d6 100644 --- a/internal/settings/openvpn_test.go +++ b/internal/settings/openvpn_test.go @@ -20,7 +20,7 @@ func Test_OpenVPN_JSON(t *testing.T) { data, err := json.Marshal(in) require.NoError(t, err) //nolint:lll - assert.Equal(t, `{"user":"","password":"","verbosity":0,"run_as_root":true,"cipher":"","auth":"","provider":{"name":"name","server_selection":{"network_protocol":"","regions":null,"group":"","countries":null,"cities":null,"hostnames":null,"isps":null,"owned":false,"custom_port":0,"numbers":null,"encryption_preset":""},"extra_config":{"encryption_preset":"","openvpn_ipv6":false},"port_forwarding":{"enabled":false,"filepath":""}}}`, string(data)) + assert.Equal(t, `{"user":"","password":"","verbosity":0,"mssfix":0,"run_as_root":true,"cipher":"","auth":"","provider":{"name":"name","server_selection":{"network_protocol":"","regions":null,"group":"","countries":null,"cities":null,"hostnames":null,"isps":null,"owned":false,"custom_port":0,"numbers":null,"encryption_preset":""},"extra_config":{"encryption_preset":"","openvpn_ipv6":false},"port_forwarding":{"enabled":false,"filepath":""}}}`, string(data)) var out OpenVPN err = json.Unmarshal(data, &out) require.NoError(t, err)