admin/gluetun
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Mullvad: configurable ipv6 tunneling (#253)

Browse Source 
- Disabled by default
- Wiki pages updated
- Readme updated
This commit is contained in:
Quentin McGaw
2020-09-26 09:33:24 -04:00
committed by GitHub
parent ae876b93d7
commit ecf76896a2
8 changed files with 28 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
Dockerfile
View File

@@ -43,6 +43,7 @@ ENV VPNSP=pia \
OPENVPN_VERBOSITY=1 \ OPENVPN_VERBOSITY=1 \
OPENVPN_ROOT=no \ OPENVPN_ROOT=no \
OPENVPN_TARGET_IP= \ OPENVPN_TARGET_IP= \
OPENVPN_IPV6=off \
TZ= \ TZ= \
UID=1000 \ UID=1000 \
GID=1000 \ GID=1000 \

3
README.md
View File

@@ -103,6 +103,7 @@ docker run --rm --network=container:gluetun alpine:3.12 wget -qO- https://ipinfo
| `OPENVPN_TARGET_IP` | | Valid IP address | Specify a target VPN server (or gateway) IP address to use | | `OPENVPN_TARGET_IP` | | Valid IP address | Specify a target VPN server (or gateway) IP address to use |
| `OPENVPN_CIPHER` | | i.e. `aes-256-gcm` | Specify a custom cipher to use. It will also set `ncp-disable` if using AES GCM for PIA | | `OPENVPN_CIPHER` | | i.e. `aes-256-gcm` | Specify a custom cipher to use. It will also set `ncp-disable` if using AES GCM for PIA |
| `OPENVPN_AUTH` | | i.e. `sha256` | Specify a custom auth algorithm to use | | `OPENVPN_AUTH` | | i.e. `sha256` | Specify a custom auth algorithm to use |
| `OPENVPN_IPV6` | `off` | `on`, `off` | Enable tunneling of IPv6 (only for Mullvad) |
*For all providers below, server location parameters are all optional. By default a random server is picked using the filter settings provided.* *For all providers below, server location parameters are all optional. By default a random server is picked using the filter settings provided.*
@@ -127,6 +128,8 @@ docker run --rm --network=container:gluetun alpine:3.12 wget -qO- https://ipinfo
| `ISP` | | One of the [Mullvad ISP](https://mullvad.net/en/servers/#openvpn) | VPN server ISP | | `ISP` | | One of the [Mullvad ISP](https://mullvad.net/en/servers/#openvpn) | VPN server ISP |
| `PORT` | | `80`, `443` or `1401` for TCP; `53`, `1194`, `1195`, `1196`, `1197`, `1300`, `1301`, `1302`, `1303` or `1400` for UDP. Defaults to TCP `443` and UDP `1194` | Custom VPN port to use | | `PORT` | | `80`, `443` or `1401` for TCP; `53`, `1194`, `1195`, `1196`, `1197`, `1300`, `1301`, `1302`, `1303` or `1400` for UDP. Defaults to TCP `443` and UDP `1194` | Custom VPN port to use |
💡 [Mullvad IPv6 Wiki page](https://github.com/qdm12/gluetun/wiki/Mullvad-IPv6)
- Windscribe - Windscribe
| Variable | Default | Choices | Description | | Variable | Default | Choices | Description |

6
internal/models/selection.go
View File

@@ -46,6 +46,7 @@ type ServerSelection struct { //nolint:maligned
type ExtraConfigOptions struct { type ExtraConfigOptions struct {
ClientKey string `json:"-"` // Cyberghost ClientKey string `json:"-"` // Cyberghost
EncryptionPreset string `json:"encryptionPreset"` // PIA EncryptionPreset string `json:"encryptionPreset"` // PIA
OpenVPNIPv6 bool `json:"openvpnIPv6"` // Mullvad
} }
// PortForwarding contains settings for port forwarding // PortForwarding contains settings for port forwarding
@@ -74,6 +75,10 @@ func (p *ProviderSettings) String() string {
if p.ServerSelection.Number > 0 { if p.ServerSelection.Number > 0 {
number = fmt.Sprintf("%d", p.ServerSelection.Number) number = fmt.Sprintf("%d", p.ServerSelection.Number)
} }
ipv6 := "off"
if p.ExtraConfigOptions.OpenVPNIPv6 {
ipv6 = "on"
}
switch strings.ToLower(string(p.Name)) { switch strings.ToLower(string(p.Name)) {
case "private internet access old": case "private internet access old":
settingsList = append(settingsList, settingsList = append(settingsList,
@@ -92,6 +97,7 @@ func (p *ProviderSettings) String() string {
"City: "+p.ServerSelection.City, "City: "+p.ServerSelection.City,
"ISP: "+p.ServerSelection.ISP, "ISP: "+p.ServerSelection.ISP,
"Custom port: "+customPort, "Custom port: "+customPort,
"IPv6: "+ipv6,
) )
case "windscribe": case "windscribe":
settingsList = append(settingsList, settingsList = append(settingsList,

6
internal/params/openvpn.go
View File

@@ -81,3 +81,9 @@ func (r *reader) GetOpenVPNCipher() (cipher string, err error) {
func (r *reader) GetOpenVPNAuth() (auth string, err error) { func (r *reader) GetOpenVPNAuth() (auth string, err error) {
return r.envParams.GetEnv("OPENVPN_AUTH") return r.envParams.GetEnv("OPENVPN_AUTH")
} }
// GetOpenVPNIPv6 obtains if ipv6 should be tunneled through the
// openvpn tunnel from the environment variable OPENVPN_IPV6
func (r *reader) GetOpenVPNIPv6() (ipv6 bool, err error) {
return r.envParams.GetOnOff("OPENVPN_IPV6", libparams.Default("off"))
}

1
internal/params/params.go
View File

@@ -54,6 +54,7 @@ type Reader interface {
GetTargetIP() (ip net.IP, err error) GetTargetIP() (ip net.IP, err error)
GetOpenVPNCipher() (cipher string, err error) GetOpenVPNCipher() (cipher string, err error)
GetOpenVPNAuth() (auth string, err error) GetOpenVPNAuth() (auth string, err error)
GetOpenVPNIPv6() (tunnel bool, err error)
// PIA getters // PIA getters
GetPortForwarding() (activated bool, err error) GetPortForwarding() (activated bool, err error)

7
internal/provider/mullvad.go
View File

@@ -94,7 +94,6 @@ func (m *mullvad) BuildConf(connections []models.OpenVPNConnection, verbosity, u
"sndbuf 524288", "sndbuf 524288",
"rcvbuf 524288", "rcvbuf 524288",
"tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA", "tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA",
"tun-ipv6",
"fast-io", "fast-io",
"script-security 2", "script-security 2",
@@ -112,6 +111,12 @@ func (m *mullvad) BuildConf(connections []models.OpenVPNConnection, verbosity, u
fmt.Sprintf("proto %s", connections[0].Protocol), fmt.Sprintf("proto %s", connections[0].Protocol),
fmt.Sprintf("cipher %s", cipher), fmt.Sprintf("cipher %s", cipher),
} }
if extras.OpenVPNIPv6 {
lines = append(lines, "tun-ipv6")
} else {
lines = append(lines, `pull-filter ignore "route-ipv6"`)
lines = append(lines, `pull-filter ignore "ifconfig-ipv6"`)
}
if !root { if !root {
lines = append(lines, "user nonrootuser") lines = append(lines, "user nonrootuser")
} }

2
internal/settings/openvpn_test.go
View File

@@ -19,7 +19,7 @@ func Test_OpenVPN_JSON(t *testing.T) {
} }
data, err := json.Marshal(in) data, err := json.Marshal(in)
require.NoError(t, err) require.NoError(t, err)
assert.Equal(t, `{"user":"","verbosity":0,"runAsRoot":true,"cipher":"","auth":"","provider":{"name":"name","serverSelection":{"networkProtocol":"","region":"","group":"","country":"","city":"","isp":"","owned":false,"customPort":0,"number":0,"encryptionPreset":""},"extraConfig":{"encryptionPreset":""},"portForwarding":{"enabled":false,"filepath":""}}}`, string(data)) assert.Equal(t, `{"user":"","verbosity":0,"runAsRoot":true,"cipher":"","auth":"","provider":{"name":"name","serverSelection":{"networkProtocol":"","region":"","group":"","country":"","city":"","isp":"","owned":false,"customPort":0,"number":0,"encryptionPreset":""},"extraConfig":{"encryptionPreset":"","openvpnIPv6":false},"portForwarding":{"enabled":false,"filepath":""}}}`, string(data))
var out OpenVPN var out OpenVPN
err = json.Unmarshal(data, &out) err = json.Unmarshal(data, &out)
require.NoError(t, err) require.NoError(t, err)

4
internal/settings/providers.go
View File

@@ -106,6 +106,10 @@ func GetMullvadSettings(paramsReader params.Reader) (settings models.ProviderSet
return settings, fmt.Errorf("port %d is not valid for UDP protocol", settings.ServerSelection.CustomPort) return settings, fmt.Errorf("port %d is not valid for UDP protocol", settings.ServerSelection.CustomPort)
} }
} }
settings.ExtraConfigOptions.OpenVPNIPv6, err = paramsReader.GetOpenVPNIPv6()
if err != nil {
return settings, err
}
return settings, nil return settings, nil
} }