package provider import ( "context" "fmt" "math/rand" "net" "net/http" "strconv" "github.com/qdm12/gluetun/internal/configuration" "github.com/qdm12/gluetun/internal/constants" "github.com/qdm12/gluetun/internal/firewall" "github.com/qdm12/gluetun/internal/models" "github.com/qdm12/golibs/logging" "github.com/qdm12/golibs/os" ) type vyprvpn struct { servers []models.VyprvpnServer randSource rand.Source } func newVyprvpn(servers []models.VyprvpnServer, timeNow timeNowFunc) *vyprvpn { return &vyprvpn{ servers: servers, randSource: rand.NewSource(timeNow().UnixNano()), } } func (v *vyprvpn) filterServers(regions []string) (servers []models.VyprvpnServer) { for _, server := range v.servers { switch { case filterByPossibilities(server.Region, regions): default: servers = append(servers, server) } } return servers } func (v *vyprvpn) GetOpenVPNConnection(selection configuration.ServerSelection) ( connection models.OpenVPNConnection, err error) { var port uint16 switch { case selection.Protocol == constants.TCP: return connection, fmt.Errorf("TCP protocol not supported by this VPN provider") case selection.Protocol == constants.UDP: port = 443 default: return connection, fmt.Errorf("protocol %q is unknown", selection.Protocol) } if selection.TargetIP != nil { return models.OpenVPNConnection{IP: selection.TargetIP, Port: port, Protocol: selection.Protocol}, nil } servers := v.filterServers(selection.Regions) if len(servers) == 0 { return connection, fmt.Errorf("no server found for region %s", commaJoin(selection.Regions)) } var connections []models.OpenVPNConnection for _, server := range servers { for _, IP := range server.IPs { connections = append(connections, models.OpenVPNConnection{IP: IP, Port: port, Protocol: selection.Protocol}) } } return pickRandomConnection(connections, v.randSource), nil } func (v *vyprvpn) BuildConf(connection models.OpenVPNConnection, username string, settings configuration.OpenVPN) (lines []string) { if len(settings.Cipher) == 0 { settings.Cipher = aes256cbc } if len(settings.Auth) == 0 { settings.Auth = "SHA256" } lines = []string{ "client", "dev tun", "nobind", "persist-key", "remote-cert-tls server", "ping 10", "ping-exit 60", "ping-timer-rem", "tls-exit", // Vyprvpn specific "comp-lzo", // "verify-x509-name lu1.vyprvpn.com name", "tls-cipher TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-256-CBC-SHA", //nolint:lll // Added constant values "auth-nocache", "mute-replay-warnings", "pull-filter ignore \"auth-token\"", // prevent auth failed loops `pull-filter ignore "ping-restart"`, "auth-retry nointeract", "suppress-timestamps", // Modified variables fmt.Sprintf("verb %d", settings.Verbosity), fmt.Sprintf("auth-user-pass %s", constants.OpenVPNAuthConf), fmt.Sprintf("proto %s", connection.Protocol), fmt.Sprintf("remote %s %d", connection.IP, connection.Port), fmt.Sprintf("cipher %s", settings.Cipher), fmt.Sprintf("auth %s", settings.Auth), } if !settings.Root { lines = append(lines, "user "+username) } if settings.MSSFix > 0 { lines = append(lines, "mssfix "+strconv.Itoa(int(settings.MSSFix))) } lines = append(lines, []string{ "", "-----BEGIN CERTIFICATE-----", constants.VyprvpnCertificate, "-----END CERTIFICATE-----", "", }...) return lines } func (v *vyprvpn) PortForward(ctx context.Context, client *http.Client, openFile os.OpenFileFunc, pfLogger logging.Logger, gateway net.IP, fw firewall.Configurator, syncState func(port uint16) (pfFilepath string)) { panic("port forwarding is not supported for vyprvpn") }