OPENVPN_AUTH variable, refers to #94

2026-05-07 04:20:12 +02:00 · 2020-03-29 16:22:21 -04:00
parent 3d6a580102
commit 643745d33e
11 changed files with 46 additions and 31 deletions
@@ -1,34 +1,16 @@
 name: Misspells
 on:
-  push:
-    branches:
-      - master
  pull_request:
-    branches:
-      - master
+    branches: [master]
+  push:
+    branches: [master]
 jobs:
  misspell:
    runs-on: ubuntu-latest
    steps:
-      - name: Checkout on push
-        if: github.event_name == 'push'
-        uses: actions/checkout@v2
-      - name: Checkout on pull_request
-        if: github.event_name == 'pull_request'
-        uses: actions/checkout@v2
-        with:
-          ref: ${{ github.event.pull_request.head.sha }}
-      - name: reviewdog fixer
-        uses: reviewdog/action-misspell@v1
+      - uses: actions/checkout@v2
+      - uses: reviewdog/action-misspell@v1
        with:
          github_token: ${{ secrets.GITHUB_TOKEN }}
          locale: "US"
-      - name: sobolevn fixer
-        uses: sobolevn/misspell-fixer-action@master
-      - uses: peter-evans/create-pull-request@v2.4.4
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-          commit-message: 'Typos fixes'
-          title: "Typos fixes"
-          branch: typos
-          branch-suffix: timestamp
+          level: error
@@ -40,6 +40,8 @@ ENV VPNSP=pia \
    PASSWORD= \
    REGION="CA Montreal" \
    PIA_ENCRYPTION=strong \
+    OPENVPN_CIPHER= \
+    OPENVPN_AUTH= \
    PORT_FORWARDING=off \
    PORT_FORWARDING_STATUS_FILE="/forwarded_port" \
    # Mullvad only
@@ -163,6 +163,7 @@ docker run --rm --network=container:pia alpine:3.11 wget -qO- https://ipinfo.io
 | `OPENVPN_ROOT` | `no` | Run OpenVPN as root, `yes` or `no` |
 | `OPENVPN_TARGET_IP` | | Specify a target VPN server IP address to use, valid for Mullvad and Private Internet Access |
 | `OPENVPN_CIPHER` | | Specify a custom cipher to use, use at your own risk. It will also set `ncp-disable` if using AES GCM for PIA |
+| `OPENVPN_AUTH` | | Specify a custom auth algorithm to use (i.e. `sha256`) *for pia only* |

 ## Connect to it

@@ -132,7 +132,7 @@ func main() {
 	case "pia":
 		connections, err = piaConf.GetOpenVPNConnections(allSettings.PIA.Region, allSettings.OpenVPN.NetworkProtocol, allSettings.PIA.Encryption, allSettings.OpenVPN.TargetIP)
 		e.FatalOnError(err)
-		err = piaConf.BuildConf(connections, allSettings.PIA.Encryption, allSettings.OpenVPN.Verbosity, uid, gid, allSettings.OpenVPN.Root, allSettings.OpenVPN.Cipher)
+		err = piaConf.BuildConf(connections, allSettings.PIA.Encryption, allSettings.OpenVPN.Verbosity, uid, gid, allSettings.OpenVPN.Root, allSettings.OpenVPN.Cipher, allSettings.OpenVPN.Auth)
 		e.FatalOnError(err)
 	case "mullvad":
 		connections, err = mullvadConf.GetOpenVPNConnections(allSettings.Mullvad.Country, allSettings.Mullvad.City, allSettings.Mullvad.ISP, allSettings.OpenVPN.NetworkProtocol, allSettings.Mullvad.Port, allSettings.OpenVPN.TargetIP)
@@ -27,6 +27,8 @@ services:
      - PASSWORD=8fd9s239G
      - PIA_ENCRYPTION=strong
      - PORT_FORWARDING=off
+      - OPENVPN_CIPHER=
+      - OPENVPN_AUTH=

      # Mullvad only
      - COUNTRY=Sweden
@@ -71,3 +71,10 @@ func (p *paramsReader) GetOpenVPNCipher() (cipher string, err error) {
 	cipher, err = p.envParams.GetEnv("OPENVPN_CIPHER")
 	return strings.ToLower(cipher), err
 }
+
+// GetOpenVPNAuth obtains a custom auth algorithm to use with OpenVPN
+// from the environment variable OPENVPN_AUTH
+func (p *paramsReader) GetOpenVPNAuth() (auth string, err error) {
+	auth, err = p.envParams.GetEnv("OPENVPN_AUTH")
+	return strings.ToLower(auth), err
+}
@@ -39,6 +39,7 @@ type ParamsReader interface {
 	GetOpenVPNRoot() (root bool, err error)
 	GetTargetIP() (ip net.IP, err error)
 	GetOpenVPNCipher() (cipher string, err error)
+	GetOpenVPNAuth() (auth string, err error)

 	// PIA getters
 	GetPortForwarding() (activated bool, err error)
@@ -66,20 +66,24 @@ func (c *configurator) GetOpenVPNConnections(region models.PIARegion, protocol m
 	return connections, nil
 }

-func (c *configurator) BuildConf(connections []models.OpenVPNConnection, encryption models.PIAEncryption, verbosity, uid, gid int, root bool, cipher string) (err error) {
-	var X509CRL, certificate, authAlgo string
+func (c *configurator) BuildConf(connections []models.OpenVPNConnection, encryption models.PIAEncryption, verbosity, uid, gid int, root bool, cipher, auth string) (err error) {
+	var X509CRL, certificate string
 	if encryption == constants.PIAEncryptionNormal {
 		if len(cipher) == 0 {
 			cipher = "aes-128-cbc"
 		}
-		authAlgo = "sha1"
+		if len(auth) == 0 {
+			auth = "sha1"
+		}
 		X509CRL = constants.PIAX509CRL_NORMAL
 		certificate = constants.PIACertificate_NORMAL
 	} else { // strong encryption
 		if len(cipher) == 0 {
 			cipher = "aes-256-cbc"
 		}
-		authAlgo = "sha256"
+		if len(auth) == 0 {
+			auth = "sha256"
+		}
 		X509CRL = constants.PIAX509CRL_STRONG
 		certificate = constants.PIACertificate_STRONG
 	}
@@ -109,7 +113,7 @@ func (c *configurator) BuildConf(connections []models.OpenVPNConnection, encrypt
 		fmt.Sprintf("auth-user-pass %s", constants.OpenVPNAuthConf),
 		fmt.Sprintf("proto %s", string(connections[0].Protocol)),
 		fmt.Sprintf("cipher %s", cipher),
-		fmt.Sprintf("auth %s", authAlgo),
+		fmt.Sprintf("auth %s", auth),
 	}
 	if strings.HasSuffix(cipher, "-gcm") {
 		lines = append(lines, "ncp-disable")
@@ -18,7 +18,7 @@ const logPrefix = "PIA configurator"
 type Configurator interface {
 	GetOpenVPNConnections(region models.PIARegion, protocol models.NetworkProtocol,
 		encryption models.PIAEncryption, targetIP net.IP) (connections []models.OpenVPNConnection, err error)
-	BuildConf(connections []models.OpenVPNConnection, encryption models.PIAEncryption, verbosity, uid, gid int, root bool, cipher string) (err error)
+	BuildConf(connections []models.OpenVPNConnection, encryption models.PIAEncryption, verbosity, uid, gid int, root bool, cipher, auth string) (err error)
 	GetPortForward() (port uint16, err error)
 	WritePortForward(filepath models.Filepath, port uint16) (err error)
 	AllowPortForwardFirewall(device models.VPNDevice, port uint16) (err error)
@@ -16,6 +16,7 @@ type OpenVPN struct {
 	Root            bool
 	TargetIP        net.IP
 	Cipher          string
+	Auth            string
 }

 // GetOpenVPNSettings obtains the OpenVPN settings using the params functions
@@ -40,6 +41,10 @@ func GetOpenVPNSettings(params params.ParamsReader) (settings OpenVPN, err error
 	if err != nil {
 		return settings, err
 	}
+	settings.Auth, err = params.GetOpenVPNAuth()
+	if err != nil {
+		return settings, err
+	}
 	return settings, nil
 }

@@ -55,6 +60,7 @@ func (o *OpenVPN) String() string {
 		"Run as root: " + runAsRoot,
 		"Target IP address: " + o.TargetIP.String(),
 		"Custom cipher: " + o.Cipher,
+		"Custom auth algorithm: " + o.Auth,
 	}
 	return strings.Join(settingsList, "\n|--")
 }
@@ -57,6 +57,11 @@ func GetAllSettings(params params.ParamsReader) (settings Settings, err error) {
 		default:
 			return settings, fmt.Errorf("cipher %q is not supported by Private Internet Access", settings.OpenVPN.Cipher)
 		}
+		switch settings.OpenVPN.Auth {
+		case "", "sha1", "sha256":
+		default:
+			return settings, fmt.Errorf("auth algorithm %q is not supported by Private Internet Access", settings.OpenVPN.Auth)
+		}
 		settings.PIA, err = GetPIASettings(params)
 	case "mullvad":
 		switch settings.OpenVPN.Cipher {
@@ -64,6 +69,11 @@ func GetAllSettings(params params.ParamsReader) (settings Settings, err error) {
 		default:
 			return settings, fmt.Errorf("cipher %q is not supported by Mullvad", settings.OpenVPN.Cipher)
 		}
+		switch settings.OpenVPN.Auth {
+		case "":
+		default:
+			return settings, fmt.Errorf("auth algorithm %q is not supported by Mullvad (not using auth at all)", settings.OpenVPN.Auth)
+		}
 		settings.Mullvad, err = GetMullvadSettings(params)
 	default:
 		return settings, fmt.Errorf("VPN service provider %q is not valid", settings.VPNSP)