vanja/gluetun
1
0
Fork 0
mirror of https://github.com/qdm12/gluetun.git synced 2026-05-16 05:33:30 +02:00
Code Issues Packages Projects Releases Wiki Activity

OPENVPN_AUTH variable, refers to #94

Browse Source
This commit is contained in:
Quentin McGaw
2020-03-29 16:22:21 -04:00
committed by GitHub
parent 3d6a580102
commit 643745d33e
11 changed files with 46 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files
internal/params/openvpn.go
+7
View File
@@ -71,3 +71,10 @@ func (p *paramsReader) GetOpenVPNCipher() (cipher string, err error) {
cipher, err = p.envParams.GetEnv("OPENVPN_CIPHER")
return strings.ToLower(cipher), err
}
// GetOpenVPNAuth obtains a custom auth algorithm to use with OpenVPN
// from the environment variable OPENVPN_AUTH
func (p *paramsReader) GetOpenVPNAuth() (auth string, err error) {
auth, err = p.envParams.GetEnv("OPENVPN_AUTH")
return strings.ToLower(auth), err
}
internal/params/params.go
+1
View File
@@ -39,6 +39,7 @@ type ParamsReader interface {
GetOpenVPNRoot() (root bool, err error)
GetTargetIP() (ip net.IP, err error)
GetOpenVPNCipher() (cipher string, err error)
GetOpenVPNAuth() (auth string, err error)
// PIA getters
GetPortForwarding() (activated bool, err error)
internal/pia/conf.go
+9 -5
View File
@@ -66,20 +66,24 @@ func (c *configurator) GetOpenVPNConnections(region models.PIARegion, protocol m
return connections, nil
}
func (c *configurator) BuildConf(connections []models.OpenVPNConnection, encryption models.PIAEncryption, verbosity, uid, gid int, root bool, cipher string) (err error) {
var X509CRL, certificate, authAlgo string
func (c *configurator) BuildConf(connections []models.OpenVPNConnection, encryption models.PIAEncryption, verbosity, uid, gid int, root bool, cipher, auth string) (err error) {
var X509CRL, certificate string
if encryption == constants.PIAEncryptionNormal {
if len(cipher) == 0 {
cipher = "aes-128-cbc"
}
authAlgo = "sha1"
if len(auth) == 0 {
auth = "sha1"
}
X509CRL = constants.PIAX509CRL_NORMAL
certificate = constants.PIACertificate_NORMAL
} else { // strong encryption
if len(cipher) == 0 {
cipher = "aes-256-cbc"
}
authAlgo = "sha256"
if len(auth) == 0 {
auth = "sha256"
}
X509CRL = constants.PIAX509CRL_STRONG
certificate = constants.PIACertificate_STRONG
}
@@ -109,7 +113,7 @@ func (c *configurator) BuildConf(connections []models.OpenVPNConnection, encrypt
fmt.Sprintf("auth-user-pass %s", constants.OpenVPNAuthConf),
fmt.Sprintf("proto %s", string(connections[0].Protocol)),
fmt.Sprintf("cipher %s", cipher),
fmt.Sprintf("auth %s", authAlgo),
fmt.Sprintf("auth %s", auth),
}
if strings.HasSuffix(cipher, "-gcm") {
lines = append(lines, "ncp-disable")
internal/pia/pia.go
+1 -1
View File
@@ -18,7 +18,7 @@ const logPrefix = "PIA configurator"
type Configurator interface {
GetOpenVPNConnections(region models.PIARegion, protocol models.NetworkProtocol,
encryption models.PIAEncryption, targetIP net.IP) (connections []models.OpenVPNConnection, err error)
BuildConf(connections []models.OpenVPNConnection, encryption models.PIAEncryption, verbosity, uid, gid int, root bool, cipher string) (err error)
BuildConf(connections []models.OpenVPNConnection, encryption models.PIAEncryption, verbosity, uid, gid int, root bool, cipher, auth string) (err error)
GetPortForward() (port uint16, err error)
WritePortForward(filepath models.Filepath, port uint16) (err error)
AllowPortForwardFirewall(device models.VPNDevice, port uint16) (err error)
internal/settings/openvpn.go
+6
View File
@@ -16,6 +16,7 @@ type OpenVPN struct {
Root bool
TargetIP net.IP
Cipher string
Auth string
}
// GetOpenVPNSettings obtains the OpenVPN settings using the params functions
@@ -40,6 +41,10 @@ func GetOpenVPNSettings(params params.ParamsReader) (settings OpenVPN, err error
if err != nil {
return settings, err
}
settings.Auth, err = params.GetOpenVPNAuth()
if err != nil {
return settings, err
}
return settings, nil
}
@@ -55,6 +60,7 @@ func (o *OpenVPN) String() string {
"Run as root: " + runAsRoot,
"Target IP address: " + o.TargetIP.String(),
"Custom cipher: " + o.Cipher,
"Custom auth algorithm: " + o.Auth,
}
return strings.Join(settingsList, "\n|--")
}
internal/settings/settings.go
+10
View File
@@ -57,6 +57,11 @@ func GetAllSettings(params params.ParamsReader) (settings Settings, err error) {
default:
return settings, fmt.Errorf("cipher %q is not supported by Private Internet Access", settings.OpenVPN.Cipher)
}
switch settings.OpenVPN.Auth {
case "", "sha1", "sha256":
default:
return settings, fmt.Errorf("auth algorithm %q is not supported by Private Internet Access", settings.OpenVPN.Auth)
}
settings.PIA, err = GetPIASettings(params)
case "mullvad":
switch settings.OpenVPN.Cipher {
@@ -64,6 +69,11 @@ func GetAllSettings(params params.ParamsReader) (settings Settings, err error) {
default:
return settings, fmt.Errorf("cipher %q is not supported by Mullvad", settings.OpenVPN.Cipher)
}
switch settings.OpenVPN.Auth {
case "":
default:
return settings, fmt.Errorf("auth algorithm %q is not supported by Mullvad (not using auth at all)", settings.OpenVPN.Auth)
}
settings.Mullvad, err = GetMullvadSettings(params)
default:
return settings, fmt.Errorf("VPN service provider %q is not valid", settings.VPNSP)