mirror of
https://github.com/qdm12/gluetun.git
synced 2026-05-07 04:20:12 +02:00
chore(vpn): moved wireguard settings helpers from provider/utils to vpn as unexported functions
This commit is contained in:
Quentin McGaw
@@ -3,11 +3,11 @@ package vpn
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"net/netip"
|
||||
|
||||
"github.com/qdm12/gluetun/internal/configuration/settings"
|
||||
"github.com/qdm12/gluetun/internal/models"
|
||||
"github.com/qdm12/gluetun/internal/provider"
|
||||
"github.com/qdm12/gluetun/internal/provider/utils"
|
||||
"github.com/qdm12/gluetun/internal/wireguard"
|
||||
"github.com/qdm12/gosettings"
|
||||
)
|
||||
@@ -24,7 +24,7 @@ func setupWireguard(ctx context.Context, netlinker NetLinker,
|
||||
return nil, models.Connection{}, fmt.Errorf("finding a VPN server: %w", err)
|
||||
}
|
||||
|
||||
wireguardSettings := utils.BuildWireguardSettings(connection, settings.Wireguard, ipv6Supported)
|
||||
wireguardSettings := buildWireguardSettings(connection, settings.Wireguard, ipv6Supported)
|
||||
|
||||
logger.Debug("Wireguard server public key: " + wireguardSettings.PublicKey)
|
||||
logger.Debug("Wireguard client private key: " + gosettings.ObfuscateKey(wireguardSettings.PrivateKey))
|
||||
@@ -42,3 +42,73 @@ func setupWireguard(ctx context.Context, netlinker NetLinker,
|
||||
|
||||
return wireguarder, connection, nil
|
||||
}
|
||||
|
||||
func buildWireguardSettings(connection models.Connection,
|
||||
userSettings settings.Wireguard, ipv6Supported bool,
|
||||
) (settings wireguard.Settings) {
|
||||
settings.PrivateKey = *userSettings.PrivateKey
|
||||
settings.PublicKey = connection.PubKey
|
||||
settings.PreSharedKey = *userSettings.PreSharedKey
|
||||
settings.InterfaceName = userSettings.Interface
|
||||
settings.Implementation = userSettings.Implementation
|
||||
settings.AmneziaWG = buildAmneziaWgSettings(userSettings.AmneziaWG)
|
||||
if *userSettings.MTU > 0 {
|
||||
settings.MTU = *userSettings.MTU
|
||||
} else {
|
||||
// The default is 1320 which is NOT the wireguard-go default
|
||||
// of 1420 because this impacts bandwidth a lot on some
|
||||
// VPN providers, see https://github.com/qdm12/gluetun/issues/1650.
|
||||
// It has been lowered to 1320 following quite a bit of
|
||||
// investigation in the issue: https://github.com/qdm12/gluetun/issues/2533.
|
||||
const defaultMTU = 1320
|
||||
settings.MTU = defaultMTU
|
||||
}
|
||||
settings.IPv6 = &ipv6Supported
|
||||
|
||||
const rulePriority = 101 // 100 is to receive external connections
|
||||
settings.RulePriority = rulePriority
|
||||
|
||||
settings.Endpoint = netip.AddrPortFrom(connection.IP, connection.Port)
|
||||
|
||||
settings.Addresses = make([]netip.Prefix, 0, len(userSettings.Addresses))
|
||||
for _, address := range userSettings.Addresses {
|
||||
if !ipv6Supported && address.Addr().Is6() {
|
||||
continue
|
||||
}
|
||||
addressCopy := netip.PrefixFrom(address.Addr(), address.Bits())
|
||||
settings.Addresses = append(settings.Addresses, addressCopy)
|
||||
}
|
||||
|
||||
settings.AllowedIPs = make([]netip.Prefix, 0, len(userSettings.AllowedIPs))
|
||||
for _, allowedIP := range userSettings.AllowedIPs {
|
||||
if !ipv6Supported && allowedIP.Addr().Is6() {
|
||||
continue
|
||||
}
|
||||
settings.AllowedIPs = append(settings.AllowedIPs, allowedIP)
|
||||
}
|
||||
|
||||
settings.PersistentKeepaliveInterval = *userSettings.PersistentKeepaliveInterval
|
||||
|
||||
return settings
|
||||
}
|
||||
|
||||
func buildAmneziaWgSettings(s settings.AmneziaWg) wireguard.AmneziaSettings {
|
||||
return wireguard.AmneziaSettings{
|
||||
JunkPacketCount: *s.JunkPacketCount,
|
||||
JunkPacketMin: *s.JunkPacketMin,
|
||||
JunkPacketMax: *s.JunkPacketMax,
|
||||
PaddingS1: *s.PaddingS1,
|
||||
PaddingS2: *s.PaddingS2,
|
||||
PaddingS3: *s.PaddingS3,
|
||||
PaddingS4: *s.PaddingS4,
|
||||
HeaderH1: *s.HeaderH1,
|
||||
HeaderH2: *s.HeaderH2,
|
||||
HeaderH3: *s.HeaderH3,
|
||||
HeaderH4: *s.HeaderH4,
|
||||
InitPacketI1: *s.InitPacketI1,
|
||||
InitPacketI2: *s.InitPacketI2,
|
||||
InitPacketI3: *s.InitPacketI3,
|
||||
InitPacketI4: *s.InitPacketI4,
|
||||
InitPacketI5: *s.InitPacketI5,
|
||||
}
|
||||
}
|
||||
|
||||
@@ -0,0 +1,97 @@
|
||||
package vpn
|
||||
|
||||
import (
|
||||
"net/netip"
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
"github.com/qdm12/gluetun/internal/configuration/settings"
|
||||
"github.com/qdm12/gluetun/internal/models"
|
||||
"github.com/qdm12/gluetun/internal/wireguard"
|
||||
"github.com/stretchr/testify/assert"
|
||||
)
|
||||
|
||||
func Test_buildWireguardSettings(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
testCases := map[string]struct {
|
||||
connection models.Connection
|
||||
userSettings settings.Wireguard
|
||||
ipv6Supported bool
|
||||
settings wireguard.Settings
|
||||
}{
|
||||
"some_settings": {
|
||||
connection: models.Connection{
|
||||
IP: netip.AddrFrom4([4]byte{1, 2, 3, 4}),
|
||||
Port: 51821,
|
||||
PubKey: "public",
|
||||
},
|
||||
userSettings: settings.Wireguard{
|
||||
PrivateKey: ptrTo("private"),
|
||||
PreSharedKey: ptrTo("pre-shared"),
|
||||
Addresses: []netip.Prefix{
|
||||
netip.PrefixFrom(netip.AddrFrom4([4]byte{1, 1, 1, 1}), 32),
|
||||
netip.PrefixFrom(netip.AddrFrom16([16]byte{}), 32),
|
||||
},
|
||||
AllowedIPs: []netip.Prefix{
|
||||
netip.PrefixFrom(netip.AddrFrom4([4]byte{2, 2, 2, 2}), 32),
|
||||
netip.PrefixFrom(netip.AddrFrom16([16]byte{}), 32),
|
||||
},
|
||||
PersistentKeepaliveInterval: ptrTo(time.Hour),
|
||||
Interface: "wg1",
|
||||
MTU: ptrTo(uint32(1000)),
|
||||
AmneziaWG: settings.AmneziaWg{
|
||||
JunkPacketCount: ptrTo(uint16(1)),
|
||||
JunkPacketMin: ptrTo(uint16(0)),
|
||||
JunkPacketMax: ptrTo(uint16(0)),
|
||||
PaddingS1: ptrTo(uint16(0)),
|
||||
PaddingS2: ptrTo(uint16(0)),
|
||||
PaddingS3: ptrTo(uint16(0)),
|
||||
PaddingS4: ptrTo(uint16(0)),
|
||||
HeaderH1: ptrTo("x"),
|
||||
HeaderH2: ptrTo(""),
|
||||
HeaderH3: ptrTo(""),
|
||||
HeaderH4: ptrTo(""),
|
||||
InitPacketI1: ptrTo(""),
|
||||
InitPacketI2: ptrTo(""),
|
||||
InitPacketI3: ptrTo(""),
|
||||
InitPacketI4: ptrTo(""),
|
||||
InitPacketI5: ptrTo(""),
|
||||
},
|
||||
},
|
||||
ipv6Supported: false,
|
||||
settings: wireguard.Settings{
|
||||
InterfaceName: "wg1",
|
||||
PrivateKey: "private",
|
||||
PublicKey: "public",
|
||||
PreSharedKey: "pre-shared",
|
||||
Endpoint: netip.AddrPortFrom(netip.AddrFrom4([4]byte{1, 2, 3, 4}), 51821),
|
||||
Addresses: []netip.Prefix{
|
||||
netip.PrefixFrom(netip.AddrFrom4([4]byte{1, 1, 1, 1}), 32),
|
||||
},
|
||||
AllowedIPs: []netip.Prefix{
|
||||
netip.PrefixFrom(netip.AddrFrom4([4]byte{2, 2, 2, 2}), 32),
|
||||
},
|
||||
PersistentKeepaliveInterval: time.Hour,
|
||||
RulePriority: 101,
|
||||
IPv6: ptrTo(false),
|
||||
MTU: 1000,
|
||||
AmneziaWG: wireguard.AmneziaSettings{
|
||||
JunkPacketCount: 1,
|
||||
HeaderH1: "x",
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
for name, testCase := range testCases {
|
||||
t.Run(name, func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
settings := buildWireguardSettings(testCase.connection,
|
||||
testCase.userSettings, testCase.ipv6Supported)
|
||||
|
||||
assert.Equal(t, testCase.settings, settings)
|
||||
})
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user