mirror of
https://github.com/qdm12/gluetun.git
synced 2026-05-06 20:10:11 +02:00
feat(protonvpn): support up to 5 forwarded ports (#3208)
This commit is contained in:
Quentin McGaw
@@ -10,12 +10,17 @@ import (
|
||||
// PortForward calculates and returns the VPN server side ports forwarded.
|
||||
func (p *Provider) PortForward(_ context.Context,
|
||||
objects utils.PortForwardObjects,
|
||||
) (ports []uint16, err error) {
|
||||
) (internalToExternalPorts map[uint16]uint16, err error) {
|
||||
if !objects.InternalIP.IsValid() {
|
||||
panic("internal ip is not set")
|
||||
}
|
||||
|
||||
return internalIPToPorts(objects.InternalIP), nil
|
||||
ports := internalIPToPorts(objects.InternalIP)
|
||||
internalToExternalPorts = make(map[uint16]uint16, len(ports))
|
||||
for _, port := range ports {
|
||||
internalToExternalPorts[port] = port
|
||||
}
|
||||
return internalToExternalPorts, nil
|
||||
}
|
||||
|
||||
func (p *Provider) KeepPortForward(ctx context.Context,
|
||||
|
||||
@@ -26,7 +26,7 @@ var ErrServerNameNotFound = errors.New("server name not found in servers")
|
||||
// PortForward obtains a VPN server side port forwarded from PIA.
|
||||
func (p *Provider) PortForward(ctx context.Context,
|
||||
objects utils.PortForwardObjects,
|
||||
) (ports []uint16, err error) {
|
||||
) (internalToExternalPorts map[uint16]uint16, err error) {
|
||||
switch {
|
||||
case objects.ServerName == "":
|
||||
panic("server name cannot be empty")
|
||||
@@ -84,7 +84,7 @@ func (p *Provider) PortForward(ctx context.Context,
|
||||
return nil, fmt.Errorf("binding port: %w", err)
|
||||
}
|
||||
|
||||
return []uint16{data.Port}, nil
|
||||
return map[uint16]uint16{data.Port: data.Port}, nil
|
||||
}
|
||||
|
||||
var ErrPortForwardedExpired = errors.New("port forwarded data expired")
|
||||
|
||||
@@ -22,7 +22,7 @@ var ErrPortForwardedNotFound = errors.New("port forwarded not found")
|
||||
// PortForward obtains a VPN server side port forwarded from the PrivateVPN API.
|
||||
// It returns 0 if all ports are to forwarded on a dedicated server IP.
|
||||
func (p *Provider) PortForward(ctx context.Context, objects utils.PortForwardObjects) (
|
||||
ports []uint16, err error,
|
||||
internalToExternalPorts map[uint16]uint16, err error,
|
||||
) {
|
||||
// Define a timeout since the default client has a large timeout and we don't
|
||||
// want to wait too long.
|
||||
@@ -75,7 +75,8 @@ func (p *Provider) PortForward(ctx context.Context, objects utils.PortForwardObj
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("parsing port: %w", err)
|
||||
}
|
||||
return []uint16{uint16(portUint64)}, nil
|
||||
port := uint16(portUint64)
|
||||
return map[uint16]uint16{port: port}, nil
|
||||
}
|
||||
|
||||
func (p *Provider) KeepPortForward(ctx context.Context,
|
||||
|
||||
@@ -28,10 +28,10 @@ func Test_Provider_PortForward(t *testing.T) {
|
||||
cancel()
|
||||
|
||||
testCases := map[string]struct {
|
||||
ctx context.Context
|
||||
objects utils.PortForwardObjects
|
||||
ports []uint16
|
||||
errMessage string
|
||||
ctx context.Context
|
||||
objects utils.PortForwardObjects
|
||||
internalToExternalPorts map[uint16]uint16
|
||||
errMessage string
|
||||
}{
|
||||
"canceled context": {
|
||||
ctx: canceledCtx,
|
||||
@@ -192,7 +192,7 @@ func Test_Provider_PortForward(t *testing.T) {
|
||||
}),
|
||||
},
|
||||
},
|
||||
ports: []uint16{61527},
|
||||
internalToExternalPorts: map[uint16]uint16{61527: 61527},
|
||||
},
|
||||
}
|
||||
for name, testCase := range testCases {
|
||||
@@ -203,7 +203,7 @@ func Test_Provider_PortForward(t *testing.T) {
|
||||
ports, err := provider.PortForward(testCase.ctx,
|
||||
testCase.objects)
|
||||
|
||||
assert.Equal(t, testCase.ports, ports)
|
||||
assert.Equal(t, testCase.internalToExternalPorts, ports)
|
||||
if testCase.errMessage != "" {
|
||||
assert.EqualError(t, err, testCase.errMessage)
|
||||
} else {
|
||||
|
||||
@@ -4,6 +4,7 @@ import (
|
||||
"context"
|
||||
"errors"
|
||||
"fmt"
|
||||
"maps"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
@@ -13,17 +14,18 @@ import (
|
||||
|
||||
var ErrServerPortForwardNotSupported = errors.New("server does not support port forwarding")
|
||||
|
||||
const nonSymmetricPortStart uint16 = 56789
|
||||
|
||||
// PortForward obtains a VPN server side port forwarded from ProtonVPN gateway.
|
||||
func (p *Provider) PortForward(ctx context.Context, objects utils.PortForwardObjects) (
|
||||
ports []uint16, err error,
|
||||
internalToExternalPorts map[uint16]uint16, err error,
|
||||
) {
|
||||
if !objects.CanPortForward {
|
||||
return nil, fmt.Errorf("%w", ErrServerPortForwardNotSupported)
|
||||
}
|
||||
|
||||
client := natpmp.New()
|
||||
_, externalIPv4Address, err := client.ExternalAddress(ctx,
|
||||
objects.Gateway)
|
||||
_, externalIPv4Address, err := client.ExternalAddress(ctx, objects.Gateway)
|
||||
if err != nil {
|
||||
switch {
|
||||
case strings.HasSuffix(err.Error(), "connection refused"):
|
||||
@@ -38,29 +40,37 @@ func (p *Provider) PortForward(ctx context.Context, objects utils.PortForwardObj
|
||||
|
||||
logger := objects.Logger
|
||||
|
||||
logger.Info("gateway external IPv4 address is " + externalIPv4Address.String())
|
||||
const internalPort, externalPort = 0, 1
|
||||
logger.Debug("gateway external IPv4 address is " + externalIPv4Address.String())
|
||||
const externalPort = 0
|
||||
const lifetime = 60 * time.Second
|
||||
|
||||
_, _, assignedUDPExternalPort, assignedLifetime, err := client.AddPortMapping(ctx, objects.Gateway, "udp",
|
||||
internalPort, externalPort, lifetime)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("adding UDP port mapping: %w", err)
|
||||
p.internalToExternalPorts = make(map[uint16]uint16, objects.PortsCount)
|
||||
for i := range objects.PortsCount {
|
||||
internalPort := nonSymmetricPortStart + i
|
||||
protoToInternalPort := map[string]uint16{
|
||||
"udp": 0,
|
||||
"tcp": 0,
|
||||
}
|
||||
protoToExternalPort := maps.Clone(protoToInternalPort)
|
||||
for protocol := range protoToExternalPort {
|
||||
_, assignedInternalPort, assignedExternalPort, assignedLifetime, err := client.AddPortMapping(
|
||||
ctx, objects.Gateway, protocol, internalPort, externalPort, lifetime)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("adding %d/%d %s port mapping: %w",
|
||||
i+1, objects.PortsCount, strings.ToUpper(protocol), err)
|
||||
}
|
||||
checkLifetime(logger, strings.ToUpper(protocol), lifetime, assignedLifetime)
|
||||
checkInternalPort(logger, internalPort, assignedInternalPort)
|
||||
protoToInternalPort[protocol] = assignedInternalPort
|
||||
protoToExternalPort[protocol] = assignedExternalPort
|
||||
}
|
||||
|
||||
checkInternalPorts(logger, protoToInternalPort["udp"], protoToInternalPort["tcp"])
|
||||
checkExternalPorts(logger, protoToExternalPort["udp"], protoToExternalPort["tcp"])
|
||||
p.internalToExternalPorts[protoToInternalPort["tcp"]] = protoToExternalPort["tcp"]
|
||||
}
|
||||
checkLifetime(logger, "UDP", lifetime, assignedLifetime)
|
||||
|
||||
_, _, assignedTCPExternalPort, assignedLifetime, err := client.AddPortMapping(ctx, objects.Gateway, "tcp",
|
||||
internalPort, externalPort, lifetime)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("adding TCP port mapping: %w", err)
|
||||
}
|
||||
checkLifetime(logger, "TCP", lifetime, assignedLifetime)
|
||||
|
||||
checkExternalPorts(logger, assignedUDPExternalPort, assignedTCPExternalPort)
|
||||
|
||||
p.portForwarded = assignedTCPExternalPort
|
||||
|
||||
return []uint16{assignedTCPExternalPort}, nil
|
||||
return maps.Clone(p.internalToExternalPorts), nil
|
||||
}
|
||||
|
||||
func checkLifetime(logger utils.Logger, protocol string,
|
||||
@@ -73,6 +83,20 @@ func checkLifetime(logger utils.Logger, protocol string,
|
||||
}
|
||||
}
|
||||
|
||||
func checkInternalPort(logger utils.Logger, sent, received uint16) {
|
||||
if sent != received {
|
||||
logger.Warn(fmt.Sprintf("internal port assigned %d differs from requested internal port %d",
|
||||
sent, received))
|
||||
}
|
||||
}
|
||||
|
||||
func checkInternalPorts(logger utils.Logger, udpPort, tcpPort uint16) {
|
||||
if udpPort != tcpPort {
|
||||
logger.Warn(fmt.Sprintf("UDP internal port %d differs from TCP internal port %d",
|
||||
udpPort, tcpPort))
|
||||
}
|
||||
}
|
||||
|
||||
func checkExternalPorts(logger utils.Logger, udpPort, tcpPort uint16) {
|
||||
if udpPort != tcpPort {
|
||||
logger.Warn(fmt.Sprintf("UDP external port %d differs from TCP external port %d",
|
||||
@@ -80,7 +104,10 @@ func checkExternalPorts(logger utils.Logger, udpPort, tcpPort uint16) {
|
||||
}
|
||||
}
|
||||
|
||||
var ErrExternalPortChanged = errors.New("external port changed")
|
||||
var (
|
||||
ErrInternalPortChanged = errors.New("internal port changed")
|
||||
ErrExternalPortChanged = errors.New("external port changed")
|
||||
)
|
||||
|
||||
func (p *Provider) KeepPortForward(ctx context.Context,
|
||||
objects utils.PortForwardObjects,
|
||||
@@ -96,32 +123,28 @@ func (p *Provider) KeepPortForward(ctx context.Context,
|
||||
case <-timer.C:
|
||||
}
|
||||
|
||||
objects.Logger.Debug("refreshing port forward since 45 seconds have elapsed")
|
||||
networkProtocols := []string{"udp", "tcp"}
|
||||
const internalPort = 0
|
||||
objects.Logger.Debug("refreshing forwarded ports since 45 seconds have elapsed")
|
||||
networkProtocols := [...]string{"udp", "tcp"}
|
||||
const lifetime = 60 * time.Second
|
||||
|
||||
for _, networkProtocol := range networkProtocols {
|
||||
_, _, assignedExternalPort, assignedLiftetime, err := client.AddPortMapping(ctx, objects.Gateway, networkProtocol,
|
||||
internalPort, p.portForwarded, lifetime)
|
||||
if err != nil {
|
||||
return fmt.Errorf("adding port mapping: %w", err)
|
||||
}
|
||||
|
||||
if assignedLiftetime != lifetime {
|
||||
logger.Warn(fmt.Sprintf("assigned lifetime %s differs"+
|
||||
" from requested lifetime %s",
|
||||
assignedLiftetime, lifetime))
|
||||
}
|
||||
|
||||
if p.portForwarded != assignedExternalPort {
|
||||
return fmt.Errorf("%w: %d changed to %d",
|
||||
ErrExternalPortChanged, p.portForwarded, assignedExternalPort)
|
||||
for internalPort, externalPort := range p.internalToExternalPorts {
|
||||
for _, networkProtocol := range networkProtocols {
|
||||
_, assignedInternalPort, assignedExternalPort, assignedLiftetime, err := client.AddPortMapping(
|
||||
ctx, objects.Gateway, networkProtocol, internalPort, externalPort, lifetime)
|
||||
if err != nil {
|
||||
return fmt.Errorf("adding port mapping: %w", err)
|
||||
}
|
||||
checkLifetime(logger, networkProtocol, lifetime, assignedLiftetime)
|
||||
if externalPort != assignedExternalPort {
|
||||
return fmt.Errorf("%w: %d changed to %d",
|
||||
ErrExternalPortChanged, externalPort, assignedExternalPort)
|
||||
} else if internalPort != assignedInternalPort {
|
||||
return fmt.Errorf("%w: %d (for external port %d) changed to %d",
|
||||
ErrInternalPortChanged, internalPort, externalPort, assignedInternalPort)
|
||||
}
|
||||
}
|
||||
objects.Logger.Debug(fmt.Sprintf("port forwarded %d maintained", externalPort))
|
||||
}
|
||||
|
||||
objects.Logger.Debug(fmt.Sprintf("port forwarded %d maintained", p.portForwarded))
|
||||
|
||||
timer.Reset(refreshTimeout)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -13,7 +13,7 @@ type Provider struct {
|
||||
storage common.Storage
|
||||
randSource rand.Source
|
||||
common.Fetcher
|
||||
portForwarded uint16
|
||||
internalToExternalPorts map[uint16]uint16
|
||||
}
|
||||
|
||||
func New(storage common.Storage, randSource rand.Source,
|
||||
|
||||
@@ -25,6 +25,8 @@ type PortForwardObjects struct {
|
||||
Username string
|
||||
// Password is used by Private Internet Access for port forwarding.
|
||||
Password string
|
||||
// PortsCount is used by ProtonVPN for port forwarding.
|
||||
PortsCount uint16
|
||||
}
|
||||
|
||||
type Routing interface {
|
||||
|
||||
Reference in New Issue
Block a user