github.com/mysteriumnetwork/node@v0.0.0-20240516044423-365054f76801/services/openvpn/client_config.go

github.com/mysteriumnetwork/node@v0.0.0-20240516044423-365054f76801/services/openvpn/client_config.go (about)

     1  /*
     2   * Copyright (C) 2017 The "MysteriumNetwork/node" Authors.
     3   *
     4   * This program is free software: you can redistribute it and/or modify
     5   * it under the terms of the GNU General Public License as published by
     6   * the Free Software Foundation, either version 3 of the License, or
     7   * (at your option) any later version.
     8   *
     9   * This program is distributed in the hope that it will be useful,
    10   * but WITHOUT ANY WARRANTY; without even the implied warranty of
    11   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    12   * GNU General Public License for more details.
    13   *
    14   * You should have received a copy of the GNU General Public License
    15   * along with this program.  If not, see <http://www.gnu.org/licenses/>.
    16   */
    17  
    18  package openvpn
    19  
    20  import (
    21  	"net"
    22  	"strconv"
    23  
    24  	"github.com/mysteriumnetwork/go-openvpn/openvpn/config"
    25  	"github.com/mysteriumnetwork/node/core/connection"
    26  )
    27  
    28  // ClientConfig represents specific "openvpn as client" configuration
    29  type ClientConfig struct {
    30  	*config.GenericConfig
    31  	VpnConfig *VPNConfig
    32  }
    33  
    34  // SetClientMode adds config arguments for openvpn behave as client
    35  func (c *ClientConfig) SetClientMode(serverIP string, serverPort, localPort int) {
    36  	c.SetFlag("client")
    37  	c.SetParam("script-security", "2")
    38  	c.SetFlag("auth-nocache")
    39  	c.SetParam("remote", serverIP)
    40  	c.SetPort(serverPort)
    41  	c.SetParam("lport", strconv.Itoa(localPort))
    42  	c.SetFlag("float")
    43  	// more on this: https://www.v13.gr/blog/?p=386
    44  	c.SetParam("remote-cert-ku", "84")
    45  	c.SetFlag("auth-user-pass")
    46  	c.SetFlag("management-query-passwords")
    47  }
    48  
    49  // SetProtocol specifies openvpn connection protocol type (tcp or udp)
    50  func (c *ClientConfig) SetProtocol(protocol string) {
    51  	if protocol == "tcp" {
    52  		c.SetParam("proto", "tcp-client")
    53  	} else if protocol == "udp" {
    54  		c.SetFlag("explicit-exit-notify")
    55  	}
    56  }
    57  
    58  func defaultClientConfig(runtimeDir string, scriptSearchPath string) *ClientConfig {
    59  	clientConfig := ClientConfig{GenericConfig: config.NewConfig(runtimeDir, scriptSearchPath), VpnConfig: nil}
    60  
    61  	clientConfig.SetDevice("tun")
    62  	clientConfig.SetParam("cipher", "AES-256-GCM")
    63  	clientConfig.SetParam("verb", "3")
    64  	clientConfig.SetParam("tls-cipher", "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384")
    65  	clientConfig.SetKeepAlive(10, 60)
    66  	clientConfig.SetPingTimerRemote()
    67  	clientConfig.SetPersistKey()
    68  
    69  	clientConfig.SetParam("auth", "none")
    70  
    71  	clientConfig.SetParam("reneg-sec", "0")
    72  	clientConfig.SetParam("resolv-retry", "infinite")
    73  	clientConfig.SetParam("redirect-gateway", "def1", "bypass-dhcp")
    74  
    75  	return &clientConfig
    76  }
    77  
    78  // NewClientConfigFromSession creates client configuration structure for given VPNConfig, configuration dir to store serialized file args, and
    79  // configuration filename to store other args
    80  // TODO this will become the part of openvpn service consumer separate package
    81  func NewClientConfigFromSession(vpnConfig VPNConfig, scriptDir string, runtimeDir string, options connection.ConnectOptions) (*ClientConfig, error) {
    82  	// TODO Rename `vpnConfig` to `sessionConfig`
    83  	err := NewDefaultValidator().IsValid(vpnConfig)
    84  	if err != nil {
    85  		return nil, err
    86  	}
    87  
    88  	vpnConfig, err = FormatTLSPresharedKey(vpnConfig)
    89  	if err != nil {
    90  		return nil, err
    91  	}
    92  
    93  	clientFileConfig := newClientConfig(runtimeDir, scriptDir)
    94  	dnsIPs, err := options.Params.DNS.ResolveIPs(vpnConfig.DNSIPs)
    95  	if err != nil {
    96  		return nil, err
    97  	}
    98  	for _, ip := range dnsIPs {
    99  		clientFileConfig.SetParam("dhcp-option", "DNS", ip)
   100  	}
   101  
   102  	var remotePort, localPort int
   103  	if options.ProviderNATConn != nil && vpnConfig.RemoteIP != "127.0.0.1" {
   104  		options.ProviderNATConn.Close()
   105  		remotePort = options.ProviderNATConn.RemoteAddr().(*net.UDPAddr).Port
   106  		localPort = options.ProviderNATConn.LocalAddr().(*net.UDPAddr).Port
   107  	} else {
   108  		remotePort = vpnConfig.RemotePort
   109  		localPort = vpnConfig.LocalPort
   110  	}
   111  
   112  	clientFileConfig.VpnConfig = &vpnConfig
   113  	clientFileConfig.SetReconnectRetry(2)
   114  	clientFileConfig.SetClientMode(vpnConfig.RemoteIP, remotePort, localPort)
   115  	clientFileConfig.SetProtocol(vpnConfig.RemoteProtocol)
   116  	clientFileConfig.SetTLSCACertificate(vpnConfig.CACertificate)
   117  	clientFileConfig.SetTLSCrypt(vpnConfig.TLSPresharedKey)
   118  
   119  	return clientFileConfig, nil
   120  }