Maint: OpenVPN: only add persist-tun when running without root

internal/provider/custom/openvpnconf.go

@@ -40,6 +40,7 @@ func modifyConfig(lines []string, connection models.Connection,
 			line == "pull-filter ignore \"auth-token\"",
 			line == "auth-retry nointeract",
 			line == "suppress-timestamps",
+			line == "persist-tun",
 			// Remove values always modified
 			strings.HasPrefix(line, "verb "),
 			strings.HasPrefix(line, "auth-user-pass "),
@@ -88,6 +89,7 @@ func modifyConfig(lines []string, connection models.Connection,
 	}
 	if !settings.Root {
 		modified = append(modified, "user "+settings.ProcUser)
+		modified = append(modified, "persist-tun")
 	}
 
 	modified = append(modified, "") // trailing line

internal/provider/custom/openvpnconf_test.go

@@ -63,6 +63,7 @@ func Test_modifyConfig(t *testing.T) {
 				"pull-filter ignore \"route-ipv6\"",
 				"pull-filter ignore \"ifconfig-ipv6\"",
 				"user procuser",
+				"persist-tun",
 				"",
 			},
 		},

internal/provider/cyberghost/openvpnconf.go

@@ -25,7 +25,6 @@ func (c *Cyberghost) BuildConf(connection models.Connection,
 		"dev " + settings.Interface,
 		"nobind",
 		"persist-key",
-		"persist-tun",
 		"remote-cert-tls server",
 		"ping 10",
 		"ping-exit 60",
@@ -60,6 +59,7 @@ func (c *Cyberghost) BuildConf(connection models.Connection,
 
 	if !settings.Root {
 		lines = append(lines, "user "+settings.ProcUser)
+		lines = append(lines, "persist-tun")
 	}
 
 	if settings.MSSFix > 0 {

internal/provider/fastestvpn/openvpnconf.go

@@ -58,6 +58,7 @@ func (f *Fastestvpn) BuildConf(connection models.Connection,
 
 	if !settings.Root {
 		lines = append(lines, "user "+settings.ProcUser)
+		lines = append(lines, "persist-tun")
 	}
 
 	if !settings.IPv6 {

internal/provider/hidemyass/openvpnconf.go

@@ -54,6 +54,7 @@ func (h *HideMyAss) BuildConf(connection models.Connection,
 
 	if !settings.Root {
 		lines = append(lines, "user "+settings.ProcUser)
+		lines = append(lines, "persist-tun")
 	}
 
 	if !settings.IPv6 {

internal/provider/ipvanish/openvpnconf.go

@@ -52,6 +52,7 @@ func (i *Ipvanish) BuildConf(connection models.Connection,
 
 	if !settings.Root {
 		lines = append(lines, "user "+settings.ProcUser)
+		lines = append(lines, "persist-tun")
 	}
 
 	if !settings.IPv6 {

internal/provider/ivpn/openvpnconf.go

@@ -59,6 +59,7 @@ func (i *Ivpn) BuildConf(connection models.Connection,
 
 	if !settings.Root {
 		lines = append(lines, "user "+settings.ProcUser)
+		lines = append(lines, "persist-tun")
 	}
 
 	if !settings.IPv6 {

internal/provider/mullvad/openvpnconf.go

@@ -61,6 +61,7 @@ func (m *Mullvad) BuildConf(connection models.Connection,
 
 	if !settings.Root {
 		lines = append(lines, "user "+settings.ProcUser)
+		lines = append(lines, "persist-tun")
 	}
 
 	if settings.MSSFix > 0 {

internal/provider/nordvpn/openvpnconf.go

@@ -63,6 +63,7 @@ func (n *Nordvpn) BuildConf(connection models.Connection,
 
 	if !settings.Root {
 		lines = append(lines, "user "+settings.ProcUser)
+		lines = append(lines, "persist-tun")
 	}
 
 	if !settings.IPv6 {

internal/provider/privado/openvpnconf.go

@@ -51,6 +51,7 @@ func (p *Privado) BuildConf(connection models.Connection,
 
 	if !settings.Root {
 		lines = append(lines, "user "+settings.ProcUser)
+		lines = append(lines, "persist-tun")
 	}
 
 	if settings.MSSFix > 0 {

internal/provider/privateinternetaccess/openvpnconf.go

@@ -73,6 +73,7 @@ func (p *PIA) BuildConf(connection models.Connection,
 
 	if !settings.Root {
 		lines = append(lines, "user "+settings.ProcUser)
+		lines = append(lines, "persist-tun")
 	}
 
 	if settings.MSSFix > 0 {

internal/provider/privatevpn/openvpnconf.go

@@ -52,6 +52,7 @@ func (p *Privatevpn) BuildConf(connection models.Connection,
 
 	if !settings.Root {
 		lines = append(lines, "user "+settings.ProcUser)
+		lines = append(lines, "persist-tun")
 	}
 
 	if settings.MSSFix > 0 {

internal/provider/protonvpn/openvpnconf.go

@@ -63,6 +63,7 @@ func (p *Protonvpn) BuildConf(connection models.Connection,
 
 	if !settings.Root {
 		lines = append(lines, "user "+settings.ProcUser)
+		lines = append(lines, "persist-tun")
 	}
 
 	if !settings.IPv6 {

internal/provider/purevpn/openvpnconf.go

@@ -60,6 +60,7 @@ func (p *Purevpn) BuildConf(connection models.Connection,
 
 	if !settings.Root {
 		lines = append(lines, "user "+settings.ProcUser)
+		lines = append(lines, "persist-tun")
 	}
 
 	if !settings.IPv6 {

internal/provider/surfshark/openvpnconf.go

@@ -60,6 +60,7 @@ func (s *Surfshark) BuildConf(connection models.Connection,
 
 	if !settings.Root {
 		lines = append(lines, "user "+settings.ProcUser)
+		lines = append(lines, "persist-tun")
 	}
 
 	if !settings.IPv6 {

internal/provider/torguard/openvpnconf.go

@@ -61,6 +61,7 @@ func (t *Torguard) BuildConf(connection models.Connection,
 
 	if !settings.Root {
 		lines = append(lines, "user "+settings.ProcUser)
+		lines = append(lines, "persist-tun")
 	}
 
 	if connection.Protocol == constants.UDP {

internal/provider/vpnunlimited/openvpnconf.go

@@ -52,6 +52,7 @@ func (p *Provider) BuildConf(connection models.Connection,
 
 	if !settings.Root {
 		lines = append(lines, "user "+settings.ProcUser)
+		lines = append(lines, "persist-tun")
 	}
 
 	if !settings.IPv6 {

internal/provider/vyprvpn/openvpnconf.go

@@ -52,6 +52,7 @@ func (v *Vyprvpn) BuildConf(connection models.Connection,
 
 	if !settings.Root {
 		lines = append(lines, "user "+settings.ProcUser)
+		lines = append(lines, "persist-tun")
 	}
 
 	if settings.MSSFix > 0 {

internal/provider/windscribe/openvpnconf.go

@@ -58,6 +58,7 @@ func (w *Windscribe) BuildConf(connection models.Connection,
 
 	if !settings.Root {
 		lines = append(lines, "user "+settings.ProcUser)
+		lines = append(lines, "persist-tun")
 	}
 
 	if settings.MSSFix > 0 {

maintenance.md

@@ -4,7 +4,6 @@
 
 - Remove duplicate `/gluetun` directory creation
 - Remove firewall shadowsocks input port?
-- Re-add `persist-tun`? Run openvpn without root?
 - Remove `script-security` option
 - `ncp-ciphers` to `data-ciphers`
 - Remove `ncp-disable`