diff --git a/Dockerfile b/Dockerfile index d0dfcbb2..1cfdd377 100644 --- a/Dockerfile +++ b/Dockerfile @@ -73,6 +73,7 @@ ENV VPNSP=pia \ PROTOCOL=udp \ OPENVPN_VERSION=2.5 \ OPENVPN_VERBOSITY=1 \ + OPENVPN_FLAGS= \ OPENVPN_ROOT=yes \ OPENVPN_TARGET_IP= \ OPENVPN_IPV6=off \ diff --git a/internal/configuration/openvpn.go b/internal/configuration/openvpn.go index cbc005d3..011a83ae 100644 --- a/internal/configuration/openvpn.go +++ b/internal/configuration/openvpn.go @@ -15,6 +15,7 @@ type OpenVPN struct { User string `json:"user"` Password string `json:"password"` Verbosity int `json:"verbosity"` + Flags []string `json:"flags"` MSSFix uint16 `json:"mssfix"` Root bool `json:"run_as_root"` Cipher string `json:"cipher"` @@ -35,6 +36,10 @@ func (settings *OpenVPN) lines() (lines []string) { lines = append(lines, indent+lastIndent+"Verbosity level: "+strconv.Itoa(settings.Verbosity)) + if len(settings.Flags) > 0 { + lines = append(lines, indent+lastIndent+"Flags: "+strings.Join(settings.Flags, " ")) + } + if settings.Root { lines = append(lines, indent+lastIndent+"Run as root: enabled") } @@ -120,6 +125,15 @@ func (settings *OpenVPN) read(r reader) (err error) { return err } + settings.Flags = []string{} + flagsStr, err := r.env.Get("OPENVPN_FLAGS") + if err != nil { + return err + } + if flagsStr != "" { + settings.Flags = strings.Fields(flagsStr) + } + settings.Root, err = r.env.YesNo("OPENVPN_ROOT", params.Default("yes")) if err != nil { return err diff --git a/internal/configuration/openvpn_test.go b/internal/configuration/openvpn_test.go index d66c7f14..29ce3212 100644 --- a/internal/configuration/openvpn_test.go +++ b/internal/configuration/openvpn_test.go @@ -11,7 +11,8 @@ import ( func Test_OpenVPN_JSON(t *testing.T) { t.Parallel() in := OpenVPN{ - Root: true, + Root: true, + Flags: []string{}, Provider: Provider{ Name: "name", }, @@ -22,6 +23,7 @@ func Test_OpenVPN_JSON(t *testing.T) { "user": "", "password": "", "verbosity": 0, + "flags": [], "mssfix": 0, "run_as_root": true, "cipher": "", diff --git a/internal/openvpn/command.go b/internal/openvpn/command.go index 08122fa4..938e6c12 100644 --- a/internal/openvpn/command.go +++ b/internal/openvpn/command.go @@ -18,7 +18,7 @@ const ( binOpenvpn25 = "openvpn" ) -func (c *configurator) Start(ctx context.Context, version string) ( +func (c *configurator) Start(ctx context.Context, version string, flags []string) ( stdoutLines, stderrLines chan string, waitError chan error, err error) { var bin string switch version { @@ -32,7 +32,9 @@ func (c *configurator) Start(ctx context.Context, version string) ( c.logger.Info("starting OpenVPN " + version) - cmd := exec.CommandContext(ctx, bin, "--config", constants.OpenVPNConf) + args := []string{"--config", constants.OpenVPNConf} + args = append(args, flags...) + cmd := exec.CommandContext(ctx, bin, args...) cmd.SysProcAttr = &syscall.SysProcAttr{Setpgid: true} return c.commander.Start(cmd) diff --git a/internal/openvpn/loop.go b/internal/openvpn/loop.go index d4d3f513..1e39d1bc 100644 --- a/internal/openvpn/loop.go +++ b/internal/openvpn/loop.go @@ -169,7 +169,8 @@ func (l *looper) Run(ctx context.Context, done chan<- struct{}) { openvpnCtx, openvpnCancel := context.WithCancel(context.Background()) - stdoutLines, stderrLines, waitError, err := l.conf.Start(openvpnCtx, settings.Version) + stdoutLines, stderrLines, waitError, err := l.conf.Start( + openvpnCtx, settings.Version, settings.Flags) if err != nil { openvpnCancel() l.signalOrSetStatus(constants.Crashed) diff --git a/internal/openvpn/openvpn.go b/internal/openvpn/openvpn.go index b21b4690..9de40014 100644 --- a/internal/openvpn/openvpn.go +++ b/internal/openvpn/openvpn.go @@ -17,7 +17,7 @@ type Configurator interface { WriteAuthFile(user, password string, puid, pgid int) error CheckTUN() error CreateTUN() error - Start(ctx context.Context, version string) ( + Start(ctx context.Context, version string, flags []string) ( stdoutLines, stderrLines chan string, waitError chan error, err error) }