feat(openvpn): add support for openvpn 2.6
This commit is contained in:
Quentin McGaw
@@ -200,6 +200,9 @@ EXPOSE 8000/tcp 8888/tcp 8388/tcp 8388/udp
|
|||||||
HEALTHCHECK --interval=5s --timeout=5s --start-period=10s --retries=1 CMD /gluetun-entrypoint healthcheck
|
HEALTHCHECK --interval=5s --timeout=5s --start-period=10s --retries=1 CMD /gluetun-entrypoint healthcheck
|
||||||
ARG TARGETPLATFORM
|
ARG TARGETPLATFORM
|
||||||
RUN apk add --no-cache --update -l wget && \
|
RUN apk add --no-cache --update -l wget && \
|
||||||
|
apk add --no-cache --update -X "https://dl-cdn.alpinelinux.org/alpine/v3.18/main" openvpn\~2.6 && \
|
||||||
|
mv /usr/sbin/openvpn /usr/sbin/openvpn2.6 && \
|
||||||
|
apk del openvpn && \
|
||||||
apk add --no-cache --update openvpn ca-certificates iptables ip6tables unbound tzdata && \
|
apk add --no-cache --update openvpn ca-certificates iptables ip6tables unbound tzdata && \
|
||||||
mv /usr/sbin/openvpn /usr/sbin/openvpn2.5 && \
|
mv /usr/sbin/openvpn /usr/sbin/openvpn2.5 && \
|
||||||
# Fix vulnerability issue
|
# Fix vulnerability issue
|
||||||
|
|||||||
@@ -57,7 +57,7 @@ Lightweight swiss-knife-like VPN client to multiple VPN service providers
|
|||||||
|
|
||||||
## Features
|
## Features
|
||||||
|
|
||||||
- Based on Alpine 3.17 for a small Docker image of 39.1MB
|
- Based on Alpine 3.17 for a small Docker image of 39.8MB
|
||||||
- Supports: **AirVPN**, **Cyberghost**, **ExpressVPN**, **FastestVPN**, **HideMyAss**, **IPVanish**, **IVPN**, **Mullvad**, **NordVPN**, **Perfect Privacy**, **Privado**, **Private Internet Access**, **PrivateVPN**, **ProtonVPN**, **PureVPN**, **SlickVPN**, **Surfshark**, **TorGuard**, **VPNSecure.me**, **VPNUnlimited**, **Vyprvpn**, **WeVPN**, **Windscribe** servers
|
- Supports: **AirVPN**, **Cyberghost**, **ExpressVPN**, **FastestVPN**, **HideMyAss**, **IPVanish**, **IVPN**, **Mullvad**, **NordVPN**, **Perfect Privacy**, **Privado**, **Private Internet Access**, **PrivateVPN**, **ProtonVPN**, **PureVPN**, **SlickVPN**, **Surfshark**, **TorGuard**, **VPNSecure.me**, **VPNUnlimited**, **Vyprvpn**, **WeVPN**, **Windscribe** servers
|
||||||
- Supports OpenVPN for all providers listed
|
- Supports OpenVPN for all providers listed
|
||||||
- Supports Wireguard both kernelspace and userspace
|
- Supports Wireguard both kernelspace and userspace
|
||||||
|
|||||||
@@ -265,6 +265,7 @@ func _main(ctx context.Context, buildInfo models.BuildInformation,
|
|||||||
err = printVersions(ctx, logger, []printVersionElement{
|
err = printVersions(ctx, logger, []printVersionElement{
|
||||||
{name: "Alpine", getVersion: alpineConf.Version},
|
{name: "Alpine", getVersion: alpineConf.Version},
|
||||||
{name: "OpenVPN 2.5", getVersion: ovpnConf.Version25},
|
{name: "OpenVPN 2.5", getVersion: ovpnConf.Version25},
|
||||||
|
{name: "OpenVPN 2.6", getVersion: ovpnConf.Version26},
|
||||||
{name: "Unbound", getVersion: dnsConf.Version},
|
{name: "Unbound", getVersion: dnsConf.Version},
|
||||||
{name: "IPtables", getVersion: func(ctx context.Context) (version string, err error) {
|
{name: "IPtables", getVersion: func(ctx context.Context) (version string, err error) {
|
||||||
return firewall.Version(ctx, cmder)
|
return firewall.Version(ctx, cmder)
|
||||||
|
|||||||
@@ -17,7 +17,7 @@ import (
|
|||||||
// OpenVPN contains settings to configure the OpenVPN client.
|
// OpenVPN contains settings to configure the OpenVPN client.
|
||||||
type OpenVPN struct {
|
type OpenVPN struct {
|
||||||
// Version is the OpenVPN version to run.
|
// Version is the OpenVPN version to run.
|
||||||
// It can only be "2.5".
|
// It can only be "2.5" or "2.6".
|
||||||
Version string
|
Version string
|
||||||
// User is the OpenVPN authentication username.
|
// User is the OpenVPN authentication username.
|
||||||
// It cannot be nil in the internal state if OpenVPN is used.
|
// It cannot be nil in the internal state if OpenVPN is used.
|
||||||
@@ -88,7 +88,7 @@ var ivpnAccountID = regexp.MustCompile(`^(i|ivpn)\-[a-zA-Z0-9]{4}\-[a-zA-Z0-9]{4
|
|||||||
|
|
||||||
func (o OpenVPN) validate(vpnProvider string) (err error) {
|
func (o OpenVPN) validate(vpnProvider string) (err error) {
|
||||||
// Validate version
|
// Validate version
|
||||||
validVersions := []string{openvpn.Openvpn25}
|
validVersions := []string{openvpn.Openvpn25, openvpn.Openvpn26}
|
||||||
if !helpers.IsOneOf(o.Version, validVersions...) {
|
if !helpers.IsOneOf(o.Version, validVersions...) {
|
||||||
return fmt.Errorf("%w: %q can only be one of %s",
|
return fmt.Errorf("%w: %q can only be one of %s",
|
||||||
ErrOpenVPNVersionIsNotValid, o.Version, strings.Join(validVersions, ", "))
|
ErrOpenVPNVersionIsNotValid, o.Version, strings.Join(validVersions, ", "))
|
||||||
|
|||||||
@@ -2,4 +2,5 @@ package openvpn
|
|||||||
|
|
||||||
const (
|
const (
|
||||||
Openvpn25 = "2.5"
|
Openvpn25 = "2.5"
|
||||||
|
Openvpn26 = "2.6"
|
||||||
)
|
)
|
||||||
|
|||||||
@@ -15,6 +15,7 @@ var ErrVersionUnknown = errors.New("OpenVPN version is unknown")
|
|||||||
|
|
||||||
const (
|
const (
|
||||||
binOpenvpn25 = "openvpn2.5"
|
binOpenvpn25 = "openvpn2.5"
|
||||||
|
binOpenvpn26 = "openvpn2.6"
|
||||||
)
|
)
|
||||||
|
|
||||||
func start(ctx context.Context, starter command.Starter, version string, flags []string) (
|
func start(ctx context.Context, starter command.Starter, version string, flags []string) (
|
||||||
@@ -23,6 +24,8 @@ func start(ctx context.Context, starter command.Starter, version string, flags [
|
|||||||
switch version {
|
switch version {
|
||||||
case openvpn.Openvpn25:
|
case openvpn.Openvpn25:
|
||||||
bin = binOpenvpn25
|
bin = binOpenvpn25
|
||||||
|
case openvpn.Openvpn26:
|
||||||
|
bin = binOpenvpn26
|
||||||
default:
|
default:
|
||||||
return nil, nil, nil, fmt.Errorf("%w: %s", ErrVersionUnknown, version)
|
return nil, nil, nil, fmt.Errorf("%w: %s", ErrVersionUnknown, version)
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -12,6 +12,10 @@ func (c *Configurator) Version25(ctx context.Context) (version string, err error
|
|||||||
return c.version(ctx, binOpenvpn25)
|
return c.version(ctx, binOpenvpn25)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (c *Configurator) Version26(ctx context.Context) (version string, err error) {
|
||||||
|
return c.version(ctx, binOpenvpn26)
|
||||||
|
}
|
||||||
|
|
||||||
var ErrVersionTooShort = errors.New("version output is too short")
|
var ErrVersionTooShort = errors.New("version output is too short")
|
||||||
|
|
||||||
func (c *Configurator) version(ctx context.Context, binName string) (version string, err error) {
|
func (c *Configurator) version(ctx context.Context, binName string) (version string, err error) {
|
||||||
|
|||||||
@@ -24,7 +24,7 @@ func (p *Provider) OpenVPNConfig(connection models.Connection,
|
|||||||
}
|
}
|
||||||
|
|
||||||
switch settings.Version {
|
switch settings.Version {
|
||||||
case openvpn.Openvpn25:
|
case openvpn.Openvpn25, openvpn.Openvpn26:
|
||||||
providerSettings.Ciphers = []string{
|
providerSettings.Ciphers = []string{
|
||||||
openvpn.AES256gcm, openvpn.AES256cbc, openvpn.AES192gcm,
|
openvpn.AES256gcm, openvpn.AES256cbc, openvpn.AES192gcm,
|
||||||
openvpn.AES192cbc, openvpn.AES128gcm, openvpn.AES128cbc,
|
openvpn.AES192cbc, openvpn.AES128gcm, openvpn.AES128cbc,
|
||||||
|
|||||||
Reference in New Issue
Block a user