feat(protonvpn): port forwarding support with NAT-PMP (#1543)

Co-authored-by: Nicholas Xavier <nicho@nicho.dev>

internal/provider/privateinternetaccess/portforward.go

@@ -91,8 +91,8 @@ var (
 	ErrPortForwardedExpired = errors.New("port forwarded data expired")
 )
 
-func (p *Provider) KeepPortForward(ctx context.Context,
-	gateway netip.Addr, serverName string) (err error) {
+func (p *Provider) KeepPortForward(ctx context.Context, _ uint16,
+	gateway netip.Addr, serverName string, _ utils.Logger) (err error) {
 	privateIPClient, err := newHTTPClient(serverName)
 	if err != nil {
 		return fmt.Errorf("creating custom HTTP client: %w", err)

internal/provider/protonvpn/portforward.go

@@ -0,0 +1,103 @@
+package protonvpn
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/http"
+	"net/netip"
+	"time"
+
+	"github.com/qdm12/gluetun/internal/natpmp"
+	"github.com/qdm12/gluetun/internal/provider/utils"
+)
+
+var (
+	ErrGatewayIPNotValid = errors.New("gateway IP address is not valid")
+)
+
+// PortForward obtains a VPN server side port forwarded from ProtonVPN gateway.
+func (p *Provider) PortForward(ctx context.Context, _ *http.Client,
+	logger utils.Logger, gateway netip.Addr, _ string) (
+	port uint16, err error) {
+	if !gateway.IsValid() {
+		return 0, fmt.Errorf("%w", ErrGatewayIPNotValid)
+	}
+
+	client := natpmp.New()
+	_, externalIPv4Address, err := client.ExternalAddress(ctx,
+		gateway)
+	if err != nil {
+		return 0, fmt.Errorf("getting external IPv4 address: %w", err)
+	}
+
+	logger.Info("gateway external IPv4 address is " + externalIPv4Address.String())
+	networkProtocols := []string{"udp", "tcp"}
+	const internalPort, externalPort = 0, 0
+	const lifetime = 60 * time.Second
+	for _, networkProtocol := range networkProtocols {
+		_, assignedInternalPort, assignedExternalPort, assignedLiftetime, err :=
+			client.AddPortMapping(ctx, gateway, networkProtocol,
+				internalPort, externalPort, lifetime)
+		if err != nil {
+			return 0, fmt.Errorf("adding port mapping: %w", err)
+		}
+
+		if assignedLiftetime != lifetime {
+			logger.Warn(fmt.Sprintf("assigned lifetime %s differs"+
+				" from requested lifetime %s",
+				assignedLiftetime, lifetime))
+		}
+
+		if assignedInternalPort != assignedExternalPort {
+			logger.Warn(fmt.Sprintf("internal port assigned %d differs"+
+				" from external port assigned %d",
+				assignedInternalPort, assignedExternalPort))
+		}
+
+		port = assignedExternalPort
+	}
+
+	return port, nil
+}
+
+func (p *Provider) KeepPortForward(ctx context.Context, port uint16,
+	gateway netip.Addr, _ string, logger utils.Logger) (err error) {
+	client := natpmp.New()
+	const refreshTimeout = 45 * time.Second
+	timer := time.NewTimer(refreshTimeout)
+	for {
+		select {
+		case <-ctx.Done():
+			return ctx.Err()
+		case <-timer.C:
+		}
+
+		networkProtocols := []string{"udp", "tcp"}
+		const internalPort = 0
+		const lifetime = 60 * time.Second
+
+		for _, networkProtocol := range networkProtocols {
+			_, assignedInternalPort, assignedExternalPort, assignedLiftetime, err :=
+				client.AddPortMapping(ctx, gateway, networkProtocol,
+					internalPort, port, lifetime)
+			if err != nil {
+				return fmt.Errorf("adding port mapping: %w", err)
+			}
+
+			if assignedLiftetime != lifetime {
+				logger.Warn(fmt.Sprintf("assigned lifetime %s differs"+
+					" from requested lifetime %s",
+					assignedLiftetime, lifetime))
+			}
+
+			if assignedInternalPort != assignedExternalPort {
+				logger.Warn(fmt.Sprintf("internal port assigned %d differs"+
+					" from external port assigned %d",
+					assignedInternalPort, assignedExternalPort))
+			}
+		}
+
+		timer.Reset(refreshTimeout)
+	}
+}

internal/provider/protonvpn/provider.go

@@ -7,23 +7,20 @@ import (
 	"github.com/qdm12/gluetun/internal/constants/providers"
 	"github.com/qdm12/gluetun/internal/provider/common"
 	"github.com/qdm12/gluetun/internal/provider/protonvpn/updater"
-	"github.com/qdm12/gluetun/internal/provider/utils"
 )
 
 type Provider struct {
 	storage    common.Storage
 	randSource rand.Source
-	utils.NoPortForwarder
 	common.Fetcher
 }
 
 func New(storage common.Storage, randSource rand.Source,
 	client *http.Client, updaterWarner common.Warner) *Provider {
 	return &Provider{
-		storage:         storage,
-		randSource:      randSource,
-		NoPortForwarder: utils.NewNoPortForwarding(providers.Protonvpn),
-		Fetcher:         updater.New(client, updaterWarner),
+		storage:    storage,
+		randSource: randSource,
+		Fetcher:    updater.New(client, updaterWarner),
 	}
 }
 

internal/provider/provider.go

@@ -24,6 +24,6 @@ type PortForwarder interface {
 	PortForward(ctx context.Context, client *http.Client,
 		logger utils.Logger, gateway netip.Addr, serverName string) (
 		port uint16, err error)
-	KeepPortForward(ctx context.Context, gateway netip.Addr,
-		serverName string) (err error)
+	KeepPortForward(ctx context.Context, port uint16, gateway netip.Addr,
+		serverName string, _ utils.Logger) (err error)
 }

internal/provider/utils/noportforward.go

@@ -12,8 +12,8 @@ type NoPortForwarder interface {
 	PortForward(ctx context.Context, client *http.Client,
 		logger Logger, gateway netip.Addr, serverName string) (
 		port uint16, err error)
-	KeepPortForward(ctx context.Context, gateway netip.Addr,
-		serverName string) (err error)
+	KeepPortForward(ctx context.Context, port uint16, gateway netip.Addr,
+		serverName string, logger Logger) (err error)
 }
 
 type NoPortForwarding struct {
@@ -33,6 +33,7 @@ func (n *NoPortForwarding) PortForward(context.Context, *http.Client,
 	return 0, fmt.Errorf("%w: for %s", ErrPortForwardingNotSupported, n.providerName)
 }
 
-func (n *NoPortForwarding) KeepPortForward(context.Context, netip.Addr, string) (err error) {
+func (n *NoPortForwarding) KeepPortForward(context.Context, uint16, netip.Addr,
+	string, Logger) (err error) {
 	return fmt.Errorf("%w: for %s", ErrPortForwardingNotSupported, n.providerName)
 }