Feat: OPENVPN_INTERFACE defaulting to tun0

- Fix: custom config with custom network interface name for firewall - Keep VPN tunnel interface in firewall state - Vul fix: only allow traffic through vpn interface when needed - Adapt code to adapt to network interface name - Remove outdated TUN and TAP constants
2021-08-19 23:22:55 +00:00
parent 7191d4e911
commit bec8ff27ae
20 changed files with 219 additions and 89 deletions
--- a/internal/openvpn/custom/extract.go
+++ b/internal/openvpn/custom/extract.go
@@ -15,23 +15,24 @@ var (
 	errRemoteLineNotFound = errors.New("remote line not found")
 )

-// extractConnectionFromLines always takes the first remote line only.
-func extractConnectionFromLines(lines []string) (
-	connection models.Connection, err error) {
+func extractDataFromLines(lines []string) (
+	connection models.Connection, intf string, err error) {
 	for i, line := range lines {
-		newConnectionData, err := extractConnectionFromLine(line)
+		ip, port, protocol, intfFound, err := extractDataFromLine(line)
 		if err != nil {
-			return connection, fmt.Errorf("on line %d: %w", i+1, err)
+			return connection, "", fmt.Errorf("on line %d: %w", i+1, err)
 		}
-		connection.UpdateEmptyWith(newConnectionData)

-		if connection.Protocol != "" && connection.IP != nil {
+		intf = intfFound
+		connection.UpdateEmptyWith(ip, port, protocol)
+
+		if connection.Protocol != "" && connection.IP != nil && intf != "" {
 			break
 		}
 	}

 	if connection.IP == nil {
-		return connection, errRemoteLineNotFound
+		return connection, "", errRemoteLineNotFound
 	}

 	if connection.Protocol == "" {
@@ -45,32 +46,41 @@ func extractConnectionFromLines(lines []string) (
 		}
 	}

-	return connection, nil
+	return connection, intf, nil
 }

 var (
 	errExtractProto  = errors.New("failed extracting protocol from proto line")
-	errExtractRemote = errors.New("failed extracting protocol from remote line")
+	errExtractRemote = errors.New("failed extracting from remote line")
+	errExtractDev    = errors.New("failed extracting network interface from dev line")
 )

-func extractConnectionFromLine(line string) (
-	connection models.Connection, err error) {
+func extractDataFromLine(line string) (
+	ip net.IP, port uint16, protocol, intf string, err error) {
 	switch {
 	case strings.HasPrefix(line, "proto "):
-		connection.Protocol, err = extractProto(line)
+		protocol, err = extractProto(line)
 		if err != nil {
-			return connection, fmt.Errorf("%w: %s", errExtractProto, err)
+			return nil, 0, "", "", fmt.Errorf("%w: %s", errExtractProto, err)
 		}
+		return nil, 0, protocol, "", nil

-	// only take the first remote line
-	case strings.HasPrefix(line, "remote ") && connection.IP == nil:
-		connection.IP, connection.Port, connection.Protocol, err = extractRemote(line)
+	case strings.HasPrefix(line, "remote "):
+		ip, port, protocol, err = extractRemote(line)
 		if err != nil {
-			return connection, fmt.Errorf("%w: %s", errExtractRemote, err)
+			return nil, 0, "", "", fmt.Errorf("%w: %s", errExtractRemote, err)
 		}
+		return ip, port, protocol, "", nil
+
+	case strings.HasPrefix(line, "dev "):
+		intf, err = extractInterfaceFromLine(line)
+		if err != nil {
+			return nil, 0, "", "", fmt.Errorf("%w: %s", errExtractDev, err)
+		}
+		return nil, 0, "", intf, nil
 	}

-	return connection, nil
+	return nil, 0, "", "", nil
 }

 var (
@@ -137,3 +147,16 @@ func extractRemote(line string) (ip net.IP, port uint16,

 	return ip, port, protocol, nil
 }
+
+var (
+	errDevLineFieldsCount = errors.New("dev line has not 2 fields as expected")
+)
+
+func extractInterfaceFromLine(line string) (intf string, err error) {
+	fields := strings.Fields(line)
+	if len(fields) != 2 { //nolint:gomnd
+		return "", fmt.Errorf("%w: %s", errDevLineFieldsCount, line)
+	}
+
+	return fields[1], nil
+}