Feat: OPENVPN_INTERFACE defaulting to tun0
- Fix: custom config with custom network interface name for firewall - Keep VPN tunnel interface in firewall state - Vul fix: only allow traffic through vpn interface when needed - Adapt code to adapt to network interface name - Remove outdated TUN and TAP constants
This commit is contained in:
Quentin McGaw (desktop)
@@ -29,14 +29,16 @@ func setupOpenVPN(ctx context.Context, fw firewall.VPNConnectionSetter,
|
||||
settings configuration.VPN, starter command.Starter, logger logging.Logger) (
|
||||
runner vpnRunner, serverName string, err error) {
|
||||
var connection models.Connection
|
||||
var netInterface string
|
||||
var lines []string
|
||||
if settings.OpenVPN.Config == "" {
|
||||
netInterface = settings.OpenVPN.Interface
|
||||
connection, err = providerConf.GetConnection(settings.Provider.ServerSelection)
|
||||
if err == nil {
|
||||
lines = providerConf.BuildConf(connection, settings.OpenVPN)
|
||||
}
|
||||
} else {
|
||||
lines, connection, err = custom.BuildConfig(settings.OpenVPN)
|
||||
lines, connection, netInterface, err = custom.BuildConfig(settings.OpenVPN)
|
||||
}
|
||||
if err != nil {
|
||||
return nil, "", fmt.Errorf("%w: %s", errBuildConfig, err)
|
||||
@@ -53,7 +55,7 @@ func setupOpenVPN(ctx context.Context, fw firewall.VPNConnectionSetter,
|
||||
}
|
||||
}
|
||||
|
||||
if err := fw.SetVPNConnection(ctx, connection); err != nil {
|
||||
if err := fw.SetVPNConnection(ctx, connection, netInterface); err != nil {
|
||||
return nil, "", fmt.Errorf("%w: %s", errFirewall, err)
|
||||
}
|
||||
|
||||
|
||||
@@ -6,9 +6,7 @@ import (
|
||||
"fmt"
|
||||
"time"
|
||||
|
||||
"github.com/qdm12/gluetun/internal/constants"
|
||||
"github.com/qdm12/gluetun/internal/portforward"
|
||||
"github.com/qdm12/gluetun/internal/provider"
|
||||
)
|
||||
|
||||
var (
|
||||
@@ -16,24 +14,23 @@ var (
|
||||
errStartPortForwarding = errors.New("cannot start port forwarding")
|
||||
)
|
||||
|
||||
func (l *Loop) startPortForwarding(ctx context.Context, enabled bool,
|
||||
portForwarder provider.PortForwarder, serverName string) (err error) {
|
||||
if !enabled {
|
||||
func (l *Loop) startPortForwarding(ctx context.Context, data tunnelUpData) (err error) {
|
||||
if !data.portForwarding {
|
||||
return nil
|
||||
}
|
||||
|
||||
// only used for PIA for now
|
||||
gateway, err := l.routing.VPNLocalGatewayIP()
|
||||
gateway, err := l.routing.VPNLocalGatewayIP(data.vpnIntf)
|
||||
if err != nil {
|
||||
return fmt.Errorf("%w: %s", errObtainVPNLocalGateway, err)
|
||||
}
|
||||
l.logger.Info("VPN gateway IP address: " + gateway.String())
|
||||
|
||||
pfData := portforward.StartData{
|
||||
PortForwarder: portForwarder,
|
||||
PortForwarder: data.portForwarder,
|
||||
Gateway: gateway,
|
||||
ServerName: serverName,
|
||||
Interface: constants.TUN,
|
||||
ServerName: data.serverName,
|
||||
Interface: data.vpnIntf,
|
||||
}
|
||||
_, err = l.portForward.Start(ctx, pfData)
|
||||
if err != nil {
|
||||
|
||||
@@ -11,6 +11,7 @@ import (
|
||||
type tunnelUpData struct {
|
||||
// Port forwarding
|
||||
portForwarding bool
|
||||
vpnIntf string
|
||||
serverName string
|
||||
portForwarder provider.PortForwarder
|
||||
}
|
||||
@@ -39,7 +40,7 @@ func (l *Loop) onTunnelUp(ctx context.Context, data tunnelUpData) {
|
||||
}
|
||||
}
|
||||
|
||||
err = l.startPortForwarding(ctx, data.portForwarding, data.portForwarder, data.serverName)
|
||||
err = l.startPortForwarding(ctx, data)
|
||||
if err != nil {
|
||||
l.logger.Error(err.Error())
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user