diff --git a/internal/configuration/openvpn.go b/internal/configuration/openvpn.go index 69195d83..286e0de8 100644 --- a/internal/configuration/openvpn.go +++ b/internal/configuration/openvpn.go @@ -19,7 +19,7 @@ type OpenVPN struct { Flags []string `json:"flags"` MSSFix uint16 `json:"mssfix"` Root bool `json:"run_as_root"` - Cipher string `json:"cipher"` + Ciphers []string `json:"ciphers"` Auth string `json:"auth"` ConfFile string `json:"conf_file"` Version string `json:"version"` @@ -52,8 +52,8 @@ func (settings *OpenVPN) lines() (lines []string) { lines = append(lines, indent+lastIndent+"Run as root: enabled") } - if len(settings.Cipher) > 0 { - lines = append(lines, indent+lastIndent+"Custom cipher: "+settings.Cipher) + if len(settings.Ciphers) > 0 { + lines = append(lines, indent+lastIndent+"Custom ciphers: "+commaJoin(settings.Ciphers)) } if len(settings.Auth) > 0 { lines = append(lines, indent+lastIndent+"Custom auth algorithm: "+settings.Auth) @@ -132,7 +132,7 @@ func (settings *OpenVPN) read(r reader, serviceProvider string) (err error) { return fmt.Errorf("environment variable OPENVPN_ROOT: %w", err) } - settings.Cipher, err = r.env.Get("OPENVPN_CIPHER") + settings.Ciphers, err = r.env.CSV("OPENVPN_CIPHER") if err != nil { return fmt.Errorf("environment variable OPENVPN_CIPHER: %w", err) } diff --git a/internal/configuration/openvpn_test.go b/internal/configuration/openvpn_test.go index cdbd775f..f6f0af67 100644 --- a/internal/configuration/openvpn_test.go +++ b/internal/configuration/openvpn_test.go @@ -11,8 +11,9 @@ import ( func Test_OpenVPN_JSON(t *testing.T) { t.Parallel() in := OpenVPN{ - Root: true, - Flags: []string{}, + Root: true, + Flags: []string{}, + Ciphers: []string{}, } data, err := json.MarshalIndent(in, "", " ") require.NoError(t, err) @@ -23,7 +24,7 @@ func Test_OpenVPN_JSON(t *testing.T) { "flags": [], "mssfix": 0, "run_as_root": true, - "cipher": "", + "ciphers": [], "auth": "", "conf_file": "", "version": "", diff --git a/internal/provider/custom/openvpnconf.go b/internal/provider/custom/openvpnconf.go index 7e124cb4..0a458cb9 100644 --- a/internal/provider/custom/openvpnconf.go +++ b/internal/provider/custom/openvpnconf.go @@ -50,8 +50,8 @@ func modifyConfig(lines []string, connection models.Connection, strings.HasPrefix(line, "remote "), strings.HasPrefix(line, "dev "), // Remove values eventually modified - settings.Cipher != "" && hasPrefixOneOf(line, - "cipher ", "data-ciphers ", "data-ciphers-fallback "), + len(settings.Ciphers) > 0 && hasPrefixOneOf(line, + "cipher ", "ncp-ciphers ", "data-ciphers ", "data-ciphers-fallback "), settings.Auth != "" && strings.HasPrefix(line, "auth "), settings.MSSFix > 0 && strings.HasPrefix(line, "mssfix "), !settings.IPv6 && hasPrefixOneOf(line, "tun-ipv6", @@ -75,8 +75,8 @@ func modifyConfig(lines []string, connection models.Connection, modified = append(modified, "auth-user-pass "+constants.OpenVPNAuthConf) } modified = append(modified, "verb "+strconv.Itoa(settings.Verbosity)) - if settings.Cipher != "" { - modified = append(modified, utils.CipherLines(settings.Cipher, settings.Version)...) + if len(settings.Ciphers) > 0 { + modified = append(modified, utils.CipherLines(settings.Ciphers, settings.Version)...) } if settings.Auth != "" { modified = append(modified, "auth "+settings.Auth) diff --git a/internal/provider/custom/openvpnconf_test.go b/internal/provider/custom/openvpnconf_test.go index d8664a42..ef089056 100644 --- a/internal/provider/custom/openvpnconf_test.go +++ b/internal/provider/custom/openvpnconf_test.go @@ -32,7 +32,7 @@ func Test_modifyConfig(t *testing.T) { }, settings: configuration.OpenVPN{ User: "user", - Cipher: "cipher", + Ciphers: []string{"cipher"}, Auth: "auth", MSSFix: 1000, ProcUser: "procuser", diff --git a/internal/provider/cyberghost/openvpnconf.go b/internal/provider/cyberghost/openvpnconf.go index 5fe23f0e..5aa6c4b4 100644 --- a/internal/provider/cyberghost/openvpnconf.go +++ b/internal/provider/cyberghost/openvpnconf.go @@ -2,7 +2,6 @@ package cyberghost import ( "strconv" - "strings" "github.com/qdm12/gluetun/internal/configuration" "github.com/qdm12/gluetun/internal/constants" @@ -12,8 +11,12 @@ import ( func (c *Cyberghost) BuildConf(connection models.Connection, settings configuration.OpenVPN) (lines []string, err error) { - if settings.Cipher == "" { - settings.Cipher = constants.AES128gcm + if len(settings.Ciphers) == 0 { + settings.Ciphers = []string{ + constants.AES256gcm, + constants.AES256cbc, + constants.AES128gcm, + } } if settings.Auth == "" { @@ -45,16 +48,12 @@ func (c *Cyberghost) BuildConf(connection models.Connection, connection.OpenVPNRemoteLine(), } - lines = append(lines, utils.CipherLines(settings.Cipher, settings.Version)...) + lines = append(lines, utils.CipherLines(settings.Ciphers, settings.Version)...) if connection.Protocol == constants.UDP { lines = append(lines, "explicit-exit-notify") } - if strings.HasSuffix(settings.Cipher, "-gcm") { - lines = append(lines, "ncp-ciphers AES-256-GCM:AES-256-CBC:AES-128-GCM") - } - if !settings.Root { lines = append(lines, "user "+settings.ProcUser) lines = append(lines, "persist-tun") diff --git a/internal/provider/expressvpn/openvpnconf.go b/internal/provider/expressvpn/openvpnconf.go index c4ba9d65..79ef8d37 100644 --- a/internal/provider/expressvpn/openvpnconf.go +++ b/internal/provider/expressvpn/openvpnconf.go @@ -11,8 +11,8 @@ import ( func (p *Provider) BuildConf(connection models.Connection, settings configuration.OpenVPN) (lines []string, err error) { - if settings.Cipher == "" { - settings.Cipher = constants.AES256cbc + if len(settings.Ciphers) == 0 { + settings.Ciphers = []string{constants.AES256cbc} } if settings.Auth == "" { settings.Auth = constants.SHA512 @@ -53,7 +53,7 @@ func (p *Provider) BuildConf(connection models.Connection, connection.OpenVPNRemoteLine(), } - lines = append(lines, utils.CipherLines(settings.Cipher, settings.Version)...) + lines = append(lines, utils.CipherLines(settings.Ciphers, settings.Version)...) if connection.Protocol == constants.UDP { lines = append(lines, "explicit-exit-notify") diff --git a/internal/provider/fastestvpn/openvpnconf.go b/internal/provider/fastestvpn/openvpnconf.go index 98dff6b4..3975fce8 100644 --- a/internal/provider/fastestvpn/openvpnconf.go +++ b/internal/provider/fastestvpn/openvpnconf.go @@ -11,8 +11,8 @@ import ( func (f *Fastestvpn) BuildConf(connection models.Connection, settings configuration.OpenVPN) (lines []string, err error) { - if settings.Cipher == "" { - settings.Cipher = constants.AES256cbc + if len(settings.Ciphers) == 0 { + settings.Ciphers = []string{constants.AES256cbc} } if settings.Auth == "" { settings.Auth = constants.SHA256 @@ -49,7 +49,7 @@ func (f *Fastestvpn) BuildConf(connection models.Connection, connection.OpenVPNRemoteLine(), } - lines = append(lines, utils.CipherLines(settings.Cipher, settings.Version)...) + lines = append(lines, utils.CipherLines(settings.Ciphers, settings.Version)...) if connection.Protocol == constants.UDP { lines = append(lines, "explicit-exit-notify") diff --git a/internal/provider/hidemyass/openvpnconf.go b/internal/provider/hidemyass/openvpnconf.go index 38cf4c54..37dc3384 100644 --- a/internal/provider/hidemyass/openvpnconf.go +++ b/internal/provider/hidemyass/openvpnconf.go @@ -11,8 +11,8 @@ import ( func (h *HideMyAss) BuildConf(connection models.Connection, settings configuration.OpenVPN) (lines []string, err error) { - if settings.Cipher == "" { - settings.Cipher = constants.AES256cbc + if len(settings.Ciphers) == 0 { + settings.Ciphers = []string{constants.AES256cbc} } lines = []string{ @@ -39,7 +39,7 @@ func (h *HideMyAss) BuildConf(connection models.Connection, connection.OpenVPNRemoteLine(), } - lines = append(lines, utils.CipherLines(settings.Cipher, settings.Version)...) + lines = append(lines, utils.CipherLines(settings.Ciphers, settings.Version)...) if settings.Auth != "" { lines = append(lines, "auth "+settings.Auth) diff --git a/internal/provider/ipvanish/openvpnconf.go b/internal/provider/ipvanish/openvpnconf.go index 47313e9d..6e66871e 100644 --- a/internal/provider/ipvanish/openvpnconf.go +++ b/internal/provider/ipvanish/openvpnconf.go @@ -11,8 +11,8 @@ import ( func (i *Ipvanish) BuildConf(connection models.Connection, settings configuration.OpenVPN) (lines []string, err error) { - if settings.Cipher == "" { - settings.Cipher = constants.AES256cbc + if len(settings.Ciphers) == 0 { + settings.Ciphers = []string{constants.AES256cbc} } if settings.Auth == "" { settings.Auth = constants.SHA256 @@ -43,7 +43,7 @@ func (i *Ipvanish) BuildConf(connection models.Connection, connection.OpenVPNRemoteLine(), } - lines = append(lines, utils.CipherLines(settings.Cipher, settings.Version)...) + lines = append(lines, utils.CipherLines(settings.Ciphers, settings.Version)...) if settings.MSSFix > 0 { lines = append(lines, "mssfix "+strconv.Itoa(int(settings.MSSFix))) diff --git a/internal/provider/ivpn/openvpnconf.go b/internal/provider/ivpn/openvpnconf.go index 255f1b2c..347f0876 100644 --- a/internal/provider/ivpn/openvpnconf.go +++ b/internal/provider/ivpn/openvpnconf.go @@ -12,8 +12,8 @@ import ( func (i *Ivpn) BuildConf(connection models.Connection, settings configuration.OpenVPN) (lines []string, err error) { - if settings.Cipher == "" { - settings.Cipher = constants.AES256cbc + if len(settings.Ciphers) == 0 { + settings.Ciphers = []string{constants.AES256cbc} } namePrefix := strings.Split(connection.Hostname, ".")[0] @@ -45,7 +45,7 @@ func (i *Ivpn) BuildConf(connection models.Connection, connection.OpenVPNRemoteLine(), } - lines = append(lines, utils.CipherLines(settings.Cipher, settings.Version)...) + lines = append(lines, utils.CipherLines(settings.Ciphers, settings.Version)...) if settings.Auth != "" { lines = append(lines, "auth "+settings.Auth) diff --git a/internal/provider/mullvad/openvpnconf.go b/internal/provider/mullvad/openvpnconf.go index 064599a6..e4b72ed9 100644 --- a/internal/provider/mullvad/openvpnconf.go +++ b/internal/provider/mullvad/openvpnconf.go @@ -11,8 +11,8 @@ import ( func (m *Mullvad) BuildConf(connection models.Connection, settings configuration.OpenVPN) (lines []string, err error) { - if settings.Cipher == "" { - settings.Cipher = constants.AES256cbc + if len(settings.Ciphers) == 0 { + settings.Ciphers = []string{constants.AES256cbc, constants.AES128gcm} } lines = []string{ @@ -42,7 +42,7 @@ func (m *Mullvad) BuildConf(connection models.Connection, connection.OpenVPNRemoteLine(), } - lines = append(lines, utils.CipherLines(settings.Cipher, settings.Version)...) + lines = append(lines, utils.CipherLines(settings.Ciphers, settings.Version)...) if settings.Auth != "" { lines = append(lines, "auth "+settings.Auth) diff --git a/internal/provider/nordvpn/openvpnconf.go b/internal/provider/nordvpn/openvpnconf.go index e23a88e8..bb3cd6e0 100644 --- a/internal/provider/nordvpn/openvpnconf.go +++ b/internal/provider/nordvpn/openvpnconf.go @@ -11,8 +11,8 @@ import ( func (n *Nordvpn) BuildConf(connection models.Connection, settings configuration.OpenVPN) (lines []string, err error) { - if settings.Cipher == "" { - settings.Cipher = constants.AES256cbc + if len(settings.Ciphers) == 0 { + settings.Ciphers = []string{constants.AES256cbc} } if settings.Auth == "" { @@ -52,7 +52,7 @@ func (n *Nordvpn) BuildConf(connection models.Connection, connection.OpenVPNRemoteLine(), } - lines = append(lines, utils.CipherLines(settings.Cipher, settings.Version)...) + lines = append(lines, utils.CipherLines(settings.Ciphers, settings.Version)...) if connection.Protocol == constants.UDP { lines = append(lines, "fast-io") diff --git a/internal/provider/perfectprivacy/openvpnconf.go b/internal/provider/perfectprivacy/openvpnconf.go index fc054ddd..94a81102 100644 --- a/internal/provider/perfectprivacy/openvpnconf.go +++ b/internal/provider/perfectprivacy/openvpnconf.go @@ -11,9 +11,8 @@ import ( func (p *Perfectprivacy) BuildConf(connection models.Connection, settings configuration.OpenVPN) (lines []string, err error) { - if settings.Cipher == "" { - // TODO add AES 256 GCM - settings.Cipher = constants.AES256cbc + if len(settings.Ciphers) == 0 { + settings.Ciphers = []string{constants.AES256cbc, constants.AES256gcm} } if settings.Auth == "" { @@ -54,7 +53,7 @@ func (p *Perfectprivacy) BuildConf(connection models.Connection, connection.OpenVPNRemoteLine(), } - lines = append(lines, utils.CipherLines(settings.Cipher, settings.Version)...) + lines = append(lines, utils.CipherLines(settings.Ciphers, settings.Version)...) if connection.Protocol == constants.UDP { lines = append(lines, "explicit-exit-notify") diff --git a/internal/provider/privado/openvpnconf.go b/internal/provider/privado/openvpnconf.go index 060d9ed2..108e99eb 100644 --- a/internal/provider/privado/openvpnconf.go +++ b/internal/provider/privado/openvpnconf.go @@ -11,8 +11,8 @@ import ( func (p *Privado) BuildConf(connection models.Connection, settings configuration.OpenVPN) (lines []string, err error) { - if settings.Cipher == "" { - settings.Cipher = constants.AES256cbc + if len(settings.Ciphers) == 0 { + settings.Ciphers = []string{constants.AES256cbc} } if settings.Auth == "" { @@ -45,7 +45,7 @@ func (p *Privado) BuildConf(connection models.Connection, connection.OpenVPNRemoteLine(), } - lines = append(lines, utils.CipherLines(settings.Cipher, settings.Version)...) + lines = append(lines, utils.CipherLines(settings.Ciphers, settings.Version)...) if !settings.Root { lines = append(lines, "user "+settings.ProcUser) diff --git a/internal/provider/privateinternetaccess/openvpnconf.go b/internal/provider/privateinternetaccess/openvpnconf.go index d3eb1c33..4d202fb8 100644 --- a/internal/provider/privateinternetaccess/openvpnconf.go +++ b/internal/provider/privateinternetaccess/openvpnconf.go @@ -30,8 +30,8 @@ func (p *PIA) BuildConf(connection models.Connection, certificate = constants.PIACertificateStrong } - if settings.Cipher == "" { - settings.Cipher = defaultCipher + if len(settings.Ciphers) == 0 { + settings.Ciphers = []string{defaultCipher} } if settings.Auth == "" { @@ -62,8 +62,8 @@ func (p *PIA) BuildConf(connection models.Connection, connection.OpenVPNRemoteLine(), } - if settings.Cipher != "" { - lines = append(lines, utils.CipherLines(settings.Cipher, settings.Version)...) + if len(settings.Ciphers) > 0 { + lines = append(lines, utils.CipherLines(settings.Ciphers, settings.Version)...) } if settings.Auth != "" { diff --git a/internal/provider/privatevpn/openvpnconf.go b/internal/provider/privatevpn/openvpnconf.go index 130feda6..93326e79 100644 --- a/internal/provider/privatevpn/openvpnconf.go +++ b/internal/provider/privatevpn/openvpnconf.go @@ -11,8 +11,8 @@ import ( func (p *Privatevpn) BuildConf(connection models.Connection, settings configuration.OpenVPN) (lines []string, err error) { - if settings.Cipher == "" { - settings.Cipher = constants.AES128gcm + if len(settings.Ciphers) == 0 { + settings.Ciphers = []string{constants.AES128gcm} } if settings.Auth == "" { @@ -43,7 +43,7 @@ func (p *Privatevpn) BuildConf(connection models.Connection, connection.OpenVPNRemoteLine(), } - lines = append(lines, utils.CipherLines(settings.Cipher, settings.Version)...) + lines = append(lines, utils.CipherLines(settings.Ciphers, settings.Version)...) if connection.Protocol == constants.UDP { lines = append(lines, "key-direction 1") diff --git a/internal/provider/protonvpn/openvpnconf.go b/internal/provider/protonvpn/openvpnconf.go index c4a1309a..91b2a96d 100644 --- a/internal/provider/protonvpn/openvpnconf.go +++ b/internal/provider/protonvpn/openvpnconf.go @@ -11,8 +11,8 @@ import ( func (p *Protonvpn) BuildConf(connection models.Connection, settings configuration.OpenVPN) (lines []string, err error) { - if settings.Cipher == "" { - settings.Cipher = constants.AES256cbc + if len(settings.Ciphers) == 0 { + settings.Ciphers = []string{constants.AES256cbc} } if settings.Auth == "" { @@ -52,7 +52,7 @@ func (p *Protonvpn) BuildConf(connection models.Connection, connection.OpenVPNRemoteLine(), } - lines = append(lines, utils.CipherLines(settings.Cipher, settings.Version)...) + lines = append(lines, utils.CipherLines(settings.Ciphers, settings.Version)...) if connection.Protocol == constants.UDP { lines = append(lines, "fast-io") diff --git a/internal/provider/purevpn/openvpnconf.go b/internal/provider/purevpn/openvpnconf.go index 9465df05..95240f01 100644 --- a/internal/provider/purevpn/openvpnconf.go +++ b/internal/provider/purevpn/openvpnconf.go @@ -11,8 +11,8 @@ import ( func (p *Purevpn) BuildConf(connection models.Connection, settings configuration.OpenVPN) (lines []string, err error) { - if settings.Cipher == "" { - settings.Cipher = constants.AES256gcm + if len(settings.Ciphers) == 0 { + settings.Ciphers = []string{constants.AES256gcm} } lines = []string{ @@ -40,7 +40,7 @@ func (p *Purevpn) BuildConf(connection models.Connection, connection.OpenVPNRemoteLine(), } - lines = append(lines, utils.CipherLines(settings.Cipher, settings.Version)...) + lines = append(lines, utils.CipherLines(settings.Ciphers, settings.Version)...) if connection.Protocol == constants.UDP { lines = append(lines, "explicit-exit-notify") diff --git a/internal/provider/surfshark/openvpnconf.go b/internal/provider/surfshark/openvpnconf.go index daf3b857..57f82b9a 100644 --- a/internal/provider/surfshark/openvpnconf.go +++ b/internal/provider/surfshark/openvpnconf.go @@ -11,8 +11,8 @@ import ( func (s *Surfshark) BuildConf(connection models.Connection, settings configuration.OpenVPN) (lines []string, err error) { - if settings.Cipher == "" { - settings.Cipher = constants.AES256gcm + if len(settings.Ciphers) == 0 { + settings.Ciphers = []string{constants.AES256gcm} } if settings.Auth == "" { @@ -53,7 +53,7 @@ func (s *Surfshark) BuildConf(connection models.Connection, connection.OpenVPNRemoteLine(), } - lines = append(lines, utils.CipherLines(settings.Cipher, settings.Version)...) + lines = append(lines, utils.CipherLines(settings.Ciphers, settings.Version)...) if connection.Protocol == constants.UDP { lines = append(lines, "explicit-exit-notify") diff --git a/internal/provider/torguard/openvpnconf.go b/internal/provider/torguard/openvpnconf.go index d2bae625..c73bcc94 100644 --- a/internal/provider/torguard/openvpnconf.go +++ b/internal/provider/torguard/openvpnconf.go @@ -11,8 +11,8 @@ import ( func (t *Torguard) BuildConf(connection models.Connection, settings configuration.OpenVPN) (lines []string, err error) { - if settings.Cipher == "" { - settings.Cipher = constants.AES256gcm + if len(settings.Ciphers) == 0 { + settings.Ciphers = []string{constants.AES256gcm} } if settings.Auth == "" { @@ -55,7 +55,7 @@ func (t *Torguard) BuildConf(connection models.Connection, connection.OpenVPNRemoteLine(), } - lines = append(lines, utils.CipherLines(settings.Cipher, settings.Version)...) + lines = append(lines, utils.CipherLines(settings.Ciphers, settings.Version)...) if !settings.Root { lines = append(lines, "user "+settings.ProcUser) diff --git a/internal/provider/utils/cipher.go b/internal/provider/utils/cipher.go index fde34566..6fa8334a 100644 --- a/internal/provider/utils/cipher.go +++ b/internal/provider/utils/cipher.go @@ -1,17 +1,22 @@ package utils import ( + "strings" + "github.com/qdm12/gluetun/internal/constants" ) -func CipherLines(cipher, version string) (lines []string) { +func CipherLines(ciphers []string, version string) (lines []string) { switch version { case constants.Openvpn24: - return []string{"cipher " + cipher} + return []string{ + "cipher " + ciphers[0], + "ncp-ciphers " + strings.Join(ciphers, ":"), + } default: // 2.5 and above return []string{ - "data-ciphers-fallback " + cipher, - "data-ciphers " + cipher, + "data-ciphers-fallback " + ciphers[0], + "data-ciphers " + strings.Join(ciphers, ":"), } } } diff --git a/internal/provider/utils/cipher_test.go b/internal/provider/utils/cipher_test.go index cf1b7b44..d4bfc942 100644 --- a/internal/provider/utils/cipher_test.go +++ b/internal/provider/utils/cipher_test.go @@ -9,24 +9,31 @@ import ( func Test_CipherLines(t *testing.T) { t.Parallel() testCases := map[string]struct { + ciphers []string version string lines []string }{ "empty version": { + ciphers: []string{"AES"}, lines: []string{ "data-ciphers-fallback AES", "data-ciphers AES", }, }, "2.4": { + ciphers: []string{"AES", "CBC"}, version: "2.4", - lines: []string{"cipher AES"}, + lines: []string{ + "cipher AES", + "ncp-ciphers AES:CBC", + }, }, "2.5": { + ciphers: []string{"AES", "CBC"}, version: "2.5", lines: []string{ "data-ciphers-fallback AES", - "data-ciphers AES", + "data-ciphers AES:CBC", }, }, } @@ -35,9 +42,7 @@ func Test_CipherLines(t *testing.T) { t.Run(name, func(t *testing.T) { t.Parallel() - const cipher = "AES" - - lines := CipherLines(cipher, testCase.version) + lines := CipherLines(testCase.ciphers, testCase.version) assert.Equal(t, testCase.lines, lines) }) diff --git a/internal/provider/vpnunlimited/openvpnconf.go b/internal/provider/vpnunlimited/openvpnconf.go index c836a52b..8c6690be 100644 --- a/internal/provider/vpnunlimited/openvpnconf.go +++ b/internal/provider/vpnunlimited/openvpnconf.go @@ -36,8 +36,8 @@ func (p *Provider) BuildConf(connection models.Connection, connection.OpenVPNRemoteLine(), } - if settings.Cipher != "" { - lines = append(lines, utils.CipherLines(settings.Cipher, settings.Version)...) + if len(settings.Ciphers) > 0 { + lines = append(lines, utils.CipherLines(settings.Ciphers, settings.Version)...) } if settings.Auth != "" { diff --git a/internal/provider/vyprvpn/openvpnconf.go b/internal/provider/vyprvpn/openvpnconf.go index 75a4936a..85117e33 100644 --- a/internal/provider/vyprvpn/openvpnconf.go +++ b/internal/provider/vyprvpn/openvpnconf.go @@ -11,8 +11,8 @@ import ( func (v *Vyprvpn) BuildConf(connection models.Connection, settings configuration.OpenVPN) (lines []string, err error) { - if settings.Cipher == "" { - settings.Cipher = constants.AES256cbc + if len(settings.Ciphers) == 0 { + settings.Ciphers = []string{constants.AES256cbc} } if settings.Auth == "" { @@ -46,7 +46,7 @@ func (v *Vyprvpn) BuildConf(connection models.Connection, connection.OpenVPNRemoteLine(), } - lines = append(lines, utils.CipherLines(settings.Cipher, settings.Version)...) + lines = append(lines, utils.CipherLines(settings.Ciphers, settings.Version)...) if connection.Protocol == constants.UDP { lines = append(lines, "explicit-exit-notify") diff --git a/internal/provider/wevpn/openvpnconf.go b/internal/provider/wevpn/openvpnconf.go index f3d80757..f778bc33 100644 --- a/internal/provider/wevpn/openvpnconf.go +++ b/internal/provider/wevpn/openvpnconf.go @@ -11,8 +11,8 @@ import ( func (w *Wevpn) BuildConf(connection models.Connection, settings configuration.OpenVPN) (lines []string, err error) { - if settings.Cipher == "" { - settings.Cipher = constants.AES256gcm + if len(settings.Ciphers) == 0 { + settings.Ciphers = []string{constants.AES256gcm} } if settings.Auth == "" { @@ -50,7 +50,7 @@ func (w *Wevpn) BuildConf(connection models.Connection, lines = append(lines, "explicit-exit-notify") } - lines = append(lines, utils.CipherLines(settings.Cipher, settings.Version)...) + lines = append(lines, utils.CipherLines(settings.Ciphers, settings.Version)...) if !settings.Root { lines = append(lines, "user "+settings.ProcUser) diff --git a/internal/provider/windscribe/openvpnconf.go b/internal/provider/windscribe/openvpnconf.go index 2de93cf8..866161a6 100644 --- a/internal/provider/windscribe/openvpnconf.go +++ b/internal/provider/windscribe/openvpnconf.go @@ -2,7 +2,6 @@ package windscribe import ( "strconv" - "strings" "github.com/qdm12/gluetun/internal/configuration" "github.com/qdm12/gluetun/internal/constants" @@ -12,8 +11,12 @@ import ( func (w *Windscribe) BuildConf(connection models.Connection, settings configuration.OpenVPN) (lines []string, err error) { - if settings.Cipher == "" { - settings.Cipher = constants.AES256gcm + if len(settings.Ciphers) == 0 { + settings.Ciphers = []string{ + constants.AES256gcm, + constants.AES256cbc, + constants.AES128gcm, + } } if settings.Auth == "" { @@ -48,11 +51,7 @@ func (w *Windscribe) BuildConf(connection models.Connection, connection.OpenVPNRemoteLine(), } - lines = append(lines, utils.CipherLines(settings.Cipher, settings.Version)...) - - if strings.HasSuffix(settings.Cipher, "-gcm") { - lines = append(lines, "ncp-ciphers AES-256-GCM:AES-256-CBC:AES-128-GCM") - } + lines = append(lines, utils.CipherLines(settings.Ciphers, settings.Version)...) if connection.Protocol == constants.UDP { lines = append(lines, "explicit-exit-notify") diff --git a/maintenance.md b/maintenance.md index 51707863..afa4233f 100644 --- a/maintenance.md +++ b/maintenance.md @@ -5,8 +5,6 @@ - Remove duplicate `/gluetun` directory creation - Remove firewall shadowsocks input port? - Remove `script-security` option -- `ncp-ciphers` to `data-ciphers` -- Remove `ncp-disable` ## Uniformization @@ -40,6 +38,7 @@ - `WIREGUARD_ADDRESS` to `WIREGUARD_ADDRESSES` - `VPNSP` to `VPN_SERVICE_PROVIDER` - Rename `REGION` (etc.) to `SERVER_REGIONS` + - `OPENVPN_CIPHER` to `OPENVPN_CIPHERS` - Split servers.json and compress it ## Gluetun V4