Unverified Commit 4eee08d5 authored by Kali Kaneko's avatar Kali Kaneko
Browse files

[feat] store pt gateway for connection info

parent b5b55b0b
......@@ -15,7 +15,7 @@
"apiURL": "https://api.black.riseup.net/",
"geolocationAPI": "https://api.black.riseup.net:9001/json",
"caCertString": "-----BEGIN CERTIFICATE-----\nMIIFjTCCA3WgAwIBAgIBATANBgkqhkiG9w0BAQ0FADBZMRgwFgYDVQQKDA9SaXNl\ndXAgTmV0d29ya3MxGzAZBgNVBAsMEmh0dHBzOi8vcmlzZXVwLm5ldDEgMB4GA1UE\nAwwXUmlzZXVwIE5ldHdvcmtzIFJvb3QgQ0EwHhcNMTQwNDI4MDAwMDAwWhcNMjQw\nNDI4MDAwMDAwWjBZMRgwFgYDVQQKDA9SaXNldXAgTmV0d29ya3MxGzAZBgNVBAsM\nEmh0dHBzOi8vcmlzZXVwLm5ldDEgMB4GA1UEAwwXUmlzZXVwIE5ldHdvcmtzIFJv\nb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC76J4ciMJ8Sg0m\nTP7DF2DT9zNe0Csk4myoMFC57rfJeqsAlJCv1XMzBmXrw8wq/9z7XHv6n/0sWU7a\n7cF2hLR33ktjwODlx7vorU39/lXLndo492ZBhXQtG1INMShyv+nlmzO6GT7ESfNE\nLliFitEzwIegpMqxCIHXFuobGSCWF4N0qLHkq/SYUMoOJ96O3hmPSl1kFDRMtWXY\niw1SEKjUvpyDJpVs3NGxeLCaA7bAWhDY5s5Yb2fA1o8ICAqhowurowJpW7n5ZuLK\n5VNTlNy6nZpkjt1QycYvNycffyPOFm/Q/RKDlvnorJIrihPkyniV3YY5cGgP+Qkx\nHUOT0uLA6LHtzfiyaOqkXwc4b0ZcQD5Vbf6Prd20Ppt6ei0zazkUPwxld3hgyw58\nm/4UIjG3PInWTNf293GngK2Bnz8Qx9e/6TueMSAn/3JBLem56E0WtmbLVjvko+LF\nPM5xA+m0BmuSJtrD1MUCXMhqYTtiOvgLBlUm5zkNxALzG+cXB28k6XikXt6MRG7q\nhzIPG38zwkooM55yy5i1YfcIi5NjMH6A+t4IJxxwb67MSb6UFOwg5kFokdONZcwj\nshczHdG9gLKSBIvrKa03Nd3W2dF9hMbRu//STcQxOailDBQCnXXfAATj9pYzdY4k\nha8VCAREGAKTDAex9oXf1yRuktES4QIDAQABo2AwXjAdBgNVHQ4EFgQUC4tdmLVu\nf9hwfK4AGliaet5KkcgwDgYDVR0PAQH/BAQDAgIEMAwGA1UdEwQFMAMBAf8wHwYD\nVR0jBBgwFoAUC4tdmLVuf9hwfK4AGliaet5KkcgwDQYJKoZIhvcNAQENBQADggIB\nAGzL+GRnYu99zFoy0bXJKOGCF5XUXP/3gIXPRDqQf5g7Cu/jYMID9dB3No4Zmf7v\nqHjiSXiS8jx1j/6/Luk6PpFbT7QYm4QLs1f4BlfZOti2KE8r7KRDPIecUsUXW6P/\n3GJAVYH/+7OjA39za9AieM7+H5BELGccGrM5wfl7JeEz8in+V2ZWDzHQO4hMkiTQ\n4ZckuaL201F68YpiItBNnJ9N5nHr1MRiGyApHmLXY/wvlrOpclh95qn+lG6/2jk7\n3AmihLOKYMlPwPakJg4PYczm3icFLgTpjV5sq2md9bRyAg3oPGfAuWHmKj2Ikqch\nTd5CHKGxEEWbGUWEMP0s1A/JHWiCbDigc4Cfxhy56CWG4q0tYtnc2GMw8OAUO6Wf\nXu5pYKNkzKSEtT/MrNJt44tTZWbKV/Pi/N2Fx36my7TgTUj7g3xcE9eF4JV2H/sg\ntsK3pwE0FEqGnT4qMFbixQmc8bGyuakr23wjMvfO7eZUxBuWYR2SkcP26sozF9PF\ntGhbZHQVGZUTVPyvwahMUEhbPGVerOW0IYpxkm0x/eaWdTc4vPpf/rIlgbAjarnJ\nUN9SaWRlWKSdP4haujnzCoJbM7dU9bjvlGZNyXEekgeT0W2qFeGGp+yyUWw8tNsp\n0BuC1b7uW/bBn/xKm319wXVDvBgZgcktMolak39V7DVO\n-----END CERTIFICATE-----",
"timeStamp": "2021-05-04 12:59:11"
"timeStamp": "2021-05-04 15:00:51"
}
]
}
\ No newline at end of file
......@@ -30,6 +30,7 @@ import (
type Bitmask struct {
tempdir string
onGateway bonafide.Gateway
ptGateway bonafide.Gateway
statusCh chan string
managementClient *openvpn.MgmtClient
bonafide *bonafide.Bonafide
......@@ -52,7 +53,7 @@ func Init() (*Bitmask, error) {
if err != nil {
return nil, err
}
b := Bitmask{tempdir, bonafide.Gateway{}, statusCh, nil, bf, launch, "", nil, "", []string{}}
b := Bitmask{tempdir, bonafide.Gateway{}, bonafide.Gateway{}, statusCh, nil, bf, launch, "", nil, "", []string{}}
b.launch.firewallStop()
/*
......
......@@ -59,7 +59,8 @@ func (b *Bitmask) CanStartVPN() bool {
return !b.bonafide.NeedsCredentials()
}
func (b *Bitmask) startTransport() (proxy string, err error) {
func (b *Bitmask) startTransport(host string) (proxy string, err error) {
// TODO configure port if not available
proxy = "127.0.0.1:4430"
if b.shapes != nil {
return proxy, nil
......@@ -75,9 +76,13 @@ func (b *Bitmask) startTransport() (proxy string, err error) {
}
for _, gw := range gateways {
if gw.Host != host {
continue
}
if _, ok := gw.Options["cert"]; !ok {
continue
}
log.Println("Selected Gateway:", gw.Host, gw.IPAddress)
b.shapes = &shapeshifter.ShapeShifter{
Cert: gw.Options["cert"],
Target: gw.IPAddress + ":" + gw.Ports[0],
......@@ -95,6 +100,7 @@ func (b *Bitmask) startTransport() (proxy string, err error) {
log.Printf("Can't connect to transport %s: %v", b.transport, err)
continue
}
log.Println("Connected via obfs4 to", gw.IPAddress, "(", gw.Host, ")")
return proxy, nil
}
return "", fmt.Errorf("No working gateway for transport %s: %v", b.transport, err)
......@@ -112,8 +118,10 @@ func (b *Bitmask) listenShapeErr() {
}
func (b *Bitmask) startOpenVPN() error {
arg := b.openvpnArgs
arg := []string{}
// Empty transport means we get only the openvpn gateways
if b.transport == "" {
arg = b.openvpnArgs
gateways, err := b.bonafide.GetGateways("openvpn")
if err != nil {
return err
......@@ -129,15 +137,23 @@ func (b *Bitmask) startOpenVPN() error {
}
}
} else {
proxy, err := b.startTransport()
// For now, obf4 is the only supported Pluggable Transport
gateways, err := b.bonafide.GetGateways(b.transport)
if err != nil {
return err
}
if len(gateways) == 0 {
log.Printf("ERROR No gateway for transport %s in provider", b.transport)
return errors.New("ERROR: cannot find any gateway for selected transport")
}
gateways, err := b.bonafide.GetGateways(b.transport)
gw := gateways[0]
proxy, err := b.startTransport(gw.Host)
if err != nil {
return err
}
b.ptGateway = gw
err = b.launch.firewallStart(gateways)
if err != nil {
return err
......@@ -145,14 +161,16 @@ func (b *Bitmask) startOpenVPN() error {
proxyArgs := strings.Split(proxy, ":")
arg = append(arg, "--remote", proxyArgs[0], proxyArgs[1], "tcp4")
arg = append(arg, "--route", gw.IPAddress, "255.255.255.255", "net_gateway")
}
arg = append(arg,
"--verb", "1",
"--verb", "3",
"--management-client",
"--management", openvpnManagementAddr, openvpnManagementPort,
"--ca", b.getCaCertPath(),
"--cert", b.certPemPath,
"--key", b.certPemPath)
"--key", b.certPemPath,
"--persist-tun")
return b.launch.openvpnStart(arg...)
}
......
......@@ -74,12 +74,17 @@ func (b *Bitmask) eventHandler(eventCh <-chan openvpn.Event) {
}
if statusName == "CONNECTED" {
ip := strings.Split(stateEvent.String(), ": ")[1]
gw, err := b.bonafide.GetGatewayByIP(ip)
if err == nil {
b.onGateway = gw
log.Println("Connected to gateway:", b.onGateway.Host)
if ip == "127.0.0.1" {
// we're using pluggable transports
b.onGateway = b.ptGateway
} else {
log.Println("ERROR: connected to unknown gateway", ip)
gw, err := b.bonafide.GetGatewayByIP(ip)
if err == nil {
b.onGateway = gw
log.Println("Connected to gateway:", b.onGateway.Host)
} else {
log.Println("ERROR: connected to unknown gateway", ip)
}
}
}
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment