Unverified Commit c6c0209a authored by Kali Kaneko's avatar Kali Kaneko
Browse files

[feat] log dns lookup if first cert fetch fails

parent 86d30f2a
Pipeline #59072 failed with stages
in 59 minutes and 57 seconds
......@@ -9,9 +9,23 @@ Bootstrapping the connection
There are two different steps where circumvention can be used: boostrapping the
connection (getting a certificate and the configuration files) and using an
obfuscated transport protocol. At the moment RiseupVPN offers obfs4 transport
"bridges" (you can try them with the `--obfs4` command line argument). For the
initial bootstrap, there are a couple of techniques that will be attempted.
obfuscated transport protocol.
For the initial bootstrap, there are a couple of techniques that will be
attempted. If this fails, please open an issue with the relevant log
information.
Obfuscated bridges
-----------------------------
At the moment RiseupVPN offers obfs4 transport "bridges" (you can try them with
the `--obfs4` command line argument, a way to enable them from the gui will be
following soon).
If you know you need bridges but the current ones do not work for you, please
get in contact. We're interested in learning what are the specific censorship
measures being deployed in your concrete location, and we could work together
to enable new bridges.
Getting certificates off-band
-----------------------------
......
......@@ -79,17 +79,17 @@ func (b *Bonafide) fetchEipJSON() error {
eip3API := config.APIURL + "3/config/eip-service.json"
resp, err := b.client.Post(eip3API, "", nil)
for err != nil {
log.Printf("Error fetching eip v3 json: %v", err)
// TODO why exactly 1 retry? Make it configurable, for tests
time.Sleep(retryFetchJSONSeconds * time.Second)
resp, err = b.client.Post(eip3API, "", nil)
if err != nil {
// TODO it might be that it's not an error, but an empty file or whatever done
// TODO it might be that we get no error, but an empty file or whatever done
// by DNS poisoning. Should try to parse the file.
uri := b.getURLNoDNS("eip")
log.Println("Fetching ", uri)
resp, err = b.client.Post(uri, "", nil)
}
if err != nil {
log.Printf("Error fetching eip v3 json: %v", err)
time.Sleep(retryFetchJSONSeconds * time.Second)
}
}
defer resp.Body.Close()
......
package vpn
import (
"log"
"net"
)
func logDnsLookup(domain string) {
addrs, err := net.LookupHost(domain)
if err != nil {
log.Println("ERROR cannot resolve address:", domain)
log.Println(err)
}
log.Println("From here,", domain, "resolves to:")
for _, addr := range addrs {
log.Println(addr)
}
}
......@@ -202,6 +202,8 @@ func (b *Bitmask) getCert() (certPath string, err error) {
}
}
if failed || !isValidCert(certPath) {
d := config.APIURL[8 : len(config.APIURL)-1]
logDnsLookup(d)
cert, err := b.bonafide.GetPemCertificateNoDNS()
if cert != nil {
log.Println("Successfully did certificate bypass")
......@@ -214,6 +216,7 @@ func (b *Bitmask) getCert() (certPath string, err error) {
failed = true
}
}
return certPath, err
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment