vpn

package

v0.0.3 Latest Latest Go to latest Published: May 26, 2022 License: GPL-3.0 Imports: 32 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/ainghazal/minivpn

Links

Open Source Insights

Documentation ¶

Overview ¶

Package vpn contains the API to create an OpenVPN client that can connect to a remote OpenVPN endpoint and provide you with a tunnel where to send packets.

The recommended way to use this package is to use the dialer methods.

Index ¶

Constants
Variables
func NewClientFromOptions(opt *Options) vpnClient
type Client
- func (c *Client) Close() error
- func (c *Client) Dial() (net.Conn, error)
- func (c *Client) LocalAddr() net.Addr
- func (c *Client) Read(b []byte) (int, error)
- func (c *Client) RemoteAddr() net.Addr
- func (c *Client) SetDeadline(t time.Time) error
- func (c *Client) SetReadDeadline(t time.Time) error
- func (c *Client) SetWriteDeadline(t time.Time) error
- func (c *Client) Start() error
- func (c *Client) Write(b []byte) (int, error)
type DialFunc
type Logger
type Options
- func ParseConfigFile(filePath string) (*Options, error)
- func (o *Options) String() string
type RawDialer
- func NewRawDialer(opts *Options) *RawDialer
- func (d *RawDialer) Dial() (net.Conn, error)
type TLSConn
- func NewTLSConn(conn net.Conn, s *session) (*TLSConn, error)
- func (t *TLSConn) Close() error
- func (t *TLSConn) LocalAddr() net.Addr
- func (t *TLSConn) Read(b []byte) (int, error)
- func (t *TLSConn) RemoteAddr() net.Addr
- func (t *TLSConn) SetDeadline(tt time.Time) error
- func (t *TLSConn) SetReadDeadline(tt time.Time) error
- func (t *TLSConn) SetWriteDeadline(tt time.Time) error
- func (t *TLSConn) Write(b []byte) (int, error)
type TLSModeTransporter
- func NewTLSModeTransport(conn net.Conn, s *session) (TLSModeTransporter, error)
type TunDialer
- func NewTunDialer(raw *RawDialer) TunDialer
- func NewTunDialerFromOptions(opt *Options) TunDialer
- func NewTunDialerWithNameservers(raw *RawDialer, ns1, ns2 string) TunDialer
- func (td TunDialer) Dial(network, address string) (net.Conn, error)
- func (td TunDialer) DialContext(ctx context.Context, network, address string) (net.Conn, error)
- func (td TunDialer) DialTimeout(network, address string, timeout time.Duration) (net.Conn, error)
Bugs

Constants ¶

View Source

const (
	UDPMode = iota
	TCPMode
)

Variables ¶

View Source

var (
	// ErrDialError is a generic error while dialing
	ErrDialError = errors.New("dial error")

	// ErrAlreadyStarted is returned when trying to start the tunnel more than once
	ErrAlreadyStarted = errors.New("tunnel already started")
)

View Source

var (
	// ErrBadTLSHandshake is returned when the OpenVPN handshake failed.
	ErrBadTLSHandshake = errors.New("handshake failure")
	// ErrBadCA is returned when the CA file cannot be found or is not valid.
	ErrBadCA = errors.New("bad ca conf")
	// ErrBadKeypair is returned when the key or cert file cannot be found or is not valid.
	ErrBadKeypair = errors.New("bad keypair conf")
)

View Source

var (
	// ErrBadConnNetwork indicates that the conn's network is neither TCP nor UDP.
	ErrBadConnNetwork = errors.New("bad conn.Network value")

	// ErrPacketTooShort indicates that a packet is too short.
	ErrPacketTooShort = errors.New("packet too short")
)

View Source

var (
	ErrBadHandshake = errors.New("bad vpn handshake")
)

Functions ¶

func NewClientFromOptions ¶ added in v0.0.3

func NewClientFromOptions(opt *Options) vpnClient

NewClientFromOptions returns a Client configured with the given Options.

Types ¶

type Client ¶

type Client struct {
	Opts   *Options
	DialFn DialFunc

	Log Logger
	// contains filtered or unexported fields
}

Client implements the OpenVPN protocol. If you're just interested in writing to and reading from the tunnel you should use the dialer methods instead. This type is only intended to be instantiated by users that need a finer control of the protocol steps (i.e., you want to be sure that you are only calling the handshake, etc.)

func (*Client) Close ¶ added in v0.0.3

func (c *Client) Close() error

Close closes the tunnel connection.

func (*Client) Dial ¶

func (c *Client) Dial() (net.Conn, error)

Dial opens a TCP/UDP socket against the remote, and creates an internal data channel. It is the second step in an OpenVPN connection (out of five). (In UDP mode no network connection is done at this step).

func (*Client) LocalAddr ¶ added in v0.0.3

func (c *Client) LocalAddr() net.Addr

LocalAddr returns the local address on the tunnel virtual device.

func (*Client) Read ¶ added in v0.0.3

func (c *Client) Read(b []byte) (int, error)

Read reads bytes from the tunnel.

func (*Client) RemoteAddr ¶ added in v0.0.3

func (c *Client) RemoteAddr() net.Addr

TODO(ainghazal): should get the remote _tunnel_ ip addr somehow

func (*Client) SetDeadline ¶ added in v0.0.3

func (c *Client) SetDeadline(t time.Time) error

func (*Client) SetReadDeadline ¶ added in v0.0.3

func (c *Client) SetReadDeadline(t time.Time) error

func (*Client) SetWriteDeadline ¶ added in v0.0.3

func (c *Client) SetWriteDeadline(t time.Time) error

func (*Client) Start ¶ added in v0.0.3

func (c *Client) Start() error

Start starts the OpenVPN tunnel.

func (*Client) Write ¶

func (c *Client) Write(b []byte) (int, error)

Write sends bytes into the tunnel.

type DialFunc ¶ added in v0.0.3

type DialFunc func(string, string) (net.Conn, error)

type Logger ¶ added in v0.0.3

type Logger interface {
	// Debug emits a debug message.
	Debug(msg string)

	// Debugf formats and emits a debug message.
	Debugf(format string, v ...interface{})

	// Info emits an informational message.
	Info(msg string)

	// Infof formats and emits an informational message.
	Infof(format string, v ...interface{})

	// Warn emits a warning message.
	Warn(msg string)

	// Warnf formats and emits a warning message.
	Warnf(format string, v ...interface{})

	// Error emits an error message
	Error(msg string)

	// Errorf formats and emits an error message.
	Errorf(format string, v ...interface{})
}

Logger is compatible with github.com/apex/log

type Options ¶

type Options struct {
	Remote    string
	Port      string
	Proto     int
	Username  string
	Password  string
	Ca        string
	Cert      string
	Key       string
	Compress  compression
	Cipher    string
	Auth      string
	TLSMaxVer string
	// below are options that do not conform to the OpenVPN configuration format.
	ProxyOBFS4 string
	Log        Logger
}

Options make all the relevant configuration options accessible to the different modules that need it.

func ParseConfigFile ¶

func ParseConfigFile(filePath string) (*Options, error)

ParseConfigFile expects a path to a valid config file and returns an Option object after parsing the file.

func (*Options) String ¶ added in v0.0.3

func (o *Options) String() string

type RawDialer ¶

type RawDialer struct {
	Options *Options
	// contains filtered or unexported fields
}

func NewRawDialer ¶

func NewRawDialer(opts *Options) *RawDialer

func (*RawDialer) Dial ¶

func (d *RawDialer) Dial() (net.Conn, error)

Dial returns a net.Conn that writes to and reads (raw packets) from the VPN tunnel.

type TLSConn ¶ added in v0.0.3

type TLSConn struct {
	// contains filtered or unexported fields
}

TLSConn implements net.Conn, and is passed to the tls.Client to perform a TLS Handshake over OpenVPN control packets.

func NewTLSConn ¶ added in v0.0.3

func NewTLSConn(conn net.Conn, s *session) (*TLSConn, error)

NewTLSConn returns a TLSConn. It requires the on-the-wire net.Conn that will be used underneath, and a configured session. It returns also an error if the operation cannot be completed.

func (*TLSConn) Close ¶ added in v0.0.3

func (t *TLSConn) Close() error

Close closes the tls connection.

func (*TLSConn) LocalAddr ¶ added in v0.0.3

func (t *TLSConn) LocalAddr() net.Addr

func (*TLSConn) Read ¶ added in v0.0.3

func (t *TLSConn) Read(b []byte) (int, error)

Read over the control channel. This method implements the reliability layer: it retries reads until the _next_ packet is received (according to the packetID). Returns also an error if the operation cannot be completed.

func (*TLSConn) RemoteAddr ¶ added in v0.0.3

func (t *TLSConn) RemoteAddr() net.Addr

func (*TLSConn) SetDeadline ¶ added in v0.0.3

func (t *TLSConn) SetDeadline(tt time.Time) error

func (*TLSConn) SetReadDeadline ¶ added in v0.0.3

func (t *TLSConn) SetReadDeadline(tt time.Time) error

func (*TLSConn) SetWriteDeadline ¶ added in v0.0.3

func (t *TLSConn) SetWriteDeadline(tt time.Time) error

func (*TLSConn) Write ¶ added in v0.0.3

func (t *TLSConn) Write(b []byte) (int, error)

Write writes the given data to the tls connection.

type TLSModeTransporter ¶ added in v0.0.3

type TLSModeTransporter interface {
	// ReadPacket reads an OpenVPN packet from the wire.
	ReadPacket() (p *packet, err error)

	// WritePacket writes an OpenVPN packet to the wire.
	WritePacket(opcodeKeyID uint8, data []byte) error

	// SetDeadline sets the underlying conn's deadline.
	SetDeadline(deadline time.Time) error

	// SetReadDeadline sets the underlying conn's read deadline.
	SetReadDeadline(deadline time.Time) error

	// SetWriteDeadline sets the underlying conn's write deadline.
	SetWriteDeadline(deadline time.Time) error

	// Close closes the underlying conn.
	Close() error

	// LocalAddr returns the underlying conn's local addr.
	LocalAddr() net.Addr

	// RemoteAddr returns the underlying conn's remote addr.
	RemoteAddr() net.Addr
}

TLSModeTransporter is a transport for OpenVPN in TLS mode.

See https://openvpn.net/community-resources/openvpn-protocol/ for documentation on the protocol used by OpenVPN on the wire.

func NewTLSModeTransport ¶ added in v0.0.3

func NewTLSModeTransport(conn net.Conn, s *session) (TLSModeTransporter, error)

NewTLSModeTransport creates a new TLSModeTransporter using the given net.Conn.

type TunDialer ¶ added in v0.0.3

type TunDialer struct {
	DialFn DialFunc
	// contains filtered or unexported fields
}

A TunDialer contains options for obtaining a network connection tunneled through an OpenVPN endpoint. It uses a userspace gVisor virtual device over the raw VPN tunnel.

func NewTunDialer ¶ added in v0.0.3

func NewTunDialer(raw *RawDialer) TunDialer

NewTunDialer creates a new Dialer with the default nameservers (OpenDNS).

func NewTunDialerFromOptions ¶ added in v0.0.3

func NewTunDialerFromOptions(opt *Options) TunDialer

NewDialerFromOptions creates a new Dialer directly from an Options object.

func NewTunDialerWithNameservers ¶ added in v0.0.3

func NewTunDialerWithNameservers(raw *RawDialer, ns1, ns2 string) TunDialer

NewDialerWithNameservers creates a new Dialer with the passed nameservers. You probably want to pass the nameservers for your own VPN service here.

func (TunDialer) Dial ¶ added in v0.0.3

func (td TunDialer) Dial(network, address string) (net.Conn, error)

Dial connects to the address on the named network, via the OpenVPN endpoint that is configured in the dialer.

The return value implements the net.Conn interface, but it is a socket created on a virtual device, using gVisor userspace network stack. This means that the kernel only sees UDP packets with an encrypted payload.

The addresses are resolved via the OpenVPN tunnel too, and against the nameservers configured in the dialer. This feature uses wireguard's little custom DNS client implementation.

Known networks are "tcp", "tcp4" (IPv4-only), "tcp6" (IPv6-only), "udp", "udp4" (IPv4-only), "udp6" (IPv6-only), "ping4", "ping6".

func (TunDialer) DialContext ¶ added in v0.0.3

func (td TunDialer) DialContext(ctx context.Context, network, address string) (net.Conn, error)

DialContext connects to the address on the named network using the provided context.

func (TunDialer) DialTimeout ¶ added in v0.0.3

func (td TunDialer) DialTimeout(network, address string, timeout time.Duration) (net.Conn, error)

DialTimeout acts like Dial but takes a timeout.

Notes ¶

Bugs ¶

we cannot use the tun-mtu that the remote advertises, so we substract a "safety" margin for now.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
mocks

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL