client/configurators/openvpn_configurator.cpp

#include "openvpn_configurator.h"
#include <QApplication>
#include <QProcess>
#include <QString>
#include <QTemporaryDir>
#include <QDebug>
#include <QTemporaryFile>

#include "core/server_defs.h"
#include "containers/containers_defs.h"
#include "core/scripts_registry.h"
#include "utils.h"

QString OpenVpnConfigurator::getEasyRsaShPath()
{
#ifdef Q_OS_WIN
    // easyrsa sh path should looks like
    QString easyRsaShPath = QDir::toNativeSeparators(QApplication::applicationDirPath()) + "\\easyrsa\\easyrsa";
    qDebug().noquote() << "EasyRsa sh path" << easyRsaShPath;

    return easyRsaShPath;

#else
    return QDir::toNativeSeparators(QApplication::applicationDirPath()) + "/easyrsa";
#endif
}

QProcessEnvironment OpenVpnConfigurator::prepareEnv()
{
    QProcessEnvironment env = QProcessEnvironment::systemEnvironment();
    QString pathEnvVar = env.value("PATH");

#if defined Q_OS_WIN
    pathEnvVar.clear();
    pathEnvVar.prepend(QDir::toNativeSeparators(QApplication::applicationDirPath()) + "\\cygwin;");
    pathEnvVar.prepend(QDir::toNativeSeparators(QApplication::applicationDirPath()) + "\\openvpn;");
#elif defined Q_OS_MAC
    pathEnvVar.prepend(QDir::toNativeSeparators(QApplication::applicationDirPath()) + "/Contents/MacOS");
#elif defined Q_OS_LINUX
    pathEnvVar.prepend(QDir::toNativeSeparators(QApplication::applicationDirPath()) + "/openvpn");
#endif

    env.insert("PATH", pathEnvVar);
    //qDebug().noquote() << "ENV PATH" << pathEnvVar;
    return env;
}

ErrorCode OpenVpnConfigurator::initPKI(const QString &path)
{
#ifndef Q_OS_IOS
    QProcess p;
    p.setProcessChannelMode(QProcess::MergedChannels);

#ifdef Q_OS_WIN
    p.setProcessEnvironment(prepareEnv());
    p.setProgram("cmd.exe");
    p.setNativeArguments(QString("/C \"ash.exe \"%1\" %2\"").arg(getEasyRsaShPath()).arg("init-pki"));
    qDebug().noquote() << "EasyRsa tmp path" << path;
    qDebug().noquote() << "EasyRsa args" << p.nativeArguments();
#else
    p.setProgram(getEasyRsaShPath());
    p.setArguments(QStringList() << "init-pki");
#endif

    p.setWorkingDirectory(path);

    QObject::connect(&p, &QProcess::channelReadyRead, [&](){
        qDebug().noquote() <<  "Init PKI" << p.readAll();
    });

    p.start();
    p.waitForFinished();

    if (p.exitCode() == 0) return ErrorCode::NoError;
    else return ErrorCode::EasyRsaError;
#else
    return ErrorCode::NotImplementedError;
#endif
}

ErrorCode OpenVpnConfigurator::genReq(const QString &path, const QString &clientId)
{
#ifndef Q_OS_IOS
    QProcess p;
    p.setProcessChannelMode(QProcess::MergedChannels);

#ifdef Q_OS_WIN
    p.setProcessEnvironment(prepareEnv());
    p.setProgram("cmd.exe");
    p.setNativeArguments(QString("/C \"ash.exe \"%1\" %2 %3 %4\"")
                         .arg(getEasyRsaShPath())
                         .arg("gen-req").arg(clientId).arg("nopass"));

    qDebug().noquote() << "EasyRsa args" << p.nativeArguments();
#else
    p.setArguments(QStringList() << "gen-req" << clientId << "nopass");
    p.setProgram(getEasyRsaShPath());
#endif

    p.setWorkingDirectory(path);

    QObject::connect(&p, &QProcess::channelReadyRead, [&](){
        QString data = p.readAll();
        qDebug().noquote() << data;

        if (data.contains("Common Name (eg: your user, host, or server name)")) {
            p.write("\n");
        }
    });

    p.start();
    p.waitForFinished();

    if (p.exitCode() == 0) return ErrorCode::NoError;
    else return ErrorCode::EasyRsaError;
#else
    return ErrorCode::NotImplementedError;
#endif
}


OpenVpnConfigurator::ConnectionData OpenVpnConfigurator::createCertRequest()
{
    OpenVpnConfigurator::ConnectionData connData;
    connData.clientId = Utils::getRandomString(32);

    QTemporaryDir dir;
    //    if (dir.isValid()) {
    //            // dir.path() returns the unique directory path
    //    }

    QString path = dir.path();

    initPKI(path);
    ErrorCode errorCode = genReq(path, connData.clientId);

    Q_UNUSED(errorCode)

#if defined Q_OS_LINUX
    if (!QDir(path).exists())
    {
        QDir().mkdir(path);
    }

    if (!QDir(path + "/pki/").exists())
    {
        QDir().mkdir(path + "/pki/");
        QDir().mkdir(path + "/pki/reqs/");
        QDir().mkdir(path + "/pki/private/");
    }
#endif

    QFile req(path + "/pki/reqs/" + connData.clientId + ".req");
    req.open(QIODevice::ReadWrite);
    connData.request = req.readAll();

    QFile key(path + "/pki/private/" + connData.clientId + ".key");
    key.open(QIODevice::ReadWrite);
    connData.privKey = key.readAll();

    //    qDebug().noquote() << connData.request;
    //    qDebug().noquote() << connData.privKey;

    return connData;
}

OpenVpnConfigurator::ConnectionData OpenVpnConfigurator::prepareOpenVpnConfig(const ServerCredentials &credentials,
    DockerContainer container, ErrorCode *errorCode)
{
    OpenVpnConfigurator::ConnectionData connData = OpenVpnConfigurator::createCertRequest();
    connData.host = credentials.hostName;

    if (connData.privKey.isEmpty() || connData.request.isEmpty()) {
        if (errorCode) *errorCode = ErrorCode::EasyRsaExecutableMissing;
        return connData;
    }

    QString reqFileName = QString("%1/%2.req").
            arg(amnezia::protocols::openvpn::clientsDirPath).
            arg(connData.clientId);

    ErrorCode e = ServerController::uploadTextFileToContainer(container, credentials, connData.request, reqFileName);
    if (e) {
        if (errorCode) *errorCode = e;
        return connData;
    }

    e = signCert(container, credentials, connData.clientId);
    if (e) {
        if (errorCode) *errorCode = e;
        return connData;
    }

    connData.caCert = ServerController::getTextFileFromContainer(container, credentials, amnezia::protocols::openvpn::caCertPath, &e);
    connData.clientCert = ServerController::getTextFileFromContainer(container, credentials,
        QString("%1/%2.crt").arg(amnezia::protocols::openvpn::clientCertPath).arg(connData.clientId), &e);

    if (e) {
        if (errorCode) *errorCode = e;
        return connData;
    }

    connData.taKey = ServerController::getTextFileFromContainer(container, credentials, amnezia::protocols::openvpn::taKeyPath, &e);

    if (connData.caCert.isEmpty() || connData.clientCert.isEmpty() || connData.taKey.isEmpty()) {
        if (errorCode) *errorCode = ErrorCode::RemoteProcessCrashError;
    }

    return connData;
}

Settings &OpenVpnConfigurator::m_settings()
{
    static Settings s;
    return s;
}

QString OpenVpnConfigurator::genOpenVpnConfig(const ServerCredentials &credentials,
    DockerContainer container, const QJsonObject &containerConfig, ErrorCode *errorCode)
{
    QString config = ServerController::replaceVars(amnezia::scriptData(ProtocolScriptType::openvpn_template, container),
            ServerController::genVarsForScript(credentials, container, containerConfig));

    ConnectionData connData = prepareOpenVpnConfig(credentials, container, errorCode);
    if (errorCode && *errorCode) {
        return "";
    }

    config.replace("$OPENVPN_CA_CERT", connData.caCert);
    config.replace("$OPENVPN_CLIENT_CERT", connData.clientCert);
    config.replace("$OPENVPN_PRIV_KEY", connData.privKey);

    if (config.contains("$OPENVPN_TA_KEY")) {
        config.replace("$OPENVPN_TA_KEY", connData.taKey);
    }
    else {
        config.replace("<tls-auth>", "");
        config.replace("</tls-auth>", "");
    }

#if defined Q_OS_MAC || defined(Q_OS_LINUX)
    config.replace("block-outside-dns", "");
#endif

    //qDebug().noquote() << config;
    return config;
}

QString OpenVpnConfigurator::processConfigWithLocalSettings(QString config)
{
    // TODO replace DNS if it already set
    config.replace("$PRIMARY_DNS", m_settings().primaryDns());
    config.replace("$SECONDARY_DNS", m_settings().secondaryDns());

    if (m_settings().routeMode() != Settings::VpnAllSites) {
        config.replace("redirect-gateway def1 bypass-dhcp", "");
    }
    else {
        if(!config.contains("redirect-gateway def1 bypass-dhcp")) {
            config.append("redirect-gateway def1 bypass-dhcp\n");
        }
    }

#if defined Q_OS_MAC || defined(Q_OS_LINUX)
    config.replace("block-outside-dns", "");
    QString dnsConf = QString(
                "\nscript-security 2\n"
                "up %1/update-resolv-conf.sh\n"
                "down %1/update-resolv-conf.sh\n").
            arg(qApp->applicationDirPath());

    config.append(dnsConf);
#endif

    return config;
}

QString OpenVpnConfigurator::processConfigWithExportSettings(QString config)
{
    config.replace("$PRIMARY_DNS", m_settings().primaryDns());
    config.replace("$SECONDARY_DNS", m_settings().secondaryDns());

    if(!config.contains("redirect-gateway def1 bypass-dhcp")) {
        config.append("redirect-gateway def1 bypass-dhcp\n");
    }

#if defined Q_OS_MAC || defined(Q_OS_LINUX)
    config.replace("block-outside-dns", "");
#endif

    return config;
}

ErrorCode OpenVpnConfigurator::signCert(DockerContainer container,
    const ServerCredentials &credentials, QString clientId)
{
    QString script_import = QString("sudo docker exec -i %1 bash -c \"cd /opt/amnezia/openvpn && "
                             "easyrsa import-req %2/%3.req %3\"")
            .arg(ContainerProps::containerToString(container))
            .arg(amnezia::protocols::openvpn::clientsDirPath)
            .arg(clientId);

    QString script_sign = QString("sudo docker exec -i %1 bash -c \"export EASYRSA_BATCH=1; cd /opt/amnezia/openvpn && "
                                    "easyrsa sign-req client %2\"")
            .arg(ContainerProps::containerToString(container))
            .arg(clientId);

    QStringList scriptList {script_import, script_sign};
    QString script = ServerController::replaceVars(scriptList.join("\n"), ServerController::genVarsForScript(credentials, container));

    return ServerController::runScript(ServerController::sshParams(credentials), script);
}
- no dockerhub 2021-04-04 23:12:36 +03:00			`#include "openvpn_configurator.h"`
openvpnconfigurator 2020-12-18 14:57:22 +03:00			`#include <QApplication>`
			`#include <QProcess>`
			`#include <QString>`
			`#include <QTemporaryDir>`
			`#include <QDebug>`
Ssh key auth support added 2021-03-14 21:19:11 +03:00			`#include <QTemporaryFile>`
openvpnconfigurator 2020-12-18 14:57:22 +03:00
- no dockerhub 2021-04-04 23:12:36 +03:00			`#include "core/server_defs.h"`
NewServerSettings qml rework 2021-09-09 20:15:44 +03:00			`#include "containers/containers_defs.h"`
- no dockerhub 2021-04-04 23:12:36 +03:00			`#include "core/scripts_registry.h"`
Wireguard protocol + refactoring 2021-06-12 11:59:36 +03:00			`#include "utils.h"`
openvpnconfigurator 2020-12-18 14:57:22 +03:00
			`QString OpenVpnConfigurator::getEasyRsaShPath()`
			`{`
Openvpn scripts fixes 2021-01-07 20:53:42 +03:00			`#ifdef Q_OS_WIN`
			`// easyrsa sh path should looks like`
openvpnconfigurator 2020-12-18 14:57:22 +03:00			`QString easyRsaShPath = QDir::toNativeSeparators(QApplication::applicationDirPath()) + "\\easyrsa\\easyrsa";`
Migrate to cygwin sh 2021-03-06 15:07:43 +03:00			`qDebug().noquote() << "EasyRsa sh path" << easyRsaShPath;`

			`return easyRsaShPath;`
updated linux build 2021-08-04 10:08:00 -07:00
Openvpn scripts fixes 2021-01-07 20:53:42 +03:00			`#else`
Scripts fix for macos 2021-01-08 15:43:45 +03:00			`return QDir::toNativeSeparators(QApplication::applicationDirPath()) + "/easyrsa";`
Openvpn scripts fixes 2021-01-07 20:53:42 +03:00			`#endif`
openvpnconfigurator 2020-12-18 14:57:22 +03:00			`}`

			`QProcessEnvironment OpenVpnConfigurator::prepareEnv()`
			`{`
			`QProcessEnvironment env = QProcessEnvironment::systemEnvironment();`
			`QString pathEnvVar = env.value("PATH");`
Scripts fix for macos 2021-01-08 15:43:45 +03:00
updated linux build 2021-08-04 10:08:00 -07:00			`#if defined Q_OS_WIN`
Migrate to cygwin sh 2021-03-06 15:07:43 +03:00			`pathEnvVar.clear();`
Ssh key auth support added 2021-03-14 21:19:11 +03:00			`pathEnvVar.prepend(QDir::toNativeSeparators(QApplication::applicationDirPath()) + "\\cygwin;");`
easyrsa fix 2021-06-02 17:51:04 +03:00			`pathEnvVar.prepend(QDir::toNativeSeparators(QApplication::applicationDirPath()) + "\\openvpn;");`
updated linux build 2021-08-04 10:08:00 -07:00			`#elif defined Q_OS_MAC`
Scripts fix for macos 2021-01-08 15:43:45 +03:00			`pathEnvVar.prepend(QDir::toNativeSeparators(QApplication::applicationDirPath()) + "/Contents/MacOS");`
updated linux build 2021-08-04 10:08:00 -07:00			`#elif defined Q_OS_LINUX`
			`pathEnvVar.prepend(QDir::toNativeSeparators(QApplication::applicationDirPath()) + "/openvpn");`
Scripts fix for macos 2021-01-08 15:43:45 +03:00			`#endif`
openvpnconfigurator 2020-12-18 14:57:22 +03:00
			`env.insert("PATH", pathEnvVar);`
Migrate to cygwin sh 2021-03-06 15:07:43 +03:00			`//qDebug().noquote() << "ENV PATH" << pathEnvVar;`
openvpnconfigurator 2020-12-18 14:57:22 +03:00			`return env;`
			`}`

Scripts fix for macos 2021-01-08 15:43:45 +03:00			`ErrorCode OpenVpnConfigurator::initPKI(const QString &path)`
openvpnconfigurator 2020-12-18 14:57:22 +03:00			`{`
ios fixes 2021-09-15 08:03:28 -07:00			`#ifndef Q_OS_IOS`
openvpnconfigurator 2020-12-18 14:57:22 +03:00			`QProcess p;`
			`p.setProcessChannelMode(QProcess::MergedChannels);`

Scripts fix for macos 2021-01-08 15:43:45 +03:00			`#ifdef Q_OS_WIN`
Fix issue with easyrsa 2021-01-11 16:41:17 +03:00			`p.setProcessEnvironment(prepareEnv());`
Scripts fix for macos 2021-01-08 15:43:45 +03:00			`p.setProgram("cmd.exe");`
easyrsa fix 2021-06-02 17:51:04 +03:00			`p.setNativeArguments(QString("/C \"ash.exe \"%1\" %2\"").arg(getEasyRsaShPath()).arg("init-pki"));`
Migrate to cygwin sh 2021-03-06 15:07:43 +03:00			`qDebug().noquote() << "EasyRsa tmp path" << path;`
			`qDebug().noquote() << "EasyRsa args" << p.nativeArguments();`
Scripts fix for macos 2021-01-08 15:43:45 +03:00			`#else`
			`p.setProgram(getEasyRsaShPath());`
			`p.setArguments(QStringList() << "init-pki");`
			`#endif`
openvpnconfigurator 2020-12-18 14:57:22 +03:00
			`p.setWorkingDirectory(path);`

Migrate to cygwin sh 2021-03-06 15:07:43 +03:00			`QObject::connect(&p, &QProcess::channelReadyRead, [&](){`
			`qDebug().noquote() << "Init PKI" << p.readAll();`
			`});`
Scripts fix for macos 2021-01-08 15:43:45 +03:00
			`p.start();`
openvpnconfigurator 2020-12-18 14:57:22 +03:00			`p.waitForFinished();`

Scripts fix for macos 2021-01-08 15:43:45 +03:00			`if (p.exitCode() == 0) return ErrorCode::NoError;`
			`else return ErrorCode::EasyRsaError;`
ios fixes 2021-09-15 08:03:28 -07:00			`#else`
			`return ErrorCode::NotImplementedError;`
			`#endif`
openvpnconfigurator 2020-12-18 14:57:22 +03:00			`}`

Scripts fix for macos 2021-01-08 15:43:45 +03:00			`ErrorCode OpenVpnConfigurator::genReq(const QString &path, const QString &clientId)`
openvpnconfigurator 2020-12-18 14:57:22 +03:00			`{`
ios fixes 2021-09-15 08:03:28 -07:00			`#ifndef Q_OS_IOS`
openvpnconfigurator 2020-12-18 14:57:22 +03:00			`QProcess p;`
			`p.setProcessChannelMode(QProcess::MergedChannels);`

Scripts fix for macos 2021-01-08 15:43:45 +03:00			`#ifdef Q_OS_WIN`
Fix issue with easyrsa 2021-01-11 16:41:17 +03:00			`p.setProcessEnvironment(prepareEnv());`
Scripts fix for macos 2021-01-08 15:43:45 +03:00			`p.setProgram("cmd.exe");`
easyrsa fix 2021-06-02 17:51:04 +03:00			`p.setNativeArguments(QString("/C \"ash.exe \"%1\" %2 %3 %4\"")`
			`.arg(getEasyRsaShPath())`
			`.arg("gen-req").arg(clientId).arg("nopass"));`

Migrate to cygwin sh 2021-03-06 15:07:43 +03:00			`qDebug().noquote() << "EasyRsa args" << p.nativeArguments();`
Scripts fix for macos 2021-01-08 15:43:45 +03:00			`#else`
			`p.setArguments(QStringList() << "gen-req" << clientId << "nopass");`
			`p.setProgram(getEasyRsaShPath());`
			`#endif`
openvpnconfigurator 2020-12-18 14:57:22 +03:00
			`p.setWorkingDirectory(path);`

			`QObject::connect(&p, &QProcess::channelReadyRead, [&](){`
			`QString data = p.readAll();`
Migrate to cygwin sh 2021-03-06 15:07:43 +03:00			`qDebug().noquote() << data;`
openvpnconfigurator 2020-12-18 14:57:22 +03:00
			`if (data.contains("Common Name (eg: your user, host, or server name)")) {`
			`p.write("\n");`
			`}`
			`});`

Scripts fix for macos 2021-01-08 15:43:45 +03:00			`p.start();`
openvpnconfigurator 2020-12-18 14:57:22 +03:00			`p.waitForFinished();`

Scripts fix for macos 2021-01-08 15:43:45 +03:00			`if (p.exitCode() == 0) return ErrorCode::NoError;`
			`else return ErrorCode::EasyRsaError;`
ios fixes 2021-09-15 08:03:28 -07:00			`#else`
			`return ErrorCode::NotImplementedError;`
			`#endif`
openvpnconfigurator 2020-12-18 14:57:22 +03:00			`}`


			`OpenVpnConfigurator::ConnectionData OpenVpnConfigurator::createCertRequest()`
			`{`
			`OpenVpnConfigurator::ConnectionData connData;`
- no dockerhub 2021-04-04 23:12:36 +03:00			`connData.clientId = Utils::getRandomString(32);`
openvpnconfigurator 2020-12-18 14:57:22 +03:00
			`QTemporaryDir dir;`
Fix some warnings, fix installation scripts (macOS) 2021-01-10 16:50:38 +03:00			`// if (dir.isValid()) {`
			`// // dir.path() returns the unique directory path`
			`// }`
openvpnconfigurator 2020-12-18 14:57:22 +03:00
			`QString path = dir.path();`

			`initPKI(path);`
Scripts fix for macos 2021-01-08 15:43:45 +03:00			`ErrorCode errorCode = genReq(path, connData.clientId);`
openvpnconfigurator 2020-12-18 14:57:22 +03:00
Fix some warnings, fix installation scripts (macOS) 2021-01-10 16:50:38 +03:00			`Q_UNUSED(errorCode)`
openvpnconfigurator 2020-12-18 14:57:22 +03:00
updated 2021-08-15 11:48:31 -07:00			`#if defined Q_OS_LINUX`
			`if (!QDir(path).exists())`
			`{`
			`QDir().mkdir(path);`
			`}`

			`if (!QDir(path + "/pki/").exists())`
			`{`
			`QDir().mkdir(path + "/pki/");`
			`QDir().mkdir(path + "/pki/reqs/");`
			`QDir().mkdir(path + "/pki/private/");`
			`}`
			`#endif`

openvpnconfigurator 2020-12-18 14:57:22 +03:00			`QFile req(path + "/pki/reqs/" + connData.clientId + ".req");`
updated 2021-08-15 11:48:31 -07:00			`req.open(QIODevice::ReadWrite);`
openvpnconfigurator 2020-12-18 14:57:22 +03:00			`connData.request = req.readAll();`

			`QFile key(path + "/pki/private/" + connData.clientId + ".key");`
updated 2021-08-15 11:48:31 -07:00			`key.open(QIODevice::ReadWrite);`
openvpnconfigurator 2020-12-18 14:57:22 +03:00			`connData.privKey = key.readAll();`

Fix some warnings, fix installation scripts (macOS) 2021-01-10 16:50:38 +03:00			`// qDebug().noquote() << connData.request;`
			`// qDebug().noquote() << connData.privKey;`
openvpnconfigurator 2020-12-18 14:57:22 +03:00
			`return connData;`
			`}`

shadowsocks impl 2021-01-15 23:36:35 +03:00			`OpenVpnConfigurator::ConnectionData OpenVpnConfigurator::prepareOpenVpnConfig(const ServerCredentials &credentials,`
refactoring 2021-04-26 23:19:19 +03:00			`DockerContainer container, ErrorCode *errorCode)`
openvpnconfigurator 2020-12-18 14:57:22 +03:00			`{`
			`OpenVpnConfigurator::ConnectionData connData = OpenVpnConfigurator::createCertRequest();`
Refactoring 2021-01-06 17:12:24 +03:00			`connData.host = credentials.hostName;`
openvpnconfigurator 2020-12-18 14:57:22 +03:00
Openvpn scripts fixes 2021-01-07 20:53:42 +03:00			`if (connData.privKey.isEmpty() \|\| connData.request.isEmpty()) {`
shadowsocks impl 2021-01-15 23:36:35 +03:00			`if (errorCode) *errorCode = ErrorCode::EasyRsaExecutableMissing;`
Openvpn scripts fixes 2021-01-07 20:53:42 +03:00			`return connData;`
			`}`

- no dockerhub 2021-04-04 23:12:36 +03:00			`QString reqFileName = QString("%1/%2.req").`
refactoring 2021-04-26 22:54:31 +03:00			`arg(amnezia::protocols::openvpn::clientsDirPath).`
- no dockerhub 2021-04-04 23:12:36 +03:00			`arg(connData.clientId);`
shadowsocks impl 2021-01-15 23:36:35 +03:00
			`ErrorCode e = ServerController::uploadTextFileToContainer(container, credentials, connData.request, reqFileName);`
Refactoring 2021-01-06 17:12:24 +03:00			`if (e) {`
shadowsocks impl 2021-01-15 23:36:35 +03:00			`if (errorCode) *errorCode = e;`
Refactoring 2021-01-06 17:12:24 +03:00			`return connData;`
			`}`
openvpnconfigurator 2020-12-18 14:57:22 +03:00
- no dockerhub 2021-04-04 23:12:36 +03:00			`e = signCert(container, credentials, connData.clientId);`
shadowsocks impl 2021-01-15 23:36:35 +03:00			`if (e) {`
			`if (errorCode) *errorCode = e;`
			`return connData;`
			`}`
openvpnconfigurator 2020-12-18 14:57:22 +03:00
refactoring 2021-04-26 22:54:31 +03:00			`connData.caCert = ServerController::getTextFileFromContainer(container, credentials, amnezia::protocols::openvpn::caCertPath, &e);`
- no dockerhub 2021-04-04 23:12:36 +03:00			`connData.clientCert = ServerController::getTextFileFromContainer(container, credentials,`
refactoring 2021-04-26 22:54:31 +03:00			`QString("%1/%2.crt").arg(amnezia::protocols::openvpn::clientCertPath).arg(connData.clientId), &e);`
- no dockerhub 2021-04-04 23:12:36 +03:00
Refactoring 2021-01-06 17:12:24 +03:00			`if (e) {`
shadowsocks impl 2021-01-15 23:36:35 +03:00			`if (errorCode) *errorCode = e;`
Refactoring 2021-01-06 17:12:24 +03:00			`return connData;`
			`}`
openvpnconfigurator 2020-12-18 14:57:22 +03:00
refactoring 2021-04-26 22:54:31 +03:00			`connData.taKey = ServerController::getTextFileFromContainer(container, credentials, amnezia::protocols::openvpn::taKeyPath, &e);`
shadowsocks impl 2021-01-15 23:36:35 +03:00
			`if (connData.caCert.isEmpty() \|\| connData.clientCert.isEmpty() \|\| connData.taKey.isEmpty()) {`
			`if (errorCode) *errorCode = ErrorCode::RemoteProcessCrashError;`
			`}`
openvpnconfigurator 2020-12-18 14:57:22 +03:00
			`return connData;`
			`}`

Custom routing done 2021-02-18 15:00:41 +03:00			`Settings &OpenVpnConfigurator::m_settings()`
			`{`
			`static Settings s;`
			`return s;`
			`}`

shadowsocks impl 2021-01-15 23:36:35 +03:00			`QString OpenVpnConfigurator::genOpenVpnConfig(const ServerCredentials &credentials,`
Multiprotocol support 2021-05-07 23:28:37 +03:00			`DockerContainer container, const QJsonObject &containerConfig, ErrorCode *errorCode)`
openvpnconfigurator 2020-12-18 14:57:22 +03:00			`{`
Multiprotocol support 2021-05-07 23:28:37 +03:00			`QString config = ServerController::replaceVars(amnezia::scriptData(ProtocolScriptType::openvpn_template, container),`
			`ServerController::genVarsForScript(credentials, container, containerConfig));`
openvpnconfigurator 2020-12-18 14:57:22 +03:00
refactoring 2021-04-26 23:19:19 +03:00			`ConnectionData connData = prepareOpenVpnConfig(credentials, container, errorCode);`
- no dockerhub 2021-04-04 23:12:36 +03:00			`if (errorCode && *errorCode) {`
			`return "";`
			`}`
shadowsocks impl 2021-01-15 23:36:35 +03:00
Multiprotocol support 2021-05-07 23:28:37 +03:00			`config.replace("$OPENVPN_CA_CERT", connData.caCert);`
			`config.replace("$OPENVPN_CLIENT_CERT", connData.clientCert);`
			`config.replace("$OPENVPN_PRIV_KEY", connData.privKey);`
win7 support fixes 2021-05-18 15:50:52 +03:00
			`if (config.contains("$OPENVPN_TA_KEY")) {`
			`config.replace("$OPENVPN_TA_KEY", connData.taKey);`
			`}`
			`else {`
			`config.replace("<tls-auth>", "");`
			`config.replace("</tls-auth>", "");`
			`}`
openvpnconfigurator 2020-12-18 14:57:22 +03:00
updated linux build 2021-08-04 10:08:00 -07:00			`#if defined Q_OS_MAC \|\| defined(Q_OS_LINUX)`
ShadowSocks fixes for MacOS 2021-02-21 09:44:53 -08:00			`config.replace("block-outside-dns", "");`
			`#endif`
Config export 2021-05-10 02:33:31 +03:00
Custom routing done 2021-02-18 15:00:41 +03:00			`//qDebug().noquote() << config;`
- Crash fix if service not connected 2021-05-20 15:59:58 +03:00			`return config;`
Config export 2021-05-10 02:33:31 +03:00			`}`

			`QString OpenVpnConfigurator::processConfigWithLocalSettings(QString config)`
			`{`
			`// TODO replace DNS if it already set`
			`config.replace("$PRIMARY_DNS", m_settings().primaryDns());`
			`config.replace("$SECONDARY_DNS", m_settings().secondaryDns());`

Wireguard protocol + refactoring 2021-06-12 11:59:36 +03:00			`if (m_settings().routeMode() != Settings::VpnAllSites) {`
Config export 2021-05-10 02:33:31 +03:00			`config.replace("redirect-gateway def1 bypass-dhcp", "");`
			`}`
win7 support fixes 2021-05-18 15:50:52 +03:00			`else {`
			`if(!config.contains("redirect-gateway def1 bypass-dhcp")) {`
			`config.append("redirect-gateway def1 bypass-dhcp\n");`
			`}`
			`}`
Config export 2021-05-10 02:33:31 +03:00
updated linux build 2021-08-04 10:08:00 -07:00			`#if defined Q_OS_MAC \|\| defined(Q_OS_LINUX)`
macos fix 2021-05-11 09:36:43 -07:00			`config.replace("block-outside-dns", "");`
macos dns setup fixed 2021-05-13 08:23:56 -07:00			`QString dnsConf = QString(`
			`"\nscript-security 2\n"`
			`"up %1/update-resolv-conf.sh\n"`
			`"down %1/update-resolv-conf.sh\n").`
			`arg(qApp->applicationDirPath());`

			`config.append(dnsConf);`
macos fix 2021-05-11 09:36:43 -07:00			`#endif`

openvpnconfigurator 2020-12-18 14:57:22 +03:00			`return config;`
			`}`
Ssh key auth support added 2021-03-14 21:19:11 +03:00
- Crash fix if service not connected 2021-05-20 15:59:58 +03:00			`QString OpenVpnConfigurator::processConfigWithExportSettings(QString config)`
			`{`
			`config.replace("$PRIMARY_DNS", m_settings().primaryDns());`
			`config.replace("$SECONDARY_DNS", m_settings().secondaryDns());`

			`if(!config.contains("redirect-gateway def1 bypass-dhcp")) {`
			`config.append("redirect-gateway def1 bypass-dhcp\n");`
			`}`

updated linux build 2021-08-04 10:08:00 -07:00			`#if defined Q_OS_MAC \|\| defined(Q_OS_LINUX)`
- Crash fix if service not connected 2021-05-20 15:59:58 +03:00			`config.replace("block-outside-dns", "");`
			`#endif`

			`return config;`
			`}`

- no dockerhub 2021-04-04 23:12:36 +03:00			`ErrorCode OpenVpnConfigurator::signCert(DockerContainer container,`
			`const ServerCredentials &credentials, QString clientId)`
			`{`
			`QString script_import = QString("sudo docker exec -i %1 bash -c \"cd /opt/amnezia/openvpn && "`
			`"easyrsa import-req %2/%3.req %3\"")`
Various types containers support 2021-09-20 21:51:28 +03:00			`.arg(ContainerProps::containerToString(container))`
refactoring 2021-04-26 22:54:31 +03:00			`.arg(amnezia::protocols::openvpn::clientsDirPath)`
- no dockerhub 2021-04-04 23:12:36 +03:00			`.arg(clientId);`

			`QString script_sign = QString("sudo docker exec -i %1 bash -c \"export EASYRSA_BATCH=1; cd /opt/amnezia/openvpn && "`
			`"easyrsa sign-req client %2\"")`
Various types containers support 2021-09-20 21:51:28 +03:00			`.arg(ContainerProps::containerToString(container))`
- no dockerhub 2021-04-04 23:12:36 +03:00			`.arg(clientId);`

			`QStringList scriptList {script_import, script_sign};`
			`QString script = ServerController::replaceVars(scriptList.join("\n"), ServerController::genVarsForScript(credentials, container));`

			`return ServerController::runScript(ServerController::sshParams(credentials), script);`
			`}`