diff --git a/client/core/openvpnconfigurator.cpp b/client/core/openvpnconfigurator.cpp
index 9e18c028..fcbfbbac 100644
--- a/client/core/openvpnconfigurator.cpp
+++ b/client/core/openvpnconfigurator.cpp
@@ -190,6 +190,8 @@ OpenVpnConfigurator::ConnectionData OpenVpnConfigurator::prepareOpenVpnConfig(co
if (errorCode) *errorCode = ErrorCode::RemoteProcessCrashError;
}
+ ServerController::setupServerFirewall(credentials);
+
return connData;
}
diff --git a/client/core/openvpnconfigurator.h b/client/core/openvpnconfigurator.h
index dc0d1ec0..182aa7d3 100644
--- a/client/core/openvpnconfigurator.h
+++ b/client/core/openvpnconfigurator.h
@@ -37,7 +37,6 @@ private:
static ConnectionData prepareOpenVpnConfig(const ServerCredentials &credentials,
Protocol proto, ErrorCode *errorCode = nullptr);
-
};
#endif // OPENVPNCONFIGURATOR_H
diff --git a/client/core/servercontroller.cpp b/client/core/servercontroller.cpp
index c559a24d..2042d2af 100644
--- a/client/core/servercontroller.cpp
+++ b/client/core/servercontroller.cpp
@@ -54,7 +54,7 @@ ErrorCode ServerController::runScript(DockerContainer container,
}
QEventLoop wait;
- int exitStatus;
+ int exitStatus = -1;
// QObject::connect(proc.data(), &SshRemoteProcess::started, &wait, [](){
// qDebug() << "Command started";
@@ -66,22 +66,22 @@ ErrorCode ServerController::runScript(DockerContainer container,
wait.quit();
});
-// QObject::connect(proc.data(), &SshRemoteProcess::readyReadStandardOutput, [proc](){
-// QString s = proc->readAllStandardOutput();
-// if (s != "." && !s.isEmpty()) {
-// qDebug().noquote() << s;
-// }
-// });
+ QObject::connect(proc.data(), &SshRemoteProcess::readyReadStandardOutput, [proc](){
+ QString s = proc->readAllStandardOutput();
+ if (s != "." && !s.isEmpty()) {
+ qDebug().noquote() << s;
+ }
+ });
-// QObject::connect(proc.data(), &SshRemoteProcess::readyReadStandardError, [proc](){
-// QString s = proc->readAllStandardError();
-// if (s != "." && !s.isEmpty()) {
-// qDebug().noquote() << s;
-// }
-// });
+ QObject::connect(proc.data(), &SshRemoteProcess::readyReadStandardError, [proc](){
+ QString s = proc->readAllStandardError();
+ if (s != "." && !s.isEmpty()) {
+ qDebug().noquote() << s;
+ }
+ });
proc->start();
- if (i < lines.count()) {
+ if (i < lines.count() && exitStatus < 0) {
wait.exec();
}
@@ -117,7 +117,7 @@ ErrorCode ServerController::uploadTextFileToContainer(DockerContainer container,
}
QEventLoop wait;
- int exitStatus = 0;
+ int exitStatus = -1;
// QObject::connect(proc.data(), &SshRemoteProcess::started, &wait, [](){
// qDebug() << "Command started";
@@ -138,11 +138,11 @@ ErrorCode ServerController::uploadTextFileToContainer(DockerContainer container,
});
proc->start();
- wait.exec();
+ //wait.exec();
-// if (proc->isRunning()) {
-// wait.exec();
-// }
+ if (exitStatus < 0) {
+ wait.exec();
+ }
return fromSshProcessExitStatus(exitStatus);
}
@@ -176,10 +176,15 @@ QString ServerController::getTextFileFromContainer(DockerContainer container,
wait.quit();
});
+ QObject::connect(proc.data(), &SshRemoteProcess::started, &wait, [&](){
+ qDebug() << "ServerController::getTextFileFromContainer proc started";
+ exitStatus = -1;
+ });
+
proc->start();
wait.exec();
-// if (proc->isRunning()) {
+// if (exitStatus < 0) {
// wait.exec();
// }
@@ -421,3 +426,12 @@ SshConnection *ServerController::connectToHost(const SshConnectionParameters &ss
return client;
}
+
+ErrorCode ServerController::setupServerFirewall(const ServerCredentials &credentials)
+{
+ QFile file(":/server_scripts/setup_firewall.sh");
+ file.open(QIODevice::ReadOnly);
+
+ QString script = file.readAll();
+ return runScript(DockerContainer::OpenVpn, sshParams(credentials), script);
+}
diff --git a/client/core/servercontroller.h b/client/core/servercontroller.h
index ad2d7e22..56289b21 100644
--- a/client/core/servercontroller.h
+++ b/client/core/servercontroller.h
@@ -44,6 +44,7 @@ public:
static int ssContainerPort() { return 8585; } // TODO move to ShadowSocksDefs.h
static QString ssEncryption() { return "chacha20-ietf-poly1305"; } // TODO move to ShadowSocksDefs.h
+ static ErrorCode setupServerFirewall(const ServerCredentials &credentials);
private:
static QSsh::SshConnection *connectToHost(const QSsh::SshConnectionParameters &sshParams);
static ErrorCode runScript(DockerContainer container,
diff --git a/client/platform_win/vpnclient.rc b/client/platform_win/vpnclient.rc
index 7b0155b0..16f1f4d7 100644
--- a/client/platform_win/vpnclient.rc
+++ b/client/platform_win/vpnclient.rc
@@ -18,7 +18,7 @@ IDI_ICON1 ICON "../images/app.ico"
#define VER_ORIGINALFILENAME_STR "amneziavpn.exe"
#define VER_PRODUCTNAME_STR "AmneziaVPN"
-#define VER_COMPANYDOMAIN_STR "http://amnezia.org/"
+#define VER_COMPANYDOMAIN_STR "https://amnezia.org/"
VS_VERSION_INFO VERSIONINFO
FILEVERSION VER_FILEVERSION
diff --git a/client/resources.qrc b/client/resources.qrc
index e212d15e..b20355a1 100644
--- a/client/resources.qrc
+++ b/client/resources.qrc
@@ -39,5 +39,6 @@
images/background_connected.png
server_scripts/setup_shadowsocks_server.sh
server_scripts/template_shadowsocks.ovpn
+ server_scripts/setup_firewall.sh
diff --git a/client/server_scripts/setup_firewall.sh b/client/server_scripts/setup_firewall.sh
new file mode 100644
index 00000000..706a7a44
--- /dev/null
+++ b/client/server_scripts/setup_firewall.sh
@@ -0,0 +1,3 @@
+sysctl -w net.ipv4.ip_forward=1
+iptables -P FORWARD ACCEPT
+iptables -A INPUT -p icmp --icmp-type echo-request -j DROP
diff --git a/client/server_scripts/setup_openvpn_server.sh b/client/server_scripts/setup_openvpn_server.sh
index ad05b708..c29f5187 100644
--- a/client/server_scripts/setup_openvpn_server.sh
+++ b/client/server_scripts/setup_openvpn_server.sh
@@ -7,7 +7,7 @@ systemctl start docker
docker stop $CONTAINER_NAME
docker rm -f $CONTAINER_NAME
docker pull amneziavpn/openvpn:latest
-docker run -d --restart always --cap-add=NET_ADMIN -p 1194:1194/udp --name $CONTAINER_NAME amneziavpn/openvpn:latest
+docker run -d --restart always --cap-add=NET_ADMIN -e HOST_ADDR=$(curl -s https://api.ipify.org) -p 1194:1194/udp --name $CONTAINER_NAME amneziavpn/openvpn:latest
docker exec -i $CONTAINER_NAME sh -c "mkdir -p /opt/amneziavpn_data/clients"
@@ -18,4 +18,4 @@ docker exec -i $CONTAINER_NAME sh -c "cd /opt/amneziavpn_data && cp pki/dh.pem /
docker exec -i $CONTAINER_NAME sh -c "cd /opt/amneziavpn_data && easyrsa sign-req server MyReq << EOF3 yes EOF3"
docker exec -i $CONTAINER_NAME sh -c "cd /opt/amneziavpn_data && openvpn --genkey --secret ta.key << EOF4"
docker exec -i $CONTAINER_NAME sh -c "cd /opt/amneziavpn_data && cp pki/ca.crt pki/issued/MyReq.crt pki/private/MyReq.key ta.key /etc/openvpn"
-docker exec -i $CONTAINER_NAME sh -c "openvpn --config /etc/openvpn/server.conf &"
+docker exec -d $CONTAINER_NAME sh -c "openvpn --config /etc/openvpn/server.conf"
diff --git a/client/server_scripts/setup_shadowsocks_server.sh b/client/server_scripts/setup_shadowsocks_server.sh
index 87705aba..11634f8f 100644
--- a/client/server_scripts/setup_shadowsocks_server.sh
+++ b/client/server_scripts/setup_shadowsocks_server.sh
@@ -18,4 +18,4 @@ docker exec -i $CONTAINER_NAME sh -c "cd /opt/amneziavpn_data && cp pki/dh.pem /
docker exec -i $CONTAINER_NAME sh -c "cd /opt/amneziavpn_data && easyrsa sign-req server MyReq << EOF3 yes EOF3"
docker exec -i $CONTAINER_NAME sh -c "cd /opt/amneziavpn_data && openvpn --genkey --secret ta.key << EOF4"
docker exec -i $CONTAINER_NAME sh -c "cd /opt/amneziavpn_data && cp pki/ca.crt pki/issued/MyReq.crt pki/private/MyReq.key ta.key /etc/openvpn"
-docker exec -i $CONTAINER_NAME sh -c "openvpn --config /etc/openvpn/server.conf &"
+docker exec -d $CONTAINER_NAME sh -c "openvpn --config /etc/openvpn/server.conf"