From 68e0ba9923f038f28c2f318b4b14e7c13451516d Mon Sep 17 00:00:00 2001
From: pokamest <pokamest@gmail.com>
Date: Thu, 21 Jan 2021 19:14:07 +0300
Subject: [PATCH] server scripts fix

---
 client/core/openvpnconfigurator.cpp           |  2 +
 client/core/openvpnconfigurator.h             |  1 -
 client/core/servercontroller.cpp              | 54 ++++++++++++-------
 client/core/servercontroller.h                |  1 +
 client/platform_win/vpnclient.rc              |  2 +-
 client/resources.qrc                          |  1 +
 client/server_scripts/setup_firewall.sh       |  3 ++
 client/server_scripts/setup_openvpn_server.sh |  4 +-
 .../setup_shadowsocks_server.sh               |  2 +-
 9 files changed, 45 insertions(+), 25 deletions(-)
 create mode 100644 client/server_scripts/setup_firewall.sh

diff --git a/client/core/openvpnconfigurator.cpp b/client/core/openvpnconfigurator.cpp
index 9e18c028..fcbfbbac 100644
--- a/client/core/openvpnconfigurator.cpp
+++ b/client/core/openvpnconfigurator.cpp
@@ -190,6 +190,8 @@ OpenVpnConfigurator::ConnectionData OpenVpnConfigurator::prepareOpenVpnConfig(co
         if (errorCode) *errorCode = ErrorCode::RemoteProcessCrashError;
     }
 
+    ServerController::setupServerFirewall(credentials);
+
     return connData;
 }
 
diff --git a/client/core/openvpnconfigurator.h b/client/core/openvpnconfigurator.h
index dc0d1ec0..182aa7d3 100644
--- a/client/core/openvpnconfigurator.h
+++ b/client/core/openvpnconfigurator.h
@@ -37,7 +37,6 @@ private:
 
     static ConnectionData prepareOpenVpnConfig(const ServerCredentials &credentials,
         Protocol proto, ErrorCode *errorCode = nullptr);
-
 };
 
 #endif // OPENVPNCONFIGURATOR_H
diff --git a/client/core/servercontroller.cpp b/client/core/servercontroller.cpp
index c559a24d..2042d2af 100644
--- a/client/core/servercontroller.cpp
+++ b/client/core/servercontroller.cpp
@@ -54,7 +54,7 @@ ErrorCode ServerController::runScript(DockerContainer container,
         }
 
         QEventLoop wait;
-        int exitStatus;
+        int exitStatus = -1;
 
         //        QObject::connect(proc.data(), &SshRemoteProcess::started, &wait, [](){
         //            qDebug() << "Command started";
@@ -66,22 +66,22 @@ ErrorCode ServerController::runScript(DockerContainer container,
             wait.quit();
         });
 
-//        QObject::connect(proc.data(), &SshRemoteProcess::readyReadStandardOutput, [proc](){
-//            QString s = proc->readAllStandardOutput();
-//            if (s != "." && !s.isEmpty()) {
-//                qDebug().noquote() << s;
-//            }
-//        });
+        QObject::connect(proc.data(), &SshRemoteProcess::readyReadStandardOutput, [proc](){
+            QString s = proc->readAllStandardOutput();
+            if (s != "." && !s.isEmpty()) {
+                qDebug().noquote() << s;
+            }
+        });
 
-//        QObject::connect(proc.data(), &SshRemoteProcess::readyReadStandardError, [proc](){
-//            QString s = proc->readAllStandardError();
-//            if (s != "." && !s.isEmpty()) {
-//                qDebug().noquote() << s;
-//            }
-//        });
+        QObject::connect(proc.data(), &SshRemoteProcess::readyReadStandardError, [proc](){
+            QString s = proc->readAllStandardError();
+            if (s != "." && !s.isEmpty()) {
+                qDebug().noquote() << s;
+            }
+        });
 
         proc->start();
-        if (i < lines.count()) {
+        if (i < lines.count() && exitStatus < 0) {
             wait.exec();
         }
 
@@ -117,7 +117,7 @@ ErrorCode ServerController::uploadTextFileToContainer(DockerContainer container,
     }
 
     QEventLoop wait;
-    int exitStatus = 0;
+    int exitStatus = -1;
 
     //    QObject::connect(proc.data(), &SshRemoteProcess::started, &wait, [](){
     //        qDebug() << "Command started";
@@ -138,11 +138,11 @@ ErrorCode ServerController::uploadTextFileToContainer(DockerContainer container,
     });
 
     proc->start();
-    wait.exec();
+    //wait.exec();
 
-//    if (proc->isRunning()) {
-//        wait.exec();
-//    }
+    if (exitStatus < 0) {
+        wait.exec();
+    }
 
     return fromSshProcessExitStatus(exitStatus);
 }
@@ -176,10 +176,15 @@ QString ServerController::getTextFileFromContainer(DockerContainer container,
         wait.quit();
     });
 
+    QObject::connect(proc.data(), &SshRemoteProcess::started, &wait, [&](){
+        qDebug() << "ServerController::getTextFileFromContainer proc started";
+        exitStatus = -1;
+    });
+
     proc->start();
     wait.exec();
 
-//    if (proc->isRunning()) {
+//    if (exitStatus < 0) {
 //        wait.exec();
 //    }
 
@@ -421,3 +426,12 @@ SshConnection *ServerController::connectToHost(const SshConnectionParameters &ss
 
     return client;
 }
+
+ErrorCode ServerController::setupServerFirewall(const ServerCredentials &credentials)
+{
+    QFile file(":/server_scripts/setup_firewall.sh");
+    file.open(QIODevice::ReadOnly);
+
+    QString script = file.readAll();
+    return runScript(DockerContainer::OpenVpn, sshParams(credentials), script);
+}
diff --git a/client/core/servercontroller.h b/client/core/servercontroller.h
index ad2d7e22..56289b21 100644
--- a/client/core/servercontroller.h
+++ b/client/core/servercontroller.h
@@ -44,6 +44,7 @@ public:
     static int ssContainerPort() { return 8585; } // TODO move to ShadowSocksDefs.h
     static QString ssEncryption() { return "chacha20-ietf-poly1305"; } // TODO move to ShadowSocksDefs.h
 
+    static ErrorCode setupServerFirewall(const ServerCredentials &credentials);
 private:
     static QSsh::SshConnection *connectToHost(const QSsh::SshConnectionParameters &sshParams);
     static ErrorCode runScript(DockerContainer container,
diff --git a/client/platform_win/vpnclient.rc b/client/platform_win/vpnclient.rc
index 7b0155b0..16f1f4d7 100644
--- a/client/platform_win/vpnclient.rc
+++ b/client/platform_win/vpnclient.rc
@@ -18,7 +18,7 @@ IDI_ICON1               ICON                    "../images/app.ico"
 #define VER_ORIGINALFILENAME_STR    "amneziavpn.exe"
 #define VER_PRODUCTNAME_STR         "AmneziaVPN"
 
-#define VER_COMPANYDOMAIN_STR       "http://amnezia.org/"
+#define VER_COMPANYDOMAIN_STR       "https://amnezia.org/"
 
 VS_VERSION_INFO VERSIONINFO
 FILEVERSION VER_FILEVERSION
diff --git a/client/resources.qrc b/client/resources.qrc
index e212d15e..b20355a1 100644
--- a/client/resources.qrc
+++ b/client/resources.qrc
@@ -39,5 +39,6 @@
         <file>images/background_connected.png</file>
         <file>server_scripts/setup_shadowsocks_server.sh</file>
         <file>server_scripts/template_shadowsocks.ovpn</file>
+        <file>server_scripts/setup_firewall.sh</file>
     </qresource>
 </RCC>
diff --git a/client/server_scripts/setup_firewall.sh b/client/server_scripts/setup_firewall.sh
new file mode 100644
index 00000000..706a7a44
--- /dev/null
+++ b/client/server_scripts/setup_firewall.sh
@@ -0,0 +1,3 @@
+sysctl -w net.ipv4.ip_forward=1
+iptables -P FORWARD ACCEPT
+iptables -A INPUT -p icmp --icmp-type echo-request -j DROP
diff --git a/client/server_scripts/setup_openvpn_server.sh b/client/server_scripts/setup_openvpn_server.sh
index ad05b708..c29f5187 100644
--- a/client/server_scripts/setup_openvpn_server.sh
+++ b/client/server_scripts/setup_openvpn_server.sh
@@ -7,7 +7,7 @@ systemctl start docker
 docker stop $CONTAINER_NAME
 docker rm -f $CONTAINER_NAME
 docker pull amneziavpn/openvpn:latest
-docker run -d --restart always --cap-add=NET_ADMIN -p 1194:1194/udp --name $CONTAINER_NAME amneziavpn/openvpn:latest
+docker run -d --restart always --cap-add=NET_ADMIN -e HOST_ADDR=$(curl -s https://api.ipify.org) -p 1194:1194/udp --name $CONTAINER_NAME amneziavpn/openvpn:latest
 
 
 docker exec -i $CONTAINER_NAME sh -c "mkdir -p /opt/amneziavpn_data/clients"
@@ -18,4 +18,4 @@ docker exec -i $CONTAINER_NAME sh -c "cd /opt/amneziavpn_data && cp pki/dh.pem /
 docker exec -i $CONTAINER_NAME sh -c "cd /opt/amneziavpn_data && easyrsa sign-req server MyReq << EOF3 yes EOF3"
 docker exec -i $CONTAINER_NAME sh -c "cd /opt/amneziavpn_data && openvpn --genkey --secret ta.key << EOF4"
 docker exec -i $CONTAINER_NAME sh -c "cd /opt/amneziavpn_data && cp pki/ca.crt pki/issued/MyReq.crt pki/private/MyReq.key ta.key /etc/openvpn"
-docker exec -i $CONTAINER_NAME sh -c "openvpn --config /etc/openvpn/server.conf &"
+docker exec -d $CONTAINER_NAME sh -c "openvpn --config /etc/openvpn/server.conf"
diff --git a/client/server_scripts/setup_shadowsocks_server.sh b/client/server_scripts/setup_shadowsocks_server.sh
index 87705aba..11634f8f 100644
--- a/client/server_scripts/setup_shadowsocks_server.sh
+++ b/client/server_scripts/setup_shadowsocks_server.sh
@@ -18,4 +18,4 @@ docker exec -i $CONTAINER_NAME sh -c "cd /opt/amneziavpn_data && cp pki/dh.pem /
 docker exec -i $CONTAINER_NAME sh -c "cd /opt/amneziavpn_data && easyrsa sign-req server MyReq << EOF3 yes EOF3"
 docker exec -i $CONTAINER_NAME sh -c "cd /opt/amneziavpn_data && openvpn --genkey --secret ta.key << EOF4"
 docker exec -i $CONTAINER_NAME sh -c "cd /opt/amneziavpn_data && cp pki/ca.crt pki/issued/MyReq.crt pki/private/MyReq.key ta.key /etc/openvpn"
-docker exec -i $CONTAINER_NAME sh -c "openvpn --config /etc/openvpn/server.conf &"
+docker exec -d $CONTAINER_NAME sh -c "openvpn --config /etc/openvpn/server.conf"