From a96f9dc18af6e98b79ac9e190ca8d8a71725c964 Mon Sep 17 00:00:00 2001
From: Mykola Baibuz <mykola.baibuz@gmail.com>
Date: Sat, 24 Aug 2024 00:57:47 +0300
Subject: [PATCH] Start and Stop for Linux tunnel

---
 client/protocols/ikev2_vpn_protocol_linux.cpp | 19 ++++----
 ipc/ipc_interface.rep                         |  6 ++-
 ipc/ipcserver.cpp                             | 45 +++++++++++++++++--
 ipc/ipcserver.h                               |  5 ++-
 4 files changed, 60 insertions(+), 15 deletions(-)

diff --git a/client/protocols/ikev2_vpn_protocol_linux.cpp b/client/protocols/ikev2_vpn_protocol_linux.cpp
index 9465036b..6bf3205c 100644
--- a/client/protocols/ikev2_vpn_protocol_linux.cpp
+++ b/client/protocols/ikev2_vpn_protocol_linux.cpp
@@ -28,13 +28,13 @@ Ikev2Protocol::Ikev2Protocol(const QJsonObject &configuration, QObject* parent)
 Ikev2Protocol::~Ikev2Protocol()
 {
     qDebug() << "IpsecProtocol::~IpsecProtocol()";
-    disconnect_vpn();
     Ikev2Protocol::stop();
 }
 
 void Ikev2Protocol::stop()
 {
     setConnectionState(Vpn::ConnectionState::Disconnected);
+    Ikev2Protocol::disconnect_vpn();
     qDebug() << "IpsecProtocol::stop()";
 }
 
@@ -74,9 +74,10 @@ ErrorCode Ikev2Protocol::start()
     IpcClient::Interface()->writeIPsecConfig(m_config[config_key::config].toString());
     IpcClient::Interface()->writeIPsecCaCert(m_config[config_key::cacert].toString(), m_config[config_key::userName].toString());
     IpcClient::Interface()->writeIPsecPrivate(m_config[config_key::cert].toString(), m_config[config_key::userName].toString());
-    IpcClient::Interface()->writeIPsecPrivatePass(m_config[config_key::password].toString(), m_config[config_key::userName].toString());
-
+    IpcClient::Interface()->writeIPsecPrivatePass(m_config[config_key::password].toString(), m_config[config_key::hostName].toString(),
+                                                  m_config[config_key::userName].toString());
 
+    connect_to_vpn("ikev2-vpn");
     setConnectionState(Vpn::ConnectionState::Connected);
     return ErrorCode::NoError;
 }
@@ -92,10 +93,12 @@ bool Ikev2Protocol::delete_vpn_connection(const QString &vpn_name){
     return false;
 }
 //~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-bool Ikev2Protocol::connect_to_vpn(const QString & vpn_name){
-    return false;
-}
-//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-bool Ikev2Protocol::disconnect_vpn(){
+bool Ikev2Protocol::connect_to_vpn(const QString &vpn_name) {
+    IpcClient::Interface()->startIPsec(vpn_name);
+    return true;
+}
+//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+bool Ikev2Protocol::disconnect_vpn() {
+    IpcClient::Interface()->stopIPsec("ikev2-vpn");
     return true;
 }
diff --git a/ipc/ipc_interface.rep b/ipc/ipc_interface.rep
index 02e8c524..f29425e0 100644
--- a/ipc/ipc_interface.rep
+++ b/ipc/ipc_interface.rep
@@ -37,6 +37,10 @@ class IpcInterface
     SLOT( bool writeIPsecPrivate(QString privKey, QString uuid) );
     SLOT( bool writeIPsecConfig(QString config) );
     SLOT( bool writeIPsecUserCert(QString usercert, QString uuid) );
-    SLOT( bool writeIPsecPrivatePass(QString pass, QString uuid) );
+    SLOT( bool writeIPsecPrivatePass(QString pass, QString host, QString uuid) );
+
+    SLOT( bool stopIPsec(QString tunnelName) );
+    SLOT( bool startIPsec(QString tunnelName) );
+
 };
 
diff --git a/ipc/ipcserver.cpp b/ipc/ipcserver.cpp
index cd0bcf57..7034465c 100644
--- a/ipc/ipcserver.cpp
+++ b/ipc/ipcserver.cpp
@@ -182,6 +182,7 @@ void IpcServer::StartRoutingIpv6()
 {
     Router::StartRoutingIpv6();
 }
+
 void IpcServer::StopRoutingIpv6()
 {
     Router::StopRoutingIpv6();
@@ -201,7 +202,6 @@ void IpcServer::setLogsEnabled(bool enabled)
     }
 }
 
-
 bool IpcServer::enableKillSwitch(const QJsonObject &configStr, int vpnAdapterIndex)
 {
 #ifdef Q_OS_WIN
@@ -288,7 +288,6 @@ bool IpcServer::enableKillSwitch(const QJsonObject &configStr, int vpnAdapterInd
     MacOSFirewall::setAnchorEnabled(QStringLiteral("310.blockDNS"), true);
     MacOSFirewall::setAnchorTable(QStringLiteral("310.blockDNS"), true, QStringLiteral("dnsaddr"), dnsServers);
 #endif
-
     return true;
 }
 
@@ -309,6 +308,44 @@ bool IpcServer::disableKillSwitch()
     return true;
 }
 
+bool IpcServer::startIPsec(QString tunnelName)
+{
+    QProcess process;
+    QStringList commands;
+    commands << "ipsec" << "up" << QString("%1").arg(tunnelName);
+    process.start("sudo", commands);
+    if (!process.waitForStarted(1000))
+    {
+        qDebug().noquote() << "Could not start ipsec tunnel!\n";
+        return false;
+    }
+    else if (!process.waitForFinished(2000))
+    {
+        qDebug().noquote() << "Could not start ipsec tunnel\n";
+        return false;
+    }
+    commands.clear();
+}
+
+bool IpcServer::stopIPsec(QString tunnelName)
+{
+    QProcess process;
+    QStringList commands;
+    commands << "ipsec" << "down" << QString("%1").arg(tunnelName);
+    process.start("sudo", commands);
+    if (!process.waitForStarted(1000))
+    {
+        qDebug().noquote() << "Could not stop ipsec tunnel\n";
+        return false;
+    }
+    else if (!process.waitForFinished(2000))
+    {
+        qDebug().noquote() << "Could not stop ipsec tunnel\n";
+        return false;
+    }
+    commands.clear();
+}
+
 bool IpcServer::writeIPsecConfig(QString config)
 {
 #ifdef Q_OS_LINUX
@@ -366,12 +403,12 @@ bool IpcServer::writeIPsecPrivate(QString privKey, QString uuid)
 }
 
 
-bool IpcServer::writeIPsecPrivatePass(QString pass, QString uuid)
+bool IpcServer::writeIPsecPrivatePass(QString pass, QString host, QString uuid)
 {
 #ifdef Q_OS_LINUX
     qDebug() << "IPSEC: User private key " << uuid;
     QFile secretsFile("/etc/ipsec.secrets");
-    QString P12 = QString(": P12 %1.p12 \"%2\" \n").arg(uuid, pass);
+    QString P12 = QString("%any %1 : P12 %2.p12 \"%3\" \n").arg(host, uuid, pass);
     if (secretsFile.open(QIODevice::WriteOnly | QIODevice::Append)) {
         secretsFile.write(P12.toUtf8());
         secretsFile.close();
diff --git a/ipc/ipcserver.h b/ipc/ipcserver.h
index 43ab3210..63b195d3 100644
--- a/ipc/ipcserver.h
+++ b/ipc/ipcserver.h
@@ -39,8 +39,9 @@ public:
     virtual bool writeIPsecPrivate(QString privKey, QString uuid) override;
     virtual bool writeIPsecConfig(QString config) override;
     virtual bool writeIPsecUserCert(QString usercert, QString uuid) override;
-    virtual bool writeIPsecPrivatePass(QString pass, QString uuid) override;
-
+    virtual bool writeIPsecPrivatePass(QString pass, QString host, QString uuid) override;
+    virtual bool stopIPsec(QString tunnelName) override;
+    virtual bool startIPsec(QString tunnelName) override;
 
 private:
     int m_localpid = 0;