AZEN-SGG/amnezia-client
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Start and Stop for Linux tunnel

Browse source
This commit is contained in:
Mykola Baibuz 2024-08-24 00:57:47 +03:00
parent 654d219e7e
commit a96f9dc18a
4 changed files with 60 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

11
client/protocols/ikev2_vpn_protocol_linux.cpp
View file

@ -28,13 +28,13 @@ Ikev2Protocol::Ikev2Protocol(const QJsonObject &configuration, QObject* parent)
Ikev2Protocol::~Ikev2Protocol() Ikev2Protocol::~Ikev2Protocol()
{ {
qDebug() << "IpsecProtocol::~IpsecProtocol()"; qDebug() << "IpsecProtocol::~IpsecProtocol()";
disconnect_vpn();
Ikev2Protocol::stop(); Ikev2Protocol::stop();
} }
void Ikev2Protocol::stop() void Ikev2Protocol::stop()
{ {
setConnectionState(Vpn::ConnectionState::Disconnected); setConnectionState(Vpn::ConnectionState::Disconnected);
Ikev2Protocol::disconnect_vpn();
qDebug() << "IpsecProtocol::stop()"; qDebug() << "IpsecProtocol::stop()";
} }
@ -74,9 +74,10 @@ ErrorCode Ikev2Protocol::start()
IpcClient::Interface()->writeIPsecConfig(m_config[config_key::config].toString()); IpcClient::Interface()->writeIPsecConfig(m_config[config_key::config].toString());
IpcClient::Interface()->writeIPsecCaCert(m_config[config_key::cacert].toString(), m_config[config_key::userName].toString()); IpcClient::Interface()->writeIPsecCaCert(m_config[config_key::cacert].toString(), m_config[config_key::userName].toString());
IpcClient::Interface()->writeIPsecPrivate(m_config[config_key::cert].toString(), m_config[config_key::userName].toString()); IpcClient::Interface()->writeIPsecPrivate(m_config[config_key::cert].toString(), m_config[config_key::userName].toString());
IpcClient::Interface()->writeIPsecPrivatePass(m_config[config_key::password].toString(), m_config[config_key::userName].toString()); IpcClient::Interface()->writeIPsecPrivatePass(m_config[config_key::password].toString(), m_config[config_key::hostName].toString(),
m_config[config_key::userName].toString());
connect_to_vpn("ikev2-vpn");
setConnectionState(Vpn::ConnectionState::Connected); setConnectionState(Vpn::ConnectionState::Connected);
return ErrorCode::NoError; return ErrorCode::NoError;
} }
@ -93,9 +94,11 @@ bool Ikev2Protocol::delete_vpn_connection(const QString &vpn_name){
} }
//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ //~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
bool Ikev2Protocol::connect_to_vpn(const QString &vpn_name) { bool Ikev2Protocol::connect_to_vpn(const QString &vpn_name) {
return false; IpcClient::Interface()->startIPsec(vpn_name);
return true;
} }
//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ //~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
bool Ikev2Protocol::disconnect_vpn() { bool Ikev2Protocol::disconnect_vpn() {
IpcClient::Interface()->stopIPsec("ikev2-vpn");
return true; return true;
} }

6
ipc/ipc_interface.rep
View file

@ -37,6 +37,10 @@ class IpcInterface
SLOT( bool writeIPsecPrivate(QString privKey, QString uuid) ); SLOT( bool writeIPsecPrivate(QString privKey, QString uuid) );
SLOT( bool writeIPsecConfig(QString config) ); SLOT( bool writeIPsecConfig(QString config) );
SLOT( bool writeIPsecUserCert(QString usercert, QString uuid) ); SLOT( bool writeIPsecUserCert(QString usercert, QString uuid) );
SLOT( bool writeIPsecPrivatePass(QString pass, QString uuid) ); SLOT( bool writeIPsecPrivatePass(QString pass, QString host, QString uuid) );
SLOT( bool stopIPsec(QString tunnelName) );
SLOT( bool startIPsec(QString tunnelName) );
}; };

45
ipc/ipcserver.cpp
View file

@ -182,6 +182,7 @@ void IpcServer::StartRoutingIpv6()
{ {
Router::StartRoutingIpv6(); Router::StartRoutingIpv6();
} }
void IpcServer::StopRoutingIpv6() void IpcServer::StopRoutingIpv6()
{ {
Router::StopRoutingIpv6(); Router::StopRoutingIpv6();
@ -201,7 +202,6 @@ void IpcServer::setLogsEnabled(bool enabled)
} }
} }
bool IpcServer::enableKillSwitch(const QJsonObject &configStr, int vpnAdapterIndex) bool IpcServer::enableKillSwitch(const QJsonObject &configStr, int vpnAdapterIndex)
{ {
#ifdef Q_OS_WIN #ifdef Q_OS_WIN
@ -288,7 +288,6 @@ bool IpcServer::enableKillSwitch(const QJsonObject &configStr, int vpnAdapterInd
MacOSFirewall::setAnchorEnabled(QStringLiteral("310.blockDNS"), true); MacOSFirewall::setAnchorEnabled(QStringLiteral("310.blockDNS"), true);
MacOSFirewall::setAnchorTable(QStringLiteral("310.blockDNS"), true, QStringLiteral("dnsaddr"), dnsServers); MacOSFirewall::setAnchorTable(QStringLiteral("310.blockDNS"), true, QStringLiteral("dnsaddr"), dnsServers);
#endif #endif
return true; return true;
} }
@ -309,6 +308,44 @@ bool IpcServer::disableKillSwitch()
return true; return true;
} }
bool IpcServer::startIPsec(QString tunnelName)
{
QProcess process;
QStringList commands;
commands << "ipsec" << "up" << QString("%1").arg(tunnelName);
process.start("sudo", commands);
if (!process.waitForStarted(1000))
{
qDebug().noquote() << "Could not start ipsec tunnel!\n";
return false;
}
else if (!process.waitForFinished(2000))
{
qDebug().noquote() << "Could not start ipsec tunnel\n";
return false;
}
commands.clear();
}
bool IpcServer::stopIPsec(QString tunnelName)
{
QProcess process;
QStringList commands;
commands << "ipsec" << "down" << QString("%1").arg(tunnelName);
process.start("sudo", commands);
if (!process.waitForStarted(1000))
{
qDebug().noquote() << "Could not stop ipsec tunnel\n";
return false;
}
else if (!process.waitForFinished(2000))
{
qDebug().noquote() << "Could not stop ipsec tunnel\n";
return false;
}
commands.clear();
}
bool IpcServer::writeIPsecConfig(QString config) bool IpcServer::writeIPsecConfig(QString config)
{ {
#ifdef Q_OS_LINUX #ifdef Q_OS_LINUX
@ -366,12 +403,12 @@ bool IpcServer::writeIPsecPrivate(QString privKey, QString uuid)
} }
bool IpcServer::writeIPsecPrivatePass(QString pass, QString uuid) bool IpcServer::writeIPsecPrivatePass(QString pass, QString host, QString uuid)
{ {
#ifdef Q_OS_LINUX #ifdef Q_OS_LINUX
qDebug() << "IPSEC: User private key " << uuid; qDebug() << "IPSEC: User private key " << uuid;
QFile secretsFile("/etc/ipsec.secrets"); QFile secretsFile("/etc/ipsec.secrets");
QString P12 = QString(": P12 %1.p12 \"%2\" \n").arg(uuid, pass); QString P12 = QString("%any %1 : P12 %2.p12 \"%3\" \n").arg(host, uuid, pass);
if (secretsFile.open(QIODevice::WriteOnly | QIODevice::Append)) { if (secretsFile.open(QIODevice::WriteOnly | QIODevice::Append)) {
secretsFile.write(P12.toUtf8()); secretsFile.write(P12.toUtf8());
secretsFile.close(); secretsFile.close();

5
ipc/ipcserver.h
View file

@ -39,8 +39,9 @@ public:
virtual bool writeIPsecPrivate(QString privKey, QString uuid) override; virtual bool writeIPsecPrivate(QString privKey, QString uuid) override;
virtual bool writeIPsecConfig(QString config) override; virtual bool writeIPsecConfig(QString config) override;
virtual bool writeIPsecUserCert(QString usercert, QString uuid) override; virtual bool writeIPsecUserCert(QString usercert, QString uuid) override;
virtual bool writeIPsecPrivatePass(QString pass, QString uuid) override; virtual bool writeIPsecPrivatePass(QString pass, QString host, QString uuid) override;
virtual bool stopIPsec(QString tunnelName) override;
virtual bool startIPsec(QString tunnelName) override;
private: private:
int m_localpid = 0; int m_localpid = 0;