AZEN-SGG/amnezia-client
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Start and Stop for Linux tunnel

Browse source
This commit is contained in:
Mykola Baibuz 2024-08-24 00:57:47 +03:00
parent 654d219e7e
commit a96f9dc18a
4 changed files with 60 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

11
client/protocols/ikev2_vpn_protocol_linux.cpp
View file

@ -28,13 +28,13 @@ Ikev2Protocol::Ikev2Protocol(const QJsonObject &configuration, QObject* parent)
Ikev2Protocol::~Ikev2Protocol()
{
qDebug() << "IpsecProtocol::~IpsecProtocol()";
disconnect_vpn();
Ikev2Protocol::stop();
}
void Ikev2Protocol::stop()
{
setConnectionState(Vpn::ConnectionState::Disconnected);
Ikev2Protocol::disconnect_vpn();
qDebug() << "IpsecProtocol::stop()";
}
@ -74,9 +74,10 @@ ErrorCode Ikev2Protocol::start()
IpcClient::Interface()->writeIPsecConfig(m_config[config_key::config].toString());
IpcClient::Interface()->writeIPsecCaCert(m_config[config_key::cacert].toString(), m_config[config_key::userName].toString());
IpcClient::Interface()->writeIPsecPrivate(m_config[config_key::cert].toString(), m_config[config_key::userName].toString());
IpcClient::Interface()->writeIPsecPrivatePass(m_config[config_key::password].toString(), m_config[config_key::userName].toString());
IpcClient::Interface()->writeIPsecPrivatePass(m_config[config_key::password].toString(), m_config[config_key::hostName].toString(),
m_config[config_key::userName].toString());
connect_to_vpn("ikev2-vpn");
setConnectionState(Vpn::ConnectionState::Connected);
return ErrorCode::NoError;
}
@ -93,9 +94,11 @@ bool Ikev2Protocol::delete_vpn_connection(const QString &vpn_name){
}
//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
bool Ikev2Protocol::connect_to_vpn(const QString &vpn_name) {
return false;
IpcClient::Interface()->startIPsec(vpn_name);
return true;
}
//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
bool Ikev2Protocol::disconnect_vpn() {
IpcClient::Interface()->stopIPsec("ikev2-vpn");
return true;
}

6
ipc/ipc_interface.rep
View file

@ -37,6 +37,10 @@ class IpcInterface
SLOT( bool writeIPsecPrivate(QString privKey, QString uuid) );
SLOT( bool writeIPsecConfig(QString config) );
SLOT( bool writeIPsecUserCert(QString usercert, QString uuid) );
SLOT( bool writeIPsecPrivatePass(QString pass, QString uuid) );
SLOT( bool writeIPsecPrivatePass(QString pass, QString host, QString uuid) );
SLOT( bool stopIPsec(QString tunnelName) );
SLOT( bool startIPsec(QString tunnelName) );
};

45
ipc/ipcserver.cpp
View file

@ -182,6 +182,7 @@ void IpcServer::StartRoutingIpv6()
{
Router::StartRoutingIpv6();
}
void IpcServer::StopRoutingIpv6()
{
Router::StopRoutingIpv6();
@ -201,7 +202,6 @@ void IpcServer::setLogsEnabled(bool enabled)
}
}
bool IpcServer::enableKillSwitch(const QJsonObject &configStr, int vpnAdapterIndex)
{
#ifdef Q_OS_WIN
@ -288,7 +288,6 @@ bool IpcServer::enableKillSwitch(const QJsonObject &configStr, int vpnAdapterInd
MacOSFirewall::setAnchorEnabled(QStringLiteral("310.blockDNS"), true);
MacOSFirewall::setAnchorTable(QStringLiteral("310.blockDNS"), true, QStringLiteral("dnsaddr"), dnsServers);
#endif
return true;
}
@ -309,6 +308,44 @@ bool IpcServer::disableKillSwitch()
return true;
}
bool IpcServer::startIPsec(QString tunnelName)
{
QProcess process;
QStringList commands;
commands << "ipsec" << "up" << QString("%1").arg(tunnelName);
process.start("sudo", commands);
if (!process.waitForStarted(1000))
{
qDebug().noquote() << "Could not start ipsec tunnel!\n";
return false;
}
else if (!process.waitForFinished(2000))
{
qDebug().noquote() << "Could not start ipsec tunnel\n";
return false;
}
commands.clear();
}
bool IpcServer::stopIPsec(QString tunnelName)
{
QProcess process;
QStringList commands;
commands << "ipsec" << "down" << QString("%1").arg(tunnelName);
process.start("sudo", commands);
if (!process.waitForStarted(1000))
{
qDebug().noquote() << "Could not stop ipsec tunnel\n";
return false;
}
else if (!process.waitForFinished(2000))
{
qDebug().noquote() << "Could not stop ipsec tunnel\n";
return false;
}
commands.clear();
}
bool IpcServer::writeIPsecConfig(QString config)
{
#ifdef Q_OS_LINUX
@ -366,12 +403,12 @@ bool IpcServer::writeIPsecPrivate(QString privKey, QString uuid)
}
bool IpcServer::writeIPsecPrivatePass(QString pass, QString uuid)
bool IpcServer::writeIPsecPrivatePass(QString pass, QString host, QString uuid)
{
#ifdef Q_OS_LINUX
qDebug() << "IPSEC: User private key " << uuid;
QFile secretsFile("/etc/ipsec.secrets");
QString P12 = QString(": P12 %1.p12 \"%2\" \n").arg(uuid, pass);
QString P12 = QString("%any %1 : P12 %2.p12 \"%3\" \n").arg(host, uuid, pass);
if (secretsFile.open(QIODevice::WriteOnly | QIODevice::Append)) {
secretsFile.write(P12.toUtf8());
secretsFile.close();

5
ipc/ipcserver.h
View file

@ -39,8 +39,9 @@ public:
virtual bool writeIPsecPrivate(QString privKey, QString uuid) override;
virtual bool writeIPsecConfig(QString config) override;
virtual bool writeIPsecUserCert(QString usercert, QString uuid) override;
virtual bool writeIPsecPrivatePass(QString pass, QString uuid) override;
virtual bool writeIPsecPrivatePass(QString pass, QString host, QString uuid) override;
virtual bool stopIPsec(QString tunnelName) override;
virtual bool startIPsec(QString tunnelName) override;
private:
int m_localpid = 0;