#include "containers_defs.h" QDebug operator<<(QDebug debug, const amnezia::DockerContainer &c) { QDebugStateSaver saver(debug); debug.nospace() << ContainerProps::containerToString(c); return debug; } amnezia::DockerContainer ContainerProps::containerFromString(const QString &container) { QMetaEnum metaEnum = QMetaEnum::fromType(); for (int i = 0; i < metaEnum.keyCount(); ++i) { DockerContainer c = static_cast(i); if (container == containerToString(c)) return c; } return DockerContainer::None; } QString ContainerProps::containerToString(amnezia::DockerContainer c) { if (c == DockerContainer::None) return "none"; if (c == DockerContainer::Cloak) return "amnezia-openvpn-cloak"; QMetaEnum metaEnum = QMetaEnum::fromType(); QString containerKey = metaEnum.valueToKey(static_cast(c)); return "amnezia-" + containerKey.toLower(); } QString ContainerProps::containerTypeToString(amnezia::DockerContainer c) { if (c == DockerContainer::None) return "none"; if (c == DockerContainer::Ipsec) return "ikev2"; QMetaEnum metaEnum = QMetaEnum::fromType(); QString containerKey = metaEnum.valueToKey(static_cast(c)); return containerKey.toLower(); } QVector ContainerProps::protocolsForContainer(amnezia::DockerContainer container) { switch (container) { case DockerContainer::None: return {}; case DockerContainer::OpenVpn: return { Proto::OpenVpn }; case DockerContainer::ShadowSocks: return { Proto::OpenVpn, Proto::ShadowSocks }; case DockerContainer::Cloak: return { Proto::OpenVpn, Proto::ShadowSocks, Proto::Cloak }; case DockerContainer::Ipsec: return { Proto::Ikev2 /*, Protocol::L2tp */ }; case DockerContainer::Dns: return {}; case DockerContainer::Sftp: return { Proto::Sftp }; default: return { defaultProtocol(container) }; } } QList ContainerProps::allContainers() { QMetaEnum metaEnum = QMetaEnum::fromType(); QList all; for (int i = 0; i < metaEnum.keyCount(); ++i) { all.append(static_cast(i)); } return all; } QMap ContainerProps::containerHumanNames() { return { { DockerContainer::None, "Not installed" }, { DockerContainer::OpenVpn, "OpenVPN" }, { DockerContainer::ShadowSocks, "ShadowSocks" }, { DockerContainer::Cloak, "OpenVPN over Cloak" }, { DockerContainer::WireGuard, "WireGuard" }, { DockerContainer::Awg, "AmneziaWG" }, { DockerContainer::Ipsec, QObject::tr("IPsec") }, { DockerContainer::TorWebSite, QObject::tr("Website in Tor network") }, { DockerContainer::Dns, QObject::tr("Amnezia DNS") }, { DockerContainer::Sftp, QObject::tr("Sftp file sharing service") } }; } QMap ContainerProps::containerDescriptions() { return { { DockerContainer::OpenVpn, QObject::tr("OpenVPN is the most popular VPN protocol, with flexible configuration options. It uses its " "own security protocol with SSL/TLS for key exchange.") }, { DockerContainer::ShadowSocks, QObject::tr("ShadowSocks - masks VPN traffic, making it similar to normal web traffic, but is " "recognised by analysis systems in some highly censored regions.") }, { DockerContainer::Cloak, QObject::tr("OpenVPN over Cloak - OpenVPN with VPN masquerading as web traffic and protection against " "active-probbing detection. Ideal for bypassing blocking in regions with the highest levels " "of censorship.") }, { DockerContainer::WireGuard, QObject::tr("WireGuard - New popular VPN protocol with high performance, high speed and low power " "consumption. Recommended for regions with low levels of censorship.") }, { DockerContainer::Awg, QObject::tr("AmneziaWG - Special protocol from Amnezia, based on WireGuard. It's fast like WireGuard, " "but very resistant to blockages. " "Recommended for regions with high levels of censorship.") }, { DockerContainer::Ipsec, QObject::tr("IKEv2 - Modern stable protocol, a bit faster than others, restores connection after " "signal loss. It has native support on the latest versions of Android and iOS.") }, { DockerContainer::TorWebSite, QObject::tr("Deploy a WordPress site on the Tor network in two clicks.") }, { DockerContainer::Dns, QObject::tr("Replace the current DNS server with your own. This will increase your privacy level.") }, { DockerContainer::Sftp, QObject::tr("Creates a file vault on your server to securely store and transfer files.") } }; } QMap ContainerProps::containerDetailedDescriptions() { return { { DockerContainer::OpenVpn, QObject::tr( "The time-tested most popular VPN protocol.\n\n" "Uses a proprietary security protocol with SSL/TLS for encryption and key exchange and supports " "various authentication methods, making it suitable for a variety of devices and operating " "systems.\n\n" "* Normal power consumption on mobile devices\n" "* Flexible customisation to suit user needs to work with different operating systems and devices.\n" "* Recognised by DPI analysis systems and therefore susceptible to blocking.\n" "* Can operate over both TCP and UDP network protocols.") }, { DockerContainer::ShadowSocks, QObject::tr("Based on the SOCKS5 proxy protocol, which protects the connection using the AEAD cipher - " "roughly along the same lines as SSH tunnelling. A Shadowsocks connection is difficult to " "identify because it is virtually identical to a normal HTTPS connection.\n\n" "However, some traffic analysis systems can still recognise a ShadowSocks connection, so in " "countries with high levels of censorship we recommend using OpenVPN in conjunction with Cloak.\n" "* Average power consumption on mobile devices (higher than OpenVPN).\n" "* It is possible to configure the encryption protocol.\n" "* Recognised by some DPI analysis systems\n" "* Works only via TCP network protocol\n") }, { DockerContainer::Cloak, QObject::tr("This is a combination of the OpenVPN protocol and the Cloak plugin designed specifically for " "blocking protection.\n\n" "OpenVPN provides a secure VPN connection by encrypting all Internet traffic between the client " "and the server.\n\n" "Cloak protects OpenVPN from detection and blocking. \n\n" "Cloak can modify packet metadata so that it completely masks VPN traffic as normal web traffic, " "and also protects the VPN from detection by Active Probing. This makes it very resistant to " "being detected\n\n" "Immediately after receiving the first data packet, Cloak authenticates the incoming connection. " "If authentication fails, the plugin masks the server as a fake website and your VPN becomes " "invisible to analysis systems.\n\n" "If there is a high level of Internet censorship in your region, we advise you to use only " "OpenVPN over Cloak from the first connection\n" "* High power consumption on mobile devices\n" "* Flexible settings\n" "* Not recognised by DPI analysis systems\n" "* Works via TCP network protocol\n") }, { DockerContainer::WireGuard, QObject::tr("A relatively new popular VPN protocol with a simplified architecture.\n" "Provides stable VPN connection, high performance on all devices. Uses hard-coded encryption " "settings. WireGuard compared to OpenVPN has lower latency and better data transfer throughput.\n" "* Low power consumption on mobile devices.\n" "* Minimum number of settings.\n" "* Easily recognised by DPI analysis systems, susceptible to blocking.\n" "* Works via UDP network protocol.\n") }, { DockerContainer::Awg, QObject::tr("AmneziaWG container") }, { DockerContainer::Ipsec, QObject::tr("A modern stable protocol.\n\n" "IKEv2 with IPSec encryption layer. Transmits data over fixed UDP ports 500 and 4500 protecting " "them with strong 3DES and AES crypto algorithms. Allows very fast switching between networks " "and devices. Due to its security, stability and speed, IKEv2 is currently one of the best VPN " "solutions for mobile devices. Vulnerable to detection and blocking.\n" "* Low power consumption, on mobile devices\n" "* Minimal configuration.\n" "* Recognised by DPI analysis systems.\n" "* Works only over UDP network protocol\n") }, { DockerContainer::TorWebSite, QObject::tr("Website in Tor network") }, { DockerContainer::Dns, QObject::tr("DNS Service") }, { DockerContainer::Sftp, QObject::tr("Sftp file sharing service - is secure FTP service") } }; } amnezia::ServiceType ContainerProps::containerService(DockerContainer c) { return ProtocolProps::protocolService(defaultProtocol(c)); } Proto ContainerProps::defaultProtocol(DockerContainer c) { switch (c) { case DockerContainer::None: return Proto::Any; case DockerContainer::OpenVpn: return Proto::OpenVpn; case DockerContainer::Cloak: return Proto::Cloak; case DockerContainer::ShadowSocks: return Proto::ShadowSocks; case DockerContainer::WireGuard: return Proto::WireGuard; case DockerContainer::Awg: return Proto::Awg; case DockerContainer::Ipsec: return Proto::Ikev2; case DockerContainer::TorWebSite: return Proto::TorWebSite; case DockerContainer::Dns: return Proto::Dns; case DockerContainer::Sftp: return Proto::Sftp; default: return Proto::Any; } } bool ContainerProps::isSupportedByCurrentPlatform(DockerContainer c) { #ifdef Q_OS_WINDOWS return true; #elif defined(Q_OS_IOS) switch (c) { case DockerContainer::WireGuard: return true; case DockerContainer::OpenVpn: return true; case DockerContainer::Awg: return true; case DockerContainer::Cloak: return true; // case DockerContainer::ShadowSocks: return true; default: return false; } #elif defined(Q_OS_MAC) switch (c) { case DockerContainer::WireGuard: return true; case DockerContainer::Ipsec: return false; default: return true; } #elif defined(Q_OS_ANDROID) switch (c) { case DockerContainer::WireGuard: return true; case DockerContainer::OpenVpn: return true; case DockerContainer::ShadowSocks: return true; case DockerContainer::Awg: return true; case DockerContainer::Cloak: return true; default: return false; } #elif defined(Q_OS_LINUX) switch (c) { case DockerContainer::WireGuard: return true; case DockerContainer::Ipsec: return false; default: return true; } #else return false; #endif } QStringList ContainerProps::fixedPortsForContainer(DockerContainer c) { switch (c) { case DockerContainer::Ipsec: return QStringList { "500", "4500" }; default: return {}; } } bool ContainerProps::isEasySetupContainer(DockerContainer container) { switch (container) { case DockerContainer::WireGuard: return true; case DockerContainer::Awg: return true; case DockerContainer::Cloak: return true; default: return false; } } QString ContainerProps::easySetupHeader(DockerContainer container) { switch (container) { case DockerContainer::WireGuard: return tr("Low"); case DockerContainer::Awg: return tr("Medium or High"); case DockerContainer::Cloak: return tr("Extreme"); default: return ""; } } QString ContainerProps::easySetupDescription(DockerContainer container) { switch (container) { case DockerContainer::WireGuard: return tr("I just want to increase the level of my privacy."); case DockerContainer::Awg: return tr("I want to bypass censorship. This option recommended in most cases."); case DockerContainer::Cloak: return tr("Most VPN protocols are blocked. Recommended if other options are not working."); default: return ""; } } int ContainerProps::easySetupOrder(DockerContainer container) { switch (container) { case DockerContainer::WireGuard: return 3; case DockerContainer::Awg: return 2; case DockerContainer::Cloak: return 1; default: return 0; } } bool ContainerProps::isShareable(DockerContainer container) { switch (container) { case DockerContainer::TorWebSite: return false; case DockerContainer::Dns: return false; case DockerContainer::Sftp: return false; default: return true; } }