Merge pull request #250 from jamesmcm/small_fixes

Improve error printing, add warning for ProtonVPN DNS settings in Ope…
jamesmcm · Feb 29, 2024 · ab194d7 · ab194d7
2 parents 61a5658 + 24ba40a
commit ab194d7
Show file tree

Hide file tree

Showing 2 changed files with 41 additions and 17 deletions.
diff --git a/USERGUIDE.md b/USERGUIDE.md
@@ -251,14 +251,20 @@ $ vopono -v exec --custom ~/custom_wireguard.conf --protocol wireguard "firefox"
 ```bash
 $ vopono -v exec --custom ./custom_openvpn.ovpn --protocol openvpn "firefox"
 ```
-> To use a custom provider which requires a username and password, supply an authentication file with the username and password.
-> Reference the authentication file in the ovpn configuration file with `auth-user-pass auth.txt` appended to the top of the file.
+To use a custom provider which requires a username and password, supply an authentication file with the username and password.
+Reference the authentication file in the ovpn configuration file with `auth-user-pass auth.txt` appended to the top of the file.
 
 Note that in the OpenVPN case the vopono will execute OpenVPN from the same
 directory as the config file itself. So any accompanying files (CA certificates, authentication
 files, etc.) must be in the same directory with the file if using
 relative paths in the config file.
 
+For OpenVPN be careful to remove any DNS update scripts from the OpenVPN config file e.g. for ProtonVPN OpenVPN configs, remove the following lines:
+
+```
+up /etc/openvpn/update-resolv-conf
+down /etc/openvpn/update-resolv-conf
+```
 
 
 ### OpenFortiVPN
@@ -482,6 +488,15 @@ Note that there may be multiple `AUTH-xxx=yyy` cookies - the specific one we nee
 
 ![AUTH cookie example](protonvpn_header.png)
 
+If using a downloaded OpenVPN config file directly as a `--custom` custom config file in vopono, then be sure to remove the following lines:
+
+```
+up /etc/openvpn/update-resolv-conf
+down /etc/openvpn/update-resolv-conf
+```
+
+Also remember to append `+pmp` to the OpenVPN username if using port forwarding in this case too.
+
 #### Wireguard servers
 
 Due to the way Wireguard configuration generation is handled, this should be

diff --git a/src/exec.rs b/src/exec.rs
@@ -225,12 +225,14 @@ pub fn exec(command: ExecCommand, uiclient: &dyn UiClient) -> anyhow::Result<()>
  .get("provider")
  .map_err(|_e| anyhow!("Failed to read config file"))
  .ok()
- })
- .expect(
- "Enter a VPN provider as a command-line argument or in the vopono config.toml file",
- );
+ }).ok_or_else(|| {
+  let msg = "Enter a VPN provider as a command-line argument or in the vopono config.toml file";
+ error!("{}", msg); anyhow!(msg)})?;
+
  if provider == VpnProvider::Custom {
- bail!("Must provide config file if using custom VPN Provider");
+ let msg = "Must provide config file if using custom VPN Provider";
+ error!("{}", msg);
+ bail!(msg);
  }
 
  server_name = command
@@ -243,10 +245,9 @@ pub fn exec(command: ExecCommand, uiclient: &dyn UiClient) -> anyhow::Result<()>
  anyhow!("Failed to read config file")
  })
  .ok()
- })
- .expect(
- "Enter a VPN server prefix as a command-line argument or in the vopono config.toml file",
- );
+ }).ok_or_else(|| {
+ let msg = "VPN server prefix must be provided as a command-line argument or in the vopono config.toml file";
+ error!("{}", msg); anyhow!(msg)})?;
 
  // Check protocol is valid for provider
  protocol = command
@@ -432,17 +433,21 @@ pub fn exec(command: ExecCommand, uiclient: &dyn UiClient) -> anyhow::Result<()>
  // TODO: DNS suffixes?
  ns.dns_config(&dns, &[], command.hosts_entries.as_ref())?;
  // Check if using Shadowsocks
- if let Some((ss_host, ss_lport)) =
- uses_shadowsocks(config_file.as_ref().expect("No config file provided"))?
- {
+ if let Some((ss_host, ss_lport)) = uses_shadowsocks(
+ config_file
+ .as_ref()
+ .expect("No OpenVPN config file provided"),
+ )? {
  if provider == VpnProvider::Custom {
  warn!("Custom provider specifies socks-proxy, if this is local you must run it yourself (e.g. shadowsocks)");
  } else {
  let dyn_ss_provider = provider.get_dyn_shadowsocks_provider()?;
  let password = dyn_ss_provider.password();
  let encrypt_method = dyn_ss_provider.encrypt_method();
  ns.run_shadowsocks(
- config_file.as_ref().expect("No config file provided"),
+ config_file
+ .as_ref()
+ .expect("No OpenVPN config file provided"),
  ss_host,
  ss_lport,
  &password,
@@ -452,7 +457,9 @@ pub fn exec(command: ExecCommand, uiclient: &dyn UiClient) -> anyhow::Result<()>
  }
 
  ns.run_openvpn(
- config_file.clone().expect("No config file provided"),
+ config_file
+ .clone()
+ .expect("No OpenVPN config file provided"),
  auth_file,
  &dns,
  !command.no_killswitch,
@@ -487,7 +494,9 @@ pub fn exec(command: ExecCommand, uiclient: &dyn UiClient) -> anyhow::Result<()>
  }
  Protocol::Wireguard => {
  ns.run_wireguard(
- config_file.clone().expect("No config file provided"),
+ config_file
+ .clone()
+ .expect("No Wireguard config file provided"),
  !command.no_killswitch,
  command.open_ports.as_ref(),
  command.forward_ports.as_ref(),