Add port forwarding with PIA using --port-forwarding #245
Conversation
Removes --protonvpn-port-forwarding and makes a more generic framework for API driven port forwarding that also works for PIA. This commit has several limitations noted by FIXMEs
There was a problem hiding this comment.
Thanks, overall it looks really good! Nice use of the trait especially.
I think the main thing is to add parsing of https://serverlist.piaservers.net/vpninfo/servers/v4 for the CN addresses, and to add the writing out of the cert file to the provider config directory (e.g. ~/.config/vopono/pia during the PIA sync process (if we don't download them already) so then we can use those relative paths. Note it's already embedded here https://github.com/jamesmcm/vopono/blob/master/vopono_core/src/config/providers/pia/wireguard.rs#L94
vopono_core/src/network/piapf.rs
Outdated
|
|
||
| let vpn_hostname = match protocol { | ||
| Protocol::OpenVpn => "nl-amsterdam.privacy.network".to_string(), // FIXME: Parse this from the OpenVPN conf? | ||
| Protocol::Wireguard => "nl-amsterdam.privacy.network".to_string(), // FIXME: [Insert clever idea to get wireguard endpoint hostname here] |
There was a problem hiding this comment.
I think we can parse https://serverlist.piaservers.net/vpninfo/servers/v4 for both?
There was a problem hiding this comment.
For wireguard it was already parsing a v6 list which had the necessary info. Added it to the Config struct there.
Openvpn seems to come from PIA as a zip, and the files are named differently than the IDs in the v4/v6 lists, so created a similar map for these filenames by parsing out the endpoint. This will only work when the config files actually contain hostnames... the IP-only variants for now just won't support port forwarding. Perhaps one could parse the IPs then look them up in v4/v6...
There was a problem hiding this comment.
Thanks, I think it's okay for now!
| } | ||
|
|
||
| // Spawn thread to repeat above every 15 minutes | ||
| fn thread_loop(params: ThreadParams, recv: Receiver<bool>) { |
There was a problem hiding this comment.
We might be able to put this and the channel logic in a trait to share it a bit better with natpmpc but this isn't critical (and could be tricky with the parts shared across threads).
This is used for API calls after connection to enable port forwarding.
|
This has been a fun exercise playing with rust :) I'll add in a conf option for a callback script this afternoon sometime. Let me know if there are any other pre-merge changes to see to. |
This accepts an argument which is a program to execute in the network namespace which will receive the port being forwarded each time that port is refreshed. Use this to update services to utilize the forwarded port.
| /// Path or alias to executable script or binary to be called with the port as an argumnet | ||
| /// when the port forwarding is refreshed (PIA only) | ||
| #[clap(long = "port-forwarding-callback")] | ||
| pub port_forwarding_callback: Option<String>, |
There was a problem hiding this comment.
Do you have an example use of this? It'd be nice to add to the docs 🙂
|
Thanks overall it looks great, btw you should be able to run rustfmt with I think the only thing left is to update the docs (README/USERGUIDE) on the usage too. |
Adds support for new API for Wireguard device management so we can generate and add Wireguard keys directly when syncing
Re-add Mullvad Wireguard device management
Disclaimer: I don't know rust, at all! [Seriously, check this code before doing anything with it!]
This PR removes
--protonvpn-port-forwardingand makes a more generic framework triggered by--port-forwardingfor API driven port forwarding that also works for PIA. In PIA this is done with an API instead of natpmpc, but I implemented the functionality in basically the same way as natpmpc.This PR also has several limitations noted by FIXMEs relating to two points:
Hopefully someone can finish this off, or perhaps one day I may get more motivated to learn rust...