/*
GoVPN -- simple secure free software virtual private network daemon
-Copyright (C) 2014-2015 Sergey Matveev <stargrave@stargrave.org>
+Copyright (C) 2014-2020 Sergey Matveev <stargrave@stargrave.org>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
+the Free Software Foundation, version 3 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
-// Simple secure free software virtual private network daemon.
+// Simple secure, DPI/censorship-resistant free software VPN daemon client.
package main
import (
"flag"
+ "fmt"
"log"
- "net"
"os"
"os/signal"
+ "time"
- "govpn"
-)
-
-var (
- remoteAddr = flag.String("remote", "", "Remote server address")
- ifaceName = flag.String("iface", "tap0", "TAP network interface")
- IDRaw = flag.String("id", "", "Client identification")
- keyPath = flag.String("key", "", "Path to authentication key file")
- upPath = flag.String("up", "", "Path to up-script")
- downPath = flag.String("down", "", "Path to down-script")
- mtu = flag.Int("mtu", 1500, "MTU")
- nonceDiff = flag.Int("noncediff", 1, "Allow nonce difference")
- timeoutP = flag.Int("timeout", 60, "Timeout seconds")
+ "go.cypherpunks.ru/govpn/v7"
+ "go.cypherpunks.ru/govpn/v7/client"
)
func main() {
+ var (
+ remoteAddr = flag.String("remote", "", "Remote server address")
+ proto = flag.String("proto", "udp", "Protocol to use: udp or tcp")
+ ifaceName = flag.String("iface", "tap0", "TUN/TAP network interface")
+ verifierRaw = flag.String("verifier", "", "Verifier")
+ keyPath = flag.String("key", "", "Path to passphrase file")
+ upPath = flag.String("up", "", "Path to up-script")
+ downPath = flag.String("down", "", "Path to down-script")
+ stats = flag.String("stats", "", "Enable stats retrieving on host:port")
+ proxyAddr = flag.String("proxy", "", "Use HTTP proxy on host:port")
+ proxyAuth = flag.String("proxy-auth", "", "user:password Basic proxy auth")
+ mtu = flag.Int("mtu", govpn.MTUDefault, "MTU of TUN/TAP interface")
+ timeoutP = flag.Int("timeout", 60, "Timeout seconds")
+ timeSync = flag.Int("timesync", 0, "Time synchronization requirement")
+ noreconnect = flag.Bool("noreconnect", false, "Disable reconnection after timeout")
+ noisy = flag.Bool("noise", false, "Enable noise appending")
+ encless = flag.Bool("encless", false, "Encryptionless mode")
+ cpr = flag.Int("cpr", 0, "Enable constant KiB/sec out traffic rate")
+ egdPath = flag.String("egd", "", "Optional path to EGD socket")
+ syslog = flag.Bool("syslog", false, "Enable logging to syslog")
+ version = flag.Bool("version", false, "Print version information")
+ warranty = flag.Bool("warranty", false, "Print warranty information")
+ protocol client.Protocol
+ err error
+ )
+
flag.Parse()
- timeout := *timeoutP
- var err error
+ if *warranty {
+ fmt.Println(govpn.Warranty)
+ return
+ }
+ if *version {
+ fmt.Println(govpn.VersionGet())
+ return
+ }
log.SetFlags(log.Ldate | log.Lmicroseconds | log.Lshortfile)
- govpn.MTU = *mtu
- govpn.Timeout = timeout
- govpn.Noncediff = *nonceDiff
+ if *egdPath != "" {
+ log.Println("Using", *egdPath, "EGD")
+ govpn.EGDInit(*egdPath)
+ }
- id := govpn.IDDecode(*IDRaw)
- govpn.PeersInitDummy(id)
- key := govpn.KeyRead(*keyPath)
- if id == nil {
- panic("ID is not specified")
+ switch *proto {
+ case "udp":
+ protocol = client.ProtocolUDP
+ case "tcp":
+ protocol = client.ProtocolTCP
+ default:
+ log.Fatalln("Unknown protocol specified")
}
- bind, err := net.ResolveUDPAddr("udp", "0.0.0.0:0")
- if err != nil {
- panic(err)
+ if *proxyAddr != "" && protocol == client.ProtocolUDP {
+ log.Fatalln("HTTP proxy is supported only in TCP mode")
}
- conn, err := net.ListenUDP("udp", bind)
- if err != nil {
- panic(err)
+
+ if *verifierRaw == "" {
+ log.Fatalln("-verifier is required")
}
- remote, err := net.ResolveUDPAddr("udp", *remoteAddr)
+ verifier, err := govpn.VerifierFromString(*verifierRaw)
if err != nil {
- panic(err)
+ log.Fatalln("Invalid -verifier:", err)
}
-
- tap, ethSink, ethReady, _, err := govpn.TAPListen(*ifaceName)
+ key, err := govpn.KeyRead(*keyPath)
if err != nil {
- panic(err)
+ log.Fatalln("Invalid -key:", err)
+ }
+ priv := verifier.PasswordApply(key)
+ if *encless {
+ if protocol != client.ProtocolTCP {
+ log.Fatalln("Currently encryptionless mode works only with TCP")
+ }
+ *noisy = true
+ }
+ conf := client.Configuration{
+ PrivateKey: priv,
+ Peer: &govpn.PeerConf{
+ ID: verifier.ID,
+ Iface: *ifaceName,
+ MTU: *mtu,
+ Timeout: time.Second * time.Duration(*timeoutP),
+ TimeSync: *timeSync,
+ Noise: *noisy,
+ CPR: *cpr,
+ Encless: *encless,
+ Verifier: verifier,
+ DSAPriv: priv,
+ },
+ Protocol: protocol,
+ InterfaceName: *ifaceName,
+ ProxyAddress: *proxyAddr,
+ ProxyAuthentication: *proxyAuth,
+ RemoteAddress: *remoteAddr,
+ UpPath: *upPath,
+ DownPath: *downPath,
+ StatsAddress: *stats,
+ NoReconnect: *noreconnect,
+ MTU: *mtu,
+ }
+ if err = conf.Validate(); err != nil {
+ log.Fatalln("Invalid settings:", err)
}
- udpSink, udpBuf, udpReady := govpn.ConnListen(conn)
-
- timeouts := 0
- firstUpCall := true
- var peer *govpn.Peer
- var ethPkt []byte
- var udpPkt *govpn.UDPPkt
- var udpPktData []byte
-
- termSignal := make(chan os.Signal, 1)
- signal.Notify(termSignal, os.Interrupt, os.Kill)
log.Println(govpn.VersionGet())
- log.Println("Starting handshake")
- handshake := govpn.HandshakeStart(conn, remote, id, key)
-MainCycle:
- for {
- if peer != nil && (peer.BytesIn+peer.BytesOut) > govpn.MaxBytesPerKey {
- peer.Zero()
- peer = nil
- handshake = govpn.HandshakeStart(conn, remote, id, key)
- log.Println("Rehandshaking")
- }
- select {
- case <-termSignal:
- break MainCycle
- case ethPkt = <-ethSink:
- if peer == nil {
- if len(ethPkt) > 0 {
- ethReady <- struct{}{}
- }
- continue
- }
- peer.EthProcess(ethPkt, conn, ethReady)
- case udpPkt = <-udpSink:
- timeouts++
- if timeouts >= timeout {
- break MainCycle
- }
- if udpPkt == nil {
- udpReady <- struct{}{}
- continue
- }
+ if *syslog {
+ govpn.SyslogEnable()
+ }
- udpPktData = udpBuf[:udpPkt.Size]
- if peer == nil {
- if udpPkt.Addr.String() != remote.String() {
- udpReady <- struct{}{}
- log.Println("Unknown handshake message")
- continue
- }
- if govpn.IDsCache.Find(udpPktData) == nil {
- log.Println("Invalid identity in handshake packet")
- udpReady <- struct{}{}
- continue
- }
- if p := handshake.Client(id, conn, key, udpPktData); p != nil {
- log.Println("Handshake completed")
- if firstUpCall {
- go govpn.ScriptCall(*upPath, *ifaceName)
- firstUpCall = false
- }
- peer = p
- handshake.Zero()
- handshake = nil
- }
- udpReady <- struct{}{}
- continue
- }
- if peer == nil {
- udpReady <- struct{}{}
- continue
- }
- if peer.UDPProcess(udpPktData, tap, udpReady) {
- timeouts = 0
- }
- }
+ termSignal := make(chan os.Signal, 1)
+ signal.Notify(termSignal, os.Interrupt, os.Kill)
+ c := client.NewClient(conf, verifier, termSignal)
+ go c.MainCycle()
+ if err = <-c.Error; err != nil {
+ log.Fatalln(err)
}
- govpn.ScriptCall(*downPath, *ifaceName)
}