def set_killswitch(log=True):
def main():
killswitch_script = (
r'#!/bin/bash\n'
'PERSISTENCE_FILE=' + paths.KILLSWITCH_DATA + '\n\n'
'case $2 in'
' vpn-up)\n'
' nmcli -f type,device connection | awk \'$1~/^vpn$/ && $2~/[^\-][^\-]/ { print $2; }\' > "${PERSISTENCE_FILE}"\n'
' ;;\n'
' vpn-down)\n'
' xargs -n 1 -a "${PERSISTENCE_FILE}" nmcli device disconnect\n'
' ;;\n'
'esac\n')
try:
with open(paths.KILLSWITCH_SCRIPT, "w") as killswitch:
print(killswitch_script, file=killswitch)
utils.make_executable(paths.KILLSWITCH_SCRIPT)
if log:
logger.info("Network kill-switch enabled.")
return True
except Exception as e:
logger.error("Error attempting to set kill-switch: %s" % e)
return False
# Requires root priveledge
return utils.run_as_root(main)
def set_auto_connect(connection_name):
def main():
interfaces = get_interfaces()
if interfaces:
interface_string = '|'.join(interfaces)
auto_script = (
'#!/bin/bash\n\n'
'if [[ "$1" =~ ' + interface_string +
' ]] && [[ "$2" =~ up|connectivity-change ]]; then\n'
' nmcli con up id "' + connection_name + '" &\n'
'fi\n')
try:
with open(paths.AUTO_CONNECT_SCRIPT, "w") as auto_connect:
print(auto_script, file=auto_connect)
utils.make_executable(paths.AUTO_CONNECT_SCRIPT)
return True
except Exception as e:
logger.error("Error attempting to set auto-conect: %s" % e)
else:
logger.error("No interfaces found to use with auto-connect")
return False
# Requires root priveledge
return utils.run_as_root(main)
def set_ipv6(log=True):
def main():
ipv6_script = (
'#!/bin/sh\n'
'case "$2" in\n'
' vpn-up)\n'
' echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6\n'
' ;;\n'
' vpn-down)\n'
' echo 0 > /proc/sys/net/ipv6/conf/all/disable_ipv6\n'
' ;;\n'
'esac\n')
try:
with open(paths.IPV6_SCRIPT, "w") as ipv6:
print(ipv6_script, file=ipv6)
utils.make_executable(paths.IPV6_SCRIPT)
if log:
logger.info("IPv6 disable script enabled.")
return True
except Exception as e:
logger.error("Error attempting to set IPv6 disable script: %s" % e)
return False
# Requires root privilege
return utils.run_as_root(main)
def delete_configs(self):
def main():
for f in os.listdir(paths.OVPN_CONFIGS):
file_path = os.path.join(paths.OVPN_CONFIGS, f)
try:
if os.path.isfile(file_path):
os.unlink(file_path)
elif os.path.isdir(file_path):
shutil.rmtree(file_path)
except Exception as e:
self.logger.error("Could not delete config file: %s" % e)
# Requires root privilege
return utils.run_as_root(main)
def remove_autoconnect():
def main():
try:
os.remove(paths.AUTO_CONNECT_SCRIPT)
logger.info("Auto-connect disabled.")
return True
except FileNotFoundError:
pass
except Exception as e:
logger.error("Error attempting to remove auto-connect: %s" % e)
return False
# Requires root priveledge
return utils.run_as_root(main)
def remove_global_mac_address():
def main():
try:
os.remove(paths.MAC_CONFIG)
logger.info(
"Global NetworkManager MAC address settings have been removed successfully."
)
return True
except FileNotFoundError:
pass
except Exception as e:
logger.error(
"Could not remove the MAC address settings file '%s': %s" %
(paths.MAC_CONFIG, e))
return False
# Requires root priveledge
return utils.run_as_root(main)
def remove_ipv6(log=True):
def main():
try:
os.remove(paths.IPV6_SCRIPT)
if log:
logger.info("IPv6 disable script disabled.")
return True
except FileNotFoundError:
pass
except Exception as e:
logger.error("Error attempting to remove IPv6 disable script: %s" %
e)
return False
# Requires root privilege
return utils.run_as_root(main)
def set_global_mac_address(value):
def main():
MIN_VERSION = "1.4.0"
nm_version = get_version()
if nm_version:
if LooseVersion(nm_version) >= LooseVersion(MIN_VERSION):
mac_config = configparser.ConfigParser(interpolation=None)
mac_config['connection-mac-randomization'] = {}
mac_config['connection-mac-randomization'][
'wifi.cloned-mac-address'] = value
mac_config['connection-mac-randomization'][
'ethernet.cloned-mac-address'] = value
try:
with open(paths.MAC_CONFIG, 'w') as config_file:
mac_config.write(config_file)
logger.info(
"Global NetworkManager MAC address settings set to '%s'.",
value)
return True
except Exception:
logger.error(
"Could not save MAC address configuration to '%s'",
paths.MAC_CONFIG)
return False
else:
logger.error(
"NetworkManager v%s or greater is required to change MAC address settings. You have v%s.",
MIN_VERSION, nm_version)
return False
else:
logger.error(
"Could not get the version of NetworkManager in use. Aborting."
)
return False
# Requires root priveledge
return utils.run_as_root(main)
def reload_connections():
def main():
try:
output = subprocess.run(['nmcli', 'connection', 'reload'],
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
output.check_returncode()
return True
except subprocess.CalledProcessError:
error = utils.format_std_string(output.stderr)
logger.error(error)
return False
except Exception as ex:
logger.error(ex)
return False
# Requires root privilege
return utils.run_as_root(main)
def restart():
def main():
try:
output = subprocess.run(['systemctl', 'restart', 'NetworkManager'],
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
output.check_returncode()
logger.info("NetworkManager restarted successfully!")
return True
except subprocess.CalledProcessError:
error = utils.format_std_string(output.stderr)
logger.error(error)
except Exception as ex:
logger.error(ex)
return False
# Requires root priveledge
return utils.run_as_root(main)
def remove_killswitch(log=True):
def main():
try:
os.remove(paths.KILLSWITCH_DATA)
except FileNotFoundError:
pass
try:
os.remove(paths.KILLSWITCH_SCRIPT)
if log:
logger.info("Network kill-switch disabled.")
return True
except FileNotFoundError:
pass
except Exception as e:
logger.error("Error attempting to remove kill-switch: %s" % e)
return False
# Requires root priveledge
return utils.run_as_root(main)
def import_connection(file_path,
connection_name,
username=None,
password=None,
dns_list=None,
ipv6=False):
def nmcli_import():
try:
# Create a temporary config with the connection name, so we can import the config with its prettified name
temp_path = os.path.join(os.path.dirname(file_path),
connection_name + '.ovpn')
shutil.copy(file_path, temp_path)
except Exception as ex:
logger.error("Failed to copy configuration file: %s" % ex)
return False
try:
output = subprocess.run([
'nmcli', 'connection', 'import', 'type', 'openvpn', 'file',
temp_path
],
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
os.remove(
temp_path) # Remove the temporary renamed config we created
output.check_returncode()
except subprocess.CalledProcessError:
error = utils.format_std_string(output.stderr)
logger.error("Could not add options to the connection: %s" % error)
except Exception as ex:
logger.error(ex)
return False
if not utils.run_as_root(nmcli_import):
return False
# Populate all connection options into connection_options
connection_options = {
'+vpn.secrets': ['password='******'+vpn.data': ['username='******'password-flags=0'],
'+connection.permissions': ['user:'******'ipv6.method'] = ['ignore']
if dns_list:
dns_string = ';'.join(map(str, dns_list))
connection_options['+ipv4.dns'] = [dns_string]
connection_options['+ipv4.ignore-auto-dns'] = ['true']
try:
for location, values in connection_options.items():
for value in values:
output = subprocess.run([
'nmcli', 'connection', 'modify', connection_name, location,
value
],
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
output.check_returncode()
return True
except subprocess.CalledProcessError:
error = utils.format_std_string(output.stderr)
logger.error("Could not add options to the connection: %s" % error)
return False
except Exception as ex:
logger.error(ex)
return False
