def set_killswitch(log=True):
killswitch_script = (
'#!/bin/bash\n'
'PERSISTENCE_FILE=' + paths.KILLSWITCH_DATA + '\n\n'
'case $2 in'
' vpn-up)\n'
' nmcli -f type,device connection | awk \'$1~/^vpn$/ && $2~/[^\-][^\-]/ { print $2; }\' > "${PERSISTENCE_FILE}"\n'
' ;;\n'
' vpn-down)\n'
' xargs -n 1 -a "${PERSISTENCE_FILE}" nmcli device disconnect\n'
' ;;\n'
'esac\n')
try:
with open(paths.KILLSWITCH_SCRIPT, "w") as killswitch:
print(killswitch_script, file=killswitch)
utils.make_executable(paths.KILLSWITCH_SCRIPT)
if log:
logger.info("Network kill-switch enabled.")
return True
except Exception as e:
logger.error("Error attempting to set kill-switch: %s" % e)
return False
def main():
interfaces = get_interfaces()
if interfaces:
interface_string = '|'.join(interfaces)
auto_script = (
'#!/bin/bash\n\n'
'if [[ "$1" =~ ' + interface_string +
' ]] && [[ "$2" =~ up|connectivity-change ]]; then\n'
' nmcli con up id "' + connection_name + '" &\n'
'fi\n')
try:
with open(paths.AUTO_CONNECT_SCRIPT, "w") as auto_connect:
print(auto_script, file=auto_connect)
utils.make_executable(paths.AUTO_CONNECT_SCRIPT)
return True
except Exception as e:
logger.error("Error attempting to set auto-conect: %s" % e)
else:
logger.error("No interfaces found to use with auto-connect")
return False
def main():
ipv6_script = (
'#!/bin/sh\n'
'case "$2" in\n'
' vpn-up)\n'
' echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6\n'
' ;;\n'
' vpn-down)\n'
' echo 0 > /proc/sys/net/ipv6/conf/all/disable_ipv6\n'
' ;;\n'
'esac\n')
try:
with open(paths.IPV6_SCRIPT, "w") as ipv6:
print(ipv6_script, file=ipv6)
utils.make_executable(paths.IPV6_SCRIPT)
if log:
logger.info("IPv6 disable script enabled.")
return True
except Exception as e:
logger.error("Error attempting to set IPv6 disable script: %s" % e)
return False
def set_dns_resolv(dns_list, active_servers):
resolv_string = "# nordnm enforced nameservers\\n"
for address in dns_list:
resolv_string += "nameserver " + address + '\\n'
active_server_list = "|".join(
map(lambda server: "'" + active_servers[server]['name'] + "'",
active_servers))
dns_script = (
'#!/bin/bash\n'
'VPN_INTERFACE="tun0"\n'
'RESOLV_PATH="/etc/resolv.conf"\n'
'interface="$1"\n\n'
'if [[ "$CONNECTION_ID" =~ ' + active_server_list + ' ]]; then\n'
' case $2 in\n'
' vpn-up)\n'
' if [ $interface == "$VPN_INTERFACE" ]; then\n' # Check that the interface matches tun0, which should be the first OpenVPN tunnel interface opened
' mv -f "$RESOLV_PATH" "$RESOLV_PATH".tmp\n' # Move the current resolv to a temp file
' chattr -i "$RESOLV_PATH"\n'
' printf "' + resolv_string + '" > "$RESOLV_PATH"\n'
' chattr +i "$RESOLV_PATH"\n'
' fi\n'
' ;;\n'
' vpn-down)\n'
' if [ $interface == "$VPN_INTERFACE" ]; then\n'
' chattr -i "$RESOLV_PATH"\n'
' if [ -f "$RESOLV_PATH".tmp ]; then\n' # If a tmp file exists, move it back to the original filename
' chattr -i "$RESOLV_PATH"\n'
' mv -f "$RESOLV_PATH".tmp "$RESOLV_PATH"\n'
' fi\n'
' fi\n'
' ;;\n'
' esac\n'
'fi\n')
try:
with open(paths.DNS_SCRIPT, "w") as dns_resolv:
print(dns_script, file=dns_resolv)
utils.make_executable(paths.DNS_SCRIPT)
logger.info("DNS leak protection enabled.")
return True
except Exception as e:
logger.error("Error attempting to set DNS protection: %s" % e)
return False
def set_auto_connect(connection_name):
interfaces = get_interfaces()
if interfaces:
interface_string = '|'.join(interfaces)
auto_script = """#!/bin/bash
if [[ "$1" =~ """ + interface_string + """ ]] && [[ "$2" =~ up|connectivity-change ]]; then
nmcli con up id '""" + connection_name + """'
fi"""
with open(AUTO_CONNECT_PATH, "w") as auto_vpn:
print(auto_script, file=auto_vpn)
utils.make_executable(AUTO_CONNECT_PATH)
logger.info("Auto-connect enabled for '%s'.", connection_name)
return True
def set_killswitch(persistence_path):
killswitch_script = """#!/bin/bash
PERSISTENCE_FILE=""" + persistence_path + """
case $2 in
vpn-up)
nmcli -f type,device connection | awk '$1~/^vpn$/ && $2~/[^\-][^\-]/ { print $2; }' > "${PERSISTENCE_FILE}"
;;
vpn-down)
echo "${PERSISTENCE_FILE}"
xargs -n 1 -a "${PERSISTENCE_FILE}" nmcli device disconnect
;;
esac"""
with open(KILLSWITCH_PATH, "w") as killswitch_vpn:
print(killswitch_script, file=killswitch_vpn)
utils.make_executable(KILLSWITCH_PATH)
logger.info("Network kill-switch enabled.")
return True