def killswitch_up(server_name, protocol):
iptables_save()
interface = get_current_used_interface()
if interface is None:
raise KillswitchError
(ip, port) = read_remote_ip_port(get_path_to_conf(server_name, protocol))
address_private_network = get_network(interface)
logger.info("Turning on killswitch")
logger.info("Default interface: " + interface)
logger.info("IP and port of the VPN server: " + ip + " " + port)
logger.info("Network address on " + interface + ": " +
address_private_network)
# update iptables
subprocess.Popen([
"sudo",
os.path.join(CURRENT_PATH, "scripts", "ip-ks.sh"),
ip,
port,
interface,
PROTOCOLS[protocol],
address_private_network,
]).communicate()
return
def is_not_valid_server(server_string, protocol):
"""
Checks if the given server and protocol correspond to an existing server
:param server_string: the name of the server
:param protocol: the protocol to be used
:return: True if it exists, False otherwise
"""
conf_filename = get_path_to_conf(server_string, protocol)
return not os.path.exists(conf_filename)
def killswitch_up(server_name, protocol):
iptables_save()
interface = get_current_used_interface()
if interface is None:
raise KillswitchError
(ip, port) = read_remote_ip_port(get_path_to_conf(server_name, protocol))
logger.info("Turning on killswitch")
# update iptables
subprocess.Popen([
"sudo",
os.path.join(CURRENT_PATH, "scripts", "ip-ks.sh"), ip, port, interface,
PROTOCOLS[protocol]
]).communicate()
return
def start_openvpn(server, protocol, killswitch=True):
"""
starts openvpn connection with a certain protocol to a specific server. Raise a ConnectionError
if the connection failed, a LoginError if the credentials are wrong or a OpenresolvError if openresolv is missing
:param server: the server to which the connection will be established
:param protocol: the protocol to be used (an integer)
:param killswitch: if True set up killswitch
"""
pathToOldConf = get_path_to_conf(server, protocol)
# update the configuration, this must be done for settings which you want to overwrite and which are already defined
# in the configuration file. Providing them through command line may cause conflicts and / or may not be detected
pathToConf = update_conf(pathToOldConf, {"ping-restart": 60})
if platform.system() == 'Linux':
escaped_path = CURRENT_PATH.replace(" ", "\ ")
else:
escaped_path = CURRENT_PATH
args = [
"sudo",
"openvpn",
"--config",
pathToConf,
"--auth-user-pass",
CURRENT_PATH + CREDENTIALS_FILENAME, # use saved credentials
"--script-security",
"2", # to prevent dns leaks
# "--verb", "9",
# script called on connection completed
"--up",
os.path.join(escaped_path, "scripts", "nordpy_up.sh"),
"--down",
os.path.join(escaped_path, "scripts", "nordpy_down.sh")
] # to be called on connection closed
tries = 0
while tries < MAXIMUM_TRIES:
if killswitch:
# activate killswitch
killswitch_up(server, protocol)
openvpn = subprocess.Popen(args,
stdin=subprocess.PIPE,
universal_newlines=True,
stdout=subprocess.PIPE)
signal.alarm(TIMEOUT_TIME)
try:
while True:
line = openvpn.stdout.readline().strip()
if not line == '':
logger.debug("[OPENVPN]: " + line)
if "Initialization Sequence Completed" in line:
# success !
signal.alarm(0)
return openvpn
elif "connection failed" in line or "Exiting" in line:
tries += 1
openvpn_stop(killswitch)
break
elif "AUTH_FAILED" in line:
# something's wrong
signal.alarm(0)
if killswitch:
killswitch_down()
raise LoginError
# missing script
elif "script fails with" in line:
signal.alarm(0)
if killswitch:
killswitch_down()
raise OpenresolvError
except TimeoutError:
logger.warning("expired timeout for openvpn connection")
tries += 1
openvpn_stop(killswitch)
signal.alarm(0)
# sometimes openvpn.kill() doesn't close the launched processes
openvpn_stop(killswitch)
raise ConnectionError
def start_openvpn(server, protocol, killswitch=True):
"""
starts openvpn connection with a certain protocol to a specific server. Raise a ConnectionError
if the connection failed, a LoginError if the credentials are wrong or a OpenresolvError if openresolv is missing
:param server: the server to which the connection will be established
:param protocol: the protocol to be used (an integer)
:param killswitch: if True set up killswitch
"""
pathToConf = get_path_to_conf(server, protocol)
args = [
"sudo",
"openvpn",
"--config",
pathToConf,
"--auth-user-pass",
CURRENT_PATH + CREDENTIALS_FILENAME,
# to prevent dns leaks
"--script-security",
"2",
"--up",
os.path.join(CURRENT_PATH, "scripts", "nordpy_up.sh"),
"--down",
os.path.join(CURRENT_PATH, "scripts", "nordpy_down.sh")
]
tries = 0
while tries < MAXIMUM_TRIES:
if killswitch:
# activate killswitch
killswitch_up(server, protocol)
openvpn = subprocess.Popen(args,
stdin=subprocess.PIPE,
universal_newlines=True,
stdout=subprocess.PIPE)
signal.alarm(TIMEOUT_TIME)
try:
while True:
line = openvpn.stdout.readline().strip()
if not line == '':
logger.debug("[OPENVPN]: " + line)
if "Initialization Sequence Completed" in line:
# success !
signal.alarm(0)
return openvpn
elif "connection failed" in line or "Exiting" in line:
tries += 1
openvpn_stop(killswitch)
break
elif "AUTH_FAILED" in line:
# something's wrong
signal.alarm(0)
if killswitch:
killswitch_down()
raise LoginError
# missing script
elif "script fails with" in line:
signal.alarm(0)
if killswitch:
killswitch_down()
raise OpenresolvError
except TimeoutError:
logger.warning("expired timeout for openvpn connection")
tries += 1
openvpn_stop(killswitch)
signal.alarm(0)
# sometimes openvpn.kill() doesn't close the launched processes
openvpn_stop(killswitch)
raise ConnectionError