Finished AzireVPN support

Author: jamesmcm

Cargo.toml

@@ -1,7 +1,7 @@
 [package]
 name = "vopono"
 description = "Launch applications via VPN tunnels using temporary network namespaces"
-version = "0.4.0"
+version = "0.4.1"
 authors = ["James McMurray <[email protected]>"]
 edition = "2018"
 license = "GPL-3.0-or-later"

README.md

@@ -7,7 +7,7 @@ as normal.
 
 vopono includes built-in killswitches for both Wireguard and OpenVPN.
 
-Currently Mullvad, MozillaVPN, TigerVPN, ProtonVPN and
+Currently Mullvad, AzireVPN, MozillaVPN, TigerVPN, ProtonVPN and
 PrivateInternetAccess are supported directly, with custom configuration files
 also supported with the `--custom` argument.
 
@@ -16,6 +16,11 @@ check the security of their browser's connection. This was used with the
 Mullvad configuration to verify that there is no DNS leaking or
 BitTorrent leaking for both the OpenVPN and Wireguard configurations.
 
+AzireVPN users can use [their security check page](https://www.azirevpn.com/check)
+for the same (note the instructions on disabling WebRTC). I noticed that
+when using IPv6 with OpenVPN it incorrectly states you are not connected
+via AzireVPN though (Wireguard works correctly).
+
 Mullvad port forwarding works for both Wireguard and OpenVPN. You will
 need to enable the ports in your [Mullvad account](https://mullvad.net/en/account/#/ports).
 
@@ -36,6 +41,7 @@ lynx all running through different VPN connections:
 | Provider              | OpenVPN support | Wireguard support | 
 |-----------------------|-----------------|-------------------|
 | Mullvad               | ✅              | ✅                |
+| AzireVPN              | ✅              | ✅                |
 | PrivateInternetAccess | ✅              | ❌                |
 | TigerVPN              | ✅              | ❌                |
 | ProtonVPN             | ✅              | ❌                |
@@ -118,7 +124,7 @@ The sync process will save your credentials to a file in the
 config directory of the provider, so it can be passed to OpenVPN.
 If it is missing you will be prompted for your credentials.
 
-For PrivateInternetAccess these should be the same as your account
+For PrivateInternetAccess and AzireVPN these should be the same as your account
 credentials.
 
 For TigerVPN you can view your OpenVPN credentials [online on the "geeks" dashboard](https://www.tigervpn.com/dashboard/geeks).

src/providers/azirevpn/mod.rs

@@ -1,4 +1,4 @@
-// TODO mod openvpn;
+mod openvpn;
 mod wireguard;
 
 use super::{ConfigurationChoice, OpenVpnProvider, Provider, WireguardProvider};
@@ -7,10 +7,20 @@ use crate::wireguard::{de_socketaddr, de_vec_ipaddr, de_vec_ipnet};
 use dialoguer::{Input, Password};
 use ipnet::IpNet;
 use serde::Deserialize;
-use std::net::{IpAddr, Ipv4Addr, Ipv6Addr};
+use std::net::IpAddr;
+
+// AzireVPN details: https://www.azirevpn.com/docs/servers
 
 pub struct AzireVPN {}
 
+impl AzireVPN {
+    fn server_aliases(&self) -> &[&str] {
+        &[
+            "ca1", "dk1", "fr1", "de1", "it1", "es1", "nl1", "no1", "ro1", "se1", "se2", "ch1",
+            "th1", "us1", "us2", "uk1",
+        ]
+    }
+}
 impl Provider for AzireVPN {
     fn alias(&self) -> String {
         "azire".to_string()

src/providers/azirevpn/openvpn.rs

@@ -1,262 +1,68 @@
-use super::Mullvad;
+use super::AzireVPN;
 use super::{ConfigurationChoice, OpenVpnProvider};
 use crate::util::delete_all_files_in_dir;
 use crate::vpn::OpenVpnProtocol;
-use anyhow::Context;
-use log::warn;
-use rand::seq::SliceRandom;
-use reqwest::blocking::Client;
-use serde::Deserialize;
-use std::collections::HashMap;
-use std::fmt::Display;
+use log::{debug, info};
 use std::fs::create_dir_all;
 use std::fs::File;
 use std::io::Write;
 use std::net::{IpAddr, Ipv4Addr};
 use std::path::PathBuf;
-use strum::IntoEnumIterator;
-use strum_macros::EnumIter;
 
-impl Mullvad {
-    fn get_default_openvpn_settings(&self) -> Vec<&'static str> {
-        vec![
-            "client",
-            "dev tun",
-            "resolv-retry infinite",
-            "nobind",
-            "persist-key",
-            "persist-tun",
-            "verb 3",
-            "remote-cert-tls server",
-            "ping 10",
-            "ping-restart 60",
-            "sndbuf 524288",
-            "rcvbuf 524288",
-            "cipher AES-256-CBC",
-            "tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA",
-            "auth-user-pass mullvad_userpass.txt",
-            "ca mullvad_ca.crt",
-            "tun-ipv6",
-            "script-security 2",
-        ]
-    }
-}
-
-impl OpenVpnProvider for Mullvad {
+impl OpenVpnProvider for AzireVPN {
+    // AzireVPN details: https://www.azirevpn.com/docs/servers
+    // TODO: Add IPv6 DNS
     fn provider_dns(&self) -> Option<Vec<IpAddr>> {
-        Some(vec![IpAddr::V4(Ipv4Addr::new(193, 138, 218, 74))])
+        Some(vec![
+            IpAddr::V4(Ipv4Addr::new(91, 231, 153, 2)),
+            IpAddr::V4(Ipv4Addr::new(192, 211, 0, 2)),
+        ])
     }
 
     fn prompt_for_auth(&self) -> anyhow::Result<(String, String)> {
-        let username = self.request_mullvad_username()?;
-        Ok((username, "m".to_string()))
+        self.request_userpass()
     }
 
     fn auth_file_path(&self) -> anyhow::Result<PathBuf> {
-        Ok(self.openvpn_dir()?.join("mullvad_userpass.txt"))
+        Ok(self.openvpn_dir()?.join("auth.txt"))
     }
 
     fn create_openvpn_config(&self) -> anyhow::Result<()> {
+        let protocol = OpenVpnProtocol::choose_one()?;
+        // TODO: Allow port selection, TLS version selection
         let openvpn_dir = self.openvpn_dir()?;
+        let country_map = crate::util::country_map::code_to_country_map();
         create_dir_all(&openvpn_dir)?;
         delete_all_files_in_dir(&openvpn_dir)?;
-
-        let client = Client::new();
-        let relays: Vec<OpenVpnRelay> = client
-            .get("https://api.mullvad.net/www/relays/openvpn/")
-            .send()?
-            .json()?;
-
-        let mut config_choice = ConfigType::choose_one()?;
-        let port = config_choice.generate_port();
-
-        let use_ips = dialoguer::Confirm::new()
-            .with_prompt(
-                "Use IP addresses instead of hostnames? (may be resistant to DNS blocking, but need to be synced more frequently)"
-            )
-            .default(false)
-            .interact()?;
-
-        let use_bridges = dialoguer::Confirm::new()
-            .with_prompt(
-                "Connect via a bridge? (route over two separate servers, requires connecting on TCP port 443)"
-            )
-            .default(false)
-            .interact()?;
-
-        let mut settings = self.get_default_openvpn_settings();
-
-        if use_bridges {
-            if config_choice != ConfigType::Tcp443 {
-                warn!("Overriding chosen protocol and port to TCP 443 due to use of bridge");
-                config_choice = ConfigType::Tcp443;
-            }
-            settings.push("socks-proxy 127.0.0.1 1080");
-        }
-
-        match config_choice.get_protocol() {
-            OpenVpnProtocol::UDP => {
-                settings.push("proto udp");
-                settings.push("fast-io");
-            }
-            OpenVpnProtocol::TCP => {
-                settings.push("proto tcp");
-            }
-        }
-
-        // Group relays by country
-        // Generate config file per relay given options
-        // Naming: country_name-hostalias.ovpn
-        let mut file_set: HashMap<String, Vec<String>> = HashMap::with_capacity(128);
-        for relay in relays.into_iter().filter(|x| x.active) {
-            let file_name = format!(
-                "{}-{}.ovpn",
-                relay.country_name.to_lowercase().replace(' ', "_"),
-                relay.country_code
-            );
-
-            let remote_string = if use_ips {
-                format!(
-                    "remote {} {} # {}",
-                    relay.ipv4_addr_in, port, relay.hostname
-                )
-            } else {
-                format!("remote {}.mullvad.net {}", relay.hostname, port)
-            };
-
-            file_set
-                .entry(file_name)
-                .or_insert_with(Vec::new)
-                .push(remote_string);
-        }
-
-        let bridge_vec = if use_bridges {
-            let bridges: Vec<OpenVpnRelay> = client
-                .get("https://api.mullvad.net/www/relays/bridge/")
-                .send()?
-                .json()?;
-            bridges
-                .into_iter()
-                .filter(|x| x.active)
-                .map(|x| {
-                    format!(
-                        "route {} 255.255.255.255 net_gateway # {}",
-                        x.ipv4_addr_in, x.hostname
-                    )
-                })
-                .collect::<Vec<String>>()
-        } else {
-            Vec::new()
-        };
-
-        for (file_name, mut remote_vec) in file_set.into_iter() {
-            let mut file = File::create(&openvpn_dir.join(file_name))?;
-            writeln!(file, "{}", settings.join("\n"))?;
-
-            remote_vec.shuffle(&mut rand::thread_rng());
-            writeln!(
-                file,
-                "{}",
-                remote_vec[0..remote_vec.len().min(64)].join("\n")
-            )?;
-            if remote_vec.len() > 1 {
-                writeln!(file, "remote-random")?;
-            }
-
-            if !bridge_vec.is_empty() {
-                writeln!(file, "{}", bridge_vec.join("\n"))?;
-            }
-        }
-
-        // Write CA cert
-        let ca = include_str!("mullvad_ca.crt");
-        {
-            let file = File::create(openvpn_dir.join("mullvad_ca.crt"))
-                .context("Could not create mullvad CA file")?;
-            let mut write_buf = std::io::BufWriter::new(file);
-            write!(write_buf, "{}", ca)?;
+        for alias in self.server_aliases() {
+            let url = format!("https://www.azirevpn.com/cfg/openvpn/generate?country={}&os=linux-cli&nat=1&port=random&protocol={}&tls=gcm&keys=0", alias, protocol);
+            let file = reqwest::blocking::get(&url)?.bytes()?;
+
+            let file_contents = std::str::from_utf8(&file)?;
+            let file_contents = file_contents
+                .split('\n')
+                .filter(|&x| !(x.starts_with("up ") || x.starts_with("down ")))
+                .collect::<Vec<&str>>()
+                .join("\n");
+
+            let country = country_map
+                .get(&alias[0..2])
+                .expect("Could not map country to name");
+            let filename = format!("{}-{}.ovpn", country, alias);
+            debug!("Writing file: {}", filename);
+            let mut outfile =
+                File::create(openvpn_dir.join(filename.to_lowercase().replace(' ', "_")))?;
+            write!(outfile, "{}", file_contents)?;
         }
 
         // Write OpenVPN credentials file
         let (user, pass) = self.prompt_for_auth()?;
         let mut outfile = File::create(self.auth_file_path()?)?;
         write!(outfile, "{}\n{}", user, pass)?;
+        info!(
+            "AzireVPN OpenVPN config written to {}",
+            openvpn_dir.display()
+        );
         Ok(())
     }
 }
-
-#[derive(EnumIter, PartialEq)]
-enum ConfigType {
-    DefaultUdp,
-    Udp53,
-    Tcp80,
-    Tcp443,
-}
-
-impl ConfigType {
-    fn get_protocol(&self) -> OpenVpnProtocol {
-        match self {
-            Self::DefaultUdp => OpenVpnProtocol::UDP,
-            Self::Udp53 => OpenVpnProtocol::UDP,
-            Self::Tcp80 => OpenVpnProtocol::TCP,
-            Self::Tcp443 => OpenVpnProtocol::TCP,
-        }
-    }
-
-    fn generate_port(&self) -> u16 {
-        match self {
-            Self::DefaultUdp => *[1300, 1301, 1302, 1194, 1195, 1196, 1197]
-                .choose(&mut rand::thread_rng())
-                .expect("Could not choose default port"),
-            Self::Udp53 => 53,
-            Self::Tcp80 => 80,
-            Self::Tcp443 => 443,
-        }
-    }
-}
-
-impl Display for ConfigType {
-    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
-        let s = match self {
-            Self::DefaultUdp => "Default (UDP)",
-            Self::Udp53 => "UDP (Port 53)",
-            Self::Tcp80 => "TCP (Port 80)",
-            Self::Tcp443 => "TCP (Port 443)",
-        };
-        write!(f, "{}", s)
-    }
-}
-
-impl Default for ConfigType {
-    fn default() -> Self {
-        Self::DefaultUdp
-    }
-}
-
-impl ConfigurationChoice for ConfigType {
-    fn prompt() -> String {
-        "Please choose your OpenVPN connection protocol and port".to_string()
-    }
-
-    fn variants() -> Vec<Self> {
-        ConfigType::iter().collect()
-    }
-
-    fn description(&self) -> Option<String> {
-        None
-    }
-}
-
-// Note we ignore ipv6 addr here
-#[derive(Deserialize, Debug)]
-struct OpenVpnRelay {
-    hostname: String,
-    country_code: String,
-    country_name: String,
-    city_code: String,
-    city_name: String,
-    active: bool,
-    owned: bool,
-    provider: String,
-    ipv4_addr_in: std::net::Ipv4Addr,
-}

src/providers/azirevpn/wireguard.rs

@@ -21,11 +21,7 @@ impl WireguardProvider for AzireVPN {
         let client = Client::new();
 
         // TODO: Hardcoded list, can this be retrieved from the API?
-        let aliases = vec![
-            "ca1", "dk1", "fr1", "de1", "it1", "es1", "nl1", "no1", "ro1", "se1", "se2", "ch1",
-            "th1", "us1", "us2", "uk1",
-        ];
-
+        let aliases = self.server_aliases();
         let country_map = code_to_country_map();
         let (username, password) = self.request_userpass()?;
         let keypair: WgKey = generate_keypair()?;

src/providers/mod.rs

@@ -59,7 +59,7 @@ impl VpnProvider {
             Self::Mullvad => Ok(Box::new(mullvad::Mullvad {})),
             Self::TigerVPN => Ok(Box::new(tigervpn::TigerVPN {})),
             Self::ProtonVPN => Ok(Box::new(protonvpn::ProtonVPN {})),
-            Self::AzireVPN => Err(anyhow!("AzireVPN not yet implemented")),
+            Self::AzireVPN => Ok(Box::new(azirevpn::AzireVPN {})),
             Self::MozillaVPN => Err(anyhow!("MozillaVPN only supports Wireguard!")),
             Self::Custom => Err(anyhow!("Custom provider uses separate logic")),
         }