diff options
| author | David Lönnhager <david.l@mullvad.net> | 2020-10-29 18:25:02 +0100 |
|---|---|---|
| committer | David Lönnhager <david.l@mullvad.net> | 2020-11-16 13:18:54 +0100 |
| commit | c5877588b8615a0d64d93ab78c95519bb6878ac2 (patch) | |
| tree | d1438610863dd8fff804486d4eb00ea3efc8cbd7 | |
| parent | 79a221109c3a361d699779ae66a45f3d7b8c79b7 (diff) | |
| download | mullvadvpn-c5877588b8615a0d64d93ab78c95519bb6878ac2.tar.xz mullvadvpn-c5877588b8615a0d64d93ab78c95519bb6878ac2.zip | |
Set up routes for OpenVPN using the route manager
| -rw-r--r-- | talpid-core/src/process/openvpn.rs | 3 | ||||
| -rw-r--r-- | talpid-core/src/tunnel/openvpn.rs | 43 |
2 files changed, 45 insertions, 1 deletions
diff --git a/talpid-core/src/process/openvpn.rs b/talpid-core/src/process/openvpn.rs index 7922ba952c..bb0e71aa29 100644 --- a/talpid-core/src/process/openvpn.rs +++ b/talpid-core/src/process/openvpn.rs @@ -231,6 +231,9 @@ impl OpenVpnCommand { args.push(OsString::from(mssfix.to_string())); } + #[cfg(target_os = "linux")] + args.push(OsString::from("--route-noexec")); + if !self.enable_ipv6 { args.push(OsString::from("--pull-filter")); args.push(OsString::from("ignore")); diff --git a/talpid-core/src/tunnel/openvpn.rs b/talpid-core/src/tunnel/openvpn.rs index f83cabca3b..7221a328ff 100644 --- a/talpid-core/src/tunnel/openvpn.rs +++ b/talpid-core/src/tunnel/openvpn.rs @@ -1,4 +1,6 @@ use super::TunnelEvent; +#[cfg(target_os = "linux")] +use crate::routing::RequiredRoute; use crate::{ mktemp, process::{ @@ -8,8 +10,10 @@ use crate::{ proxy::{self, ProxyMonitor, ProxyResourceData}, routing, }; +#[cfg(target_os = "linux")] +use std::net::IpAddr; use std::{ - collections::HashMap, + collections::{HashMap, HashSet}, fs, io::{self, Write}, path::{Path, PathBuf}, @@ -185,6 +189,12 @@ impl OpenVpnMonitor<OpenVpnCommand> { return; } if event == openvpn_plugin::EventType::RouteUp { + #[cfg(target_os = "linux")] + tokio::task::block_in_place(|| { + let routes = extract_routes(&env); + route_manager_handle.clone().add_routes(routes).unwrap(); + }); + // The user-pass file has been read. Try to delete it early. let _ = fs::remove_file(&user_pass_file_path); @@ -237,6 +247,37 @@ impl OpenVpnMonitor<OpenVpnCommand> { } } +#[cfg(target_os = "linux")] +fn extract_routes(env: &HashMap<String, String>) -> HashSet<RequiredRoute> { + let mut routes = HashSet::new(); + + let ipv4_relay: IpAddr = env + .get("remote_1") + .expect("No \"remote_1\" in route up event") + .parse() + .expect("Net gateway IP not in valid format"); + routes.insert(RequiredRoute::new( + ipv4_relay.into(), + routing::NetNode::DefaultNode, + )); + + let interface = env.get("dev").unwrap(); + let node = routing::Node::device(interface.to_string()); + + for network in &["0.0.0.0/1".parse().unwrap(), "128.0.0.0/1".parse().unwrap()] { + routes.insert(RequiredRoute::new(*network, node.clone())); + } + + for (key, value) in env.iter() { + if key.starts_with("route_ipv6_network") { + let network = value.parse().expect("V6 network format invalid"); + routes.insert(RequiredRoute::new(network, node.clone())); + } + } + + routes +} + impl<C: OpenVpnBuilder + 'static> OpenVpnMonitor<C> { fn new_internal<L>( mut cmd: C, |