diff options
| -rw-r--r-- | talpid_core/src/process/openvpn.rs | 47 |
1 files changed, 40 insertions, 7 deletions
diff --git a/talpid_core/src/process/openvpn.rs b/talpid_core/src/process/openvpn.rs index 97c88a99c0..96e5f87aea 100644 --- a/talpid_core/src/process/openvpn.rs +++ b/talpid_core/src/process/openvpn.rs @@ -9,6 +9,24 @@ use std::fmt; use std::io; use std::path::{Path, PathBuf}; +static BASE_ARGUMENTS: &[&[&str]] = &[ + &["--client"], + &["--nobind"], + &["--dev", "tun"], + &["--ping", "5"], + &["--ping-exit", "20"], + &["--connect-retry", "0", "0"], + &["--connect-retry-max", "1"], + &["--comp-lzo"], +]; + +static ALLOWED_TLS_CIPHERS: &[&str] = &[ + "TLS-DHE-RSA-WITH-AES-256-CBC-SHA", + "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA", + "TLS-DHE-RSA-WITH-AES-128-CBC-SHA", + "TLS-DHE-RSA-WITH-SEED-CBC-SHA", + "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA", +]; /// An OpenVPN process builder, providing control over the different arguments that the OpenVPN /// binary accepts. @@ -59,7 +77,8 @@ impl OpenVpnCommand { /// Returns all arguments that the subprocess would be spawned with. pub fn get_arguments(&self) -> Vec<OsString> { - let mut args = vec![]; + let mut args: Vec<OsString> = Self::base_arguments().iter().map(OsString::from).collect(); + if let Some(ref config) = self.config { args.push(OsString::from("--config")); args.push(OsString::from(config.as_os_str())); @@ -74,6 +93,26 @@ impl OpenVpnCommand { args.push(OsString::from(path)); args.extend(plugin_args.iter().map(OsString::from)); } + + args.extend(Self::security_arguments().iter().map(OsString::from)); + + args + } + + fn base_arguments() -> Vec<&'static str> { + let mut args = vec![]; + for arglist in BASE_ARGUMENTS.iter() { + for arg in arglist.iter() { + args.push(*arg); + } + } + args + } + + fn security_arguments() -> Vec<String> { + let mut args = vec![]; + args.push("--tls-cipher".to_owned()); + args.push(ALLOWED_TLS_CIPHERS.join(":")); args } } @@ -111,12 +150,6 @@ mod tests { use std::ffi::OsString; #[test] - fn no_arguments() { - let testee_args = OpenVpnCommand::new("").get_arguments(); - assert_eq!(0, testee_args.len()); - } - - #[test] fn passes_one_remote() { let remote = RemoteAddr::new("example.com", 3333); |