From 24ba40a960c42ac5cf48d588c811fa1a34ba9c36 Mon Sep 17 00:00:00 2001 From: James McMurray Date: Thu, 29 Feb 2024 22:23:12 +0100 Subject: [PATCH] Improve error printing, add warning for ProtonVPN DNS settings in OpenVPN custom config to USERGUIDE --- USERGUIDE.md | 19 +++++++++++++++++-- src/exec.rs | 39 ++++++++++++++++++++++++--------------- 2 files changed, 41 insertions(+), 17 deletions(-) diff --git a/USERGUIDE.md b/USERGUIDE.md index 9847c9a..d350b11 100644 --- a/USERGUIDE.md +++ b/USERGUIDE.md @@ -251,14 +251,20 @@ $ vopono -v exec --custom ~/custom_wireguard.conf --protocol wireguard "firefox" ```bash $ vopono -v exec --custom ./custom_openvpn.ovpn --protocol openvpn "firefox" ``` -> To use a custom provider which requires a username and password, supply an authentication file with the username and password. -> Reference the authentication file in the ovpn configuration file with `auth-user-pass auth.txt` appended to the top of the file. +To use a custom provider which requires a username and password, supply an authentication file with the username and password. +Reference the authentication file in the ovpn configuration file with `auth-user-pass auth.txt` appended to the top of the file. Note that in the OpenVPN case the vopono will execute OpenVPN from the same directory as the config file itself. So any accompanying files (CA certificates, authentication files, etc.) must be in the same directory with the file if using relative paths in the config file. +For OpenVPN be careful to remove any DNS update scripts from the OpenVPN config file e.g. for ProtonVPN OpenVPN configs, remove the following lines: + +``` +up /etc/openvpn/update-resolv-conf +down /etc/openvpn/update-resolv-conf +``` ### OpenFortiVPN @@ -482,6 +488,15 @@ Note that there may be multiple `AUTH-xxx=yyy` cookies - the specific one we nee ![AUTH cookie example](protonvpn_header.png) +If using a downloaded OpenVPN config file directly as a `--custom` custom config file in vopono, then be sure to remove the following lines: + +``` +up /etc/openvpn/update-resolv-conf +down /etc/openvpn/update-resolv-conf +``` + +Also remember to append `+pmp` to the OpenVPN username if using port forwarding in this case too. + #### Wireguard servers Due to the way Wireguard configuration generation is handled, this should be diff --git a/src/exec.rs b/src/exec.rs index aa165d5..391629c 100644 --- a/src/exec.rs +++ b/src/exec.rs @@ -225,12 +225,14 @@ pub fn exec(command: ExecCommand, uiclient: &dyn UiClient) -> anyhow::Result<()> .get("provider") .map_err(|_e| anyhow!("Failed to read config file")) .ok() - }) - .expect( - "Enter a VPN provider as a command-line argument or in the vopono config.toml file", - ); + }).ok_or_else(|| { + let msg = "Enter a VPN provider as a command-line argument or in the vopono config.toml file"; + error!("{}", msg); anyhow!(msg)})?; + if provider == VpnProvider::Custom { - bail!("Must provide config file if using custom VPN Provider"); + let msg = "Must provide config file if using custom VPN Provider"; + error!("{}", msg); + bail!(msg); } server_name = command @@ -243,10 +245,9 @@ pub fn exec(command: ExecCommand, uiclient: &dyn UiClient) -> anyhow::Result<()> anyhow!("Failed to read config file") }) .ok() - }) - .expect( - "Enter a VPN server prefix as a command-line argument or in the vopono config.toml file", - ); + }).ok_or_else(|| { + let msg = "VPN server prefix must be provided as a command-line argument or in the vopono config.toml file"; + error!("{}", msg); anyhow!(msg)})?; // Check protocol is valid for provider protocol = command @@ -432,9 +433,11 @@ pub fn exec(command: ExecCommand, uiclient: &dyn UiClient) -> anyhow::Result<()> // TODO: DNS suffixes? ns.dns_config(&dns, &[], command.hosts_entries.as_ref())?; // Check if using Shadowsocks - if let Some((ss_host, ss_lport)) = - uses_shadowsocks(config_file.as_ref().expect("No config file provided"))? - { + if let Some((ss_host, ss_lport)) = uses_shadowsocks( + config_file + .as_ref() + .expect("No OpenVPN config file provided"), + )? { if provider == VpnProvider::Custom { warn!("Custom provider specifies socks-proxy, if this is local you must run it yourself (e.g. shadowsocks)"); } else { @@ -442,7 +445,9 @@ pub fn exec(command: ExecCommand, uiclient: &dyn UiClient) -> anyhow::Result<()> let password = dyn_ss_provider.password(); let encrypt_method = dyn_ss_provider.encrypt_method(); ns.run_shadowsocks( - config_file.as_ref().expect("No config file provided"), + config_file + .as_ref() + .expect("No OpenVPN config file provided"), ss_host, ss_lport, &password, @@ -452,7 +457,9 @@ pub fn exec(command: ExecCommand, uiclient: &dyn UiClient) -> anyhow::Result<()> } ns.run_openvpn( - config_file.clone().expect("No config file provided"), + config_file + .clone() + .expect("No OpenVPN config file provided"), auth_file, &dns, !command.no_killswitch, @@ -487,7 +494,9 @@ pub fn exec(command: ExecCommand, uiclient: &dyn UiClient) -> anyhow::Result<()> } Protocol::Wireguard => { ns.run_wireguard( - config_file.clone().expect("No config file provided"), + config_file + .clone() + .expect("No Wireguard config file provided"), !command.no_killswitch, command.open_ports.as_ref(), command.forward_ports.as_ref(),