From 703773ecd8959a755c19f1c66680eaa38a770354 Mon Sep 17 00:00:00 2001 From: Jeremy Fleischman Date: Sun, 12 Nov 2023 03:27:12 -0800 Subject: [PATCH] wip wip wip testing out the suggestions in `https://github.com/OpenVPN/openvpn3-linux/issues/208` --- overlays/default.nix | 22 ++++++++ ovpn3-core.diff | 46 ++++++++++++++++ ovpn3.diff | 84 +++++++++++++++++++++++++++++ shared/homies/bin/h4vpn | 2 + shared/polybar-openvpn3/default.nix | 19 +++---- 5 files changed, 164 insertions(+), 9 deletions(-) create mode 100644 ovpn3-core.diff create mode 100644 ovpn3.diff diff --git a/overlays/default.nix b/overlays/default.nix index 03339593..7d540bd0 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -1,3 +1,14 @@ +let + pkgsWithOpenvpn3 = import + (builtins.fetchGit { + # Descriptive name to make the store path easier to identify + name = "nixpkgs-with-openvpn3-21"; + url = "https://github.com/jfly/nixpkgs/"; + ref = "upgrade-openvpn3"; + rev = "5e5319a2b01f4aa39dc99a7d7a1b70bacfe60f24"; + }) + { system = "x86_64-linux"; }; +in [ ( self: super: @@ -59,6 +70,17 @@ if builtins.pathExists (absoluteRepoPath encrypted) then builtins.readFile (absoluteRepoPath encrypted) else builtins.trace missingMsg missingMsg ); }; + + # >>> <<<< + #<<< openvpn3 = pkgsWithOpenvpn3.openvpn3; + + openvpn3 = pkgsWithOpenvpn3.openvpn3.overrideAttrs (oldAttrs: { + patches = [ ../ovpn3.diff ]; + }); + + #<<< openvpn3 = super.openvpn3.overrideAttrs (oldAttrs: { + #<<< #<<< patches = [ ../ovpn3.diff ]; + #<<< }); } ) ] diff --git a/ovpn3-core.diff b/ovpn3-core.diff new file mode 100644 index 00000000..1c5c8a85 --- /dev/null +++ b/ovpn3-core.diff @@ -0,0 +1,46 @@ +diff --git a/openvpn/tun/client/tunprop.hpp b/openvpn/tun/client/tunprop.hpp +index e830d9cd..0eeb7c1b 100644 +--- a/openvpn/tun/client/tunprop.hpp ++++ b/openvpn/tun/client/tunprop.hpp +@@ -546,9 +546,8 @@ class TunProp + DnsOptions dns_options(opt); + for (const auto &domain : dns_options.search_domains) + { +- if (!tb->tun_builder_set_adapter_domain_suffix(domain)) +- throw tun_prop_dhcp_option_error("tun_builder_set_adapter_domain_suffix"); +- break; // use only the first domain for now ++ if (!tb->tun_builder_add_search_domain(domain)) ++ throw tun_prop_dhcp_option_error("tun_builder_add_search_domain failed"); + } + for (const auto &keyval : dns_options.servers) + { +@@ -565,11 +564,6 @@ class TunProp + throw tun_prop_dhcp_option_error("tun_builder_add_dns_server failed"); + flags |= F_ADD_DNS; + } +- for (const auto &domain : server.domains) +- { +- if (!tb->tun_builder_add_search_domain(domain)) +- throw tun_prop_dhcp_option_error("tun_builder_add_search_domain failed"); +- } + } + + OptionList::IndexMap::const_iterator dopt = opt.map().find("dhcp-option"); // DIRECTIVE +@@ -595,7 +589,7 @@ class TunProp + throw tun_prop_dhcp_option_error("tun_builder_add_dns_server failed"); + flags |= F_ADD_DNS; + } +- else if ((type == "DOMAIN" || type == "DOMAIN-SEARCH") && dns_options.servers.empty()) ++ else if ((type == "DOMAIN" || type == "DOMAIN-SEARCH") && dns_options.search_domains.empty()) + { + o.min_args(3); + for (size_t j = 2; j < o.size(); ++j) +@@ -609,7 +603,7 @@ class TunProp + } + } + } +- else if (type == "ADAPTER_DOMAIN_SUFFIX" && dns_options.search_domains.empty()) ++ else if (type == "ADAPTER_DOMAIN_SUFFIX") + { + o.exact_args(3); + const std::string &adapter_domain_suffix = o.get(2, 256); diff --git a/ovpn3.diff b/ovpn3.diff new file mode 100644 index 00000000..1a690b50 --- /dev/null +++ b/ovpn3.diff @@ -0,0 +1,84 @@ +diff --git a/src/netcfg/dns/resolver-settings.cpp b/src/netcfg/dns/resolver-settings.cpp +index 4c1ee9c..26b784f 100644 +--- a/src/netcfg/dns/resolver-settings.cpp ++++ b/src/netcfg/dns/resolver-settings.cpp +@@ -231,7 +231,7 @@ const std::string ResolverSettings::AddNameServers(GVariant *params) + } + + +-void ResolverSettings::AddSearchDomains(GVariant *params) ++const std::string ResolverSettings::AddSearchDomains(GVariant *params) + { + std::string params_type(g_variant_get_type_string(params)); + if ("(as)" != params_type) +@@ -247,6 +247,7 @@ void ResolverSettings::AddSearchDomains(GVariant *params) + } + + GVariant *srchdom = nullptr; ++ std::string ret; + while ((srchdom = g_variant_iter_next_value(srchlist))) + { + gsize len; +@@ -260,10 +261,13 @@ void ResolverSettings::AddSearchDomains(GVariant *params) + { + search_domains.push_back(v); + } ++ ret += (!ret.empty() ? ", " : "") + v; + + g_variant_unref(srchdom); + } + g_variant_iter_free(srchlist); ++ ++ return ret; + } + } // namespace DNS + } // namespace NetCfg +diff --git a/src/netcfg/dns/resolver-settings.hpp b/src/netcfg/dns/resolver-settings.hpp +index 9fe76cc..d3910ea 100644 +--- a/src/netcfg/dns/resolver-settings.hpp ++++ b/src/netcfg/dns/resolver-settings.hpp +@@ -302,8 +302,11 @@ class ResolverSettings + * + * @param params GVariant object containing an (as) based string + * array of elements to process ++ * ++ * @returns Returns a std::string list of added DNS search domains, ++ * comma separated + */ +- void AddSearchDomains(GVariant *params); ++ const std::string AddSearchDomains(GVariant *params); + #endif + + +diff --git a/src/netcfg/dns/systemd-resolved.cpp b/src/netcfg/dns/systemd-resolved.cpp +index aeb2139..86982f9 100644 +--- a/src/netcfg/dns/systemd-resolved.cpp ++++ b/src/netcfg/dns/systemd-resolved.cpp +@@ -116,6 +116,13 @@ void SystemdResolved::Commit(NetCfgSignals *signal) + upd.link->SetDNSServers(upd.resolver); + signal->LogVerb2("systemd-resolved: [" + upd.link->GetPath() + + "] Committing DNS search domains"); ++ ++ //<<< ++ for (const auto &dom : upd.search) ++ { ++ signal->LogVerb2("systemd-resolved: dom.search: [" + dom.search + "]"); ++ } ++ //<<< + upd.link->SetDomains(upd.search); + upd.link->SetDefaultRoute(upd.default_routing); + } +diff --git a/src/netcfg/netcfg-device.hpp b/src/netcfg/netcfg-device.hpp +index c119128..f31ed6a 100644 +--- a/src/netcfg/netcfg-device.hpp ++++ b/src/netcfg/netcfg-device.hpp +@@ -411,7 +411,8 @@ class NetCfgDevice : public DBusObject, + } + + // Adds DNS search domains +- dnsconfig->AddSearchDomains(params); ++ std::string added = dnsconfig->AddSearchDomains(params); ++ signal.Debug(device_name, "Added DNS Search Domains: " + added); + modified = true; + } + #ifdef ENABLE_OVPNDCO diff --git a/shared/homies/bin/h4vpn b/shared/homies/bin/h4vpn index 9b68fadd..7230a3f6 100755 --- a/shared/homies/bin/h4vpn +++ b/shared/homies/bin/h4vpn @@ -27,4 +27,6 @@ function toggle() { # If we don't get an answer there, we could implement this with a custom script. # See script documentation here: https://github.com/OpenVPN/openvpn3-linux/blob/master/docs/man/openvpn2.1.rst#script-execution # The command to run will be something like: `sudo resolvectl domain tun0 '~honorcare.com'`. +# +# <<< OR: `sudo resolvectl default-route tun0 false` >>> toggle ~/sync/linux-secrets/h4-vpn/ovpn-access-server.ovpn diff --git a/shared/polybar-openvpn3/default.nix b/shared/polybar-openvpn3/default.nix index 6c57e139..c3b179b6 100644 --- a/shared/polybar-openvpn3/default.nix +++ b/shared/polybar-openvpn3/default.nix @@ -9,14 +9,15 @@ with pkgs.python3Packages; buildPythonApplication { src = ./.; propagatedBuildInputs = pkgs.openvpn3.pythonPath ++ [ - (pkgs.openvpn3.overrideAttrs (oldAttrs: { - patches = [ - # TODO: remove this when v21 of openvpn3 lands on nixpkgs-unstable. - (pkgs.fetchpatch { - url = "https://github.com/OpenVPN/openvpn3-linux/commit/ba6fe37e7e28d1e633b56052383da3072f03c11e.patch"; - sha256 = "sha256-MBXDEfeyg0VQGp9GYcpTZyLB0h6LX1qlaqZSDhOAJgQ="; - }) - ]; - })) + pkgs.openvpn3 + #<<< (pkgs.openvpn3.overrideAttrs (oldAttrs: { + #<<< patches = [ + #<<< # TODO: remove this when v21 of openvpn3 lands on nixpkgs-unstable. + #<<< (pkgs.fetchpatch { + #<<< url = "https://github.com/OpenVPN/openvpn3-linux/commit/ba6fe37e7e28d1e633b56052383da3072f03c11e.patch"; + #<<< sha256 = "sha256-MBXDEfeyg0VQGp9GYcpTZyLB0h6LX1qlaqZSDhOAJgQ="; + #<<< }) + #<<< ]; + #<<< })) ]; }