Merge pull request #1285 from mysteriumnetwork/feature/consumer-uses-…

…provider-dns

Use provider's DNS for consumer connection

bin/package/installation/systemd.service

@@ -20,6 +20,7 @@ KillMode=process
 TimeoutStopSec=10
 SendSIGKILL=yes
 Restart=on-failure
+AmbientCapabilities=CAP_NET_BIND_SERVICE
 
 [Install]
 WantedBy=multi-user.target

cmd/commands/cli/command.go

@@ -23,7 +23,6 @@ import (
 	"io"
 	stdlog "log"
 	"path/filepath"
-	"strconv"
 	"strings"
 
 	"github.com/chzyer/readline"
@@ -308,25 +307,34 @@ func (c *cliApp) serviceGet(id string) {
 func (c *cliApp) connect(argsString string) {
 	args := strings.Fields(argsString)
 
+	helpMsg := "Please type in the provider identity. connect <consumer-identity> <provider-identity> <service-type> [disable-kill-switch] [enable-dns]"
 	if len(args) < 3 {
-		info("Please type in the provider identity. connect <consumer-identity> <provider-identity> <service-type> [disable-kill-switch]")
+		info(helpMsg)
 		return
 	}
 
 	consumerID, providerID, serviceType := args[0], args[1], args[2]
 
-	var disableKill bool
+	var disableKillSwitch bool
+	var enableDNS bool
 	var err error
-	if len(args) > 3 {
-		disableKillStr := args[3]
-		disableKill, err = strconv.ParseBool(disableKillStr)
-		if err != nil {
-			info("Please use true / false for <disable-kill-switch>")
+	for _, arg := range args[3:] {
+		switch arg {
+		case "enable-dns":
+			enableDNS = true
+		case "disable-kill-switch":
+			disableKillSwitch = true
+		default:
+			warn("Unexpected arg:", arg)
+			info(helpMsg)
 			return
 		}
 	}
 
-	connectOptions := tequilapi_client.ConnectOptions{DisableKillSwitch: disableKill}
+	connectOptions := tequilapi_client.ConnectOptions{
+		EnableDNS:         enableDNS,
+		DisableKillSwitch: disableKillSwitch,
+	}
 
 	if consumerID == "new" {
 		id, err := c.tequilapi.NewIdentity(identityDefaultPassphrase)

cmd/di_desktop.go

@@ -262,12 +262,12 @@ func (di *Dependencies) bootstrapServiceComponents(nodeOptions node.Options) err
 func (di *Dependencies) registerConnections(nodeOptions node.Options) {
 	di.registerOpenvpnConnection(nodeOptions)
 	di.registerNoopConnection()
-	di.registerWireguardConnection()
+	di.registerWireguardConnection(nodeOptions)
 }
 
-func (di *Dependencies) registerWireguardConnection() {
+func (di *Dependencies) registerWireguardConnection(nodeOptions node.Options) {
 	wireguard.Bootstrap()
-	di.ConnectionRegistry.Register(wireguard.ServiceType, wireguard_connection.NewConnectionCreator())
+	di.ConnectionRegistry.Register(wireguard.ServiceType, wireguard_connection.NewConnectionCreator(nodeOptions.Directories.Config))
 }
 
 func (di *Dependencies) bootstrapUIServer(options node.Options) {

config/urfavecli/clicontext/user.go

@@ -53,7 +53,7 @@ func LoadUserConfig(ctx *cli.Context) error {
 func LoadUserConfigQuietly(ctx *cli.Context) error {
 	err := LoadUserConfig(ctx)
 	if err != nil {
-		_ = log.Warn(err)
+		log.Warn(err)
 	}
 	return nil
 }

core/connection/connect_options.go

@@ -27,6 +27,7 @@ import (
 type ConnectParams struct {
 	// kill switch option restricting communication only through VPN
 	DisableKillSwitch bool
+	EnableDNS         bool
 }
 
 // ConnectOptions represents the params we need to ensure a successful connection
@@ -35,5 +36,6 @@ type ConnectOptions struct {
 	ProviderID    identity.Identity
 	Proposal      market.ServiceProposal
 	SessionID     session.ID
+	EnableDNS     bool
 	SessionConfig []byte
 }

core/connection/manager.go

@@ -278,6 +278,7 @@ func (manager *connectionManager) startConnection(
 	connectOptions := ConnectOptions{
 		SessionID:     sessionDTO.ID,
 		SessionConfig: sessionDTO.Config,
+		EnableDNS:     params.EnableDNS,
 		ConsumerID:    consumerID,
 		ProviderID:    identity.FromAddress(proposal.ProviderID),
 		Proposal:      proposal,

firewall/iptables/iptables.go

@@ -173,7 +173,7 @@ func (b Iptables) Setup() error {
 // Reset tries to cleanup all changes made by setup and leave system in the state before setup
 func (Iptables) Reset() {
 	if err := cleanupStaleRules(); err != nil {
-		_ = log.Warn(logPrefix, "Error cleaning up iptables rules, you might want to do it yourself: ", err)
+		log.Warn(logPrefix, "Error cleaning up iptables rules, you might want to do it yourself: ", err)
 	}
 }
 
@@ -184,7 +184,7 @@ func addRuleWithRemoval(chain chainInfo) (firewall.RemoveRule, error) {
 	return func() {
 		_, err := iptablesExec(chain.removeArgs()...)
 		if err != nil {
-			_ = log.Warn(logPrefix, "Error executing rule: ", chain.removeArgs(), " you might wanna do it yourself. Error was: ", err)
+			log.Warn(logPrefix, "Error executing rule: ", chain.removeArgs(), " you might wanna do it yourself. Error was: ", err)
 		}
 	}, nil
 }

logconfig/log.go

@@ -94,18 +94,18 @@ func (l Logger) Info(v ...interface{}) {
 }
 
 // Warn warn log
-func (l Logger) Warn(v ...interface{}) error {
-	return seelog.Warn(append([]interface{}{l.prefix}, v...)...)
+func (l Logger) Warn(v ...interface{}) {
+	_ = seelog.Warn(append([]interface{}{l.prefix}, v...)...)
 }
 
 // Error error log
-func (l Logger) Error(v ...interface{}) error {
-	return seelog.Error(append([]interface{}{l.prefix}, v...)...)
+func (l Logger) Error(v ...interface{}) {
+	_ = seelog.Error(append([]interface{}{l.prefix}, v...)...)
 }
 
 // Critical critical log
-func (l Logger) Critical(v ...interface{}) error {
-	return seelog.Critical(append([]interface{}{l.prefix}, v...)...)
+func (l Logger) Critical(v ...interface{}) {
+	_ = seelog.Critical(append([]interface{}{l.prefix}, v...)...)
 }
 
 // IsTrace indicates if trace should be logged

mobile/mysterium/openvpn_connection_setup.go

@@ -219,7 +219,7 @@ func (ocf *OpenvpnConnectionFactory) Create(stateChannel connection.StateChannel
 			sessionConfig.RemotePort = sessionConfig.LocalPort + 1
 		}
 
-		vpnClientConfig, err := openvpn.NewClientConfigFromSession(sessionConfig, "", "")
+		vpnClientConfig, err := openvpn.NewClientConfigFromSession(sessionConfig, "", "", false)
 		if err != nil {
 			return nil, nil, err
 		}

services/openvpn/client.go

@@ -20,12 +20,11 @@ package openvpn
 import (
 	"sync"
 
-	"github.com/mysteriumnetwork/node/firewall"
-
 	log "github.com/cihub/seelog"
 	"github.com/mysteriumnetwork/go-openvpn/openvpn"
 	"github.com/mysteriumnetwork/node/core/connection"
 	"github.com/mysteriumnetwork/node/core/ip"
+	"github.com/mysteriumnetwork/node/firewall"
 	"github.com/mysteriumnetwork/node/nat/traversal"
 	"github.com/pkg/errors"
 )
@@ -132,6 +131,7 @@ type VPNConfig struct {
 	OriginalRemoteIP   string
 	OriginalRemotePort int
 
+	DNS             string `json:"dns"`
 	RemoteIP        string `json:"remote"`
 	RemotePort      int    `json:"port"`
 	LocalPort       int    `json:"lport"`

services/openvpn/client_config.go

@@ -71,23 +71,24 @@ func defaultClientConfig(runtimeDir string, scriptSearchPath string) *ClientConf
 	clientConfig.SetParam("reneg-sec", "60")
 	clientConfig.SetParam("resolv-retry", "infinite")
 	clientConfig.SetParam("redirect-gateway", "def1", "bypass-dhcp")
-	clientConfig.SetParam("dhcp-option", "DNS", "208.67.222.222")
-	clientConfig.SetParam("dhcp-option", "DNS", "208.67.220.220")
 
 	return &clientConfig
 }
 
 // NewClientConfigFromSession creates client configuration structure for given VPNConfig, configuration dir to store serialized file args, and
 // configuration filename to store other args
 // TODO this will become the part of openvpn service consumer separate package
-func NewClientConfigFromSession(vpnConfig *VPNConfig, configDir string, runtimeDir string) (*ClientConfig, error) {
+func NewClientConfigFromSession(vpnConfig *VPNConfig, configDir string, runtimeDir string, enableDNS bool) (*ClientConfig, error) {
 	// TODO Rename `vpnConfig` to `sessionConfig`
 	err := NewDefaultValidator().IsValid(vpnConfig)
 	if err != nil {
 		return nil, err
 	}
 
-	clientFileConfig := newClientConfig(runtimeDir, configDir)
+	clientFileConfig := newClientConfig(runtimeDir, configDir, enableDNS)
+	if enableDNS && len(vpnConfig.DNS) > 0 {
+		clientFileConfig.SetParam("dhcp-option", "DNS", vpnConfig.DNS)
+	}
 	clientFileConfig.VpnConfig = vpnConfig
 	clientFileConfig.SetReconnectRetry(2)
 	clientFileConfig.SetClientMode(vpnConfig.RemoteIP, vpnConfig.RemotePort, vpnConfig.LocalPort)

services/openvpn/client_config_factory.go

@@ -21,10 +21,13 @@ package openvpn
 
 import "github.com/mysteriumnetwork/go-openvpn/openvpn/config"
 
-func newClientConfig(runtimeDir string, scriptSearchPath string) *ClientConfig {
+func newClientConfig(runtimeDir string, scriptSearchPath string, enableDNS bool) *ClientConfig {
 	clientConfig := defaultClientConfig(runtimeDir, scriptSearchPath)
-	clientConfig.SetScriptParam("up", config.QuotedPath("update-resolv-conf"))
-	clientConfig.SetScriptParam("down", config.QuotedPath("update-resolv-conf"))
+
+	if enableDNS {
+		clientConfig.SetScriptParam("up", config.QuotedPath("update-resolv-conf"))
+		clientConfig.SetScriptParam("down", config.QuotedPath("update-resolv-conf"))
+	}
 
 	return clientConfig
 }

services/openvpn/client_config_factory_windows.go

@@ -17,8 +17,10 @@
 
 package openvpn
 
-func newClientConfig(runtimeDir string, scriptSearchPath string) *ClientConfig {
+func newClientConfig(runtimeDir string, scriptSearchPath string, enableDNS bool) *ClientConfig {
 	clientConfig := defaultClientConfig(runtimeDir, scriptSearchPath)
-	clientConfig.SetFlag("register-dns")
+	if enableDNS {
+		clientConfig.SetFlag("register-dns")
+	}
 	return clientConfig
 }

services/openvpn/config_validator_test.go

@@ -62,14 +62,15 @@ YFcPCscvdnZ1U8hTUaREZmDB2w9eaGyCM4YXAg==
 
 func TestValidatorReturnsNilErrorOnValidVPNConfig(t *testing.T) {
 	vpnConfig := &VPNConfig{
-		"",
-		0,
-		"1.2.3.4",
-		10999,
-		1194,
-		"tcp",
-		tlsTestKey,
-		caCertificate,
+		OriginalRemoteIP:   "",
+		OriginalRemotePort: 0,
+		DNS:                "",
+		RemoteIP:           "1.2.3.4",
+		RemotePort:         10999,
+		LocalPort:          1194,
+		RemoteProtocol:     "tcp",
+		TLSPresharedKey:    tlsTestKey,
+		CACertificate:      caCertificate,
 	}
 	assert.NoError(t, NewDefaultValidator().IsValid(vpnConfig))
 }

services/openvpn/connection_factory.go

@@ -92,7 +92,7 @@ func (op *ProcessBasedConnectionFactory) Create(stateChannel connection.StateCha
 			sessionConfig.OriginalRemotePort = sessionConfig.RemotePort
 		}
 
-		vpnClientConfig, err := NewClientConfigFromSession(sessionConfig, op.configDirectory, op.runtimeDirectory)
+		vpnClientConfig, err := NewClientConfigFromSession(sessionConfig, op.configDirectory, op.runtimeDirectory, options.EnableDNS)
 		if err != nil {
 			return nil, nil, err
 		}

services/openvpn/service/factory.go

@@ -130,11 +130,12 @@ func newServerFactory(nodeOptions node.Options, sessionValidator *openvpn_sessio
 
 // newSessionConfigNegotiatorFactory returns function generating session config for remote client
 func newSessionConfigNegotiatorFactory(networkOptions node.OptionsNetwork, serviceOptions Options, natEventGetter NATEventGetter, portPool port.ServicePortSupplier) SessionConfigNegotiatorFactory {
-	return func(secPrimitives *tls.Primitives, outboundIP, publicIP string, port int) session.ConfigNegotiator {
+	return func(secPrimitives *tls.Primitives, dnsIP, outboundIP, publicIP string, port int) session.ConfigNegotiator {
 		serverIP := vpnServerIP(serviceOptions, outboundIP, publicIP, networkOptions.Localnet)
 		return &OpenvpnConfigNegotiator{
 			natEventGetter: natEventGetter,
 			vpnConfig: &openvpn_service.VPNConfig{
+				DNS:             dnsIP,
 				RemoteIP:        serverIP,
 				RemotePort:      port,
 				RemoteProtocol:  serviceOptions.Protocol,

services/openvpn/service/manager.go

@@ -23,8 +23,6 @@ import (
 
 	"github.com/mysteriumnetwork/go-openvpn/openvpn"
 	"github.com/mysteriumnetwork/go-openvpn/openvpn/tls"
-	"github.com/pkg/errors"
-
 	"github.com/mysteriumnetwork/node/core/port"
 	"github.com/mysteriumnetwork/node/dns"
 	"github.com/mysteriumnetwork/node/firewall"
@@ -38,6 +36,7 @@ import (
 	openvpn_service "github.com/mysteriumnetwork/node/services/openvpn"
 	"github.com/mysteriumnetwork/node/session"
 	"github.com/mysteriumnetwork/node/utils"
+	"github.com/pkg/errors"
 )
 
 // ServerConfigFactory callback generates session config for remote client
@@ -50,7 +49,7 @@ type ServerFactory func(*openvpn_service.ServerConfig, chan openvpn.State) openv
 type ProposalFactory func(currentLocation market.Location) market.ServiceProposal
 
 // SessionConfigNegotiatorFactory initiates ConfigProvider instance during runtime
-type SessionConfigNegotiatorFactory func(secPrimitives *tls.Primitives, outboundIP, publicIP string, port int) session.ConfigNegotiator
+type SessionConfigNegotiatorFactory func(secPrimitives *tls.Primitives, dnsIP, outboundIP, publicIP string, port int) session.ConfigNegotiator
 
 // NATPinger defined Pinger interface for Provider
 type NATPinger interface {
@@ -118,7 +117,8 @@ func (m *Manager) Serve(providerID identity.Identity) (err error) {
 		return
 	}
 
-	m.vpnServiceConfigProvider = m.sessionConfigNegotiatorFactory(primitives, m.outboundIP, m.publicIP, m.vpnServerPort)
+	dnsIP := utils.FirstIP(m.vpnNetwork).String()
+	m.vpnServiceConfigProvider = m.sessionConfigNegotiatorFactory(primitives, dnsIP, m.outboundIP, m.publicIP, m.vpnServerPort)
 
 	vpnServerConfig := m.vpnServerConfigFactory(primitives, m.vpnServerPort)
 	stateChannel := make(chan openvpn.State, 10)
@@ -141,14 +141,13 @@ func (m *Manager) Serve(providerID identity.Identity) (err error) {
 		return errors.Wrap(err, "failed to start Openvpn server")
 	}
 
-	m.dnsServer = dns.NewServer(
-		net.JoinHostPort(providerIP(m.vpnNetwork).String(), "53"),
-		dns.ResolveViaConfigured(),
-	)
-	log.Info("Starting DNS on: ", m.dnsServer.Addr)
-	if err = m.dnsServer.Run(); err != nil {
-		return errors.Wrap(err, "failed to start DNS server")
-	}
+	m.dnsServer = dns.NewServer(net.JoinHostPort(dnsIP, "53"), dns.ResolveViaConfigured())
+	log.Info("starting DNS on: ", m.dnsServer.Addr)
+	go func() {
+		if err := m.dnsServer.Run(); err != nil {
+			log.Error("failed to start DNS server: ", err)
+		}
+	}()
 
 	log.Info("OpenVPN server waiting")
 	return m.vpnServer.Wait()
@@ -262,9 +261,3 @@ func (m *Manager) portMappingFailed() bool {
 	}
 	return event.Stage == mapping.StageName && !event.Successful
 }
-
-func providerIP(subnet net.IPNet) net.IP {
-	ip := subnet.IP
-	ip[len(ip)-1] = byte(1)
-	return ip
-}