Merge branch 'vpn' into develop

gitLinan · Aug 28, 2018 · c1be86d · c1be86d
2 parents ac85f53 + 052e2aa
commit c1be86d
Show file tree

Hide file tree

Showing 7 changed files with 406 additions and 22 deletions.
diff --git a/OPENSOURCELICENSES b/OPENSOURCELICENSES
@@ -1,3 +1,28 @@
+### addr-to-ip-port
+
+https://github.com/webtorrent/addr-to-ip-port
+
+The MIT License (MIT)
+
+Copyright (c) Feross Aboukhadijeh and WebTorrent, LLC
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software is furnished to do so,
+subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
 ### ant
 
 https://github.com/txthinking/ant
@@ -164,30 +189,33 @@ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 SOFTWARE.
 
-### addr-to-ip-port
-
-https://github.com/webtorrent/addr-to-ip-port
-
-The MIT License (MIT)
-
-Copyright (c) Feross Aboukhadijeh and WebTorrent, LLC
+### gotun2socks
 
-Permission is hereby granted, free of charge, to any person obtaining a copy of
-this software and associated documentation files (the "Software"), to deal in
-the Software without restriction, including without limitation the rights to
-use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
-the Software, and to permit persons to whom the Software is furnished to do so,
-subject to the following conditions:
+https://github.com/yinghuocho/gotun2socks
 
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
+Copyright (c) 2016, yinghuocho
+All rights reserved.
 
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
-FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
-COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
-IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
-CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+* Redistributions of source code must retain the above copyright notice, this
+  list of conditions and the following disclaimer.
+
+* Redistributions in binary form must reproduce the above copyright notice,
+  this list of conditions and the following disclaimer in the documentation
+  and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 ### mux
 

diff --git a/cli/brook/main.go b/cli/brook/main.go
@@ -273,6 +273,78 @@ func main() {
 				return brook.RunTproxy(c.String("listen"), c.String("server"), c.String("password"), c.Int("tcpTimeout"), c.Int("tcpDeadline"), c.Int("udpDeadline"))
 			},
 		},
+		cli.Command{
+			Name:  "vpn",
+			Usage: "Run as VPN mode",
+			Flags: []cli.Flag{
+				cli.StringFlag{
+					Name:  "listen, l",
+					Usage: "Client listen address, must use 127.0.0.1, like: 127.0.0.1:1080",
+				},
+				cli.StringFlag{
+					Name:  "server, s",
+					Usage: "Server address, must use IP, like: 1.2.3.4:1080",
+				},
+				cli.StringFlag{
+					Name:  "password, p",
+					Usage: "Server password",
+				},
+				cli.IntFlag{
+					Name:  "tcpTimeout",
+					Value: 60,
+					Usage: "connection tcp keepalive timeout (s)",
+				},
+				cli.IntFlag{
+					Name:  "tcpDeadline",
+					Value: 0,
+					Usage: "connection deadline time (s)",
+				},
+				cli.IntFlag{
+					Name:  "udpDeadline",
+					Value: 60,
+					Usage: "connection deadline time (s)",
+				},
+				cli.IntFlag{
+					Name:  "udpSessionTime",
+					Value: 60,
+					Usage: "udp session time (s), in most cases need this",
+				},
+				cli.StringFlag{
+					Name:  "tunDevice",
+					Usage: "tun name",
+					Value: "tun0",
+				},
+				cli.StringFlag{
+					Name:  "tunIP",
+					Usage: "tun IP",
+					Value: "10.0.0.2",
+				},
+				cli.StringFlag{
+					Name:  "tunGateway",
+					Usage: "tun gateway",
+					Value: "10.0.0.1",
+				},
+				cli.StringFlag{
+					Name:  "tunMask",
+					Usage: "tun mask",
+					Value: "255.255.255.0",
+				},
+				cli.BoolFlag{
+					Name:  "publicOnly",
+					Usage: "Only forward public destination",
+				},
+			},
+			Action: func(c *cli.Context) error {
+				if c.String("listen") == "" || c.String("server") == "" || c.String("password") == "" {
+					cli.ShowCommandHelp(c, "client")
+					return nil
+				}
+				if debug {
+					enableDebug()
+				}
+				return brook.RunVPN(c.String("listen"), c.String("server"), c.String("password"), c.Int("tcpTimeout"), c.Int("tcpDeadline"), c.Int("udpDeadline"), c.Int("udpSessionTime"), c.String("tunDevice"), c.String("tunIP"), c.String("tunGateway"), c.String("tunMask"), c.Bool("publicOnly"))
+			},
+		},
 		cli.Command{
 			Name:  "streamserver",
 			Usage: "Run as server mode",

diff --git a/run.go b/run.go
@@ -1,6 +1,8 @@
 package brook
 
-import "github.com/txthinking/brook/sysproxy"
+import (
+	"github.com/txthinking/brook/sysproxy"
+)
 
 // RunServer used to make a new Server and start to listen
 func RunServer(address, password string, tcpTimeout, tcpDeadline, udpDeadline int) error {
@@ -132,3 +134,12 @@ func RunSystemProxy(remove bool, pac string) error {
 	}
 	return nil
 }
+
+// RunVPN used to make a new VPN and start
+func RunVPN(address, server, password string, tcpTimeout, tcpDeadline, udpDeadline, udpSessionTime int, tunDevice, tunIP, tunGateway, tunMask string, publicOnly bool) error {
+	v, err := NewVPN(address, server, password, tcpTimeout, tcpDeadline, udpDeadline, udpSessionTime, tunDevice, tunIP, tunGateway, tunMask, publicOnly)
+	if err != nil {
+		return err
+	}
+	return v.ListenAndServe()
+}
diff --git a/vpn.go b/vpn.go
@@ -0,0 +1,118 @@
+package brook
+
+import (
+	"errors"
+	"fmt"
+	"log"
+	"net"
+	"os"
+	"os/signal"
+	"syscall"
+
+	"github.com/txthinking/brook/sysproxy"
+	"github.com/txthinking/gotun2socks"
+	"github.com/txthinking/gotun2socks/tun"
+)
+
+// VPN
+type VPN struct {
+	Client     *Client
+	Tunnel     *Tunnel
+	Tun        *gotun2socks.Tun2Socks
+	ServerIP   string
+	TunGateway string
+}
+
+// NewVPN
+func NewVPN(addr, server, password string, tcpTimeout, tcpDeadline, udpDeadline, udpSessionTime int, tunDevice, tunIP, tunGateway, tunMask string, publicOnly bool) (*VPN, error) {
+	h, _, err := net.SplitHostPort(addr)
+	if err != nil {
+		return nil, err
+	}
+	if h != "127.0.0.1" {
+		return nil, errors.New("Must listen on 127.0.0.1")
+	}
+	h, _, err = net.SplitHostPort(server)
+	if err != nil {
+		return nil, err
+	}
+	c, err := NewClient(addr, "127.0.0.1", server, password, tcpTimeout, tcpDeadline, udpDeadline, udpSessionTime)
+	if err != nil {
+		return nil, err
+	}
+	tl, err := NewTunnel("127.0.0.1:53", "8.8.8.8:53", server, password, tcpTimeout, tcpDeadline, udpDeadline)
+	if err != nil {
+		return nil, err
+	}
+	f, err := tun.OpenTunDevice(tunDevice, tunIP, tunGateway, tunMask, []string{"8.8.8.8"})
+	if err != nil {
+		return nil, err
+	}
+	t := gotun2socks.New(f, addr, []string{"8.8.8.8"}, publicOnly, true)
+	return &VPN{
+		Client:     c,
+		Tunnel:     tl,
+		Tun:        t,
+		ServerIP:   h,
+		TunGateway: tunGateway,
+	}, nil
+}
+
+// ListenAndServe starts to run VPN
+func (v *VPN) ListenAndServe() error {
+	if err := sysproxy.SetDNSServer("127.0.0.1"); err != nil {
+		return err
+	}
+	if err := v.AddRoutes(); err != nil {
+		return err
+	}
+
+	errch := make(chan error)
+	go func() {
+		errch <- v.Client.ListenAndServe()
+	}()
+	go func() {
+		errch <- v.Tunnel.ListenAndServe()
+	}()
+	go func() {
+		v.Tun.Run()
+	}()
+	go func() {
+		sigs := make(chan os.Signal, 1)
+		signal.Notify(sigs, syscall.SIGINT, syscall.SIGTERM, syscall.SIGHUP, syscall.SIGQUIT)
+		<-sigs
+		errch <- nil
+	}()
+	fmt.Println("Ctrl-C to quit")
+
+	err := <-errch
+	if err := v.Shutdown(); err != nil {
+		return err
+	}
+	return err
+}
+
+// Shutdown stops VPN
+func (v *VPN) Shutdown() error {
+	fmt.Println("Quitting...")
+	if err := sysproxy.SetDNSServer("8.8.8.8"); err != nil {
+		log.Println(err)
+	}
+	if err := v.DeleteRoutes(); err != nil {
+		log.Println(err)
+	}
+	if v.Client != nil {
+		if err := v.Client.Shutdown(); err != nil {
+			log.Println(err)
+		}
+	}
+	if v.Tunnel != nil {
+		if err := v.Tunnel.Shutdown(); err != nil {
+			log.Println(err)
+		}
+	}
+	if v.Tun != nil {
+		v.Tun.Stop()
+	}
+	return nil
+}
diff --git a/vpn_darwin.go b/vpn_darwin.go
@@ -0,0 +1,50 @@
+package brook
+
+import (
+	"errors"
+	"os/exec"
+
+	"github.com/txthinking/brook/sysproxy"
+)
+
+// AddRoutes adds routes
+func (v *VPN) AddRoutes() error {
+	c := exec.Command("route", "add", "-net", "0.0.0.0", v.TunGateway, "-netmask", "128.0.0.0")
+	if out, err := c.CombinedOutput(); err != nil {
+		return errors.New(string(out) + err.Error())
+	}
+	c = exec.Command("route", "add", "-net", "128.0.0.0", v.TunGateway, "-netmask", "128.0.0.0")
+	if out, err := c.CombinedOutput(); err != nil {
+		return errors.New(string(out) + err.Error())
+	}
+	gw, err := sysproxy.GetDefaultGateway()
+	if err != nil {
+		return err
+	}
+	c = exec.Command("route", "add", "-host", v.ServerIP, gw, "-netmask", "255.255.255.255")
+	if out, err := c.CombinedOutput(); err != nil {
+		return errors.New(string(out) + err.Error())
+	}
+	return nil
+}
+
+// DeleteRoutes deletes routes
+func (v *VPN) DeleteRoutes() error {
+	c := exec.Command("route", "delete", "-net", "0.0.0.0", v.TunGateway, "-netmask", "128.0.0.0")
+	if out, err := c.CombinedOutput(); err != nil {
+		return errors.New(string(out) + err.Error())
+	}
+	c = exec.Command("route", "delete", "-net", "128.0.0.0", v.TunGateway, "-netmask", "128.0.0.0")
+	if out, err := c.CombinedOutput(); err != nil {
+		return errors.New(string(out) + err.Error())
+	}
+	gw, err := sysproxy.GetDefaultGateway()
+	if err != nil {
+		return err
+	}
+	c = exec.Command("route", "delete", "-host", v.ServerIP, gw, "-netmask", "255.255.255.255")
+	if out, err := c.CombinedOutput(); err != nil {
+		return errors.New(string(out) + err.Error())
+	}
+	return nil
+}