-
Notifications
You must be signed in to change notification settings - Fork 311
/
server_config.go
88 lines (79 loc) · 2.93 KB
/
server_config.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
/*
* Copyright (C) 2017 The "MysteriumNetwork/node" Authors.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package service
import (
"github.com/mysteriumnetwork/go-openvpn/openvpn/config"
"github.com/mysteriumnetwork/go-openvpn/openvpn/tls"
)
// ServerConfig defines openvpn in server mode configuration structure
type ServerConfig struct {
*config.GenericConfig
}
// SetServerMode sets a set of options for openvpn to act as server
func (c *ServerConfig) SetServerMode(port int, network, netmask string) {
c.SetPort(port)
c.SetParam("server", network, netmask)
c.SetParam("topology", "subnet")
}
// SetTLSServer add tls-server option to config, also sets dh to none
func (c *ServerConfig) SetTLSServer() {
c.SetFlag("tls-server")
c.AddOptions(config.OptionParam("dh", "none"))
}
// SetProtocol adds protocol option (tcp or udp)
func (c *ServerConfig) SetProtocol(protocol string) {
if protocol == "tcp" {
c.SetParam("proto", "tcp-server")
} else if protocol == "udp" {
c.SetFlag("explicit-exit-notify")
}
}
// NewServerConfig creates server configuration structure from given basic parameters
func NewServerConfig(
runtimeDir string,
scriptDir string,
network, netmask string,
secPrimitives *tls.Primitives,
bindAddress string,
port int,
protocol string,
) *ServerConfig {
serverConfig := ServerConfig{config.NewConfig(runtimeDir, scriptDir)}
serverConfig.SetServerMode(port, network, netmask)
serverConfig.SetTLSServer()
serverConfig.SetProtocol(protocol)
serverConfig.SetTLSCACertificate(secPrimitives.CertificateAuthority.ToPEMFormat())
serverConfig.SetTLSPrivatePubKeys(
secPrimitives.ServerCertificate.ToPEMFormat(),
secPrimitives.ServerCertificate.KeyToPEMFormat(),
)
serverConfig.SetTLSCrypt(secPrimitives.PresharedKey.ToPEMFormat())
serverConfig.SetParam("cipher", "AES-256-GCM")
serverConfig.SetParam("verb", "3")
serverConfig.SetParam("tls-version-min", "1.2")
serverConfig.SetFlag("management-client-pf")
serverConfig.SetFlag("management-client-auth")
serverConfig.SetParam("verify-client-cert", "none")
serverConfig.SetParam("tls-cipher", "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384")
serverConfig.SetParam("reneg-sec", "3600")
serverConfig.SetKeepAlive(10, 60)
serverConfig.SetPingTimerRemote()
serverConfig.SetPersistKey()
serverConfig.SetParam("auth", "none")
serverConfig.SetParam("local", bindAddress)
return &serverConfig
}