Merge pull request #167 from MysteriumNetwork/feature/MYST-355-limit-…

…openvpn-client-reconnects

MYST 355: limit openvpn client reconnects

location/detector_test.go

@@ -16,6 +16,7 @@ func TestDetectorDetectCountry(t *testing.T) {
 		{"95.85.39.36", "NL", ""},
 		{"127.0.0.1", "", ""},
 		{"8.8.8.8.8", "", "failed to parse IP"},
+		{"185.243.112.225", "", ""},
 		{"asd", "", "failed to parse IP"},
 	}
 

openvpn/config.go

@@ -60,6 +60,14 @@ func (c *Config) SetTLSCrypt(cryptFile string) {
 	c.AddOptions(OptionFile("tls-crypt", cryptFile))
 }
 
+// RestrictReconnects describes conditions which enforces client to close a session in case of failed authentication
+func (c *Config) RestrictReconnects() {
+	c.setParam("connect-retry-max", "2")
+	c.setParam("remap-usr1", "SIGTERM")
+	c.setFlag("single-session")
+	c.setFlag("tls-exit")
+}
+
 func (c *Config) SetKeepAlive(interval, timeout int) {
 	c.setParam("keepalive", strconv.Itoa(interval)+" "+strconv.Itoa(timeout))
 }

openvpn/factory.go

@@ -40,6 +40,7 @@ func NewClientConfig(
 	config.SetClientMode(remote, 1194)
 	config.SetTLSCACertificate(caCertPath)
 	config.SetTLSCrypt(tlsCryptKeyPath)
+	config.RestrictReconnects()
 
 	config.SetDevice("tun")
 	config.setParam("cipher", "AES-256-GCM")