CCrypto VPN public website https://vpn.ccrypto.org/
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

151 lines
3.5 KiB

  1. import json
  2. import uuid
  3. from django.utils.translation import ugettext as _
  4. from django.conf import settings
  5. CA_CERT = settings.OPENVPN_CA
  6. CONFIG_OS = (
  7. ("windows", _("Windows")),
  8. ("android", _("Android")),
  9. ("ubuntu", _("Ubuntu")),
  10. ("osx", _("OS X")),
  11. ("ios", _("iOS")),
  12. ("chromeos", _("Chrome OS")),
  13. ("freebox", _("Freebox")),
  14. ("other", _("Other / GNU/Linux")),
  15. )
  16. PROTOCOLS = (
  17. ("udp", _("UDP (default)")),
  18. ("tcp", _("TCP")),
  19. ("udpl", _("UDP (low MTU)")),
  20. )
  21. def _make_onc(username, name, hostname, port, protocol, http_proxy=None, ipv6=True):
  22. cert_id = "{%s}" % uuid.uuid4()
  23. vpn_id = "{%s}" % uuid.uuid4()
  24. openvpn_config = {
  25. "ServerCARef": cert_id,
  26. "ClientCertType": "None",
  27. "CompLZO": "true",
  28. "Port": port,
  29. "Proto": protocol,
  30. "ServerPollTimeout": 10,
  31. "NsCertType": "server",
  32. "Username": username,
  33. }
  34. cert = {
  35. "GUID": cert_id,
  36. "Type": "Authority",
  37. "X509": CA_CERT.strip(),
  38. }
  39. vpn = {
  40. "GUID": vpn_id,
  41. "Name": name,
  42. "Type": "VPN",
  43. "VPN": {
  44. "Type": "OpenVPN",
  45. "Host": hostname,
  46. "OpenVPN": openvpn_config,
  47. },
  48. }
  49. return json.dumps(
  50. {
  51. "type": "UnencryptedConfiguration",
  52. "Certificates": [cert],
  53. "NetworkConfigurations": [vpn],
  54. },
  55. indent=2,
  56. )
  57. def make_config(username, gw_name, os, protocol, http_proxy=None, ipv6=True):
  58. use_frag = protocol == "udpl" and os != "ios"
  59. ipv6 = ipv6 and (os != "freebox")
  60. http_proxy = http_proxy if protocol == "tcp" else None
  61. resolvconf = os in ("ubuntu", "other")
  62. openvpn_proto = {"udp": "udp", "udpl": "udp", "tcp": "tcp"}
  63. openvpn_ports = {"udp": 1196, "udpl": 1194, "tcp": 443}
  64. hostname = "gw.%s.204vpn.net" % gw_name
  65. port = openvpn_ports[protocol]
  66. proto = openvpn_proto[protocol]
  67. if os == "chromeos":
  68. name = "CCrypto VPN"
  69. if gw_name != "random":
  70. name += " " + gw_name.upper()
  71. return _make_onc(username, name, hostname, port, proto, http_proxy, ipv6)
  72. remote = str(hostname)
  73. remote += " " + str(port)
  74. remote += " " + proto
  75. config = """\
  76. # +----------------------------+
  77. # | Cognitive Cryptography VPN |
  78. # | https://vpn.ccrypto.org/ |
  79. # +----------------------------+
  80. verb 4
  81. client
  82. tls-client
  83. script-security 2
  84. remote-cert-tls server
  85. dev tun
  86. nobind
  87. persist-key
  88. persist-tun
  89. comp-lzo yes
  90. remote {remote}
  91. auth-user-pass
  92. """.format(
  93. remote=remote
  94. )
  95. if os == "ios":
  96. # i'd like to note here how much i hate OpenVPN
  97. config += "redirect-gateway ipv6\n"
  98. config += 'push "route 0.0.0.0 128.0.0.0"\n'
  99. config += 'push "route 128.0.0.0 128.0.0.0"\n'
  100. else:
  101. config += "redirect-gateway def1\n"
  102. if ipv6:
  103. config += "tun-ipv6\n"
  104. config += "route-ipv6 2000::/3\n"
  105. config += "\n"
  106. if use_frag:
  107. config += "fragment 1300\n"
  108. config += "mssfix 1300\n"
  109. config += "\n"
  110. if http_proxy:
  111. config += "http-proxy %s\n\n" % http_proxy
  112. if resolvconf:
  113. config += "up /etc/openvpn/update-resolv-conf\n"
  114. config += "down /etc/openvpn/update-resolv-conf\n"
  115. config += "\n"
  116. if os == "windows":
  117. config += "register-dns\n"
  118. config += "\n"
  119. config += "<ca>\n%s\n</ca>" % CA_CERT
  120. if os == "windows":
  121. config = config.replace("\n", "\r\n")
  122. return config