CCrypto VPN public website https://vpn.ccrypto.org/
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

149 lines
3.5 KiB

  1. import json
  2. import uuid
  3. from django.utils.translation import ugettext as _
  4. from django.conf import settings
  5. CA_CERT = settings.OPENVPN_CA
  6. CONFIG_OS = (
  7. ('windows', _("Windows")),
  8. ('android', _("Android")),
  9. ('ubuntu', _("Ubuntu")),
  10. ('osx', _("OS X")),
  11. ('ios', _("iOS")),
  12. ('chromeos', _("Chrome OS")),
  13. ('freebox', _("Freebox")),
  14. ('other', _("Other / GNU/Linux")),
  15. )
  16. PROTOCOLS = (
  17. ('udp', _("UDP (default)")),
  18. ('tcp', _("TCP")),
  19. ('udpl', _("UDP (low MTU)")),
  20. )
  21. def _make_onc(username, name, hostname, port, protocol, http_proxy=None, ipv6=True):
  22. cert_id = '{%s}' % uuid.uuid4()
  23. vpn_id = '{%s}' % uuid.uuid4()
  24. openvpn_config = {
  25. 'ServerCARef': cert_id,
  26. 'ClientCertType': 'None',
  27. 'CompLZO': 'true',
  28. 'Port': port,
  29. 'Proto': protocol,
  30. 'ServerPollTimeout': 10,
  31. 'NsCertType': 'server',
  32. 'Username': username,
  33. }
  34. cert = {
  35. 'GUID': cert_id,
  36. 'Type': 'Authority',
  37. 'X509': CA_CERT.strip().replace('\n', '\\n'),
  38. }
  39. vpn = {
  40. 'GUID': vpn_id,
  41. 'Name': name,
  42. 'Type': 'VPN',
  43. 'VPN': {
  44. 'Type': 'OpenVPN',
  45. 'Host': hostname,
  46. 'OpenVPN': openvpn_config,
  47. },
  48. }
  49. return json.dumps({
  50. 'type': 'UnencryptedConfiguration',
  51. 'Certificates': [cert],
  52. 'NetworkConfigurations': [vpn],
  53. }, indent=2)
  54. def make_config(username, gw_name, os, protocol, http_proxy=None, ipv6=True):
  55. use_frag = protocol == 'udpl' and os != 'ios'
  56. ipv6 = ipv6 and (os != 'freebox')
  57. http_proxy = http_proxy if protocol == 'tcp' else None
  58. resolvconf = os in ('ubuntu', 'other')
  59. openvpn_proto = {'udp': 'udp', 'udpl': 'udp', 'tcp': 'tcp'}
  60. openvpn_ports = {'udp': 1196, 'udpl': 1194, 'tcp': 443}
  61. hostname = 'gw.%s.204vpn.net' % gw_name
  62. port = openvpn_ports[protocol]
  63. proto = openvpn_proto[protocol]
  64. if os == 'chromeos':
  65. name = "CCrypto VPN"
  66. if gw_name != 'random':
  67. name += " " + gw_name.upper()
  68. return _make_onc(username, name, hostname, port, proto, http_proxy, ipv6)
  69. remote = str(hostname)
  70. remote += ' ' + str(port)
  71. remote += ' ' + proto
  72. config = """\
  73. # +----------------------------+
  74. # | Cognitive Cryptography VPN |
  75. # | https://vpn.ccrypto.org/ |
  76. # +----------------------------+
  77. verb 4
  78. client
  79. tls-client
  80. script-security 2
  81. remote-cert-tls server
  82. dev tun
  83. nobind
  84. persist-key
  85. persist-tun
  86. comp-lzo yes
  87. remote {remote}
  88. auth-user-pass
  89. """.format(remote=remote)
  90. if os == 'ios':
  91. # i'd like to note here how much i hate OpenVPN
  92. config += "redirect-gateway ipv6\n"
  93. config += 'push "route 0.0.0.0 128.0.0.0"\n'
  94. config += 'push "route 128.0.0.0 128.0.0.0"\n'
  95. else:
  96. config += "redirect-gateway def1\n"
  97. if ipv6:
  98. config += "tun-ipv6\n"
  99. config += "route-ipv6 2000::/3\n"
  100. config += "\n"
  101. if use_frag:
  102. config += "fragment 1300\n"
  103. config += "mssfix 1300\n"
  104. config += "\n"
  105. if http_proxy:
  106. config += "http-proxy %s\n\n" % http_proxy
  107. if resolvconf:
  108. config += "up /etc/openvpn/update-resolv-conf\n"
  109. config += "down /etc/openvpn/update-resolv-conf\n"
  110. config += "\n"
  111. if os == 'windows':
  112. config += "register-dns\n"
  113. config += "\n"
  114. config += "<ca>\n%s\n</ca>" % CA_CERT
  115. if os == 'windows':
  116. config = config.replace('\n', '\r\n')
  117. return config