riseup_vpn 0.1.0 → 1.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 061471e29bcb71a8ad7d20c0757f445ed026913613deb3a289bde237aa40022e
-  data.tar.gz: 7a780713819d589fdf07e4abd684c6b341e61e5d0ffdf6ccc331693f35cc5301
+  metadata.gz: b9fb7defcb7a949292d44dc949acfdc4524eb599a21ec1c90f5f1680c8b9d0ff
+  data.tar.gz: dcbb98a3d236a6bf35d3fab3f073549836e98d976a747a4dd134417f6f3ad43e
 SHA512:
-  metadata.gz: ae6548f93e8f3734c6578a0f593b979384735e34d07e84d6ffc6bf71ec741440086e0a480b2e19c7939072ee0876a33bf53b33224c3283e15ca7d913c98bd8d1
-  data.tar.gz: 6e5c748da5d135578357540b95d0ea97fb8e92287408443dac4acd655da6a8cd8ecd7dcb8bec4cc0944ad419a9eb4770c76447590da7d2927fb8efcab1a62652
+  metadata.gz: 01bf804c22e6edde11abfd61073f3a9093d33b9463e05f5456aa66f7537e44e19ef37708979499ca8193b05045439acdba5b3a46337ef4edc219053e9603e373
+  data.tar.gz: 219ee6e1de2521e85e94a558e28dda6347b3cb74e288bb293f04a86599975f76e00f4477b1d73493562403971f2e0435ff9fb4bde77404a774a690bd489dbd7f

data/CHANGELOG.md

@@ -1,5 +1,23 @@
 ## [Unreleased]
 
+## [1.1.0] - 2025-04-22
+
+### New features
+
+- add ability to import VPN client configs into Network Manager (Linux)
+
+## [1.0.0] - 2025-04-21
+
+### Breaking changes
+
+- Namespace changes: `RiseupVpn` -> `RiseupVPN`, `RiseupVpn::Api` -> `RiseupVPN::API` and `Generator` -> `Manager`
+- `#write_files` no longer takes an dir path arg
+- All errors subclass `RiseupVPN::Error`
+
+### New features
+
+- upgrade TLS to 1.3, if supported by client
+
 ## [0.1.0] - 2025-04-19
 
 - Initial release

data/README.md

@@ -3,12 +3,12 @@
 
 # RiseupVPN
 
-A tool to create .ovpn ([OpenVPN](https://openvpn.net)) client config files for use with [RiseupVPN](https://riseup.net/vpn). Such files can be imported using, for example, the Debian [openvpn NetworkManager plugin](https://packages.debian.org/search?keywords=network-manager-openvpn). You will then be able to route your network connection through any of Riseup's 20+ VPN gateways! Screenshot below shows Linux Mint's Network Manager panel applet with an active VPN connection to RiseupVPN's Seattle gateway.
-
-This project was inspired by [this](https://sizeof.cat/project/riseupvpn-to-openvpn) very excellent web tool.
+A tool to create .ovpn ([OpenVPN](https://openvpn.net)) client config files for use with [RiseupVPN](https://riseup.net/vpn). Such files can be imported using, for example, the Debian [openvpn NetworkManager plugin](https://packages.debian.org/search?keywords=network-manager-openvpn). You will then be able to route your network connection through any of Riseup's 20+ VPN gateways! The screenshot below shows Linux Mint's Network Manager panel applet with an active VPN connection to RiseupVPN's Seattle gateway.
 
 ![image info](assets/vpns.png)
 
+This project was inspired by [this](https://sizeof.cat/project/riseupvpn-to-openvpn) very excellent web tool.
+
 ## Installation
 
 Install the gem and add to the application's Gemfile by executing:
@@ -28,27 +28,36 @@ gem install riseup_vpn
 ```ruby
 require 'riseup_vpn'
 
-generator = RiseupVpn::Generator.new
-# => instance_of RiseupVpn::Generator
+@manager = RiseupVPN::Manager.new # takes an optional positional arg for the dir path. Default is '~/.config/riseup_vpn'
+# => instance_of RiseupVPN::Manager
 
-generator.ovpns
+@manager.ovpns
 # => {"vpn01-sea.riseup.net" => "client\ntls-client\ndev tun\nproto udp\nremote 204.13.164.252 1194 ...
 
-generator.ovpns.size
+@manager.ovpns.size
 # => 21
 
-RiseupVpn::Generator::OPTS # returns a list of valid options which maybe passed at initialization.
-# => {proto: ["udp", "tcp"]} # e.g. RiseupVpn::Generator.new(proto: 'tcp') default is 'udp'
+RiseupVPN::Manager::OPTS # returns a list of valid options which maybe passed as an optional hash at initialization.
+# => {proto: ["udp", "tcp"]} defaults are the first values e.g. 'udp' for :proto
+# For example; RiseupVPN::Manager.new('/some/path', proto: 'tcp')
 
-generator.write_files '~/.config/riseup_vpn' # dir must exist
+@manager.write_files # (over)writes the VPN client config files to the dir path
 ```
-The last command creates the following files in the chosen directory:
+The last command creates (or overwrites) the following files:
 - an .ovpn file for each VPN gateway
 - the Certificate Authority cert file (ca.crt)
 - the client private key file (client.key)
 - the client cert file (client.crt)
 
-Note: OpenVPN requires that cert & key files shared across .ovpn client config files are present in the same directory.
+Note: The last 2 expire after 30 days and therefore need to be updated regularly.
+
+Also note: OpenVPN requires that cert & key files shared across .ovpn client config files are present in the same directory.
+
+On Linux, you can do this to make Riseup's VPNs available in Network Manager. It uses `nmcli` under the hood:
+```Ruby
+@manager.import_ovpn_configs # writes the files and (re)imports the VPN configs into Network Manager
+# the client key and cert files are updated too
+```
 
 ## \_why?
 

data/Rakefile

@@ -5,8 +5,6 @@ require 'minitest/test_task'
 require 'rake/testtask'
 require 'rubocop/rake_task'
 
-# Minitest::TestTask.create
-
 namespace :test do
   Rake::TestTask.new do |t|
     t.name = 'api'

data/lib/riseup_vpn/api.rb

@@ -2,11 +2,9 @@
 
 require 'openssl'
 
-module RiseupVpn
+module RiseupVPN
   # parses ca.cert, client cert/key & gateways data from riseup.net API
-  module Api
-    class ApiError < StandardError; end
-
+  module API
     PROVIDER = 'https://riseup.net/provider.json' # entry point for API
     API_URI = 'https://api.black.riseup.net' # 443
     API_VERSION = '3'
@@ -35,15 +33,15 @@ module RiseupVpn
       def get(url)
         URI(url).read
       rescue NoMethodError, URI::Error
-        raise ApiError, "Bad URI: '#{url}'"
+        raise APIError, "Bad URI: '#{url}'"
       rescue OpenURI::HTTPError
-        raise ApiError, "Failed to get url: '#{url}'"
+        raise APIError, "Failed to get url: '#{url}'"
       end
 
       def get_json(url)
         JSON.parse get(url)
       rescue JSON::ParserError
-        raise ApiError, "Failed to parse JSON at: '#{url}'"
+        raise APIError, "Failed to parse JSON at: '#{url}'"
       end
     end
   end

data/lib/riseup_vpn/errors.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+module RiseupVPN
+  class Error < StandardError; end
+
+  class APIError < Error; end
+end

data/lib/riseup_vpn/generator.rb

@@ -1,57 +1,38 @@
 # frozen_string_literal: true
 
-require 'openssl'
 require 'yaml'
 
 require_relative 'api'
+require_relative 'utils'
 
-module RiseupVpn
-  # create a .ovpn config file for a gateway
+module RiseupVPN
+  # queries API and builds ovpn config files, CA cert and client key & cert
   class Generator
+    include Utils
+
     TEMPLATE = YAML.load_file File.join(__dir__, 'template_ovpn.yml')
     OPTS = { proto: %w[udp tcp] }.freeze # default is 1st value
-    LINE_METHODS = %i[remote verify-x509-name].freeze
+    LINE_METHODS = %i[remote tls-version-min verify-x509-name].freeze
 
-    attr_reader :ovpns
+    attr_reader :ovpns, :ca_crt, :client_key, :client_crt
 
     def initialize(opts = {})
       @opts = validate_options opts.transform_keys!(&:to_sym)
-      @server_config = server_config
       @template = template
+      @server_config = server_config
       @ovpns = generate_ovpns # hash { gateway_name => string }
-    end
-
-    def write_files(dir)
-      dir = File.expand_path dir.to_s
-      write_ovpn_files dir
-      write_ca_file dir
-      write_client_key_and_crt_files dir
-    rescue Errno::ENOENT, Errno::EACCES
-      raise ArgumentError, "Dir #{dir} doesn't exist or isn't writable"
+      @ca_crt = API.ca_crt
+      @client_key, @client_crt = API.client_key_and_crt
     end
 
     private
 
-    def write_ovpn_files(dir)
-      ovpns.each { |k, v| File.write(File.join(dir, "#{k}.ovpn"), v) }
-    end
-
-    def write_ca_file(dir)
-      File.write File.join(dir, 'ca.crt'), Api.ca_crt.to_s.chomp
-    end
-
-    def write_client_key_and_crt_files(dir)
-      client_key, client_crt = Api.client_key_and_crt
-      File.write File.join(dir, 'client.key'), client_key.to_s.chomp
-      File.write File.join(dir, 'client.crt'), client_crt.to_s.chomp
-    end
-
     def gateways
-      Api.eip['gateways']
+      API.eip['gateways']
     end
 
     def server_config
-      Api.eip['openvpn_configuration'].transform_keys(&:to_sym)
+      API.eip['openvpn_configuration'].transform_keys(&:to_sym)
     end
 
     def validate_options(opts)
@@ -69,17 +50,16 @@ module RiseupVpn
     end
 
     def template
-      return TEMPLATE.except(*%i[up down]) if RiseupVpn.os == 'darwin'
-      return TEMPLATE if RiseupVpn.os == 'linux'
+      return TEMPLATE.except(*%i[up down]) if Utils.os == 'darwin'
 
-      raise RiseupVpnError, "Unsupported OS: '#{RiseupVpn.os}'"
+      TEMPLATE # assumed Linux, see Utils::SUPPORTED_PLATFORMS
     end
 
     def generate_line(key, val, gateway)
       return "#{key} #{val}" if val # hard coded key/value in template file
       return "#{key} #{@opts[key]}" if @opts[key]
-      return server_config_line(key) if @server_config[key]
       return send(regularize_method_name(key), gateway) if LINE_METHODS.include? key
+      return server_config_line(key) if @server_config[key]
 
       key # hard coded key only in template file
     end
@@ -98,6 +78,10 @@ module RiseupVpn
       "remote #{gateway['ip_address']} #{@opts[:proto] == 'udp' ? 1194 : 80}" # TODO: check port 80 in json
     end
 
+    def tls_version_min(_gateway)
+      "tls-version-min #{Utils.tls_version}"
+    end
+
     def verify_x509_name(gateway)
       "verify-x509-name #{name(gateway)} name"
     end

data/lib/riseup_vpn/manager.rb

@@ -0,0 +1,54 @@
+# frozen_string_literal: true
+
+require_relative 'generator'
+
+module RiseupVPN
+  # manages config files
+  class Manager
+    DEFAULT_DIR = '~/.config/riseup_vpn'
+    OPTS = Generator::OPTS
+
+    def initialize(dir = DEFAULT_DIR, opts = {})
+      @dir = File.expand_path dir.to_s
+      @generator = Generator.new(opts)
+    end
+
+    def ovpns
+      @generator.ovpns
+    end
+
+    def write_files
+      write_ovpn_files
+      write_ca_crt
+      write_client_key
+      write_client_crt
+    rescue Errno::ENOENT, Errno::EACCES
+      raise ArgumentError, "Dir #{@dir} doesn't exist or isn't writable"
+    end
+
+    def import_ovpn_configs
+      raise NoMethodError, 'nmcli does not appear to be installed' unless Utils.nmcli?
+
+      write_files
+      Dir["#{@dir}/*.ovpn"].each { |f| Nmcli.import_openvpn f }
+    end
+
+    private
+
+    def write_ovpn_files
+      @generator.ovpns.each { |k, v| File.write(File.join(@dir, "#{k}.ovpn"), v) }
+    end
+
+    def write_ca_crt
+      File.write File.join(@dir, 'ca.crt'), @generator.ca_crt.to_s.chomp
+    end
+
+    def write_client_key
+      File.write File.join(@dir, 'client.key'), @generator.client_key.to_s.chomp
+    end
+
+    def write_client_crt
+      File.write File.join(@dir, 'client.crt'), @generator.client_crt.to_s.chomp
+    end
+  end
+end

data/lib/riseup_vpn/nmcli.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+require_relative 'generator'
+
+module RiseupVPN
+  # in the absence of an nmcli gem..
+  module Nmcli
+    def self.nmcli(command_string)
+      `nmcli #{command_string}`
+    end
+
+    def self.import_openvpn(file)
+      nmcli "con import type openvpn file #{file}"
+    end
+  end
+end

data/lib/riseup_vpn/utils.rb

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+require 'openssl'
+
+module RiseupVPN
+  # utilties for internal use
+  module Utils
+    SUPPORTED_PLATFORMS = %w[darwin linux].freeze
+
+    def self.os
+      os = Gem::Platform.local.os
+      return os if SUPPORTED_PLATFORMS.include? os
+
+      raise Error, "Unsupported OS: '#{os}'"
+    end
+
+    def self.tls_version
+      "1.#{OpenSSL::VERSION.to_i}".to_f
+    end
+
+    def self.nmcli?
+      !`which nmcli`.empty?
+    end
+  end
+end

data/lib/riseup_vpn/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
-module RiseupVpn
-  VERSION = '0.1.0'
+module RiseupVPN
+  VERSION = '1.1.0'
 end

data/lib/riseup_vpn.rb

@@ -3,11 +3,13 @@
 require 'json'
 require 'open-uri'
 
-# namespace
-module RiseupVpn
-  class RiseupVpnError < StandardError; end
+require_relative 'riseup_vpn/api'
+require_relative 'riseup_vpn/errors'
+require_relative 'riseup_vpn/generator'
+require_relative 'riseup_vpn/manager'
+require_relative 'riseup_vpn/nmcli'
+require_relative 'riseup_vpn/version'
 
-  def self.os
-    @os ||= Gem::Platform.local.os
-  end
+# namespace
+module RiseupVPN
 end

data/sig/riseup_vpn.rbs

@@ -1,4 +1,4 @@
-module RiseupVpn
+module RiseupVPN
   VERSION: String
   # See the writing guide of rbs: https://github.com/ruby/rbs#guides
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: riseup_vpn
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 1.1.0
 platform: ruby
 authors:
 - MatzFan
@@ -23,8 +23,12 @@ files:
 - assets/vpns.png
 - lib/riseup_vpn.rb
 - lib/riseup_vpn/api.rb
+- lib/riseup_vpn/errors.rb
 - lib/riseup_vpn/generator.rb
+- lib/riseup_vpn/manager.rb
+- lib/riseup_vpn/nmcli.rb
 - lib/riseup_vpn/template_ovpn.yml
+- lib/riseup_vpn/utils.rb
 - lib/riseup_vpn/version.rb
 - sig/riseup_vpn.rbs
 - tmp/.placeholder