start openvpn using subprocess_exec instead of shell
This commit is contained in:
mantaohuang
parent
8bdcb8bc4b
commit
46af0d52aa
@ -76,7 +76,6 @@ class Openvpn:
|
||||
self.status = RUNNING
|
||||
config_fp = self.generate_config_file()
|
||||
cmd = " ".join(["", "openvpn", "--config", config_fp])
|
||||
cmd = f"sg openvpn -c \"{cmd}\"" # TODO: configable?
|
||||
self.run_task = self.loop.create_task(self.run(cmd))
|
||||
|
||||
def get_log(self):
|
||||
@ -94,7 +93,7 @@ class Openvpn:
|
||||
async def stop(self):
|
||||
if self.status == RUNNING:
|
||||
try:
|
||||
await self.proc.kill()
|
||||
self.proc.kill()
|
||||
except Exception as err:
|
||||
print("kill failed:", err)
|
||||
|
||||
@ -105,14 +104,14 @@ class Openvpn:
|
||||
await self.stop()
|
||||
self.start()
|
||||
|
||||
async def run(self, cmd):
|
||||
async def run(self, cmd, group="openvpn"):
|
||||
print(f"run: {cmd}")
|
||||
self.exit_future = asyncio.Future()
|
||||
while self.status == RUNNING:
|
||||
print("create proc")
|
||||
print(self.status)
|
||||
proc = await asyncio.create_subprocess_shell(
|
||||
cmd,
|
||||
proc = await asyncio.create_subprocess_exec(
|
||||
"sg", group, "-c", cmd,
|
||||
stdout=asyncio.subprocess.PIPE,
|
||||
stderr=asyncio.subprocess.PIPE)
|
||||
self.proc = proc
|
||||
|
||||
80
session0/cfg.txt
Normal file
80
session0/cfg.txt
Normal file
@ -0,0 +1,80 @@
|
||||
client
|
||||
remote us-cf-ovudp-01.jumptoserver.com 4443
|
||||
proto udp
|
||||
comp-lzo
|
||||
persist-key
|
||||
persist-tun
|
||||
dev tun0
|
||||
auth SHA256
|
||||
auth-user-pass /home/mantao/Desktop/t/fast.txt
|
||||
tls-client
|
||||
mssfix 1450
|
||||
resolv-retry infinite
|
||||
remote-random
|
||||
nobind
|
||||
ping 15
|
||||
ping-restart 0
|
||||
ping-timer-rem
|
||||
reneg-sec 0
|
||||
tun-mtu 1500
|
||||
tun-mtu-extra 32
|
||||
<ca>
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIFQjCCAyqgAwIBAgIIUfxepT+rr8owDQYJKoZIhvcNAQEMBQAwPzELMAkGA1UE
|
||||
BhMCS1kxEzARBgNVBAoTCkZhc3Rlc3RWUE4xGzAZBgNVBAMTEkZhc3Rlc3RWUE4g
|
||||
Um9vdCBDQTAeFw0xNzA5MTYwMDAxNDZaFw0yNzA5MTQwMDAxNDZaMD8xCzAJBgNV
|
||||
BAYTAktZMRMwEQYDVQQKEwpGYXN0ZXN0VlBOMRswGQYDVQQDExJGYXN0ZXN0VlBO
|
||||
IFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC1Xj+WfPTo
|
||||
zFynFqc+c3CVrggIllaXEl5bY5VgFynXkqCTM6lSrfC4pNjGXUbqWe6RnGJbM4/6
|
||||
kUn+lQDjFSQV1rzP2eDS8+r5+X2WXh4AoeNRUWhvSG+HiHD/B2EFK+Nd5BRSdUjp
|
||||
KWAtsCmT2bBt7nT0jN1OdeNrLJeyF8siAqv/oQzKznF9aIe/N01b2M8ZOFTzoXi2
|
||||
fZAckgGWui8NB/lzkVIJqSkAPRL8qiJLuRCPVOX1PFD8vV//R8/QumtfbcYBMo6v
|
||||
Ck2HmWdrh5OQHPxb3KJtbtG+Z1j8x6HGEAe17djYepBiRMyCEQvYgfD6tvFylc4I
|
||||
quhqE9yaP60PJod5TxpWnRQ6HIGSeBm+S+rYSMalTZ8+pUqOOA+IQCYpfpx6EKIJ
|
||||
L/VsW2C7cXdvudxDhXPI5lR/QidCb9Ohq3WkfxXaYwzrngdg2avmNqId9R4KESuM
|
||||
9GoHW0dszfyBCh5wYfeaffMElfDam3B92NUwyhZwtIiv623WVXY9PPz+EDjSJsIA
|
||||
u2Vi1vdJyA4nD4k9Lwmx/1zTc/UaYVLsiBqL2WdfvFTeoWoV+dNxQXSEPhB8gwi8
|
||||
x4O4lZW0cwVy/6fa8KMY8gZbcbSTr7U5bRERfW8l+jY+mYKQ/M/ccgpxaHiw1/+4
|
||||
LWfbJQ7VhJJrTyN0C36FQzY1URkSXg+53wIDAQABo0IwQDAPBgNVHRMBAf8EBTAD
|
||||
AQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUmVEL4x6xdCqiqu2OBLs27EA8
|
||||
xGYwDQYJKoZIhvcNAQEMBQADggIBABCpITvO1+R4T9v2+onHiFxU5JjtCZ0zkXqR
|
||||
CMp/Z0UIYbeo1p07pZCPAUjBfGPCkAaR++OiG9sysALdJf8Y6HQKcyuAcWUqQnaI
|
||||
hoZ2JcAP7EKq7uCqsMhcYZD/j3O/3RPtSW5UOx6ItDU+Ua0t9Edho9whNw0VQXmo
|
||||
1JjYoP3FzPjuKoDWTSO1q5eYlZfwcTcs55O2shNkFafPg/6cCm5j6v9nyHrM3sk4
|
||||
LjkrBPUXVx2m/aoz219t8O9Ha9/CdMKXsPO/8gTUzpgnzSgPnGnBmi5xr1nspVN8
|
||||
X4E2f3D+DKqBim3YgslD68NcuFQvJ0/BxZzWVbrr+QXoyzaiCgXuogpIDc2bB6oR
|
||||
XqFnHNz36d4QJmJdWdSaijiS/peQ6EOPgOZ1GuObLWlDCBZLNeQ+N6QaiJxVO4XU
|
||||
j/s22i1IRtwdz84TRHrbWiIpEymsqmb/Ep5r4xV5d6+791axclfOTH7tQrY/SbPt
|
||||
TJI4OEgNekI8YfadQifpelF82MsFFEZuaQn0lj+fvLGtE/zKh3OdLTxRc5TAgBB+
|
||||
0T81+JQosygNr2aFFG0hxar1eyw/gLeG8H+7Ie50pyPvXO4OgB6Key8rSExpilQX
|
||||
lvAT1qX0qS3/K1i/9QkSE9ftIPT6vtwLV2sVQzfyanI4IZgWC6ryhvNLsRn0NFnQ
|
||||
clor0+aq
|
||||
-----END CERTIFICATE-----
|
||||
</ca>
|
||||
key-direction 1
|
||||
<tls-auth>
|
||||
-----BEGIN OpenVPN Static key V1-----
|
||||
697fe793b32cb5091d30f2326d5d124a
|
||||
9412e93d0a44ef7361395d76528fcbfc
|
||||
82c3859dccea70a93cfa8fae409709bf
|
||||
f75f844cf5ff0c237f426d0c20969233
|
||||
db0e706edb6bdf195ec3dc11b3f76bc8
|
||||
07a77e74662d9a800c8cd1144ebb67b7
|
||||
f0d3f1281d1baf522bfe03b7c3f963b1
|
||||
364fc0769400e413b61ca7b43ab19fac
|
||||
9e0f77e41efd4bda7fd77b1de2d7d785
|
||||
5cbbe3e620cecceac72c21a825b243e6
|
||||
51f44d90e290e09c3ad650de8fca99c8
|
||||
58bc7caad584bc69b11e5c9fd9381c69
|
||||
c505ec487a65912c672d83ed0113b5a7
|
||||
4ddfbd3ab33b3683cec593557520a72c
|
||||
4d6cce46111f56f3396cc3ce7183edce
|
||||
553c68ea0796cf6c4375fad00aaa2a42
|
||||
-----END OpenVPN Static key V1-----
|
||||
</tls-auth>
|
||||
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA:TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-RSA-WITH-CAMELLIA-256-CBC-SHA:TLS-RSA-WITH-AES-256-CBC-SHA
|
||||
cipher AES-256-CBC
|
||||
ping-timer-rem
|
||||
dev-type tun
|
||||
management localhost 8001
|
||||
log-append ./session0/log.txt
|
||||
34
session0/log.txt
Normal file
34
session0/log.txt
Normal file
@ -0,0 +1,34 @@
|
||||
Fri Apr 3 17:44:07 2020 WARNING: Using --management on a TCP port WITHOUT passwords is STRONGLY discouraged and considered insecure
|
||||
Fri Apr 3 17:44:07 2020 WARNING: file '/home/mantao/Desktop/t/fast.txt' is group or others accessible
|
||||
Fri Apr 3 17:44:07 2020 OpenVPN 2.4.8 [git:makepkg/3976acda9bf10b5e+] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jan 3 2020
|
||||
Fri Apr 3 17:44:07 2020 library versions: OpenSSL 1.1.1d 10 Sep 2019, LZO 2.10
|
||||
Fri Apr 3 17:44:07 2020 setsockopt(IPV6_V6ONLY=0)
|
||||
Fri Apr 3 17:44:07 2020 WARNING: --ping should normally be used with --ping-restart or --ping-exit
|
||||
Fri Apr 3 17:44:07 2020 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
|
||||
Fri Apr 3 17:44:07 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]192.154.253.6:4443
|
||||
Fri Apr 3 17:44:07 2020 UDP link local: (not bound)
|
||||
Fri Apr 3 17:44:07 2020 UDP link remote: [AF_INET]192.154.253.6:4443
|
||||
Fri Apr 3 17:44:07 2020 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
|
||||
Fri Apr 3 17:44:09 2020 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1602', remote='link-mtu 1570'
|
||||
Fri Apr 3 17:44:09 2020 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1532', remote='tun-mtu 1500'
|
||||
Fri Apr 3 17:44:09 2020 [*.fastestvpn.co] Peer Connection Initiated with [AF_INET]192.154.253.6:4443
|
||||
Fri Apr 3 17:44:11 2020 Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:5: register-dns (2.4.8)
|
||||
Fri Apr 3 17:44:11 2020 ERROR: Cannot ioctl TUNSETIFF tun0: Operation not permitted (errno=1)
|
||||
Fri Apr 3 17:44:11 2020 Exiting due to fatal error
|
||||
Fri Apr 3 17:44:16 2020 WARNING: Using --management on a TCP port WITHOUT passwords is STRONGLY discouraged and considered insecure
|
||||
Fri Apr 3 17:44:16 2020 WARNING: file '/home/mantao/Desktop/t/fast.txt' is group or others accessible
|
||||
Fri Apr 3 17:44:16 2020 OpenVPN 2.4.8 [git:makepkg/3976acda9bf10b5e+] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jan 3 2020
|
||||
Fri Apr 3 17:44:16 2020 library versions: OpenSSL 1.1.1d 10 Sep 2019, LZO 2.10
|
||||
Fri Apr 3 17:44:17 2020 setsockopt(IPV6_V6ONLY=0)
|
||||
Fri Apr 3 17:44:17 2020 WARNING: --ping should normally be used with --ping-restart or --ping-exit
|
||||
Fri Apr 3 17:44:17 2020 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
|
||||
Fri Apr 3 17:44:17 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]192.154.253.6:4443
|
||||
Fri Apr 3 17:44:17 2020 UDP link local: (not bound)
|
||||
Fri Apr 3 17:44:17 2020 UDP link remote: [AF_INET]192.154.253.6:4443
|
||||
Fri Apr 3 17:44:17 2020 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
|
||||
Fri Apr 3 17:44:19 2020 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1602', remote='link-mtu 1570'
|
||||
Fri Apr 3 17:44:19 2020 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1532', remote='tun-mtu 1500'
|
||||
Fri Apr 3 17:44:19 2020 [*.fastestvpn.co] Peer Connection Initiated with [AF_INET]192.154.253.6:4443
|
||||
Fri Apr 3 17:44:21 2020 Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:5: register-dns (2.4.8)
|
||||
Fri Apr 3 17:44:21 2020 ERROR: Cannot ioctl TUNSETIFF tun0: Operation not permitted (errno=1)
|
||||
Fri Apr 3 17:44:21 2020 Exiting due to fatal error
|
||||
Loading…
x
Reference in New Issue
Block a user