Add DNS Management and Kill Switch options to setup

krey · Jun 26, 2021 · ef0ab7c · ef0ab7c
1 parent 5104a4c
commit ef0ab7c
Show file tree

Hide file tree

Showing 7 changed files with 72 additions and 4 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -5,13 +5,11 @@ RUN pacman -Syu --noconfirm && \
     pacman -S --noconfirm which expect openvpn dialog python-pip python-setuptools git dante && \
     pip install protonvpn-cli
 
-COPY ./vpn-setup.exp ./config.sh /tmp/
+COPY ./vpn-setup-main.exp ./vpn-setup-dns.exp ./vpn-setup-dns-custom.exp ./vpn-setup-killswitch.exp ./setup.sh ./config.sh /tmp/
 
 # protonvpn-cli needs access to width
 ENV COLUMNS 80
 
-RUN source /tmp/config.sh && \
-    expect /tmp/vpn-setup.exp && \
-    rm /tmp/vpn-setup.exp /tmp/config.sh
+RUN /bin/bash /tmp/setup.sh
 
 COPY ./sockd.conf /etc/
diff --git a/config.sh b/config.sh
@@ -6,3 +6,27 @@ export PROTONVPN_PASSWORD=bar
 export PROTONVPN_PLAN=2
 # UDP: 1, TCP: 2
 export PROTONVPN_PROTOCOL=1
+
+# DNS Leak Protection makes sure that you always use ProtonVPN's DNS servers.
+# For security reasons this option is recommended.
+
+# 0 or blank) Do not configure DNS management (use host DNS)
+# 1) Enable DNS Leak Protection (recommended by ProtonVPN, uses their servers, but breaks `protonvpn status`)
+# 2) Configure Custom DNS Servers (Uses your defined DNS servers, does not appear to break `protonvpn status`)
+# 3) Disable DNS Management (Blocks DNS completely)
+
+export PROTONVPN_DNS=2
+
+# If you set PROTONVPN_DNS to 2, define your custom nameservers below, space seperated as shown
+# with the cloudflare example.
+
+export PROTONVPN_DNS_SERVERS="1.1.1.1 1.0.0.1"
+
+# The Kill Switch will block all network traffic if the VPN connection drops unexpectedly.
+
+# 0 or blank) Do not configure Kill Switch (Kill Switch will not be enabled)
+# 1) Enable Kill Switch (Block access to/from LAN)
+# 2) Enable Kill Switch (Allow access to/from LAN)
+# 3) Disable Kill Switch
+
+export PROTONVPN_KILLSWITCH=2
diff --git a/setup.sh b/setup.sh
@@ -0,0 +1,17 @@
+#!/bin/bash
+source /tmp/config.sh
+expect /tmp/vpn-setup-main.exp
+
+if [ ${PROTONVPN_DNS} -gt 0 ]; then
+	if [ ${PROTONVPN_DNS} -eq 2 ]; then
+		expect /tmp/vpn-setup-dns-custom.exp
+	else
+		expect /tmp/vpn-setup-dns.exp
+	fi
+fi
+
+if [ ${PROTONVPN_KILLSWITCH} -gt 0 ]; then
+	expect /tmp/vpn-setup-killswitch.exp
+fi
+
+rm /tmp/vpn-setup-{main,dns,dns-custom,killswitch}.exp /tmp/{setup,config}.sh
diff --git a/vpn-setup-dns-custom.exp b/vpn-setup-dns-custom.exp
@@ -0,0 +1,11 @@
+#!/usr/bin/expect
+set timeout -1
+# DNS Management
+spawn protonvpn configure
+expect "Please enter your choice or leave empty to quit: "
+send -- "4\r"
+expect "Please enter your choice or leave empty to quit: "
+send -- "$env(PROTONVPN_DNS)\r"
+expect "Please enter your custom DNS servers (space separated): "
+send -- "$env(PROTONVPN_DNS_SERVERS)\r"
+expect eof
diff --git a/vpn-setup-dns.exp b/vpn-setup-dns.exp
@@ -0,0 +1,9 @@
+#!/usr/bin/expect
+set timeout -1
+# DNS Management
+spawn protonvpn configure
+expect "Please enter your choice or leave empty to quit: "
+send -- "4\r"
+expect "Please enter your choice or leave empty to quit: "
+send -- "$env(PROTONVPN_DNS)\r"
+expect eof
diff --git a/vpn-setup-killswitch.exp b/vpn-setup-killswitch.exp
@@ -0,0 +1,9 @@
+#!/usr/bin/expect
+set timeout -1
+# Kill Switch
+spawn protonvpn configure
+expect "Please enter your choice or leave empty to quit: "
+send -- "5\r"
+expect "Please enter your choice or leave empty to quit: "
+send -- "$env(PROTONVPN_KILLSWITCH)\r"
+expect eof
diff --git a/vpn-setup.exp → vpn-setup-main.exp b/vpn-setup.exp → vpn-setup-main.exp