From 09b3b12fccc7cd3978e73696f4b30f9d993b8c7c Mon Sep 17 00:00:00 2001
From: zefie <zefie@zefie.net>
Date: Sat, 26 Jun 2021 01:51:01 -0400
Subject: [PATCH] Add DNS Management and Kill Switch options to setup

---
 Dockerfile                          |  6 ++----
 config.sh                           | 24 ++++++++++++++++++++++++
 setup.sh                            | 17 +++++++++++++++++
 vpn-setup-dns-custom.exp            | 11 +++++++++++
 vpn-setup-dns.exp                   |  9 +++++++++
 vpn-setup-killswitch.exp            |  9 +++++++++
 vpn-setup.exp => vpn-setup-main.exp |  0
 7 files changed, 72 insertions(+), 4 deletions(-)
 create mode 100644 setup.sh
 create mode 100644 vpn-setup-dns-custom.exp
 create mode 100644 vpn-setup-dns.exp
 create mode 100644 vpn-setup-killswitch.exp
 rename vpn-setup.exp => vpn-setup-main.exp (100%)

diff --git a/Dockerfile b/Dockerfile
index 49d03f2..dcc38d1 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -5,13 +5,11 @@ RUN pacman -Syu --noconfirm && \
     pacman -S --noconfirm which expect openvpn dialog python-pip python-setuptools git dante && \
     pip install protonvpn-cli
 
-COPY ./vpn-setup.exp ./config.sh /tmp/
+COPY ./vpn-setup-main.exp ./vpn-setup-dns.exp ./vpn-setup-dns-custom.exp ./vpn-setup-killswitch.exp ./setup.sh ./config.sh /tmp/
 
 # protonvpn-cli needs access to width
 ENV COLUMNS 80
 
-RUN source /tmp/config.sh && \
-    expect /tmp/vpn-setup.exp && \
-    rm /tmp/vpn-setup.exp /tmp/config.sh
+RUN /bin/bash /tmp/setup.sh
     
 COPY ./sockd.conf /etc/
diff --git a/config.sh b/config.sh
index d74f224..a6c9c9d 100644
--- a/config.sh
+++ b/config.sh
@@ -6,3 +6,27 @@ export PROTONVPN_PASSWORD=bar
 export PROTONVPN_PLAN=2
 # UDP: 1, TCP: 2
 export PROTONVPN_PROTOCOL=1
+
+# DNS Leak Protection makes sure that you always use ProtonVPN's DNS servers.
+# For security reasons this option is recommended.
+
+# 0 or blank) Do not configure DNS management (use host DNS)
+# 1) Enable DNS Leak Protection (recommended by ProtonVPN, uses their DNS, but breaks cli API. Connection cmds seemingly succeed despite error returned.)
+# 2) Configure Custom DNS Servers (Uses your defined DNS servers, does not appear to break `protonvpn status`)
+# 3) Disable DNS Management (Blocks DNS completely)
+
+export PROTONVPN_DNS=2
+
+# If you set PROTONVPN_DNS to 2, define your custom nameservers below, space seperated as shown
+# with the cloudflare example.
+
+export PROTONVPN_DNS_SERVERS="1.1.1.1 1.0.0.1"
+
+# The Kill Switch will block all network traffic if the VPN connection drops unexpectedly.
+
+# 0 or blank) Do not configure Kill Switch (Kill Switch will not be enabled)
+# 1) Enable Kill Switch (Block access to/from LAN)
+# 2) Enable Kill Switch (Allow access to/from LAN)
+# 3) Disable Kill Switch
+
+export PROTONVPN_KILLSWITCH=2
diff --git a/setup.sh b/setup.sh
new file mode 100644
index 0000000..a280216
--- /dev/null
+++ b/setup.sh
@@ -0,0 +1,17 @@
+#!/bin/bash
+source /tmp/config.sh
+expect /tmp/vpn-setup-main.exp
+
+if [ ${PROTONVPN_DNS} -gt 0 ]; then
+	if [ ${PROTONVPN_DNS} -eq 2 ]; then
+		expect /tmp/vpn-setup-dns-custom.exp
+	else
+		expect /tmp/vpn-setup-dns.exp
+	fi
+fi
+
+if [ ${PROTONVPN_KILLSWITCH} -gt 0 ]; then
+	expect /tmp/vpn-setup-killswitch.exp
+fi
+
+rm /tmp/vpn-setup-{main,dns,dns-custom,killswitch}.exp /tmp/{setup,config}.sh
diff --git a/vpn-setup-dns-custom.exp b/vpn-setup-dns-custom.exp
new file mode 100644
index 0000000..83d63ea
--- /dev/null
+++ b/vpn-setup-dns-custom.exp
@@ -0,0 +1,11 @@
+#!/usr/bin/expect
+set timeout -1
+# DNS Management
+spawn protonvpn configure
+expect "Please enter your choice or leave empty to quit: "
+send -- "4\r"
+expect "Please enter your choice or leave empty to quit: "
+send -- "$env(PROTONVPN_DNS)\r"
+expect "Please enter your custom DNS servers (space separated): "
+send -- "$env(PROTONVPN_DNS_SERVERS)\r"
+expect eof
diff --git a/vpn-setup-dns.exp b/vpn-setup-dns.exp
new file mode 100644
index 0000000..9580f8c
--- /dev/null
+++ b/vpn-setup-dns.exp
@@ -0,0 +1,9 @@
+#!/usr/bin/expect
+set timeout -1
+# DNS Management
+spawn protonvpn configure
+expect "Please enter your choice or leave empty to quit: "
+send -- "4\r"
+expect "Please enter your choice or leave empty to quit: "
+send -- "$env(PROTONVPN_DNS)\r"
+expect eof
diff --git a/vpn-setup-killswitch.exp b/vpn-setup-killswitch.exp
new file mode 100644
index 0000000..3c9e2cb
--- /dev/null
+++ b/vpn-setup-killswitch.exp
@@ -0,0 +1,9 @@
+#!/usr/bin/expect
+set timeout -1
+# Kill Switch
+spawn protonvpn configure
+expect "Please enter your choice or leave empty to quit: "
+send -- "5\r"
+expect "Please enter your choice or leave empty to quit: "
+send -- "$env(PROTONVPN_KILLSWITCH)\r"
+expect eof
diff --git a/vpn-setup.exp b/vpn-setup-main.exp
similarity index 100%
rename from vpn-setup.exp
rename to vpn-setup-main.exp