riseup_vpn

RiseupVPN

A tool to create .ovpn (OpenVPN) client config files for use with RiseupVPN. Such files can be imported using, for example, the Debian openvpn NetworkManager plugin. You will then be able to route your network connection through any of Riseup's 20+ VPN gateways! The screenshot below shows Linux Mint's Network Manager panel applet with an active VPN connection to RiseupVPN's Seattle gateway.

This project was inspired by this very excellent web tool.

Installation

Install the gem and add to the application's Gemfile by executing:

bundle add riseup_vpn

If bundler is not being used to manage dependencies, install the gem by executing:

gem install riseup_vpn

Usage

require 'riseup_vpn'

@manager = RiseupVPN::Manager.new # takes an optional positional arg for the dir path. Default is '~/.config/riseup_vpn'
# => instance_of RiseupVPN::Manager

@manager.ovpns
# => {"vpn01-sea.riseup.net" => "client\ntls-client\ndev tun\nproto udp\nremote 204.13.164.252 1194 ...

@manager.ovpns.size
# => 21

RiseupVPN::Manager::OPTS # returns a list of valid options which maybe passed as an optional hash at initialization.
# => {proto: ["udp", "tcp"]} defaults are the first values e.g. 'udp' for :proto
# For example; RiseupVPN::Manager.new('/some/path', proto: 'tcp')

@manager.write_files # (over)writes the VPN client config files to the dir path

The last command creates (or overwrites) the following files:

• an .ovpn file for each VPN gateway
• the Certificate Authority cert file (ca.crt)
• the client private key file (client.key)
• the client cert file (client.crt)

Note: The last 2 expire after 30 days and therefore need to be updated regularly.

Also note: OpenVPN requires that cert & key files shared across .ovpn client config files are present in the same directory.

On Linux, you can do this to make Riseup's VPNs available in Network Manager. It uses nmcli under the hood:

@manager.import_ovpn_configs # writes the files and (re)imports the VPN configs into Network Manager
# the client key and cert files are updated too

_why?

I can use Riseup's white-labeled desktop app to access Riseup's VPNs, so why the need?

• You can use this gem's Ruby interface to make Riseup's VPNs available to your apps!
• This approach saves you installing another app on your laptop/desktop (at least on Linux).
• Integrating Riseup's VPNs directly into your network manager means you can select individual gateways. The LEAP app currently allows selection by location only and there can be a wide disparity in connection speeds between them.
• You can configure your firewall to deny outgoing connections except on port 1194 (assuming UDP). LEAP's app makes DNS and HTTPS requests on startup to 1) get the gateway info and client key/cert and 2) determine the 'best' VPN for your location.
• This approach does mean you need to periodically update the client key/cert, as expiry is currently set for 30 days. A simple cron job can fix this and we are working into incorporating that functionality into this gem.

Development

After checking out the repo, run bin/setup to install dependencies. Then, run rake test to run the tests. You can also run bin/console for an interactive prompt that will allow you to experiment.

To install this gem onto your local machine, run bundle exec rake install. To release a new version, update the version number in version.rb, and then run bundle exec rake release, which will create a git tag for the version, push git commits and the created tag, and push the .gem file to rubygems.org.

Contributing

Known issues are recorded here.

Bug reports and pull requests are welcome on GitLab at https://gitlab.com/matzfan/riseup_vpn. For a pull request please checkout a suitably named feature branch before making and submitting changes.

License

The gem is available as open source under the terms of the MIT License.