From 3224d541f60ba42fadde7e767945e8e34653d4c0 Mon Sep 17 00:00:00 2001 From: alterdekim Date: Sun, 8 Sep 2024 20:47:14 +0300 Subject: [PATCH] Changes to be committed: modified: Cargo.lock modified: Cargo.toml modified: src/client.rs new file: src/client_socks.rs modified: src/main.rs --- Cargo.lock | 24 ++++++++ Cargo.toml | 3 +- src/client.rs | 23 ++++++-- src/client_socks.rs | 134 ++++++++++++++++++++++++++++++++++++++++++++ src/main.rs | 1 + 5 files changed, 178 insertions(+), 7 deletions(-) create mode 100644 src/client_socks.rs diff --git a/Cargo.lock b/Cargo.lock index a4dc2ef..3cc7115 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -554,6 +554,7 @@ dependencies = [ "serde_derive", "serde_yaml", "socket2 0.4.10", + "socks5-server", "tokio", "tun2", "x25519-dalek", @@ -1500,6 +1501,29 @@ dependencies = [ "windows-sys 0.52.0", ] +[[package]] +name = "socks5-proto" +version = "0.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3d91431c4672e25e372ef46bc554be8f315068c03608f99267a71ad32a12e8c4" +dependencies = [ + "bytes", + "thiserror", + "tokio", +] + +[[package]] +name = "socks5-server" +version = "0.10.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5223c26981806584cc38c74fddf58808dbdcf4724890471ced69e7a2e8d86345" +dependencies = [ + "async-trait", + "bytes", + "socks5-proto", + "tokio", +] + [[package]] name = "strsim" version = "0.8.0" diff --git a/Cargo.toml b/Cargo.toml index 32e3ab5..922c132 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -33,4 +33,5 @@ x25519-dalek = { version = "2.0.1", features = ["getrandom", "static_secrets"] } base64 = "0.22.1" chrono = "0.4.38" console-subscriber = "0.4.0" -network-interface = "2.0.0" \ No newline at end of file +network-interface = "2.0.0" +socks5-server = "0.10.1" diff --git a/src/client.rs b/src/client.rs index 72452a9..6ad8c06 100644 --- a/src/client.rs +++ b/src/client.rs @@ -32,17 +32,28 @@ fn configure_routes(endpoint_ip: &str, s_interface: Option<&str>) { let mut ip_output = Command::new("sudo") .arg("ip") .arg("route") - .arg("change") + .arg("del") .arg("default") - .arg("via") - .arg("10.66.66.1") + .output() + .expect("Failed to delete default gateway."); + + if !ip_output.status.success() { + error!("Failed to delete default gateway: {:?}", String::from_utf8_lossy(&ip_output.stderr)); + } + + ip_output = Command::new("sudo") + .arg("ip") + .arg("-4") + .arg("route") + .arg("add") + .arg("0.0.0.0/0") .arg("dev") .arg("tun0") .output() .expect("Failed to execute ip route command."); if !ip_output.status.success() { - error!("Failed to forward packets: {:?}", String::from_utf8_lossy(&ip_output.stderr)); + error!("Failed to route all traffic: {:?}", String::from_utf8_lossy(&ip_output.stderr)); } ip_output = Command::new("sudo") @@ -55,10 +66,10 @@ fn configure_routes(endpoint_ip: &str, s_interface: Option<&str>) { .arg("dev") .arg(inter_name) .output() - .expect("Failed to execute ip route command."); + .expect("Failed to make exception for vpns endpoint."); if !ip_output.status.success() { - error!("Failed to forward packets: {:?}", String::from_utf8_lossy(&ip_output.stderr)); + error!("Failed to make exception for vpns endpoint: {:?}", String::from_utf8_lossy(&ip_output.stderr)); } } diff --git a/src/client_socks.rs b/src/client_socks.rs new file mode 100644 index 0000000..64673ef --- /dev/null +++ b/src/client_socks.rs @@ -0,0 +1,134 @@ +use crossbeam_channel::unbounded; +use socket2::SockAddr; +use tokio::{net::UdpSocket, sync::Mutex}; +use std::{io::{Read, Write}, net::SocketAddr}; +use base64::prelude::*; +use log::{error, info, warn}; +use std::sync::Arc; +use std::net::Ipv4Addr; +use x25519_dalek::{PublicKey, StaticSecret}; +use std::process::Command; +use aes_gcm::{ + aead::{Aead, AeadCore, KeyInit, OsRng}, + Aes256Gcm, Nonce}; + +use crate::config::ClientConfiguration; +use crate::udp::{UDPVpnPacket, UDPVpnHandshake, UDPSerializable}; + +pub async fn client_mode(client_config: ClientConfiguration) { + info!("Starting client..."); + + let sock = UdpSocket::bind("0.0.0.0:25565").await.unwrap(); + sock.connect(&client_config.server.endpoint).await.unwrap(); + + // socks5 + + let (mut dev_reader, mut dev_writer) = dev.split(); + + let sock_rec = Arc::new(sock); + let sock_snd = sock_rec.clone(); + + let (tx, rx) = unbounded::>(); + let (dx, mx) = unbounded::>(); + + let cipher_shared = Arc::new(Mutex::new(None)); + + tokio::spawn(async move { + while let Ok(bytes) = rx.recv() { + //info!("Write to tun {:?}", hex::encode(&bytes)); + dev_writer.write_all(&bytes).unwrap(); + } + }); + + tokio::spawn(async move { + let mut buf = vec![0; 8192]; + while let Ok(n) = dev_reader.read(&mut buf) { + dx.send(buf[..n].to_vec()).unwrap(); + } + }); + + let s_a: SocketAddr = client_config.server.endpoint.parse().unwrap(); + #[cfg(target_os = "linux")] + configure_routes(&s_a.ip().to_string(), s_interface); + + let priv_key = BASE64_STANDARD.decode(client_config.client.private_key).unwrap(); + + let cipher_shared_clone = cipher_shared.clone(); + tokio::spawn(async move { + let mut buf = vec![0; 4096]; + + loop { + if let Ok(l) = sock_rec.recv(&mut buf).await { + let mut s_cipher = cipher_shared_clone.lock().await; + match buf.first() { + Some(h) => { + match h { + 0 => { + let handshake = UDPVpnHandshake::deserialize(&(buf[..l].to_vec())); + let mut k = [0u8; 32]; + for (&x, p) in handshake.public_key.iter().zip(k.iter_mut()) { + *p = x; + } + let mut k1 = [0u8; 32]; + for (&x, p) in priv_key.iter().zip(k1.iter_mut()) { + *p = x; + } + *s_cipher = Some(StaticSecret::from(k1) + .diffie_hellman(&PublicKey::from(k))); + }, // handshake + 1 => { + let wrapped_packet = UDPVpnPacket::deserialize(&(buf[..l].to_vec())); + if s_cipher.is_some() { + let aes = Aes256Gcm::new(s_cipher.as_ref().unwrap().as_bytes().into()); + let nonce = Nonce::clone_from_slice(&wrapped_packet.nonce); + match aes.decrypt(&nonce, &wrapped_packet.data[..]) { + Ok(decrypted) => { let _ = tx.send(decrypted); }, + Err(error) => error!("Decryption error! {:?}", error) + } + } else { + warn!("There is no static_secret"); + } + }, // payload + 2 => info!("Got keepalive packet"), + _ => error!("Unexpected header value.") + } + }, + None => error!("There is no header.") + } + drop(s_cipher); + } + } + }); + + let pkey = BASE64_STANDARD.decode(client_config.client.public_key).unwrap(); + let handshake = UDPVpnHandshake{ public_key: pkey, request_ip: client_config.client.address.parse::().unwrap() }; + let mut nz = 0; + while nz < 25 { + sock_snd.send(&handshake.serialize()).await.unwrap(); + nz += 1 + } + //sock_snd.send(&handshake.serialize()).await.unwrap(); + + let s_cipher = cipher_shared.clone(); + loop { + if let Ok(bytes) = mx.recv() { + let s_c = s_cipher.lock().await; + + if s_c.is_some() { + let aes = Aes256Gcm::new(s_c.as_ref().unwrap().as_bytes().into()); + let nonce = Aes256Gcm::generate_nonce(&mut OsRng); + let ciphered_data = aes.encrypt(&nonce, &bytes[..]); + + if let Ok(ciphered_d) = ciphered_data { + let vpn_packet = UDPVpnPacket{ data: ciphered_d, nonce: nonce.to_vec()}; + let serialized_data = vpn_packet.serialize(); + sock_snd.send(&serialized_data).await.unwrap(); + } else { + error!("Socket encryption failed."); + } + } else { + warn!("There is no shared_secret in main loop"); + } + } + } +} \ No newline at end of file diff --git a/src/main.rs b/src/main.rs index 7fd3060..ff044d2 100644 --- a/src/main.rs +++ b/src/main.rs @@ -10,6 +10,7 @@ mod server; mod client; mod udp; mod config; +//mod client_socks; fn generate_server_config(matches: &ArgMatches, config_path: &str) { let bind_address = matches.value_of("bind-address").expect("No bind address specified");