From c387ae49dba2e66fc32f5b63f2591a84918aefa7 Mon Sep 17 00:00:00 2001
From: James McMurray <jamesmcm03@gmail.com>
Date: Sun, 20 Aug 2023 16:14:02 +0200
Subject: [PATCH] Remove TigerVPN, Mullvad Port Forwarding docs

And update dependencies
---
 Cargo.toml                                    |  10 +-
 README.md                                     |   6 +-
 USERGUIDE.md                                  |  13 +-
 vopono_core/Cargo.toml                        |  10 +-
 vopono_core/src/config/providers/mod.rs       |   4 -
 .../src/config/providers/mullvad/openvpn.rs   |   5 +-
 .../src/config/providers/tigervpn/mod.rs      | 141 ------------------
 .../config/providers/tigervpn/serverlist.csv  |  15 --
 .../src/config/providers/tigervpn/tig_ca.crt  |  30 ----
 vopono_core/src/network/wireguard.rs          |   2 +-
 vopono_core/src/util/mod.rs                   |   2 +-
 vopono_core/src/util/wireguard.rs             |   2 +-
 12 files changed, 17 insertions(+), 223 deletions(-)
 delete mode 100644 vopono_core/src/config/providers/tigervpn/mod.rs
 delete mode 100644 vopono_core/src/config/providers/tigervpn/serverlist.csv
 delete mode 100644 vopono_core/src/config/providers/tigervpn/tig_ca.crt

diff --git a/Cargo.toml b/Cargo.toml
index c010a3a..c17012b 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,7 +1,7 @@
 [package]
 name = "vopono"
 description = "Launch applications via VPN tunnels using temporary network namespaces"
-version = "0.10.6"
+version = "0.10.7"
 authors = ["James McMurray <jamesmcm03@gmail.com>"]
 edition = "2021"
 license = "GPL-3.0-or-later"
@@ -25,12 +25,12 @@ compound_duration = "1"
 signal-hook = "0.3"
 walkdir = "2"
 chrono = "0.4"
-bs58 = "0.4"
+bs58 = "0.5"
 nix = "0.26"
 config = "0.13"
-basic_tcp_proxy = "0.3.1"
-strum = "0.24"
-strum_macros = "0.24"
+basic_tcp_proxy = "0.3.2"
+strum = "0.25"
+strum_macros = "0.25"
 
 [package.metadata.rpm]
 package = "vopono"
diff --git a/README.md b/README.md
index e05c3cb..9de88ee 100644
--- a/README.md
+++ b/README.md
@@ -7,7 +7,7 @@ as normal.
 
 vopono includes built-in killswitches for both Wireguard and OpenVPN.
 
-Currently Mullvad, AzireVPN, MozillaVPN, TigerVPN, ProtonVPN, iVPN,
+Currently Mullvad, AzireVPN, MozillaVPN, ProtonVPN, iVPN,
 NordVPN, AirVPN, HMA (HideMyAss) and PrivateInternetAccess are supported directly, with custom
 configuration files also supported with the `--custom` argument.
 
@@ -29,7 +29,6 @@ lynx all running through different VPN connections:
 | AzireVPN              | ✅              | ✅                |
 | iVPN                  | ✅              | ✅                |
 | PrivateInternetAccess | ✅              | ✅\*\*            |
-| TigerVPN              | ✅              | ❌                |
 | ProtonVPN             | ✅              | ❓\*              |
 | MozillaVPN            | ❌              | ✅                |
 | NordVPN               | ✅              | ❌                |
@@ -38,8 +37,7 @@ lynx all running through different VPN connections:
 
 \* For ProtonVPN you can generate and download specific Wireguard config
 files, and use them as a custom provider config. See the [User Guide](USERGUIDE.md)
-for details - note that port forwarding is not supported for ProtonVPN
-(but is for Mullvad).
+for details - note that port forwarding is currently not supported for ProtonVPN.
 
 \*\* Port forwarding is not currently supported for PrivateInternetAccess.
 
diff --git a/USERGUIDE.md b/USERGUIDE.md
index 4ec9ae5..a848e53 100644
--- a/USERGUIDE.md
+++ b/USERGUIDE.md
@@ -174,9 +174,6 @@ If it is missing you will be prompted for your credentials.
 For PrivateInternetAccess, HMA (HideMyAss) and AzireVPN these should be the same as your account
 credentials.
 
-For TigerVPN you can view your OpenVPN credentials [online on the "geeks" dashboard](https://www.tigervpn.com/dashboard/geeks).
-The OpenVPN credentials are **not** the same as your TigerVPN account credentials.
-
 For Mullvad your OpenVPN credentials are your account code as your username, and `m` as the password.
 
 For ProtonVPN you can view your OpenVPN credentials [online on your account dashboard](https://account.protonvpn.com/account#openvpn).
@@ -210,8 +207,6 @@ For Mullvad, valid ports are: 1300, 1301, 1302, 1194, 1195, 1196, 1197, or 53 fo
 
 For PrivateInternetAccess valid ports are 1198 for UDP and 502 for TCP.
 
-For TigerVPN valid ports are 1194 for UDP or 443 for TCP.
-
 #### Shadowsocks socks-proxy
 
 Mullvad supports proxying via Shadowsocks, if that configuration is
@@ -469,8 +464,7 @@ generated online and then used as a custom configuration, e.g.:
 $ vopono -v exec --provider custom --custom testwg-UK-17.conf --protocol wireguard firefox-developer-edition
 ```
 
-Note that port forwarding is not supported for ProtonVPN (but is for
-Mullvad).
+Note that port forwarding is currently not supported for ProtonVPN.
 
 #### PrivateInternetAccess
 
@@ -501,11 +495,6 @@ some ports inside the network namespace which can be accessed via the
 Wireguard/OpenVPN tunnel (this can be important for BitTorrent
 connectivity, etc.).
 
-Mullvad tunnel port forwarding works for both Wireguard and OpenVPN. You will
-need to enable the ports in your [Mullvad account](https://mullvad.net/en/account/#/ports).
-Remember to open the port with the `-o PORTNUMBER` argument to
-`vopono exec` if you have the killswitch enabled!
-
 For iVPN port forwarding also works the same way, however it is **only
 supported for OpenVPN** on iVPN's side. So remember to pass
 `--protocol openvpn -o PORTNUMBER` when trying it! Enable port
diff --git a/vopono_core/Cargo.toml b/vopono_core/Cargo.toml
index 7e92be2..ed622f4 100644
--- a/vopono_core/Cargo.toml
+++ b/vopono_core/Cargo.toml
@@ -1,7 +1,7 @@
 [package]
 name = "vopono_core"
 description = "Library code for running VPN connections in network namespaces"
-version = "0.1.6"
+version = "0.1.7"
 edition = "2021"
 authors = ["James McMurray <jamesmcm03@gmail.com>"]
 license = "GPL-3.0-or-later"
@@ -23,7 +23,7 @@ regex = "1"
 ron = "0.8"
 walkdir = "2"
 # Must use rand 0.7 for compatibility with x25519-dalek for now
-rand = "0.7"
+rand = "0.8"
 toml = "0.7"
 ipnet = { version = "2", features = ["serde"] }
 reqwest = { default-features = false, version = "0.11", features = [
@@ -33,9 +33,9 @@ reqwest = { default-features = false, version = "0.11", features = [
 ] } # TODO: Can we remove Tokio dependency?
 sysinfo = "0.29"
 base64 = "0.21"
-x25519-dalek = "1"
-strum = "0.24"
-strum_macros = "0.24"
+x25519-dalek = { version = "2", features = ["static_secrets"] }
+strum = "0.25"
+strum_macros = "0.25"
 zip = "0.6"
 maplit = "1"
 webbrowser = "0.8"
diff --git a/vopono_core/src/config/providers/mod.rs b/vopono_core/src/config/providers/mod.rs
index bc2a810..d4871d0 100644
--- a/vopono_core/src/config/providers/mod.rs
+++ b/vopono_core/src/config/providers/mod.rs
@@ -7,7 +7,6 @@ mod mullvad;
 mod nordvpn;
 mod pia;
 mod protonvpn;
-mod tigervpn;
 mod ui;
 
 use crate::config::vpn::Protocol;
@@ -34,7 +33,6 @@ pub use ui::*;
 pub enum VpnProvider {
     PrivateInternetAccess,
     Mullvad,
-    TigerVPN,
     ProtonVPN,
     MozillaVPN,
     AzireVPN,
@@ -51,7 +49,6 @@ impl VpnProvider {
         match self {
             Self::PrivateInternetAccess => Box::new(pia::PrivateInternetAccess {}),
             Self::Mullvad => Box::new(mullvad::Mullvad {}),
-            Self::TigerVPN => Box::new(tigervpn::TigerVPN {}),
             Self::ProtonVPN => Box::new(protonvpn::ProtonVPN {}),
             Self::MozillaVPN => Box::new(mozilla::MozillaVPN {}),
             Self::AzireVPN => Box::new(azirevpn::AzireVPN {}),
@@ -67,7 +64,6 @@ impl VpnProvider {
         match self {
             Self::PrivateInternetAccess => Ok(Box::new(pia::PrivateInternetAccess {})),
             Self::Mullvad => Ok(Box::new(mullvad::Mullvad {})),
-            Self::TigerVPN => Ok(Box::new(tigervpn::TigerVPN {})),
             Self::ProtonVPN => Ok(Box::new(protonvpn::ProtonVPN {})),
             Self::AzireVPN => Ok(Box::new(azirevpn::AzireVPN {})),
             Self::AirVPN => Ok(Box::new(airvpn::AirVPN {})),
diff --git a/vopono_core/src/config/providers/mullvad/openvpn.rs b/vopono_core/src/config/providers/mullvad/openvpn.rs
index c4d04c0..c665a0d 100644
--- a/vopono_core/src/config/providers/mullvad/openvpn.rs
+++ b/vopono_core/src/config/providers/mullvad/openvpn.rs
@@ -123,10 +123,7 @@ impl OpenVpnProvider for Mullvad {
                 format!("remote {}.mullvad.net {}", relay.hostname, port)
             };
 
-            file_set
-                .entry(file_name)
-                .or_insert_with(Vec::new)
-                .push(remote_string);
+            file_set.entry(file_name).or_default().push(remote_string);
         }
 
         let bridge_vec = if use_bridges {
diff --git a/vopono_core/src/config/providers/tigervpn/mod.rs b/vopono_core/src/config/providers/tigervpn/mod.rs
deleted file mode 100644
index 283a669..0000000
--- a/vopono_core/src/config/providers/tigervpn/mod.rs
+++ /dev/null
@@ -1,141 +0,0 @@
-use super::{Input, Password, UiClient};
-use super::{OpenVpnProvider, Provider};
-use crate::config::vpn::OpenVpnProtocol;
-use crate::config::vpn::Protocol;
-use crate::util::delete_all_files_in_dir;
-use anyhow::Context;
-use serde::Deserialize;
-use std::fs::create_dir_all;
-use std::fs::File;
-use std::include_str;
-use std::io::{Cursor, Write};
-use std::net::IpAddr;
-use std::path::PathBuf;
-
-pub struct TigerVPN {}
-
-#[derive(Deserialize)]
-struct Server {
-    country_name: String,
-    country_alias: String,
-    hostname: String,
-}
-
-impl TigerVPN {
-    fn get_default_openvpn_settings() -> Vec<&'static str> {
-        vec![
-            "client",
-            "pull",
-            "comp-lzo adaptive",
-            "ca ca.crt",
-            "dev tun",
-            "tls-client",
-            "script-security 2",
-            "cipher AES-256-CBC",
-            "mute 10",
-            "route-delay 5",
-            "redirect-gateway def1",
-            "resolv-retry infinite",
-            "persist-key",
-            "persist-tun",
-            "remote-cert-tls server",
-            "mssfix",
-        ]
-    }
-
-    fn get_serverlist() -> anyhow::Result<Vec<Server>> {
-        let serverlist = include_str!("serverlist.csv");
-        let mut rdr = csv::ReaderBuilder::new()
-            .has_headers(false)
-            .from_reader(Cursor::new(serverlist));
-        let mut out = Vec::with_capacity(16);
-        for result in rdr.deserialize() {
-            // Notice that we need to provide a type hint for automatic
-            // deserialization.
-            let record: Server = result?;
-            out.push(record);
-        }
-        Ok(out)
-    }
-}
-
-impl Provider for TigerVPN {
-    fn alias(&self) -> String {
-        "tig".to_string()
-    }
-
-    fn alias_2char(&self) -> String {
-        "ti".to_string()
-    }
-
-    fn default_protocol(&self) -> Protocol {
-        Protocol::OpenVpn
-    }
-}
-
-impl OpenVpnProvider for TigerVPN {
-    fn provider_dns(&self) -> Option<Vec<IpAddr>> {
-        None
-    }
-
-    fn prompt_for_auth(&self, uiclient: &dyn UiClient) -> anyhow::Result<(String, String)> {
-        let username = uiclient.get_input(Input {
-            prompt: "TigerVPN OpenVPN username (see https://www.tigervpn.com/dashboard/geeks )"
-                .to_string(),
-            validator: None,
-        })?;
-
-        let password = uiclient.get_password(Password {
-            prompt: "Password".to_string(),
-            confirm: true,
-        })?;
-        Ok((username, password))
-    }
-
-    fn auth_file_path(&self) -> anyhow::Result<Option<PathBuf>> {
-        Ok(Some(self.openvpn_dir()?.join("auth.txt")))
-    }
-
-    fn create_openvpn_config(&self, uiclient: &dyn UiClient) -> anyhow::Result<()> {
-        let openvpn_dir = self.openvpn_dir()?;
-        create_dir_all(&openvpn_dir)?;
-        delete_all_files_in_dir(&openvpn_dir)?;
-        let protocol = OpenVpnProtocol::index_to_variant(
-            uiclient.get_configuration_choice(&OpenVpnProtocol::default())?,
-        );
-        let settings = Self::get_default_openvpn_settings();
-
-        let (port, proto_str) = match protocol {
-            OpenVpnProtocol::UDP => ("1194", "udp"),
-            OpenVpnProtocol::TCP => ("443", "tcp-client"),
-        };
-
-        for server in Self::get_serverlist()? {
-            let filename = format!("{}-{}.ovpn", server.country_name, server.country_alias);
-            let mut file = File::create(openvpn_dir.join(filename))?;
-            let mut this_settings = settings.clone();
-
-            let remote_str = format!("remote {} {} {}", server.hostname, port, proto_str);
-            this_settings.push(remote_str.as_str());
-
-            write!(file, "{}", this_settings.join("\n"))?;
-        }
-
-        let ca = include_str!("tig_ca.crt");
-        {
-            let file = File::create(openvpn_dir.join("ca.crt"))
-                .context("Could not create mullvad CA file")?;
-            let mut write_buf = std::io::BufWriter::new(file);
-            write!(write_buf, "{ca}")?;
-        }
-
-        // Write OpenVPN credentials file
-        let (user, pass) = self.prompt_for_auth(uiclient)?;
-        let auth_file = self.auth_file_path()?;
-        if auth_file.is_some() {
-            let mut outfile = File::create(auth_file.unwrap())?;
-            write!(outfile, "{user}\n{pass}")?;
-        }
-        Ok(())
-    }
-}
diff --git a/vopono_core/src/config/providers/tigervpn/serverlist.csv b/vopono_core/src/config/providers/tigervpn/serverlist.csv
deleted file mode 100644
index 96989db..0000000
--- a/vopono_core/src/config/providers/tigervpn/serverlist.csv
+++ /dev/null
@@ -1,15 +0,0 @@
-netherlands,nl,ams.tigervpn.com
-us_atlanta,us_atl,atl.tigervpn.com
-romania,ro,buc.tigervpn.com
-denmark,dk,cop.tigervpn.com
-us_denver,us_den,den.tigervpn.com
-germany,de,fra.tigervpn.com
-united_kingdom,gb,lon.tigervpn.com
-us_losangeles,us_la,los.tigervpn.com
-spain,es,mad.tigervpn.com
-us_miami,us_mia,mia.tigervpn.com
-ca_montreal,ca_mon,mon.tigervpn.com
-us_newyork,us_ny,nyc.tigervpn.com
-ca_toronto,ca_tor,tor.tigervpn.com
-austria,at,vie.tigervpn.com
-switzerland,ch,zur.tigervpn.com
diff --git a/vopono_core/src/config/providers/tigervpn/tig_ca.crt b/vopono_core/src/config/providers/tigervpn/tig_ca.crt
deleted file mode 100644
index 74b969b..0000000
--- a/vopono_core/src/config/providers/tigervpn/tig_ca.crt
+++ /dev/null
@@ -1,30 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFEjCCA/qgAwIBAgIJAIjMlbROS8jhMA0GCSqGSIb3DQEBBQUAMIG2MQswCQYD
-VQQGEwJTSzETMBEGA1UECBMKQnJhdGlzbGF2YTETMBEGA1UEBxMKQnJhdGlzbGF2
-YTEiMCAGA1UEChQZVGlnZXIgQXQgV29yayAmIENvLiBrLiBzLjERMA8GA1UECxMI
-dGlnZXJWUE4xETAPBgNVBAMTCHRpZ2VyVlBOMREwDwYDVQQpEwh0aWdlclZQTjEg
-MB4GCSqGSIb3DQEJARYRaGVscEB0aWdlcnZwbi5jb20wHhcNMTIwODI5MDkzMTAy
-WhcNMjIwODI3MDkzMTAyWjCBtjELMAkGA1UEBhMCU0sxEzARBgNVBAgTCkJyYXRp
-c2xhdmExEzARBgNVBAcTCkJyYXRpc2xhdmExIjAgBgNVBAoUGVRpZ2VyIEF0IFdv
-cmsgJiBDby4gay4gcy4xETAPBgNVBAsTCHRpZ2VyVlBOMREwDwYDVQQDEwh0aWdl
-clZQTjERMA8GA1UEKRMIdGlnZXJWUE4xIDAeBgkqhkiG9w0BCQEWEWhlbHBAdGln
-ZXJ2cG4uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq+5MYICy
-JdtTquFNOfDq4c3Li4LPWZWAFHdCpOF8Qnjfcr3L9Mrn484Cb2qse3gvMMV5JvEy
-lJvOZ8HvMZs8y4S7n0PsDAmry97zuymzzYrjiRPDqa47/DkcQ05vGKMiTC3UQC21
-buY/STmJGoeUASDFxK2qEXXjQl42hAetrMw/AN2evQevuS6K1/TnWUIdEzo4Z9Gw
-8EhwlqnW+kvbgikivKGM9V7szq2zy2R9gLj5GBzXqqP0eqRop17z95kam5rfmGcJ
-B7yfqlEa6VcfoVw928fVUAf9vCIqlDpOKyiTTKQbTFZNP2CKFqiaY3bNSGMwTtDr
-9DVIWZdYMmY9mwIDAQABo4IBHzCCARswHQYDVR0OBBYEFFsJk/x8flJjTG/vwJhN
-vgTPFViFMIHrBgNVHSMEgeMwgeCAFFsJk/x8flJjTG/vwJhNvgTPFViFoYG8pIG5
-MIG2MQswCQYDVQQGEwJTSzETMBEGA1UECBMKQnJhdGlzbGF2YTETMBEGA1UEBxMK
-QnJhdGlzbGF2YTEiMCAGA1UEChQZVGlnZXIgQXQgV29yayAmIENvLiBrLiBzLjER
-MA8GA1UECxMIdGlnZXJWUE4xETAPBgNVBAMTCHRpZ2VyVlBOMREwDwYDVQQpEwh0
-aWdlclZQTjEgMB4GCSqGSIb3DQEJARYRaGVscEB0aWdlcnZwbi5jb22CCQCIzJW0
-TkvI4TAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQAl22f6l8hgvERZ
-qk0D9tT1Gg+ltGJGp5tvH4neTSn45UCbvdjKzgaDB2jB4rHoHEfMPtqAiV6eTEUx
-oYGLSQDvWpKEsv0TIQruHwe9LfYidJ7HAMShSkWbqsXF7D9E8TCcTw5M1JLsOpJQ
-7LaixOOFL+cj8bnn1E51o8DakSHqBW7D6YVAS//xijlEIuPaxV3AEoxlIi1WjNMu
-2ri06yj+ZKDcZhlBFn8PPDR9lOlJ5Qt7j9S2be5QweW/gFZN9XWTNU7bHR/OkTYB
-Ba+NcMGRZBjxSvkiHGJLQfTFcsISEhzXcnX2W+qs9egUFHrZ05/gf5T1pebhala0
-CIc3Y29/
------END CERTIFICATE-----
diff --git a/vopono_core/src/network/wireguard.rs b/vopono_core/src/network/wireguard.rs
index 74619a8..1944507 100644
--- a/vopono_core/src/network/wireguard.rs
+++ b/vopono_core/src/network/wireguard.rs
@@ -49,7 +49,7 @@ impl Wireguard {
             // TODO: Maybe properly parse ini format
 
             // Valid keys for wireguard config (see wg(8):CONFIGURATION FILE FORMAT)
-            let allow_keys = vec![
+            let allow_keys = [
                 "PrivateKey",
                 "ListenPort",
                 "FwMark",
diff --git a/vopono_core/src/util/mod.rs b/vopono_core/src/util/mod.rs
index d6c73b8..d1e36f5 100644
--- a/vopono_core/src/util/mod.rs
+++ b/vopono_core/src/util/mod.rs
@@ -471,7 +471,7 @@ pub fn get_lock_namespaces() -> anyhow::Result<HashMap<String, Vec<Lockfile>>> {
             let lock: Lockfile = ron::de::from_reader(lockfile)?;
             namespaces
                 .entry(lock.ns.name.clone())
-                .or_insert_with(Vec::new)
+                .or_default()
                 .push(lock);
             Ok(())
         })?;
diff --git a/vopono_core/src/util/wireguard.rs b/vopono_core/src/util/wireguard.rs
index d36e276..4b9e46d 100644
--- a/vopono_core/src/util/wireguard.rs
+++ b/vopono_core/src/util/wireguard.rs
@@ -34,7 +34,7 @@ impl Display for WgPeer {
 
 pub fn generate_keypair() -> anyhow::Result<WgKey> {
     // Generate new keypair
-    let private = StaticSecret::new(OsRng);
+    let private = StaticSecret::random_from_rng(OsRng);
     let public = PublicKey::from(&private);
     let public_key = B64_ENGINE.encode(public.as_bytes());
     let private_key = B64_ENGINE.encode(private.to_bytes());