Merge pull request #54 from jotyGill/test

Python=>3.4, removed -T, keep auto retrying
jotyGill · Sep 20, 2017 · 9151711 · 9151711
2 parents f3ef403 + 3572cf7
commit 9151711
Show file tree

Hide file tree

Showing 10 changed files with 201 additions and 134 deletions.
diff --git a/.gitignore b/.gitignore
@@ -2,5 +2,6 @@ __pycache__
 openpyn.egg*
 build
 dist
+deb_dist
 .*
 .python-version
diff --git a/README.md b/README.md
@@ -22,29 +22,36 @@ A python3 script to easily connect to and switch between, OpenVPN servers hosted
 ![connection](https://user-images.githubusercontent.com/8462091/29347697-0798a52a-823e-11e7-818f-4dad1582e173.gif)
 
 ## Instructions
-1. Install dependencies if they are not already present.
+1. Install dependencies if they are not already present. On RedHat based distros, substitute "apt" with "dnf" or "yum"
 ``` bash
-# dependencies
-sudo apt install openvpn python3-pip python-gobject unzip
+# common dependencies
+sudo apt install openvpn python-gobject unzip wget
 ```
-2. Install openpyn with pip. (Recommended, needs Python3.5 or later):
+### Installation Methods
+1. For Ubuntu / Kali / Debian / based OS's with Python=>3.4
+```bash
+sudo apt install python3-colorama python3-requests python3-setuptools  #dependencies
+wget https://github.com/jotyGill/openpyn-nordvpn/archive/python3-openpyn_1.7.3-1_all.deb
+sudo dpkg -i python3-openpyn_1.7.3-1_all.deb
+```
+2. For Fedora
+```bash
+wget https://github.com/jotyGill/openpyn-nordvpn/archive/openpyn-1.7.3-1.noarch.rpm
+sudo dnf install ./openpyn-1.7.3-1.noarch.rpm
+```
+3. Install openpyn with pip3. (Python=>3.4, Don't use on Debian, causes issues):
 ``` bash
+sudo apt install python3-pip
 sudo pip3 install openpyn --upgrade   # DO NOT USE "sudo -H"
 ```
-2.1 Alternatively clone and install.
+4. Alternatively clone and install.
 ``` bash
 git clone https://github.com/jotyGill/openpyn-nordvpn.git
 cd openpyn-nordvpn
 sudo python3 setup.py install
 ```
-2.2 For Python 3.4 ONLY, not recommended otherwise (for Debian/Raspbian-Jessie).
-Note: Desktop notification won't work for Debian Jessie
-``` bash
-git clone --branch python3.4 https://github.com/jotyGill/openpyn-nordvpn.git
-cd openpyn-nordvpn
-sudo python3 setup.py install
-```
-3. Initialise the script with "--init" (store credentials and update/install vpn config files)
+### Setup
+Initialise the script with "--init" (store credentials and update/install vpn config files)
 ``` bash
 sudo openpyn --init
 ```
@@ -116,9 +123,8 @@ openpyn --update
 ``` bash
 usage: openpyn.py [-h] [-v] [-s SERVER] [-u] [-c COUNTRY_CODE] [-a AREA] [-d]
                   [-m MAX_LOAD] [-t TOP_SERVERS] [-p PINGS]
-                  [-T TOPPEST_SERVERS] [-k] [-x] [--update] [-f]
-                  [-l [LIST_SERVERS]] [--p2p] [--dedicated] [--tor] [--double]
-                  [--anti-ddos] [--test]
+                  [-k] [-x] [--update] [-f]
+                  [-l [LIST_SERVERS]] [--p2p] [--dedicated] [--tor] [--double] [--anti-ddos] [--test]]
                   [country]
 
 A python3 script to easily connect to and switch between, OpenVPN servers
@@ -166,10 +172,6 @@ optional arguments:
                         Specify number of pings to be sent to each server to
                         determine quality, DEFAULT=5
 
-  -T TOPPEST_SERVERS, --toppest-servers TOPPEST_SERVERS
-                        After ping tests the final server count to randomly
-                        choose a server from, DEFAULT=2
-
   -k, --kill            Kill any running Openvnp process, very useful to kill
                         openpyn process running in background with "-d" switch
 

diff --git a/README.rst b/README.rst
@@ -1,46 +1,120 @@
-|PyPI version| |license|
+# openpyn
+A python3 script to easily connect to and switch between, OpenVPN servers hosted by NordVPN. Quickly Connect to the least busy servers (using current data from Nordvpn's website) with lowest latency from you. Find servers in a specific country or even a city. It Tunnels DNS traffic through the VPN which normally (when using OpenVPN with NordVPN) goes through your ISP's DNS (still unencrypted, even if you use a third party) and completely compromises Privacy!
 
-openpyn : A wrapper around openvpn
-===============
-
-A python3 script to easily connect to and switch between, **OpenVPN servers hosted by NordVPN**.
-Quickly Connect to the **least busy** servers (using current data from Nordvpn's website) with **lowest latency** from you.
-Find servers in a **specific country** or even a **city**. It **Tunnels DNS traffic** through the VPN which normally
-(when using OpenVPN with NordVPN) goes through your ISP's DNS (still unencrypted, even if you use a thirdparty)
-and completely compromises Privacy!
-
-Features
---------
-- Automatically connect to least busy, low latency servers in a given country.
-- Find and connect to servers in a specific city or state. (New!)
-- Uses NordVPN's DNS servers and tunnels DNS queries through the VPN Tunnel.
-- Use Iptable rules to prevent leakage if tunnel breaks (Experimental).
-- Quickly Connect to any specific server. i.e au10 or us20.
-- Downloads and Updates (modifications) the latest config files from NordVPN.
-- Option to run the script in background (openvpn daemon mode).
-- Options to finetune server selection based on "Server Load" or "Ping Latency".
-- Excludes the servers that don't support OpenVPN (TCP or UDP depending upon which one you are trying to use).
-- Finds and displays nord vpn servers (with extra info) in a given country.
-- Now list and connect to servers with "Peer To Peer" --p2p, "Dedicated IP" --dedicated, "Tor Over VPN" --tor, \
+## Features
+* Automatically connect to least busy, low latency servers in a given country.
+* Find and connect to servers in a specific city or state.
+* Uses NordVPN's DNS servers and tunnels DNS queries through the VPN Tunnel.
+* Use Iptables rules to prevent IP leakage if tunnel breaks (Experimental).
+* Quickly Connect to any specific server. i.e au10 or us20.
+* Downloads and Updates (modifications) the latest config files from NordVPN.
+* Option to run the script in background (openvpn daemon mode).
+* Options to fine-tune server selection based on "Server Load" or "Ping Latency".
+* Auto excludes the servers if ping to them fails or if they don't support OpenVPN \
+  (TCP or UDP depending upon which one you are trying to use).
+* Finds and displays nord vpn servers (with extra info) in a given country.
+* Now list and connect to servers with "Peer To Peer" --p2p, "Dedicated IP" --dedicated, "Tor Over VPN" --tor, \
 "Double VPN" --double, "Anti DDos" --anti-ddos support.
+* Desktop notification are shown when VPN connects and disconnects. (needs to run without sudo)
+* Auto retry if [soft,auth-failure] received, auto failover to next best server if connection dies. (not in daemon mode)
 
-To Install
---------------
-
-::
-
-    pip3 install openpyn
-
-To Upgrade
--------------
-
-::
-
-    pip3 install --upgrade openpyn
-
-To Uninstall
-----------------
+## Demo
+![connection](https://user-images.githubusercontent.com/8462091/29347697-0798a52a-823e-11e7-818f-4dad1582e173.gif)
 
-::
+## Instructions
+1. Install dependencies if they are not already present. On RedHat based distros, substitute "apt" with "dnf" or "yum"
+``` bash
+# common dependencies
+sudo apt install openvpn python-gobject unzip wget
+```
+### Installation Methods
+1. For Ubuntu / Kali / Debian / based OS's with Python=>3.4
+```bash
+sudo apt install python3-colorama python3-requests python3-setuptools  #dependencies
+wget https://github.com/jotyGill/openpyn-nordvpn/archive/python3-openpyn_1.7.3-1_all.deb
+sudo dpkg -i python3-openpyn_1.7.3-1_all.deb
+```
+2. For Fedora
+```bash
+wget https://github.com/jotyGill/openpyn-nordvpn/archive/openpyn-1.7.3-1.noarch.rpm
+sudo dnf install ./openpyn-1.7.3-1.noarch.rpm
+```
+3. Install openpyn with pip3. (Python=>3.4, Don't use on Debian, causes issues):
+``` bash
+sudo apt install python3-pip
+sudo pip3 install openpyn --upgrade   # DO NOT USE "sudo -H"
+```
+4. Alternatively clone and install.
+``` bash
+git clone https://github.com/jotyGill/openpyn-nordvpn.git
+cd openpyn-nordvpn
+sudo python3 setup.py install
+```
+### Setup
+Initialise the script with "--init" (store credentials and update/install vpn config files)
+``` bash
+sudo openpyn --init
+```
+That's it, run the script! when done with it, press "Ctr + C" to exit.
 
-    pip3 uninstall openpyn
+## Basic Usage
+* At minimum, you only need to specify the country-code, default port is TCP-443, If you want to use
+UDP-1194 instead, use "-u" switch.
+``` bash
+openpyn us -u
+```
+* Now, you can also specify a city or state, useful when companies (like Google) lock your
+account if you try to login from an IP that resides in a different physical location.
+``` bash
+openpyn us -a ny
+openpyn us --area "new york"
+```
+* To enforce Firewall rules to prevent dns leakage, also from ip leakage if tunnel breaks.
+``` bash
+openpyn us -f # (Highly Experimental!) Warning, clears IPtables rules!
+              # (changes are non persistent, simply reboot if having networking issues)
+```
+* When using "-f", To allow custom ports (from internal ip ranges, i.e 192.168 or 10.) through the firewall.
+``` bash
+sudo openpyn us -f --allow 22  #only accessible from local network
+```
+* To quickly connect to a specific server.
+``` bash
+openpyn -s au10
+```
+* To list all the Countries and their Country Codes where NordVPN hosts servers.
+``` bash
+openpyn -l
+```
+* To find detailed information about the available servers in a given country.
+``` bash
+openpyn -l uk
+```
+* To find servers with features like "peer-to-peer", "dedicated ip", "tor over vpn",
+  "double vpn" in all countries or a given country.
+``` bash
+openpyn -l uk --p2p
+openpyn --list uk --dedicated
+openpyn -l --tor  # tor over vpn in all countries
+```
+* To find the least loaded 10 NordVPN servers in US that support "peer-to-peer", out
+  of them, connect to one of the top 2 servers that have the lowest latency from you.
+``` bash
+openpyn us -t 10 -T 2 --p2p
+```
+* To run the script in background.
+``` bash
+openpyn us -d
+```
+* To kill a running openvpn connection.
+``` bash
+sudo openpyn -k
+```
+* To Flush the iptables and kill any running openvpn connections.
+``` bash
+sudo openpyn -x   #optionally --allow 22 if using as ssh server
+```
+* To Download/Update the latest vpn config files from NordVPN by:
+``` bash
+openpyn --update
+```
diff --git a/openpyn/__init__.py b/openpyn/__init__.py
@@ -1,2 +1,2 @@
-__version__ = "1.7.0"
+__version__ = "1.7.3"
 __license__ = "GNU General Public License v3 or later (GPLv3+)"
diff --git a/openpyn/credentials.py b/openpyn/credentials.py
@@ -27,7 +27,7 @@ def save_credentials():
         command_2 = "sudo echo " + '"%s"' % password + " >> /usr/share/openpyn/credentials"
         try:
             # create Empty file with 600 permissions
-            subprocess.run("sudo touch /usr/share/openpyn/credentials".split())
+            subprocess.call("sudo touch /usr/share/openpyn/credentials".split())
             subprocess.check_call(command_1, shell=True)
             subprocess.check_call(command_2, shell=True)
             subprocess.check_call("sudo chmod 600 /usr/share/openpyn/credentials".split())
@@ -36,6 +36,6 @@ def save_credentials():
         except subprocess.CalledProcessError:
             print("Your OS is not letting modify /usr/share/openpyn/credentials",
                   "Please run with 'sudo' to store credentials")
-            subprocess.run("sudo rm /usr/share/openpyn/credentials".split())
+            subprocess.call("sudo rm /usr/share/openpyn/credentials".split())
             sys.exit()
     return
diff --git a/openpyn/filters.py b/openpyn/filters.py
@@ -3,17 +3,6 @@
 from openpyn import locations
 
 
-def filter_by_toppest(pinged_servers_list, toppest_servers):
-    remaining_servers = []
-
-    # 5 top servers or if less than 5 totel servers
-    for server_counter in range(toppest_servers):
-        if server_counter < len(pinged_servers_list):
-            remaining_servers.append(pinged_servers_list[server_counter])
-            server_counter += 1
-    return remaining_servers
-
-
 def filter_by_area(area, type_country_filtered):
     remaining_servers = []
     resolved_locations = locations.get_unique_locations(list_of_servers=type_country_filtered)

diff --git a/openpyn/firewall.py b/openpyn/firewall.py
@@ -6,79 +6,79 @@
 def clear_fw_rules():
     root.verify_root_access("Root access needed to modify 'iptables' rules")
     print("Flushing iptables INPUT and OUTPUT chains AND Applying default Rules")
-    subprocess.run(["sudo", "iptables", "-F", "OUTPUT"])
+    subprocess.call(["sudo", "iptables", "-F", "OUTPUT"])
     # allow all outgoing traffic
-    subprocess.run("sudo iptables -P OUTPUT ACCEPT".split())
+    subprocess.call("sudo iptables -P OUTPUT ACCEPT".split())
 
-    subprocess.run(["sudo", "iptables", "-F", "INPUT"])
-    subprocess.run(["sudo", "iptables", "-A", "INPUT", "-i", "lo", "-j", "ACCEPT"])
-    subprocess.run(["sudo", "iptables", "-A", "OUTPUT", "-o", "lo", "-j", "ACCEPT"])
-    subprocess.run(
+    subprocess.call(["sudo", "iptables", "-F", "INPUT"])
+    subprocess.call(["sudo", "iptables", "-A", "INPUT", "-i", "lo", "-j", "ACCEPT"])
+    subprocess.call(["sudo", "iptables", "-A", "OUTPUT", "-o", "lo", "-j", "ACCEPT"])
+    subprocess.call(
         "sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT".split())
     # allow ICMP traffic
-    subprocess.run("sudo iptables -A INPUT -p icmp --icmp-type any -j ACCEPT".split())
+    subprocess.call("sudo iptables -A INPUT -p icmp --icmp-type any -j ACCEPT".split())
     # best practice, stops spoofing
-    subprocess.run("sudo iptables -A INPUT -s 127.0.0.0/8 -j DROP".split())
+    subprocess.call("sudo iptables -A INPUT -s 127.0.0.0/8 -j DROP".split())
     # drop anything else incoming
-    subprocess.run("sudo iptables -P INPUT DROP".split())
+    subprocess.call("sudo iptables -P INPUT DROP".split())
     return
 
 
 def apply_fw_rules(interfaces_details, vpn_server_ip, skip_dns_patch):
     root.verify_root_access("Root access needed to modify 'iptables' rules")
 
     # Empty the INPUT and OUTPUT chain of any current rules
-    subprocess.run(["sudo", "iptables", "-F", "OUTPUT"])
-    subprocess.run(["sudo", "iptables", "-F", "INPUT"])
+    subprocess.call(["sudo", "iptables", "-F", "OUTPUT"])
+    subprocess.call(["sudo", "iptables", "-F", "INPUT"])
 
     # Allow all traffic out over the vpn tunnel
-    subprocess.run("sudo iptables -A OUTPUT -o tun+ -j ACCEPT".split())
+    subprocess.call("sudo iptables -A OUTPUT -o tun+ -j ACCEPT".split())
     # accept traffic that comes through tun that you connect to
-    subprocess.run(
+    subprocess.call(
         "sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED\
          -i tun+ -j ACCEPT".split())
     for interface in interfaces_details:
         if skip_dns_patch is False:
             # if interface is active with an IP in it, don't send DNS requests to it
             if len(interface) == 3 and "tun" not in interface[0]:
-                subprocess.run(
+                subprocess.call(
                     ["sudo", "iptables", "-A", "OUTPUT", "-o", interface[0], "-p",
                         "udp", "--destination-port", "53", "-j", "DROP"])
-                # subprocess.run(
+                # subprocess.call(
                 #     ["sudo", "iptables", "-A", "OUTPUT", "-o", interface[0], "-p",
                 #         "tcp", "--destination-port", "53", "-j", "DROP"])
 
         if len(interface) == 3 and interface[0] != "lo" and "tun" not in interface[0]:
             # allow access to vpn_server_ip
-            subprocess.run(
+            subprocess.call(
                 ["sudo", "iptables", "-A", "OUTPUT", "-o", interface[0],
                     "-d", vpn_server_ip, "-j", "ACCEPT"])
             # talk to the vpnServer ip to connect to it
-            subprocess.run(
+            subprocess.call(
                 ["sudo", "iptables", "-A", "INPUT", "-m", "conntrack",
                     "--ctstate", "ESTABLISHED,RELATED", "-i", interface[0],
                     "-s", vpn_server_ip, "-j", "ACCEPT"])
 
             # allow access to internal ip range
             # print("internal ip with range", interface[2])
-            subprocess.run(
+            subprocess.call(
                 ["sudo", "iptables", "-A", "OUTPUT", "-o", interface[0], "-d",
                     interface[2], "-j", "ACCEPT"])
-            subprocess.run(
+            subprocess.call(
                 ["sudo", "iptables", "-A", "INPUT", "-m", "conntrack",
                     "--ctstate", "ESTABLISHED,RELATED", "-i", interface[0],
                     "-s", interface[2], "-j", "ACCEPT"])
 
     # Allow loopback traffic
-    subprocess.run("sudo iptables -A INPUT -i lo -j ACCEPT".split())
-    subprocess.run("sudo iptables -A OUTPUT -o lo -j ACCEPT".split())
+    subprocess.call("sudo iptables -A INPUT -i lo -j ACCEPT".split())
+    subprocess.call("sudo iptables -A OUTPUT -o lo -j ACCEPT".split())
 
     # best practice, stops spoofing
-    subprocess.run("sudo iptables -A INPUT -s 127.0.0.0/8 -j DROP".split())
+    subprocess.call("sudo iptables -A INPUT -s 127.0.0.0/8 -j DROP".split())
 
     # Default action if no other rules match
-    subprocess.run("sudo iptables -P OUTPUT DROP".split())
-    subprocess.run("sudo iptables -P INPUT DROP".split())
+    subprocess.call("sudo iptables -P OUTPUT DROP".split())
+    subprocess.call("sudo iptables -P INPUT DROP".split())
     return
 
 
@@ -89,6 +89,6 @@ def internally_allow_ports(interfaces_details, internally_allowed):
         if len(interface) == 3 and "tun" not in interface[0]:
             # Allow the specified ports on internal network
             for port in internally_allowed:
-                subprocess.run(
+                subprocess.call(
                     ("sudo iptables -A INPUT -p tcp --dport " + port + " -i " +
                         interface[0] + " -s " + interface[2] + " -j ACCEPT").split())