From 97ccadfd33a8337fd8fb8d193f47ae4b3c48b0fc Mon Sep 17 00:00:00 2001 From: Quentin McGaw Date: Wed, 11 Mar 2026 14:05:55 +0000 Subject: [PATCH] chore(vpn): moved wireguard settings helpers from provider/utils to vpn as unexported functions --- internal/provider/utils/wireguard.go | 79 ------------------- internal/vpn/wireguard.go | 74 ++++++++++++++++- .../{provider/utils => vpn}/wireguard_test.go | 10 +-- 3 files changed, 76 insertions(+), 87 deletions(-) delete mode 100644 internal/provider/utils/wireguard.go rename internal/{provider/utils => vpn}/wireguard_test.go (92%) diff --git a/internal/provider/utils/wireguard.go b/internal/provider/utils/wireguard.go deleted file mode 100644 index 770cf4e2..00000000 --- a/internal/provider/utils/wireguard.go +++ /dev/null @@ -1,79 +0,0 @@ -package utils - -import ( - "net/netip" - - "github.com/qdm12/gluetun/internal/configuration/settings" - "github.com/qdm12/gluetun/internal/models" - "github.com/qdm12/gluetun/internal/wireguard" -) - -func BuildWireguardSettings(connection models.Connection, - userSettings settings.Wireguard, ipv6Supported bool, -) (settings wireguard.Settings) { - settings.PrivateKey = *userSettings.PrivateKey - settings.PublicKey = connection.PubKey - settings.PreSharedKey = *userSettings.PreSharedKey - settings.InterfaceName = userSettings.Interface - settings.Implementation = userSettings.Implementation - settings.AmneziaWG = buildAmneziaWgSettings(userSettings.AmneziaWG) - if *userSettings.MTU > 0 { - settings.MTU = *userSettings.MTU - } else { - // The default is 1320 which is NOT the wireguard-go default - // of 1420 because this impacts bandwidth a lot on some - // VPN providers, see https://github.com/qdm12/gluetun/issues/1650. - // It has been lowered to 1320 following quite a bit of - // investigation in the issue: https://github.com/qdm12/gluetun/issues/2533. - const defaultMTU = 1320 - settings.MTU = defaultMTU - } - settings.IPv6 = &ipv6Supported - - const rulePriority = 101 // 100 is to receive external connections - settings.RulePriority = rulePriority - - settings.Endpoint = netip.AddrPortFrom(connection.IP, connection.Port) - - settings.Addresses = make([]netip.Prefix, 0, len(userSettings.Addresses)) - for _, address := range userSettings.Addresses { - if !ipv6Supported && address.Addr().Is6() { - continue - } - addressCopy := netip.PrefixFrom(address.Addr(), address.Bits()) - settings.Addresses = append(settings.Addresses, addressCopy) - } - - settings.AllowedIPs = make([]netip.Prefix, 0, len(userSettings.AllowedIPs)) - for _, allowedIP := range userSettings.AllowedIPs { - if !ipv6Supported && allowedIP.Addr().Is6() { - continue - } - settings.AllowedIPs = append(settings.AllowedIPs, allowedIP) - } - - settings.PersistentKeepaliveInterval = *userSettings.PersistentKeepaliveInterval - - return settings -} - -func buildAmneziaWgSettings(s settings.AmneziaWg) wireguard.AmneziaSettings { - return wireguard.AmneziaSettings{ - JunkPacketCount: *s.JunkPacketCount, - JunkPacketMin: *s.JunkPacketMin, - JunkPacketMax: *s.JunkPacketMax, - PaddingS1: *s.PaddingS1, - PaddingS2: *s.PaddingS2, - PaddingS3: *s.PaddingS3, - PaddingS4: *s.PaddingS4, - HeaderH1: *s.HeaderH1, - HeaderH2: *s.HeaderH2, - HeaderH3: *s.HeaderH3, - HeaderH4: *s.HeaderH4, - InitPacketI1: *s.InitPacketI1, - InitPacketI2: *s.InitPacketI2, - InitPacketI3: *s.InitPacketI3, - InitPacketI4: *s.InitPacketI4, - InitPacketI5: *s.InitPacketI5, - } -} diff --git a/internal/vpn/wireguard.go b/internal/vpn/wireguard.go index 60fc9afd..c7977522 100644 --- a/internal/vpn/wireguard.go +++ b/internal/vpn/wireguard.go @@ -3,11 +3,11 @@ package vpn import ( "context" "fmt" + "net/netip" "github.com/qdm12/gluetun/internal/configuration/settings" "github.com/qdm12/gluetun/internal/models" "github.com/qdm12/gluetun/internal/provider" - "github.com/qdm12/gluetun/internal/provider/utils" "github.com/qdm12/gluetun/internal/wireguard" "github.com/qdm12/gosettings" ) @@ -24,7 +24,7 @@ func setupWireguard(ctx context.Context, netlinker NetLinker, return nil, models.Connection{}, fmt.Errorf("finding a VPN server: %w", err) } - wireguardSettings := utils.BuildWireguardSettings(connection, settings.Wireguard, ipv6Supported) + wireguardSettings := buildWireguardSettings(connection, settings.Wireguard, ipv6Supported) logger.Debug("Wireguard server public key: " + wireguardSettings.PublicKey) logger.Debug("Wireguard client private key: " + gosettings.ObfuscateKey(wireguardSettings.PrivateKey)) @@ -42,3 +42,73 @@ func setupWireguard(ctx context.Context, netlinker NetLinker, return wireguarder, connection, nil } + +func buildWireguardSettings(connection models.Connection, + userSettings settings.Wireguard, ipv6Supported bool, +) (settings wireguard.Settings) { + settings.PrivateKey = *userSettings.PrivateKey + settings.PublicKey = connection.PubKey + settings.PreSharedKey = *userSettings.PreSharedKey + settings.InterfaceName = userSettings.Interface + settings.Implementation = userSettings.Implementation + settings.AmneziaWG = buildAmneziaWgSettings(userSettings.AmneziaWG) + if *userSettings.MTU > 0 { + settings.MTU = *userSettings.MTU + } else { + // The default is 1320 which is NOT the wireguard-go default + // of 1420 because this impacts bandwidth a lot on some + // VPN providers, see https://github.com/qdm12/gluetun/issues/1650. + // It has been lowered to 1320 following quite a bit of + // investigation in the issue: https://github.com/qdm12/gluetun/issues/2533. + const defaultMTU = 1320 + settings.MTU = defaultMTU + } + settings.IPv6 = &ipv6Supported + + const rulePriority = 101 // 100 is to receive external connections + settings.RulePriority = rulePriority + + settings.Endpoint = netip.AddrPortFrom(connection.IP, connection.Port) + + settings.Addresses = make([]netip.Prefix, 0, len(userSettings.Addresses)) + for _, address := range userSettings.Addresses { + if !ipv6Supported && address.Addr().Is6() { + continue + } + addressCopy := netip.PrefixFrom(address.Addr(), address.Bits()) + settings.Addresses = append(settings.Addresses, addressCopy) + } + + settings.AllowedIPs = make([]netip.Prefix, 0, len(userSettings.AllowedIPs)) + for _, allowedIP := range userSettings.AllowedIPs { + if !ipv6Supported && allowedIP.Addr().Is6() { + continue + } + settings.AllowedIPs = append(settings.AllowedIPs, allowedIP) + } + + settings.PersistentKeepaliveInterval = *userSettings.PersistentKeepaliveInterval + + return settings +} + +func buildAmneziaWgSettings(s settings.AmneziaWg) wireguard.AmneziaSettings { + return wireguard.AmneziaSettings{ + JunkPacketCount: *s.JunkPacketCount, + JunkPacketMin: *s.JunkPacketMin, + JunkPacketMax: *s.JunkPacketMax, + PaddingS1: *s.PaddingS1, + PaddingS2: *s.PaddingS2, + PaddingS3: *s.PaddingS3, + PaddingS4: *s.PaddingS4, + HeaderH1: *s.HeaderH1, + HeaderH2: *s.HeaderH2, + HeaderH3: *s.HeaderH3, + HeaderH4: *s.HeaderH4, + InitPacketI1: *s.InitPacketI1, + InitPacketI2: *s.InitPacketI2, + InitPacketI3: *s.InitPacketI3, + InitPacketI4: *s.InitPacketI4, + InitPacketI5: *s.InitPacketI5, + } +} diff --git a/internal/provider/utils/wireguard_test.go b/internal/vpn/wireguard_test.go similarity index 92% rename from internal/provider/utils/wireguard_test.go rename to internal/vpn/wireguard_test.go index 1e16dabb..2d07b0ea 100644 --- a/internal/provider/utils/wireguard_test.go +++ b/internal/vpn/wireguard_test.go @@ -1,4 +1,4 @@ -package utils +package vpn import ( "net/netip" @@ -11,9 +11,7 @@ import ( "github.com/stretchr/testify/assert" ) -func ptrTo[T any](x T) *T { return &x } - -func Test_BuildWireguardSettings(t *testing.T) { +func Test_buildWireguardSettings(t *testing.T) { t.Parallel() testCases := map[string]struct { @@ -76,7 +74,7 @@ func Test_BuildWireguardSettings(t *testing.T) { }, PersistentKeepaliveInterval: time.Hour, RulePriority: 101, - IPv6: boolPtr(false), + IPv6: ptrTo(false), MTU: 1000, AmneziaWG: wireguard.AmneziaSettings{ JunkPacketCount: 1, @@ -90,7 +88,7 @@ func Test_BuildWireguardSettings(t *testing.T) { t.Run(name, func(t *testing.T) { t.Parallel() - settings := BuildWireguardSettings(testCase.connection, + settings := buildWireguardSettings(testCase.connection, testCase.userSettings, testCase.ipv6Supported) assert.Equal(t, testCase.settings, settings)