Skip to content

Commit

Permalink
added more aggressive ipv6 blocking, fixed critical ipv6 leak
Browse files Browse the repository at this point in the history
  • Loading branch information
vfosterm committed Jun 16, 2019
1 parent 0de190d commit e0541eb
Showing 1 changed file with 48 additions and 1 deletion.
49 changes: 48 additions & 1 deletion nord_nm_gui.py
Original file line number Diff line number Diff line change
Expand Up @@ -863,6 +863,52 @@ def disable_kill_switch(self):
self.killswitch_btn.setChecked(False)
return False

def disable_ipv6(self):
if self.sudo_password:
try:
p1 = subprocess.Popen(['echo', self.sudo_password], stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE)
p2 = subprocess.Popen(['sudo', '-S', 'sysctl', '-w', 'net.ipv6.conf.all.disable_ipv6=1', '&&', 'sysctl', '-w', 'net.ipv6.conf.default.disable_ipv6=1'], stdin=p1.stdout, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
p1.stdout.close()
p2.stdout.close()
except subprocess.CalledProcessError:
self.statusbar.showMessage("ERROR: disabling IPV6 failed", 2000)
else:
self.sudo_dialog = self.get_sudo()
self.sudo_dialog.text_label.setText("<html><head/><body><p>VPN Network Manager requires <span style=\" font-weight:600;\">sudo</span> permissions in order to disable IPV6. Please input the <span style=\" font-weight:600;\">sudo</span> Password or run the program with elevated priveledges.</p></body></html>")
self.sudo_dialog.exec_()

if self.sudo_password:
try:
p1 = subprocess.Popen(['echo', self.sudo_password], stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE)
p2 = subprocess.Popen(['sudo', '-S', 'sysctl', '-w', 'net.ipv6.conf.all.disable_ipv6=1', '&&', 'sysctl', '-w', 'net.ipv6.conf.default.disable_ipv6=0'], stdin=p1.stdout, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
p1.stdout.close()
p2.stdout.close()
except subprocess.CalledProcessError:
self.statusbar.showMessage("ERROR: disabling IPV6 failed", 2000)

def enable_ipv6(self):
if self.sudo_password:
try:
p1 = subprocess.Popen(['echo', self.sudo_password], stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE)
p2 = subprocess.Popen(['sudo', '-S', 'sysctl', '-w', 'net.ipv6.conf.all.disable_ipv6=0', '&&', 'sysctl', '-w', 'net.ipv6.conf.default.disable_ipv6=0'], stdin=p1.stdout, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
p1.stdout.close()
p2.stdout.close()
except subprocess.CalledProcessError:
self.statusbar.showMessage("ERROR: disabling IPV6 failed", 2000)
else:
self.sudo_dialog = self.get_sudo()
self.sudo_dialog.text_label.setText("<html><head/><body><p>VPN Network Manager requires <span style=\" font-weight:600;\">sudo</span> permissions in order to enable IPV6. Please input the <span style=\" font-weight:600;\">sudo</span> Password or run the program with elevated priveledges.</p></body></html>")
self.sudo_dialog.exec_()

if self.sudo_password:
try:
p1 = subprocess.Popen(['echo', self.sudo_password], stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE)
p2 = subprocess.Popen(['sudo', '-S', 'sysctl', '-w', 'net.ipv6.conf.all.disable_ipv6=0', '&&', 'sysctl', '-w', 'net.ipv6.conf.default.disable_ipv6=0'], stdin=p1.stdout, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
p1.stdout.close()
p2.stdout.close()
except subprocess.CalledProcessError:
self.statusbar.showMessage("ERROR: Enabling IPV6 failed", 2000)

def check_connection_validity(self):
if self.server_type_select.currentText() == 'Double VPN': # perhaps add pop up to give user the choice
self.connection_type_select.setCurrentIndex(1) # set to TCP
Expand Down Expand Up @@ -912,8 +958,8 @@ def connect(self):
return False
elif self.auto_connect_box.isChecked() and self.sudo_password: # sudo password exists in memory
self.set_auto_connect()

self.check_connection_validity()
self.disable_ipv6()
self.get_ovpn()
self.import_ovpn()
self.add_secrets()
Expand Down Expand Up @@ -951,6 +997,7 @@ def disconnect_vpn(self):
self.disable_auto_connect()
self.disable_connection()
self.remove_connection()
self.enable_ipv6()
self.statusbar.clearMessage()
self.repaint()

Expand Down

0 comments on commit e0541eb

Please sign in to comment.