refactor: more robust vpn handling

Author: zhom

.github/workflows/lint-rs.yml

@@ -67,7 +67,7 @@ jobs:
         if: matrix.os == 'ubuntu-22.04'
         run: |
           sudo apt-get update
-          sudo apt install libwebkit2gtk-4.1-dev build-essential curl wget file libxdo-dev libssl-dev libayatana-appindicator3-dev librsvg2-dev
+          sudo apt install libwebkit2gtk-4.1-dev build-essential curl wget file libxdo-dev libssl-dev libayatana-appindicator3-dev librsvg2-dev openvpn
 
       - name: Install frontend dependencies
         run: pnpm install --frozen-lockfile
@@ -117,6 +117,16 @@ jobs:
         run: cargo test --lib && cargo test --test donut_proxy_integration && cargo test --test vpn_integration
         working-directory: src-tauri
 
+      - name: Run OpenVPN e2e test (Ubuntu only)
+        if: matrix.os == 'ubuntu-22.04'
+        shell: bash
+        working-directory: src-tauri
+        env:
+          DONUTBROWSER_RUN_OPENVPN_E2E: "1"
+        run: |
+          sudo --preserve-env=PATH,CARGO_HOME,RUSTUP_HOME,DONUTBROWSER_RUN_OPENVPN_E2E \
+            cargo test --test vpn_integration test_openvpn_traffic_flows_through_donut_proxy -- --nocapture
+
       - name: Run Rust sync e2e tests
         run: node scripts/sync-test-harness.mjs
 

package.json

@@ -10,7 +10,7 @@
     "start": "next start",
     "test": "pnpm test:rust:unit && pnpm test:sync-e2e",
     "test:rust": "cd src-tauri && cargo test",
-    "test:rust:unit": "cd src-tauri && cargo test --lib && cargo test --test donut_proxy_integration",
+    "test:rust:unit": "cd src-tauri && cargo test --lib && cargo test --test donut_proxy_integration && cargo test --test vpn_integration",
     "test:sync-e2e": "node scripts/sync-test-harness.mjs",
     "lint": "pnpm lint:js && pnpm lint:rust && pnpm lint:spell",
     "lint:js": "biome check src/ && tsc --noEmit && cd donut-sync && biome check src/ && tsc --noEmit",

src-tauri/src/ip_utils.rs

@@ -55,6 +55,7 @@ pub async fn fetch_public_ip(proxy: Option<&str>) -> Result<String, IpError> {
     let proxy = reqwest::Proxy::all(proxy_url)
       .map_err(|e| IpError::Network(format!("Invalid proxy: {}", e)))?;
     client_builder
+      .no_proxy()
       .proxy(proxy)
       .build()
       .map_err(|e| IpError::Network(e.to_string()))?
@@ -64,7 +65,7 @@ pub async fn fetch_public_ip(proxy: Option<&str>) -> Result<String, IpError> {
       .map_err(|e| IpError::Network(e.to_string()))?
   };
 
-  let mut last_error = None;
+  let mut errors = Vec::new();
 
   for url in &urls {
     match client.get(*url).send().await {
@@ -76,21 +77,29 @@ pub async fn fetch_public_ip(proxy: Option<&str>) -> Result<String, IpError> {
           }
         }
         Err(e) => {
-          last_error = Some(format!("Failed to read response from {}: {}", url, e));
+          errors.push(format!("{}: {}", url, e));
         }
       },
       Ok(response) => {
-        last_error = Some(format!("HTTP {} from {}", response.status(), url));
+        errors.push(format!("{}: HTTP {}", url, response.status()));
       }
       Err(e) => {
-        last_error = Some(format!("Request to {} failed: {}", url, e));
+        errors.push(format!("{}: {}", url, e));
       }
     }
   }
 
-  Err(IpError::Network(last_error.unwrap_or_else(|| {
-    "Failed to fetch public IP from any endpoint".to_string()
-  })))
+  if errors.is_empty() {
+    Err(IpError::Network(
+      "Failed to fetch public IP from any endpoint".to_string(),
+    ))
+  } else {
+    Err(IpError::Network(format!(
+      "All {} endpoints failed: {}",
+      errors.len(),
+      errors.join("; ")
+    )))
+  }
 }
 
 #[cfg(test)]

src-tauri/src/lib.rs

@@ -813,6 +813,42 @@ async fn download_geoip_database(app_handle: tauri::AppHandle) -> Result<(), Str
 }
 
 // VPN commands
+#[derive(serde::Serialize)]
+#[serde(rename_all = "camelCase")]
+struct VpnDependencyStatus {
+  is_available: bool,
+  requires_external_install: bool,
+  missing_binary: bool,
+  missing_windows_adapter: bool,
+  dependency_check_failed: bool,
+}
+
+#[tauri::command]
+async fn get_vpn_dependency_status(vpn_type: vpn::VpnType) -> Result<VpnDependencyStatus, String> {
+  match vpn_type {
+    vpn::VpnType::WireGuard => Ok(VpnDependencyStatus {
+      is_available: true,
+      requires_external_install: false,
+      missing_binary: false,
+      missing_windows_adapter: false,
+      dependency_check_failed: false,
+    }),
+    vpn::VpnType::OpenVPN => {
+      let status = crate::vpn::openvpn_socks5::OpenVpnSocks5Server::dependency_status();
+      let is_available =
+        status.binary_found && !status.missing_windows_adapter && !status.dependency_check_failed;
+
+      Ok(VpnDependencyStatus {
+        is_available,
+        requires_external_install: true,
+        missing_binary: !status.binary_found,
+        missing_windows_adapter: status.missing_windows_adapter,
+        dependency_check_failed: status.dependency_check_failed,
+      })
+    }
+  }
+}
+
 #[tauri::command]
 async fn import_vpn_config(
   content: String,
@@ -986,45 +1022,81 @@ async fn check_vpn_validity(
     .unwrap_or_default()
     .as_secs();
 
-  // Start a temporary VPN worker to send real traffic
+  let had_existing_worker = vpn_worker_storage::find_vpn_worker_by_vpn_id(&vpn_id).is_some();
+
   let vpn_worker = vpn_worker_runner::start_vpn_worker(&vpn_id)
     .await
     .map_err(|e| format!("Failed to start VPN worker: {e}"))?;
 
-  let socks_url = format!("socks5://127.0.0.1:{}", vpn_worker.local_port.unwrap_or(0));
-
-  // Fetch public IP through the VPN SOCKS5 proxy
-  let result = match ip_utils::fetch_public_ip(Some(&socks_url)).await {
-    Ok(ip) => {
-      let (city, country, country_code) =
-        crate::proxy_manager::ProxyManager::get_ip_geolocation(&ip)
-          .await
-          .unwrap_or_default();
-
-      crate::proxy_manager::ProxyCheckResult {
-        ip,
-        city,
-        country,
-        country_code,
-        timestamp: now,
-        is_valid: true,
+  let socks_url = format!(
+    "socks5://127.0.0.1:{}",
+    vpn_worker.local_port.unwrap_or_default()
+  );
+
+  let local_proxy = crate::proxy_runner::start_proxy_process(Some(socks_url), None)
+    .await
+    .map_err(|error| error.to_string());
+  let local_proxy = match local_proxy {
+    Ok(proxy) => proxy,
+    Err(error_message) => {
+      if !had_existing_worker {
+        let _ = vpn_worker_runner::stop_vpn_worker(&vpn_worker.id).await;
       }
+      return Err(format!("Failed to start validation proxy: {error_message}"));
     }
-    Err(e) => {
-      log::warn!("VPN check failed to fetch public IP: {e}");
-      crate::proxy_manager::ProxyCheckResult {
-        ip: String::new(),
-        city: None,
-        country: None,
-        country_code: None,
-        timestamp: now,
-        is_valid: false,
+  };
+
+  let local_proxy_url = format!(
+    "http://127.0.0.1:{}",
+    local_proxy.local_port.unwrap_or_default()
+  );
+
+  let mut result = None;
+  for attempt in 0..3 {
+    if attempt > 0 {
+      tokio::time::sleep(std::time::Duration::from_secs(1)).await;
+    }
+
+    match ip_utils::fetch_public_ip(Some(&local_proxy_url)).await {
+      Ok(ip) => {
+        let (city, country, country_code) =
+          crate::proxy_manager::ProxyManager::get_ip_geolocation(&ip)
+            .await
+            .unwrap_or_default();
+
+        result = Some(crate::proxy_manager::ProxyCheckResult {
+          ip,
+          city,
+          country,
+          country_code,
+          timestamp: now,
+          is_valid: true,
+        });
+        break;
+      }
+      Err(error) => {
+        log::warn!(
+          "VPN validation attempt {} failed to fetch public IP through donut-proxy: {}",
+          attempt + 1,
+          error
+        );
       }
     }
-  };
+  }
 
-  // Stop the temporary VPN worker
-  let _ = vpn_worker_runner::stop_vpn_worker(&vpn_worker.id).await;
+  let _ = crate::proxy_runner::stop_proxy_process(&local_proxy.id).await;
+  if !had_existing_worker {
+    let _ = vpn_worker_runner::stop_vpn_worker(&vpn_worker.id).await;
+  }
+
+  let result = result.unwrap_or(crate::proxy_manager::ProxyCheckResult {
+    ip: String::new(),
+    city: None,
+    country: None,
+    country_code: None,
+    timestamp: now,
+    is_valid: false,
+  });
 
   Ok(result)
 }
@@ -1932,6 +2004,7 @@ pub fn run() {
       add_mcp_to_claude_code,
       remove_mcp_from_claude_code,
       // VPN commands
+      get_vpn_dependency_status,
       import_vpn_config,
       list_vpn_configs,
       get_vpn_config,