Use a TUN device and embedded PPP code, instead of using pppd

configure.ac

@@ -80,6 +80,8 @@ AC_CHECK_HEADERS([net/route.h], [], AC_MSG_ERROR([Required header not found]), [
 # Checks for optional header files.
 AC_CHECK_HEADERS([ \
 libutil.h \
+linux/if_ppp.h \
+linux/if_tun.h \
 mach/mach.h \
 pty.h \
 semaphore.h \

etc/NetworkManager/dispatcher.d/30-pppVPN-rules.sh

@@ -0,0 +1,38 @@
+#!/bin/bash
+# Sample script to add in the /etc/NetworkManager/dispatcher.d folder.
+# Allowing you to properly configure additional routes if needed
+# There might be better way to do this, but I'm not aware of them in my specific case.
+
+
+# The UUID of the connection profile we want to target. Use it if the UUID is fixed in your case.
+#TARGET_CONNECTION_UUID="a1b2c3d4-e5f6-7890-1234-56789abcdef0"
+
+# The interface name (if UUID is not fixed). don't forget to use the --tun-ifname=pppVPN to your config file.
+TARGET_INTERFACE="pppVPN"
+
+# The interface name (e.g., ppp0, enp3s0) is the first argument
+INTERFACE="$1"
+# The action (e.g., "up", "down") is the second argument
+ACTION="$2"
+
+# Check if the script is being run for our target connection
+#if [ "$CONNECTION_UUID" = "$TARGET_CONNECTION_UUID"  ]; then
+if [ "$INTERFACE" = "$TARGET_INTERFACE" ]; then
+    case "$ACTION" in
+        up)
+            # This code runs when the connection comes up
+            logger "NetworkManager Dispatcher: Applying custom rules for $INTERFACE"
+            # Add specific resources route rules here (more easy than the +ipv4.route using the via which could be random):
+            #ip route add 10.10.10.0/24 dev $TARGET_INTERFACE scope link
+            #ip route add 10.10.20.0/24 dev $TARGET_INTERFACE scope link
+            #ip route add 10.10.30.120/32 dev $TARGET_INTERFACE scope link
+            ;;
+        down)
+            # This code runs when the connection goes down
+            logger "NetworkManager Dispatcher: Removing custom rules for $INTERFACE"
+            # if using the dev $TARGET_INTERFACE nothing to do, if not, you should remove your rules here
+            ;;
+    esac
+fi
+
+true

src/config.c

@@ -53,6 +53,8 @@ const struct vpn_config invalid_cfg = {
 	.no_ftm_push = -1,
 	.pinentry = NULL,
 	.realm = {'\0'},
+	.tun = -1,
+	.tun_ifname = NULL,
 	.iface_name = {'\0'},
 	.sni = {'\0'},
 	.set_routes = -1,
@@ -294,6 +296,18 @@ int load_config(struct vpn_config *cfg, const char *filename)
 		} else if (strcmp(key, "realm") == 0) {
 			strncpy(cfg->realm, val, REALM_SIZE);
 			cfg->realm[REALM_SIZE] = '\0';
+		} else if (strcmp(key, "tun") == 0) {
+			long tun = strtol(val, NULL, 0);
+
+			if (tun < 0 || tun > 1) {
+				log_warn("Bad tun option in configuration file: \"%ld\".\n",
+				         tun);
+				continue;
+			}
+			cfg->tun = tun;
+		} else if (strcmp(key, "tun-ifname") == 0) {
+			free(cfg->tun_ifname);
+			cfg->tun_ifname = strdup(val);
 		} else if (strcmp(key, "set-dns") == 0) {
 			int set_dns = strtob(val);
 
@@ -497,6 +511,7 @@ void destroy_vpn_config(struct vpn_config *cfg)
 	free(cfg->otp_prompt);
 	free(cfg->pinentry);
 	free(cfg->cookie);
+	free(cfg->tun_ifname);
 #if HAVE_USR_SBIN_PPPD
 	free(cfg->pppd_log);
 	free(cfg->pppd_plugin);
@@ -550,6 +565,12 @@ void merge_config(struct vpn_config *dst, struct vpn_config *src)
 		free(dst->pinentry);
 		dst->pinentry = src->pinentry;
 	}
+	if (src->tun != invalid_cfg.tun)
+		dst->tun = src->tun;
+	if (src->tun_ifname) {
+		free(dst->tun_ifname);
+		dst->tun_ifname = src->tun_ifname;
+	}
 	if (src->realm[0])
 		strcpy(dst->realm, src->realm);
 	if (src->iface_name[0])

src/config.h

@@ -80,6 +80,8 @@ struct vpn_config {
 	unsigned int		otp_delay;
 	int			no_ftm_push;
 	char			*pinentry;
+	int			tun;
+	char			*tun_ifname;
 	char			iface_name[IF_NAMESIZE];
 	char			realm[REALM_SIZE + 1];
 

src/http.c

@@ -897,6 +897,11 @@ static int parse_xml_config(struct tunnel *tunnel, const char *buffer)
 	if (!gateway)
 		log_warn("No gateway address, using interface for routing\n");
 
+	if (tunnel->config->tun) {
+		tunnel->ipv4.ip_addr.s_addr = inet_addr(gateway);
+		tunnel->ipv4.peer_addr.s_addr = inet_addr("192.0.2.1");
+	}
+
 	// The dns search string
 	val = buffer;
 	while ((val = xml_find('<', "dns", val, 2))) {