Windscribe

[electricalArt]

Project description Windscribe is a commercial VPN service provider with applications for Windows, macOS, Linux, Android, and iOS with support for routers and other platforms via custom configurations. Windscribe is based in Canada.

Metadata

• homepage URL: https://windscribe.com/
• source URL: https://github.com/Windscribe/desktop-v2
• license: gpl2.0
• platforms: linux, macos, unix, windows, android, ios, ...

[khajavi]

Any update on this?

[arphe42]

Is this a demande to put windscribe in the nix repo ? I switched to nixos and it's the only software that I use that is not there yet.

[arphe42]

can someone help me, I try to make the derivation, it work, I see the logo but it just load indefinitely. for now I have the a package : https://github.com/arphe42/nixpkgs/blob/master/pkgs/applications/networking/windscribe/default.nix and a module for systemd : https://github.com/arphe42/nixpkgs/blob/master/nixos/modules/services/networking/windscribe.nix

I dont realy understand what to do at this point.

[kmjayadeep]

@arphe42 It seems like you delete your repo or made it private Anyone else worked on this? I can give it a try

[mastermach50]

any update on this?

[arphe42]

@kmjayadeep The repo does not exist anymore, it did not work, I was only able to lunch the application but I dont know why the application cant interact with internet. I'm still interest to make it work, I just dont know how to.

I tried to make something similar as I saw in the aur https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=windscribe-git I think the problem was with the file that was suppose to be in /etc but I'm not sure and it's been a year since I try

[nyabinary]

What are the challenges in packaging the windscribe 2.0 app?

[GabTheBab]

I've got a hacky package of it that gets to the GUI. It just gives an infinite loading screen after that. I believe it still needs an FHS wrapper, at least with the binary version I've been trying (and failing) to package.

[GabTheBab]

It would probably be best to compile it from source, but that has its own challenges as windscribe vendors a few of their dependencies.

[GabTheBab]

It also might need a patch because it wants to have it's own scripts stored in /etc and is hardcoded to look for them there

[johanno]

I tried it here: https://github.com/NixOS/nixpkgs/compare/master...johanno:nixpkgs:windscribe_pkg

Both compile from source and use the deb file. The compile from source ended in some weird c error I didn't understand and the deb file attempt opens the UI loader but then just hangs without any indication whats not working.

[pluiedev]

I also tried my hand at building Windscribe from scratch, but it has some... unique difficulties. The official build script just completely ignores all parameters set by Nix that allows CMake to work properly, and requires a jank symlink of Qt libraries to ./build-libs/qt to work.

On the other hand, completely ignoring the build script doesn't work either, since there's no overarching CMakeLists.txt (for some reason), so you have to manually run cmakeConfigurePhase on every single subdep manually. And then, you get the fun issue of the linker failing to detect boost_filesystem and the network access manager requiring experimental ECH support for curl, which requires either BoringSSL or WolfSSL support to be enabled, which means recompiling curl...

Honestly, repackaging the deb file is probably the easiest way to go here because the build system is just such a PITA. I really wonder how they even got it working.

[adrianmgg]

i bodged together a mostly working build from sources a little while ago but didn't end up finishing it (link) - it can launch the UI and log in but actually connecting to the vpn doesn't work. i'll probably keep working at it and clean the code up to contribute if I can get it working, but there's some patches/notes/etc in there that might be useful to anyone else trying to get this working.

[GabTheBab]

i bodged together a mostly working build from sources a little while ago but didn't end up finishing it (link) - it can launch the UI and log in but actually connecting to the vpn doesn't work. i'll probably keep working at it and clean the code up to contribute if I can get it working, but there's some patches/notes/etc in there that might be useful to anyone else trying to get this working.

I've run a strace on the helper service and I think I've figured out why your package can't connect, windscribe is trying to access some scripts it expects to be in /etc/windscribe and /opt/windscribe. Of course these things aren't located there on NixOS. Sadly though I don't have the knowledge to fix this. If someone else would like to take a look, just start the helper with strace and try to connect.

[GabTheBab]

.r-xr-xr-x  701 root 14 Jun 02:39 cgroups-down
.r-xr-xr-x 3.5k root 14 Jun 02:39 cgroups-up
.rwxr--r-- 3.2k root 14 Jun 02:32 config.ovpn
.r-xr-xr-x 3.1k root 14 Jun 02:39 dns-leak-protect
.r-xr-xr-x  678 root 14 Jun 02:39 install-update
.rwxr--r-- 4.1k root 14 Jun 02:41 rules.v4
.rwxr--r--  399 root 14 Jun 02:41 rules.v6
.r-xr-xr-x 2.1k root 14 Jun 02:39 update-network-manager
.r-xr-xr-x 2.3k root 14 Jun 02:39 update-resolv-conf
.r-xr-xr-x  14k root 14 Jun 02:39 update-systemd-resolved
drwxr-xr-x    - root 14 Jun 02:39 windscribe_nameservers

Manually putting these into /etc/windscribe gives a working setup. Not sure how you would handle something like that in the package itself though.

[GabTheBab]

It also seems to need to be able to read/write to /etc/windscribe/config.ovpn and /etc/windscribe/rules.{v4,v6}. So a flat patch to make it look in the nix store for these is not enough.

[pluiedev]

I've run a strace on the helper service and I think I've figured out why your package can't connect, windscribe is trying to access some scripts it expects to be in /etc/windscribe and /opt/windscribe. Of course these things aren't located there on NixOS. Sadly though I don't have the knowledge to fix this. If someone else would like to take a look, just start the helper with strace and try to connect.

If we could patch those paths in Windscribe then that would be ideal. Worst case scenario — wrap it in a FHS environment that gaslights Windscribe into thinking that those paths exist, but that should be the last resort

[shimpact003]

So I added the files for etc into the windscribe package and modified the service file from Mullvad for windscribe. The files are now symlinked into /etc/windscribe, but the helper doesn't work as a systemd service. windscribe-service.txt EDIT: I just had to add pkgs.iptables to the path of the service unit. It works.

[GabTheBab]

So I added the files for etc into the windscribe package and modified the service file from Mullvad for windscribe. The files are now symlinked into /etc/windscribe, but the helper doesn't work as a systemd service. windscribe-service.txt EDIT: I just had to add pkgs.iptables to the path of the service unit. It works.

This method makes /etc/windscribe read only, as its a symlink to the nix store. The helper service needs to write there for the firewall to work.

[GabTheBab]

Doing something like this works.

    environment.etc = {
      "windscribe/cert.pem" = {
        source = "${cfg.package}/etc/windscribe/cert.pem";
      };

      "windscribe/cgroups-down" = {
        source = "${cfg.package}/etc/windscribe/cgroups-down";
      };

      "windscribe/cgroups-up" = {
        source = "${cfg.package}/etc/windscribe/cgroups-up";
      };

      "windscribe/dns-leak-protect" = {
        source = "${cfg.package}/etc/windscribe/dns-leak-protect";
      };

      "windscribe/install-update" = {
        source = "${cfg.package}/etc/windscribe/install-update";
      };

      "windscribe/update-network-manager" = {
        source = "${cfg.package}/etc/windscribe/update-network-manager";
      };

      "windscribe/update-resolv-conf" = {
        source = "${cfg.package}/etc/windscribe/update-resolv-conf";
      };

      "windscribe/update-systemd-resolved" = {
        source = "${cfg.package}/etc/windscribe/update-systemd-resolved";
      };
    };

[adrianmgg]

the helper service ... is trying to access some scripts it expects to be in /etc/windscribe and /opt/windscribe.

If we could patch those paths in Windscribe then that would be ideal. Worst case scenario — wrap it in a FHS environment that gaslights Windscribe into thinking that those paths exist, but that should be the last resort

— https://github.com/NixOS/nixpkgs/issues/158368#issuecomment-2167479192

i'll work on patching these, looks like it shouldn't be too hard.