tunnelkit/README.md

157 lines
6.1 KiB
Markdown
Raw Normal View History

2018-08-23 10:16:36 +00:00
# TunnelKit
2018-08-23 08:19:25 +00:00
2018-08-23 10:16:36 +00:00
This library provides a simplified Swift/Obj-C implementation of the OpenVPN® protocol for the Apple platforms. The crypto layer is built on top of [OpenSSL][dep-openssl] 1.1.0h, which in turn enables support for a certain range of encryption and digest algorithms.
2018-08-23 08:19:25 +00:00
2018-08-23 10:16:36 +00:00
## Contacts
2018-08-23 08:19:25 +00:00
2018-08-23 10:16:36 +00:00
Twitter: [@keeshux][me-twitter]
2018-08-23 08:19:25 +00:00
2018-08-23 10:16:36 +00:00
Website: [davidederosa.com][me-website]
2018-08-23 08:19:25 +00:00
## Getting started
The client is known to work with [OpenVPN®][openvpn] 2.3+ servers. Key renegotiation and replay protection are also included, but full-fledged configuration files (.ovpn) are not currently supported.
- [x] Handshake and tunneling over UDP or TCP
- [x] Client-initiated renegotiation
- [x] Replay protection (hardcoded window)
- [x] Data encryption
- AES-CBC (128 and 256 bit)
- AES-GCM (128 and 256 bit)
- [x] HMAC digest
- SHA-1
- SHA-256
- [x] TLS CA validation
2018-08-17 09:14:34 +00:00
The library does not currently support compression, so you must disable it server-side in order to avoid a confusing loss of data packets. The `TunnelKitProvider.Configuration.LZOFraming` option is deprecated and only provided for interoperability with `comp-lzo no`.
2018-08-23 14:55:35 +00:00
2018-08-23 08:19:25 +00:00
## Installation
### Requirements
- iOS 9.0+ / macOS 10.11+
- Xcode 9+ (Swift 4)
- Git (preinstalled with Xcode Command Line Tools)
- Ruby (preinstalled with macOS)
- [CocoaPods 1.5.0][dep-cocoapods]
- [jazzy][dep-jazzy] (optional, for documentation)
It's highly recommended to use the Git and Ruby packages provided by [Homebrew][dep-brew].
### CocoaPods
To use with CocoaPods just add this to your Podfile:
```ruby
2018-08-23 10:16:36 +00:00
pod 'TunnelKit'
2018-08-23 08:19:25 +00:00
```
### Testing
Download the library codebase locally:
2018-08-23 10:16:36 +00:00
$ git clone https://github.com/keeshux/TunnelKit.git
2018-08-23 08:19:25 +00:00
Assuming you have a [working CocoaPods environment][dep-cocoapods], setting up the library workspace only requires installing the pod dependencies:
$ pod install
2018-08-23 10:16:36 +00:00
After that, open `TunnelKit.xcworkspace` in Xcode and run the unit tests found in the `TunnelKitTests` target. A simple CMD+U while on `TunnelKit-iOS` should do that as well.
2018-08-23 08:19:25 +00:00
#### Demo
There is a `Demo` directory containing a simple app for testing the tunnel, called `BasicTunnel`. As usual, prepare for CocoaPods:
$ pod install
then open `Demo.xcworkspace` and run the `BasicTunnel-iOS` target.
For the VPN to work properly, the `BasicTunnel` demo requires:
- _App Groups_ and _Keychain Sharing_ capabilities
- App IDs with _Packet Tunnel_ entitlements
both in the main app and the tunnel extension target.
2018-08-23 10:16:36 +00:00
In order to test connection to your own server, modify the file `Demo/BasicTunnel-[iOS|macOS]/ViewController.swift` and make sure to set `builder.ca` to the PEM encoded certificate of your VPN server's CA (or `nil` if none).
2018-08-23 08:19:25 +00:00
Example:
2018-08-23 10:16:36 +00:00
builder.endpointProtocols = [TunnelKitProvider.EndpointProtocol(.udp, 1194)]
2018-08-23 08:19:25 +00:00
builder.ca = """
-----BEGIN CERTIFICATE-----
MIIFJDCC...
-----END CERTIFICATE-----
"""
## Documentation
The library is split into two modules, in order to decouple the low-level protocol implementation from the platform-specific bridging, namely the [NetworkExtension][ne-home] VPN framework.
Full documentation of the public interface is available and can be generated with [jazzy][dep-jazzy]. After installing the jazzy Ruby gem with:
$ gem install jazzy
enter the root directory of the repository and run:
$ jazzy
The generated output is stored into the `docs` directory in HTML format.
### Core
Here you will find the low-level entities on top of which the connection is established. Code is mixed Swift and Obj-C, most of it is not exposed to consumers. The *Core* module depends on OpenSSL and is mostly platform-agnostic.
The entry point is the `SessionProxy` class. The networking layer is fully abstract and delegated externally with the use of opaque `IOInterface` (`LinkInterface` and `TunnelInterface`) and `SessionProxyDelegate` protocols.
### AppExtension
2018-08-23 10:16:36 +00:00
The goal of this module is packaging up a black box implementation of a [NEPacketTunnelProvider][ne-ptp], which is the essential part of a Packet Tunnel Provider app extension. You will find the main implementation in the `TunnelKitProvider` class.
2018-08-23 08:19:25 +00:00
Currently, the extension supports VPN over both [UDP][ne-udp] and [TCP][ne-tcp] sockets. A debug log snapshot is optionally maintained and shared to host apps via `UserDefaults` in a shared App Group.
## Contributing
For more details please see [CONTRIBUTING](/CONTRIBUTING.md).
## License
2018-08-23 10:16:36 +00:00
This project is licensed under the [GPLv3 license][license-gpl3], which can be found [here](/LICENSE).
2018-08-23 08:19:25 +00:00
2018-08-23 10:16:36 +00:00
## Credits
2018-08-23 08:19:25 +00:00
2018-08-23 10:16:36 +00:00
- [PIATunnel][dep-piatunnel-repo] - TunnelKit is a hard fork of PIATunnel that repurposes it substantially. PIATunnel is licensed under the [MIT (Expat) license][license-mit], which can be found [here][dep-piatunnel-license].
- [SwiftyBeaver][dep-swiftybeaver-repo] - A convenient logging library.
2018-08-23 08:19:25 +00:00
This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. ([https://www.openssl.org/][dep-openssl])
© 2002-2018 OpenVPN Inc. - OpenVPN is a registered trademark of OpenVPN Inc.
2018-08-23 10:16:36 +00:00
## Donations
TunnelKit is free software, donations are extremely welcome.
Bitcoin address: [16w2AWamiH2SS68NYSMDcrbh5MnZ1c5eju][me-btc]
[me-twitter]: https://twitter.com/keeshux
[me-website]: https://davidederosa.com
[me-btc]: bitcoin:16w2AWamiH2SS68NYSMDcrbh5MnZ1c5eju
2018-08-23 08:19:25 +00:00
[openvpn]: https://openvpn.net/index.php/open-source/overview.html
[dep-cocoapods]: https://guides.cocoapods.org/using/getting-started.html
[dep-jazzy]: https://github.com/realm/jazzy
[dep-brew]: https://brew.sh/
[dep-openssl]: https://www.openssl.org/
[ne-home]: https://developer.apple.com/documentation/networkextension
[ne-ptp]: https://developer.apple.com/documentation/networkextension/nepackettunnelprovider
[ne-udp]: https://developer.apple.com/documentation/networkextension/nwudpsession
[ne-tcp]: https://developer.apple.com/documentation/networkextension/nwtcpconnection
2018-08-23 10:16:36 +00:00
[license-gpl3]: https://choosealicense.com/licenses/gpl-3.0/
[license-mit]: https://choosealicense.com/licenses/mit/
[dep-piatunnel-repo]: https://github.com/pia-foss/tunnel-apple
[dep-piatunnel-license]: https://github.com/pia-foss/tunnel-apple/blob/master/LICENSE
[dep-swiftybeaver-repo]: https://github.com/SwiftyBeaver/SwiftyBeaver