passepartoutvpn
/
tunnelkit
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
tunnelkit/Sources/TunnelKitWireGuardManager/WireGuard+ProviderConfigura...

160 lines
5.0 KiB
Swift
Raw Normal View History

Rewrite Manager package to make it stateless In order to avoid chaos from multiple profiles, retain the profile to be installed and remove all the other ones. Also, make sure to do the removal AFTER install, as doing it before would trigger the VPN permission alert again. XXX: there is some weird behavior from NetworkExtension occasionally sending notifications with a bogus NEVPNManager object having a nil .localizedDescription and other properties set to nonsensical values. Discard the notification when such an object is identified. Encapsulate extra NetworkExtension settings: - passwordReference - onDemandRules - disconnectsOnSleep Also: - Only set on-demand if any rules are set - Assume VPN is enabled even with on-demand disabled - Use DataCount instead of raw Int pair Attach useful information to VPN notifications: - VPN isEnabled - VPN status - VPN command error - Tunnel bundle identifier (if available) Expose specific OpenVPN/WireGuard shared data via extensions in UserDefaults/FileManager. Finally, drop incomplete IKE support. No fit.
2022-03-04 23:58:07 +00:00
//
// WireGuard+ProviderConfiguration.swift
// TunnelKit
//
// Created by Davide De Rosa on 11/21/21.
// Copyright (c) 2022 Davide De Rosa. All rights reserved.
//
// https://github.com/passepartoutvpn
//
// This file is part of TunnelKit.
//
// TunnelKit is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// TunnelKit is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with TunnelKit. If not, see <http://www.gnu.org/licenses/>.
//
import Foundation
import NetworkExtension
import TunnelKitManager
import TunnelKitWireGuardCore
import WireGuardKit
import __TunnelKitUtils
import SwiftyBeaver
private let log = SwiftyBeaver.self
extension WireGuard {
/// Specific configuration for WireGuard.
public struct ProviderConfiguration: Codable {
fileprivate enum Filenames: String {
case debugLog = "WireGuard.Tunnel.log"
}
fileprivate enum Keys: String {
case lastError = "WireGuard.LastError"
}
public let title: String
public let appGroup: String
public let configuration: WireGuard.Configuration
public var shouldDebug = false
Customize WireGuard debug log format
2022-03-24 07:59:48 +00:00
public var debugLogFormat: String? = nil
Rewrite Manager package to make it stateless In order to avoid chaos from multiple profiles, retain the profile to be installed and remove all the other ones. Also, make sure to do the removal AFTER install, as doing it before would trigger the VPN permission alert again. XXX: there is some weird behavior from NetworkExtension occasionally sending notifications with a bogus NEVPNManager object having a nil .localizedDescription and other properties set to nonsensical values. Discard the notification when such an object is identified. Encapsulate extra NetworkExtension settings: - passwordReference - onDemandRules - disconnectsOnSleep Also: - Only set on-demand if any rules are set - Assume VPN is enabled even with on-demand disabled - Use DataCount instead of raw Int pair Attach useful information to VPN notifications: - VPN isEnabled - VPN status - VPN command error - Tunnel bundle identifier (if available) Expose specific OpenVPN/WireGuard shared data via extensions in UserDefaults/FileManager. Finally, drop incomplete IKE support. No fit.
2022-03-04 23:58:07 +00:00
public init(_ title: String, appGroup: String, configuration: WireGuard.Configuration) {
self.title = title
self.appGroup = appGroup
self.configuration = configuration
}
private init(_ title: String, appGroup: String, wgQuickConfig: String) throws {
self.title = title
self.appGroup = appGroup
configuration = try WireGuard.Configuration(wgQuickConfig: wgQuickConfig)
}
}
}
// MARK: NetworkExtensionConfiguration
extension WireGuard.ProviderConfiguration: NetworkExtensionConfiguration {
/// :nodoc:
public func asTunnelProtocol(
withBundleIdentifier tunnelBundleIdentifier: String,
extra: NetworkExtensionExtra?
) throws -> NETunnelProviderProtocol {
let protocolConfiguration = NETunnelProviderProtocol()
protocolConfiguration.providerBundleIdentifier = tunnelBundleIdentifier
protocolConfiguration.serverAddress = configuration.endpointRepresentation
protocolConfiguration.passwordReference = extra?.passwordReference
protocolConfiguration.disconnectOnSleep = extra?.disconnectsOnSleep ?? false
protocolConfiguration.providerConfiguration = try asDictionary()
return protocolConfiguration
}
}
// MARK: Shared data
extension WireGuard.ProviderConfiguration {
public var lastError: WireGuardProviderError? {
Hide setters of shared provider defaults Tunnel values were overwritable by app. Instead: - Write from app extension with "private" setter (_appexSet*) - Read from app with public getter
2022-06-17 05:00:40 +00:00
return defaults?.wireGuardLastError
Rewrite Manager package to make it stateless In order to avoid chaos from multiple profiles, retain the profile to be installed and remove all the other ones. Also, make sure to do the removal AFTER install, as doing it before would trigger the VPN permission alert again. XXX: there is some weird behavior from NetworkExtension occasionally sending notifications with a bogus NEVPNManager object having a nil .localizedDescription and other properties set to nonsensical values. Discard the notification when such an object is identified. Encapsulate extra NetworkExtension settings: - passwordReference - onDemandRules - disconnectsOnSleep Also: - Only set on-demand if any rules are set - Assume VPN is enabled even with on-demand disabled - Use DataCount instead of raw Int pair Attach useful information to VPN notifications: - VPN isEnabled - VPN status - VPN command error - Tunnel bundle identifier (if available) Expose specific OpenVPN/WireGuard shared data via extensions in UserDefaults/FileManager. Finally, drop incomplete IKE support. No fit.
2022-03-04 23:58:07 +00:00
}
Hide setters of shared provider defaults Tunnel values were overwritable by app. Instead: - Write from app extension with "private" setter (_appexSet*) - Read from app with public getter
2022-06-17 05:00:40 +00:00
Rewrite Manager package to make it stateless In order to avoid chaos from multiple profiles, retain the profile to be installed and remove all the other ones. Also, make sure to do the removal AFTER install, as doing it before would trigger the VPN permission alert again. XXX: there is some weird behavior from NetworkExtension occasionally sending notifications with a bogus NEVPNManager object having a nil .localizedDescription and other properties set to nonsensical values. Discard the notification when such an object is identified. Encapsulate extra NetworkExtension settings: - passwordReference - onDemandRules - disconnectsOnSleep Also: - Only set on-demand if any rules are set - Assume VPN is enabled even with on-demand disabled - Use DataCount instead of raw Int pair Attach useful information to VPN notifications: - VPN isEnabled - VPN status - VPN command error - Tunnel bundle identifier (if available) Expose specific OpenVPN/WireGuard shared data via extensions in UserDefaults/FileManager. Finally, drop incomplete IKE support. No fit.
2022-03-04 23:58:07 +00:00
private var defaults: UserDefaults? {
return UserDefaults(suiteName: appGroup)
}
public var urlForDebugLog: URL? {
return FileManager.default.wireGuardURLForDebugLog(appGroup: appGroup)
}
public var debugLog: String? {
return FileManager.default.wireGuardDebugLog(appGroup: appGroup)
}
}
Hide setters of shared provider defaults Tunnel values were overwritable by app. Instead: - Write from app extension with "private" setter (_appexSet*) - Read from app with public getter
2022-06-17 05:00:40 +00:00
/// :nodoc:
extension WireGuard.ProviderConfiguration {
public func _appexSetLastError(_ newValue: WireGuardProviderError?) {
defaults?.wireGuardLastError = newValue
}
}
Rewrite Manager package to make it stateless In order to avoid chaos from multiple profiles, retain the profile to be installed and remove all the other ones. Also, make sure to do the removal AFTER install, as doing it before would trigger the VPN permission alert again. XXX: there is some weird behavior from NetworkExtension occasionally sending notifications with a bogus NEVPNManager object having a nil .localizedDescription and other properties set to nonsensical values. Discard the notification when such an object is identified. Encapsulate extra NetworkExtension settings: - passwordReference - onDemandRules - disconnectsOnSleep Also: - Only set on-demand if any rules are set - Assume VPN is enabled even with on-demand disabled - Use DataCount instead of raw Int pair Attach useful information to VPN notifications: - VPN isEnabled - VPN status - VPN command error - Tunnel bundle identifier (if available) Expose specific OpenVPN/WireGuard shared data via extensions in UserDefaults/FileManager. Finally, drop incomplete IKE support. No fit.
2022-03-04 23:58:07 +00:00
/// :nodoc:
extension UserDefaults {
Hide setters of shared provider defaults Tunnel values were overwritable by app. Instead: - Write from app extension with "private" setter (_appexSet*) - Read from app with public getter
2022-06-17 05:00:40 +00:00
public fileprivate(set) var wireGuardLastError: WireGuardProviderError? {
Rewrite Manager package to make it stateless In order to avoid chaos from multiple profiles, retain the profile to be installed and remove all the other ones. Also, make sure to do the removal AFTER install, as doing it before would trigger the VPN permission alert again. XXX: there is some weird behavior from NetworkExtension occasionally sending notifications with a bogus NEVPNManager object having a nil .localizedDescription and other properties set to nonsensical values. Discard the notification when such an object is identified. Encapsulate extra NetworkExtension settings: - passwordReference - onDemandRules - disconnectsOnSleep Also: - Only set on-demand if any rules are set - Assume VPN is enabled even with on-demand disabled - Use DataCount instead of raw Int pair Attach useful information to VPN notifications: - VPN isEnabled - VPN status - VPN command error - Tunnel bundle identifier (if available) Expose specific OpenVPN/WireGuard shared data via extensions in UserDefaults/FileManager. Finally, drop incomplete IKE support. No fit.
2022-03-04 23:58:07 +00:00
get {
guard let rawValue = string(forKey: WireGuard.ProviderConfiguration.Keys.lastError.rawValue) else {
return nil
}
return WireGuardProviderError(rawValue: rawValue)
}
set {
guard let newValue = newValue else {
removeObject(forKey: WireGuard.ProviderConfiguration.Keys.lastError.rawValue)
return
}
set(newValue.rawValue, forKey: WireGuard.ProviderConfiguration.Keys.lastError.rawValue)
}
}
}
/// :nodoc:
extension FileManager {
public func wireGuardURLForDebugLog(appGroup: String) -> URL? {
return documentsURL(appGroup: appGroup)?
.appendingPathComponent(WireGuard.ProviderConfiguration.Filenames.debugLog.rawValue)
}
public func wireGuardDebugLog(appGroup: String) -> String? {
guard let url = wireGuardURLForDebugLog(appGroup: appGroup) else {
return nil
}
do {
return try String(contentsOf: url)
} catch {
log.error("Unable to access debug log: \(error)")
return nil
}
}
private func documentsURL(appGroup: String) -> URL? {
return containerURL(forSecurityApplicationGroupIdentifier: appGroup)
}
}