From 0f097d50af6d07858b8c1f9d0874bec8a93d1430 Mon Sep 17 00:00:00 2001 From: Davide De Rosa Date: Tue, 26 Jan 2021 10:03:22 +0100 Subject: [PATCH] Fall back to network settings when no DNS servers Rather than forcing CloudFlare (by default). Fixes #197 --- CHANGELOG.md | 4 +++ .../AppExtension/OpenVPNTunnelProvider.swift | 34 +++++++++++-------- 2 files changed, 23 insertions(+), 15 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1d66788..f9ed734 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,6 +12,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Handle `--data-ciphers` and `data-ciphers-fallback` from OpenVPN 2.5 - Support DNS over HTTPS (DoH) and TLS (DoT). +### Fixed + +- Do not override network DNS settings when not provided by VPN. [#197](https://github.com/passepartoutvpn/tunnelkit/issues/197) + ## 3.2.0 (2021-01-07) ### Changed diff --git a/TunnelKit/Sources/Protocols/OpenVPN/AppExtension/OpenVPNTunnelProvider.swift b/TunnelKit/Sources/Protocols/OpenVPN/AppExtension/OpenVPNTunnelProvider.swift index c19df65..ee30329 100644 --- a/TunnelKit/Sources/Protocols/OpenVPN/AppExtension/OpenVPNTunnelProvider.swift +++ b/TunnelKit/Sources/Protocols/OpenVPN/AppExtension/OpenVPNTunnelProvider.swift @@ -682,17 +682,9 @@ extension OpenVPNTunnelProvider: OpenVPNSessionDelegate { return } - var dnsServers = cfg.sessionConfiguration.dnsServers ?? options.dnsServers ?? [] + let dnsServers = cfg.sessionConfiguration.dnsServers ?? options.dnsServers ?? [] - // fall back - if !dnsServers.isEmpty { - log.info("DNS: Using servers \(dnsServers.maskedDescription)") - } else { - log.warning("DNS: No servers provided, using fall-back servers: \(fallbackDNSServers.maskedDescription)") - dnsServers = fallbackDNSServers - } - - var dnsSettings = NEDNSSettings(servers: dnsServers) + var dnsSettings: NEDNSSettings? if #available(iOS 14, macOS 11, *) { switch cfg.sessionConfiguration.dnsProtocol { case .https: @@ -702,7 +694,8 @@ extension OpenVPNTunnelProvider: OpenVPNSessionDelegate { let specific = NEDNSOverHTTPSSettings(servers: dnsServers) specific.serverURL = serverURL dnsSettings = specific - + log.info("DNS: Using HTTPS server \(serverURL.maskedDescription)") + case .tls: guard let serverName = cfg.sessionConfiguration.dnsTLSServerName else { break @@ -710,23 +703,34 @@ extension OpenVPNTunnelProvider: OpenVPNSessionDelegate { let specific = NEDNSOverTLSSettings(servers: dnsServers) specific.serverName = serverName dnsSettings = specific + log.info("DNS: Using TLS server name \(serverName.maskedDescription)") default: break } } + // fall back + if dnsSettings == nil && !dnsServers.isEmpty { + log.info("DNS: Using servers \(dnsServers.maskedDescription)") + dnsSettings = NEDNSSettings(servers: dnsServers) + } else { +// log.warning("DNS: No servers provided, using fall-back servers: \(fallbackDNSServers.maskedDescription)") +// dnsSettings = NEDNSSettings(servers: fallbackDNSServers) + log.warning("DNS: No settings provided, using current network settings") + } + // "hack" for split DNS (i.e. use VPN only for DNS) if !isGateway { - dnsSettings.matchDomains = [""] + dnsSettings?.matchDomains = [""] } if let searchDomains = cfg.sessionConfiguration.searchDomains ?? options.searchDomains { log.info("DNS: Using search domains \(searchDomains.maskedDescription)") - dnsSettings.domainName = searchDomains.first - dnsSettings.searchDomains = searchDomains + dnsSettings?.domainName = searchDomains.first + dnsSettings?.searchDomains = searchDomains if !isGateway { - dnsSettings.matchDomains = dnsSettings.searchDomains + dnsSettings?.matchDomains = dnsSettings?.searchDomains } }