passepartoutvpn
/
tunnelkit
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fall back to network settings when no DNS servers 

Rather than forcing CloudFlare (by default).

Fixes #197
This commit is contained in:
Davide De Rosa 2021-01-26 10:03:22 +01:00
parent 9567be7563
commit 0f097d50af
2 changed files with 23 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGELOG.md
View File

@ -12,6 +12,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
- Handle `--data-ciphers` and `data-ciphers-fallback` from OpenVPN 2.5 - Handle `--data-ciphers` and `data-ciphers-fallback` from OpenVPN 2.5
- Support DNS over HTTPS (DoH) and TLS (DoT). - Support DNS over HTTPS (DoH) and TLS (DoT).
### Fixed
- Do not override network DNS settings when not provided by VPN. [#197](https://github.com/passepartoutvpn/tunnelkit/issues/197)
## 3.2.0 (2021-01-07) ## 3.2.0 (2021-01-07)
### Changed ### Changed

32
TunnelKit/Sources/Protocols/OpenVPN/AppExtension/OpenVPNTunnelProvider.swift
View File

@ -682,17 +682,9 @@ extension OpenVPNTunnelProvider: OpenVPNSessionDelegate {
return return
} }
var dnsServers = cfg.sessionConfiguration.dnsServers ?? options.dnsServers ?? [] let dnsServers = cfg.sessionConfiguration.dnsServers ?? options.dnsServers ?? []
// fall back var dnsSettings: NEDNSSettings?
if !dnsServers.isEmpty {
log.info("DNS: Using servers \(dnsServers.maskedDescription)")
} else {
log.warning("DNS: No servers provided, using fall-back servers: \(fallbackDNSServers.maskedDescription)")
dnsServers = fallbackDNSServers
}
var dnsSettings = NEDNSSettings(servers: dnsServers)
if #available(iOS 14, macOS 11, *) { if #available(iOS 14, macOS 11, *) {
switch cfg.sessionConfiguration.dnsProtocol { switch cfg.sessionConfiguration.dnsProtocol {
case .https: case .https:
@ -702,6 +694,7 @@ extension OpenVPNTunnelProvider: OpenVPNSessionDelegate {
let specific = NEDNSOverHTTPSSettings(servers: dnsServers) let specific = NEDNSOverHTTPSSettings(servers: dnsServers)
specific.serverURL = serverURL specific.serverURL = serverURL
dnsSettings = specific dnsSettings = specific
log.info("DNS: Using HTTPS server \(serverURL.maskedDescription)")
case .tls: case .tls:
guard let serverName = cfg.sessionConfiguration.dnsTLSServerName else { guard let serverName = cfg.sessionConfiguration.dnsTLSServerName else {
@ -710,23 +703,34 @@ extension OpenVPNTunnelProvider: OpenVPNSessionDelegate {
let specific = NEDNSOverTLSSettings(servers: dnsServers) let specific = NEDNSOverTLSSettings(servers: dnsServers)
specific.serverName = serverName specific.serverName = serverName
dnsSettings = specific dnsSettings = specific
log.info("DNS: Using TLS server name \(serverName.maskedDescription)")
default: default:
break break
} }
} }
// fall back
if dnsSettings == nil && !dnsServers.isEmpty {
log.info("DNS: Using servers \(dnsServers.maskedDescription)")
dnsSettings = NEDNSSettings(servers: dnsServers)
} else {
// log.warning("DNS: No servers provided, using fall-back servers: \(fallbackDNSServers.maskedDescription)")
// dnsSettings = NEDNSSettings(servers: fallbackDNSServers)
log.warning("DNS: No settings provided, using current network settings")
}
// "hack" for split DNS (i.e. use VPN only for DNS) // "hack" for split DNS (i.e. use VPN only for DNS)
if !isGateway { if !isGateway {
dnsSettings.matchDomains = [""] dnsSettings?.matchDomains = [""]
} }
if let searchDomains = cfg.sessionConfiguration.searchDomains ?? options.searchDomains { if let searchDomains = cfg.sessionConfiguration.searchDomains ?? options.searchDomains {
log.info("DNS: Using search domains \(searchDomains.maskedDescription)") log.info("DNS: Using search domains \(searchDomains.maskedDescription)")
dnsSettings.domainName = searchDomains.first dnsSettings?.domainName = searchDomains.first
dnsSettings.searchDomains = searchDomains dnsSettings?.searchDomains = searchDomains
if !isGateway { if !isGateway {
dnsSettings.matchDomains = dnsSettings.searchDomains dnsSettings?.matchDomains = dnsSettings?.searchDomains
} }
} }