Extend WireGuard with DoH/DoT options (#314)

CHANGELOG.md

@@ -9,13 +9,15 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Added
 
-- OpenVPN: Full implementation of Tunnelblick XOR patch (tmthecoder). [#255][https://github.com/passepartoutvpn/tunnelkit/pull/255]
+- WireGuard: DoH/DoT options. [#314](https://github.com/passepartoutvpn/tunnelkit/pull/314)
+- OpenVPN: Full implementation of Tunnelblick XOR patch (tmthecoder). [#255](https://github.com/passepartoutvpn/tunnelkit/pull/255)
 - OpenVPN: Support for `--route-nopull`. [#280](https://github.com/passepartoutvpn/tunnelkit/pull/280)
 - OpenVPN: Support for `--remote-random-hostname`. [#286](https://github.com/passepartoutvpn/tunnelkit/pull/286)
 - Use .includeAllNetworks for best-effort kill switch. [#300](https://github.com/passepartoutvpn/tunnelkit/pull/300)
 
 ### Changed
 
+- Bump targets to iOS 15 / macOS 12.
 - Upgrade OpenSSL to 1.1.1q.
 - Use natively async methods from NetworkExtension. [#284](https://github.com/passepartoutvpn/tunnelkit/pull/284)
 - OpenVPN: Unmask PUSH_REPLY and network settings in logs.

Package.resolved

@@ -24,8 +24,8 @@
         "repositoryURL": "https://github.com/passepartoutvpn/wireguard-apple",
         "state": {
           "branch": null,
-          "revision": "d3b8f1ac6f3361d69bd3daf8aee3c43012c6ec0b",
-          "version": "1.0.16"
+          "revision": "cbcbf4369e1852fdf3398f9fbb49a26cfff4c97f",
+          "version": null
         }
       }
     ]

Package.swift

@@ -1,4 +1,4 @@
-// swift-tools-version:5.3
+// swift-tools-version:5.5
 // The swift-tools-version declares the minimum version of Swift required to build this package.
 
 import PackageDescription
@@ -6,7 +6,7 @@ import PackageDescription
 let package = Package(
     name: "TunnelKit",
     platforms: [
-        .iOS(.v13), .macOS(.v10_15)
+        .iOS(.v15), .macOS(.v12)
     ],
     products: [
         // Products define the executables and libraries a package produces, and make them visible to other packages.
@@ -41,7 +41,8 @@ let package = Package(
         .package(url: "https://github.com/SwiftyBeaver/SwiftyBeaver", from: "1.9.0"),
         .package(url: "https://github.com/passepartoutvpn/openssl-apple", from: "1.1.11700"),
 //        .package(name: "WireGuardKit", url: "https://git.zx2c4.com/wireguard-apple", .exact("1.0.15-26"))
-        .package(name: "WireGuardKit", url: "https://github.com/passepartoutvpn/wireguard-apple", from: "1.0.16")
+        .package(name: "WireGuardKit", url: "https://github.com/passepartoutvpn/wireguard-apple", .revision("73d9152fa0cb661db0348a1ac11dbbf998422a50"))
+//        .package(name: "WireGuardKit", path: "../wireguard-apple")
     ],
     targets: [
         // Targets are the basic building blocks of a package. A target can define a module or a test suite.

Sources/TunnelKitWireGuardCore/Configuration.swift

@@ -42,6 +42,10 @@ public protocol WireGuardConfigurationProviding {
 
     var dnsSearchDomains: [String] { get }
 
+    var dnsHTTPSURL: URL? { get }
+
+    var dnsTLSServerName: String? { get }
+
     var mtu: UInt16? { get }
 
     var peersCount: Int { get }
@@ -129,6 +133,24 @@ extension WireGuard {
             }
         }
 
+        public var dnsHTTPSURL: URL? {
+            get {
+                interface.dnsHTTPSURL
+            }
+            set {
+                interface.dnsHTTPSURL = newValue
+            }
+        }
+
+        public var dnsTLSServerName: String? {
+            get {
+                interface.dnsTLSServerName
+            }
+            set {
+                interface.dnsTLSServerName = newValue
+            }
+        }
+
         public var mtu: UInt16? {
             get {
                 interface.mtu
@@ -256,6 +278,14 @@ extension WireGuard {
             interface.dnsSearch
         }
 
+        public var dnsHTTPSURL: URL? {
+            interface.dnsHTTPSURL
+        }
+
+        public var dnsTLSServerName: String? {
+            interface.dnsTLSServerName
+        }
+
         public var mtu: UInt16? {
             interface.mtu
         }

Sources/TunnelKitWireGuardCore/Internal/TunnelConfiguration+WgQuickConfig.swift

@@ -73,7 +73,7 @@ extension TunnelConfiguration {
                     } else {
                         attributes[key] = value
                     }
-                    let interfaceSectionKeys: Set<String> = ["privatekey", "listenport", "address", "dns", "mtu"]
+                    let interfaceSectionKeys: Set<String> = ["privatekey", "listenport", "address", "dns", "dnsoverhttpsurl", "dnsovertlsservername", "mtu"]
                     let peerSectionKeys: Set<String> = ["publickey", "presharedkey", "allowedips", "endpoint", "persistentkeepalive"]
                     if parserState == .inInterfaceSection {
                         guard interfaceSectionKeys.contains(key) else {
@@ -141,6 +141,12 @@ extension TunnelConfiguration {
             let dnsString = dnsLine.joined(separator: ", ")
             output.append("DNS = \(dnsString)\n")
         }
+        if let dnsHTTPSURL = interface.dnsHTTPSURL {
+            output.append("DNSOverHTTPSURL = \(dnsHTTPSURL)\n")
+        }
+        if let dnsTLSServerName = interface.dnsTLSServerName {
+            output.append("DNSOverTLSServerName = \(dnsTLSServerName)\n")
+        }
         if let mtu = interface.mtu {
             output.append("MTU = \(mtu)\n")
         }
@@ -203,6 +209,12 @@ extension TunnelConfiguration {
             interface.dns = dnsServers
             interface.dnsSearch = dnsSearch
         }
+        if let dnsHTTPSURL = attributes["dnsoverhttpsurl"] {
+            interface.dnsHTTPSURL = URL(string: dnsHTTPSURL)
+        }
+        if let dnsTLSServerName = attributes["dnsovertlsservername"] {
+            interface.dnsTLSServerName = dnsTLSServerName
+        }
         if let mtuString = attributes["mtu"] {
             guard let mtu = UInt16(mtuString) else {
                 throw ParseError.interfaceHasInvalidMTU(mtuString)