From 942dcc48b163c44047bb2b7e1ef9a89dcacc8bfb Mon Sep 17 00:00:00 2001 From: Davide De Rosa Date: Mon, 28 Jun 2021 10:31:41 +0200 Subject: [PATCH] Support native IKE providers (IPSec/IKEv2) --- .jazzy.yaml | 3 +++ CHANGELOG.md | 4 ++++ README.md | 12 ++++++++---- TunnelKit.podspec | 9 ++++++++- TunnelKit.xcodeproj/project.pbxproj | 14 ++++++++++++++ 5 files changed, 37 insertions(+), 5 deletions(-) diff --git a/.jazzy.yaml b/.jazzy.yaml index b8f6cef..0c946f3 100644 --- a/.jazzy.yaml +++ b/.jazzy.yaml @@ -56,6 +56,9 @@ custom_categories: - NetworkExtensionVPNConfiguration - NetworkExtensionVPNProvider - MockVPNProvider + - name: Protocols/Native + children: + - NativeProvider - name: Protocols/OpenVPN children: - OpenVPN diff --git a/CHANGELOG.md b/CHANGELOG.md index 70b3ad2..7110b43 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## Unreleased +### Added + +- Support for IPSec/IKEv2 providers. + ### Changed - Avoid caching PEMs on disk (roop). [#213](https://github.com/passepartoutvpn/tunnelkit/pull/213) diff --git a/README.md b/README.md index 3822eab..5699688 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ # TunnelKit -This library provides a simplified Swift/Obj-C implementation of the OpenVPNĀ® protocol for the Apple platforms. The crypto layer is built on top of [OpenSSL 1.1.1][dep-openssl], which in turn enables support for a certain range of encryption and digest algorithms. +This library provides a generic framework for VPN development and a simplified Swift/Obj-C implementation of the OpenVPNĀ® protocol for the Apple platforms. The crypto layer is built on top of [OpenSSL 1.1.1][dep-openssl], which in turn enables support for a certain range of encryption and digest algorithms. ## Getting started @@ -161,15 +161,19 @@ Provides a layer on top of the NetworkExtension framework. Most importantly, bri This subspec includes convenient classes to control the VPN tunnel from your app without the NetworkExtension headaches. Have a look at `VPNProvider` implementations: - `MockVPNProvider` (default, useful to test on simulator) -- `OpenVPNProvider` +- `NetworkExtensionVPNProvider` (for IPSec/IKEv2) + +### Protocols/Native + +Here you find `NativeProvider`, a generic way to manage a VPN profile based on the native IPSec/IKEv2 protocols. Just wrap a `NEVPNProtocolIPSec` or `NEVPNProtocolIKEv2` object in a `NetworkExtensionVPNConfiguration` and use it to install or connect to the VPN. ### Protocols/OpenVPN -Here you will find the low-level entities on top of which an OpenVPN connection is established. Code is mixed Swift and Obj-C, most of it is not exposed to consumers. The module depends on OpenSSL. +Here are the low-level entities on top of which an OpenVPN connection is established. Code is mixed Swift and Obj-C, most of it is not exposed to consumers. The module depends on OpenSSL. The entry point is the `OpenVPNSession` class. The networking layer is fully abstract and delegated externally with the use of opaque `IOInterface` (`LinkInterface` and `TunnelInterface`) and `OpenVPNSessionDelegate` protocols. -Another goal of this module is packaging up a black box implementation of a [NEPacketTunnelProvider][ne-ptp], which is the essential part of a Packet Tunnel Provider app extension. You will find the main implementation in the `OpenVPNTunnelProvider` class. +Another goal of this module is packaging up a black box implementation of a [NEPacketTunnelProvider][ne-ptp], which is the essential part of a Packet Tunnel Provider app extension. You will find the main implementation in the `OpenVPNTunnelProvider` class. On the client side, you manage the VPN profile with the `OpenVPNProvider` class, which is a specific implementation of `NetworkExtensionVPNProvider`. A debug log snapshot is optionally maintained and shared by the tunnel provider to host apps via the App Group container. diff --git a/TunnelKit.podspec b/TunnelKit.podspec index 6b1563e..f81e4ab 100644 --- a/TunnelKit.podspec +++ b/TunnelKit.podspec @@ -38,9 +38,17 @@ Pod::Spec.new do |s| p.frameworks = "NetworkExtension" p.dependency "SwiftyBeaver" + p.dependency "TunnelKit/Core" end s.subspec "Protocols" do |t| + t.subspec "Native" do |p| + p.source_files = "TunnelKit/Sources/Protocols/Native/**/*.swift" + p.pod_target_xcconfig = { "SWIFT_INCLUDE_PATHS" => "${PODS_TARGET_SRCROOT}/TunnelKit/Sources/Protocols/Native" } + + p.dependency "TunnelKit/Manager" + end + t.subspec "OpenVPN" do |p| p.source_files = "TunnelKit/Sources/Protocols/OpenVPN/**/*.{h,m,swift}" p.private_header_files = "TunnelKit/Sources/Protocols/OpenVPN/**/*.h" @@ -50,7 +58,6 @@ Pod::Spec.new do |s| "APPLICATION_EXTENSION_API_ONLY" => "YES" } p.dependency "OpenSSL-Apple", "~> 1.1.1l.11" - p.dependency "TunnelKit/Core" p.dependency "TunnelKit/AppExtension" p.dependency "TunnelKit/Manager" end diff --git a/TunnelKit.xcodeproj/project.pbxproj b/TunnelKit.xcodeproj/project.pbxproj index c8dc71b..ebebfc8 100644 --- a/TunnelKit.xcodeproj/project.pbxproj +++ b/TunnelKit.xcodeproj/project.pbxproj @@ -214,6 +214,8 @@ 0ECAF84B246697DA00D8266A /* TunnelKit.framework in Embed Frameworks */ = {isa = PBXBuildFile; fileRef = 0E17D7F91F730D9F009EE129 /* TunnelKit.framework */; settings = {ATTRIBUTES = (CodeSignOnCopy, RemoveHeadersOnCopy, ); }; }; 0ECC60D82254981A0020BEAC /* ConfigurationError.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0ECC60D72254981A0020BEAC /* ConfigurationError.swift */; }; 0ECC60D92254981A0020BEAC /* ConfigurationError.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0ECC60D72254981A0020BEAC /* ConfigurationError.swift */; }; + 0ECCEA7F2622F2F00007DA28 /* NativeProvider.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0ECCEA7E2622F2F00007DA28 /* NativeProvider.swift */; }; + 0ECCEA802622F2F00007DA28 /* NativeProvider.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0ECCEA7E2622F2F00007DA28 /* NativeProvider.swift */; }; 0ECEB1152252C8E900E9E551 /* tunnelbear.enc.8.ovpn in Resources */ = {isa = PBXBuildFile; fileRef = 0ECEB1132252C8E900E9E551 /* tunnelbear.enc.8.ovpn */; }; 0ECEB1162252C8E900E9E551 /* tunnelbear.enc.8.ovpn in Resources */ = {isa = PBXBuildFile; fileRef = 0ECEB1132252C8E900E9E551 /* tunnelbear.enc.8.ovpn */; }; 0ECEB1172252C8E900E9E551 /* tunnelbear.enc.8.key in Resources */ = {isa = PBXBuildFile; fileRef = 0ECEB1142252C8E900E9E551 /* tunnelbear.enc.8.key */; }; @@ -591,6 +593,7 @@ 0EAC57362494277A00D0FCE0 /* VPN.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = VPN.swift; sourceTree = ""; }; 0EB03E0E2290CF52006D03A0 /* module.modulemap */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = "sourcecode.module-map"; path = module.modulemap; sourceTree = ""; }; 0ECC60D72254981A0020BEAC /* ConfigurationError.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ConfigurationError.swift; sourceTree = ""; }; + 0ECCEA7E2622F2F00007DA28 /* NativeProvider.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = NativeProvider.swift; sourceTree = ""; }; 0ECEB1132252C8E900E9E551 /* tunnelbear.enc.8.ovpn */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = tunnelbear.enc.8.ovpn; sourceTree = ""; }; 0ECEB1142252C8E900E9E551 /* tunnelbear.enc.8.key */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = tunnelbear.enc.8.key; sourceTree = ""; }; 0ECEB11A2252CDAD00E9E551 /* tunnelbear.crt */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = tunnelbear.crt; sourceTree = ""; }; @@ -938,6 +941,7 @@ 0E23B3E022982AF800304C30 /* Protocols */ = { isa = PBXGroup; children = ( + 0ECCEA7D2622F2D30007DA28 /* Native */, 0E23B3E122982AF800304C30 /* OpenVPN */, ); path = Protocols; @@ -1057,6 +1061,14 @@ path = Manager; sourceTree = ""; }; + 0ECCEA7D2622F2D30007DA28 /* Native */ = { + isa = PBXGroup; + children = ( + 0ECCEA7E2622F2F00007DA28 /* NativeProvider.swift */, + ); + path = Native; + sourceTree = ""; + }; 0EE2F9DD22918DA100F56F49 /* AppExtension */ = { isa = PBXGroup; children = ( @@ -2056,6 +2068,7 @@ 0E23B48522982AF800304C30 /* ReplayProtector.m in Sources */, 0E7F3F6A246ABA0F006BE77F /* IPHeader.swift in Sources */, 0E23B44122982AF800304C30 /* OpenVPNSession+PIA.swift in Sources */, + 0ECCEA7F2622F2F00007DA28 /* NativeProvider.swift in Sources */, 0E23B42D22982AF800304C30 /* ControlChannelSerializer.swift in Sources */, 0EE2F9F622918DA100F56F49 /* NEUDPSocket.swift in Sources */, 0E94E8EA25BACEBD0040BC30 /* DNSProtocol.swift in Sources */, @@ -2150,6 +2163,7 @@ 0E23B48622982AF800304C30 /* ReplayProtector.m in Sources */, 0E7F3F6B246ABA0F006BE77F /* IPHeader.swift in Sources */, 0E23B44222982AF800304C30 /* OpenVPNSession+PIA.swift in Sources */, + 0ECCEA802622F2F00007DA28 /* NativeProvider.swift in Sources */, 0E23B42E22982AF800304C30 /* ControlChannelSerializer.swift in Sources */, 0EE2F9F722918DA100F56F49 /* NEUDPSocket.swift in Sources */, 0E94E8EB25BACEBD0040BC30 /* DNSProtocol.swift in Sources */,