parent
13cae06a49
commit
a693075e90
|
@ -648,6 +648,43 @@ extension TunnelKitProvider: SessionProxyDelegate {
|
||||||
// only set if there is a proxy (proxySettings set to non-nil above)
|
// only set if there is a proxy (proxySettings set to non-nil above)
|
||||||
proxySettings?.exceptionList = cfg.sessionConfiguration.proxyBypassDomains ?? reply.options.proxyBypassDomains
|
proxySettings?.exceptionList = cfg.sessionConfiguration.proxyBypassDomains ?? reply.options.proxyBypassDomains
|
||||||
|
|
||||||
|
// block LAN if desired
|
||||||
|
if routingPolicies?.contains(.blockLocal) ?? false {
|
||||||
|
let table = RoutingTable()
|
||||||
|
if isIPv4Gateway,
|
||||||
|
let gateway = table.defaultGateway4()?.gateway(),
|
||||||
|
let route = table.broadestRoute4(matchingDestination: gateway) {
|
||||||
|
|
||||||
|
route.partitioned().forEach {
|
||||||
|
let destination = $0.network()
|
||||||
|
guard let netmask = $0.networkMask() else {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
log.info("Block local: Suppressing IPv4 route \(destination)/\($0.prefix())")
|
||||||
|
|
||||||
|
let included = NEIPv4Route(destinationAddress: destination, subnetMask: netmask)
|
||||||
|
included.gatewayAddress = reply.options.ipv4?.defaultGateway
|
||||||
|
ipv4Settings?.includedRoutes?.append(included)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if isIPv6Gateway,
|
||||||
|
let gateway = table.defaultGateway6()?.gateway(),
|
||||||
|
let route = table.broadestRoute6(matchingDestination: gateway) {
|
||||||
|
|
||||||
|
route.partitioned().forEach {
|
||||||
|
let destination = $0.network()
|
||||||
|
let prefix = $0.prefix()
|
||||||
|
|
||||||
|
log.info("Block local: Suppressing IPv6 route \(destination)/\($0.prefix())")
|
||||||
|
|
||||||
|
let included = NEIPv6Route(destinationAddress: destination, networkPrefixLength: prefix as NSNumber)
|
||||||
|
included.gatewayAddress = reply.options.ipv6?.defaultGateway
|
||||||
|
ipv6Settings?.includedRoutes?.append(included)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
let newSettings = NEPacketTunnelNetworkSettings(tunnelRemoteAddress: remoteAddress)
|
let newSettings = NEPacketTunnelNetworkSettings(tunnelRemoteAddress: remoteAddress)
|
||||||
newSettings.ipv4Settings = ipv4Settings
|
newSettings.ipv4Settings = ipv4Settings
|
||||||
newSettings.ipv6Settings = ipv6Settings
|
newSettings.ipv6Settings = ipv6Settings
|
||||||
|
|
|
@ -723,6 +723,9 @@ public class ConfigurationParser {
|
||||||
|
|
||||||
case .ipv6:
|
case .ipv6:
|
||||||
policies.insert(.IPv6)
|
policies.insert(.IPv6)
|
||||||
|
|
||||||
|
case .blockLocal:
|
||||||
|
policies.insert(.blockLocal)
|
||||||
|
|
||||||
default:
|
default:
|
||||||
// TODO: handle [auto]local and block-*
|
// TODO: handle [auto]local and block-*
|
||||||
|
|
|
@ -154,6 +154,9 @@ extension SessionProxy {
|
||||||
|
|
||||||
/// All IPv6 traffic goes through the VPN.
|
/// All IPv6 traffic goes through the VPN.
|
||||||
case IPv6
|
case IPv6
|
||||||
|
|
||||||
|
/// Block LAN while connected.
|
||||||
|
case blockLocal
|
||||||
}
|
}
|
||||||
|
|
||||||
/// :nodoc:
|
/// :nodoc:
|
||||||
|
|
Loading…
Reference in New Issue