From ac9ce0dba2ab3829f4d069042d86a1a8e1705b90 Mon Sep 17 00:00:00 2001 From: Davide De Rosa Date: Sat, 10 Nov 2018 10:24:05 +0100 Subject: [PATCH] Document support for .ovpn --- README.md | 26 +++++++++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index a80c933..23f2f68 100644 --- a/README.md +++ b/README.md @@ -11,7 +11,7 @@ This library provides a simplified Swift/Obj-C implementation of the OpenVPN® p ## Getting started -The client is known to work with [OpenVPN®][openvpn] 2.3+ servers. Key renegotiation and replay protection are also included, but full-fledged configuration files (.ovpn) are not currently supported. +The client is known to work with [OpenVPN®][openvpn] 2.3+ servers. - [x] Handshake and tunneling over UDP or TCP - [x] Ciphers @@ -32,10 +32,34 @@ The client is known to work with [OpenVPN®][openvpn] 2.3+ servers. Key renegoti - Disabled - Compress (2.4) - LZO (deprecated in 2.4) +- [x] Key renegotiation - [x] Replay protection (hardcoded window) The library therefore supports compression framing, just not compression. Remember to match server-side compression framing in order to avoid a confusing loss of data packets. E.g. if server has `comp-lzo no`, client must use `compressionFraming = .compLZO`. +### Support for .ovpn configuration + +TunnelKit can parse .ovpn configuration files. Below are a few limitations worth mentioning. + +Unsupported: + +- UDP fragmentation, i.e. `--fragment` +- Compression + - `--comp-lzo` other than `no` + - `--compress` other than empty +- Proxy +- External file references (inline `` only) +- Encrypted client certificate keys + +Ignored: + +- MTU overrides + - `--*-mtu` and variants + - `--mssfix` +- Multiple `--remote` with different `host` values (first wins) + +Many other flags are ignored too but it's normally not an issue. + ## Installation ### Requirements