diff --git a/CHANGELOG.md b/CHANGELOG.md index 7fb1bae..b1311e6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,7 +9,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Added -- Handle `--data-ciphers` from OpenVPN 2.5 +- Handle `--data-ciphers` and `data-ciphers-fallback` from OpenVPN 2.5 ## 3.2.0 (2021-01-07) diff --git a/TunnelKit/Sources/Protocols/OpenVPN/ConfigurationParser.swift b/TunnelKit/Sources/Protocols/OpenVPN/ConfigurationParser.swift index 700db47..8c1895e 100644 --- a/TunnelKit/Sources/Protocols/OpenVPN/ConfigurationParser.swift +++ b/TunnelKit/Sources/Protocols/OpenVPN/ConfigurationParser.swift @@ -44,6 +44,8 @@ extension OpenVPN { static let dataCiphers = NSRegularExpression("^(data-ciphers|ncp-ciphers) +[^,\\s]+(:[^,\\s]+)*") + static let dataCiphersFallback = NSRegularExpression("^data-ciphers-fallback +[^,\\s]+") + static let auth = NSRegularExpression("^auth +[\\w\\-]+") static let compLZO = NSRegularExpression("^comp-lzo.*") @@ -202,6 +204,7 @@ extension OpenVPN { var currentBlock: [String] = [] var optDataCiphers: [Cipher]? + var optDataCiphersFallback: Cipher? var optCipher: Cipher? var optDigest: Digest? var optCompressionFraming: CompressionFraming? @@ -363,6 +366,13 @@ extension OpenVPN { optDataCiphers?.append(cipher) } } + Regex.dataCiphersFallback.enumerateArguments(in: line) { + isHandled = true + guard let rawValue = $0.first else { + return + } + optDataCiphersFallback = Cipher(rawValue: rawValue.uppercased()) + } Regex.auth.enumerateArguments(in: line) { isHandled = true guard let rawValue = $0.first else { @@ -635,7 +645,7 @@ extension OpenVPN { // MARK: General - sessionBuilder.cipher = optCipher + sessionBuilder.cipher = optDataCiphersFallback ?? optCipher sessionBuilder.dataCiphers = optDataCiphers sessionBuilder.digest = optDigest sessionBuilder.compressionFraming = optCompressionFraming