Davide De Rosa
0a1f33823a
Return error in install completion handler
...
Fixes #206
2021-07-02 11:23:58 +02:00
Davide De Rosa
7f84d8338c
Upgrade Xcode project
2021-06-26 11:00:24 +02:00
Roopesh Chander
d8ed0c7d41
Cleanup cached PEMs at the end of a Session
2021-03-01 13:11:51 +05:30
Davide De Rosa
1620fb0f99
Merge pull request #201 from passepartoutvpn/reference-passwords-in-app-group
...
Keychain: Use app group when dereferencing a password reference
2021-02-11 22:44:50 +01:00
Davide De Rosa
3ba63e9a88
Extend peer info with IV_PLAT_VER
...
Will then make them conditional based on --push-peer-info
See #202
2021-02-11 22:23:47 +01:00
Roopesh Chander
2b3eb5412c
Keychain: Use app group when dereferencing a password reference
...
Co-authored-by: Davide De Rosa <keeshux@gmail.com>
Better retain access group every time keychain is written to or
read from, there is no good reason to omit it. Requires Keychain
method to be reverted to non-static.
Partially revert 4490f0c116
, based
on wrong assumptions about password references.
2021-02-11 13:44:00 +01:00
Davide De Rosa
1343fa592f
Log time intervals better
2021-01-27 02:15:18 +01:00
Davide De Rosa
4490f0c116
Pick tunnel password reference from existing item
...
Assume that credentials already exist elsewhere for reuse as
password reference. Avoids a redundant keychain entry.
2021-01-27 01:28:27 +01:00
Jose Blaya
4b3f3dee5f
Check if cfg.sessionConfiguration.dnsServers is empty ( #198 )
2021-01-26 16:31:57 +01:00
Davide De Rosa
790ec276db
Restrain DNS servers according to protocol
...
- Cleartext: pick any available
- HTTPS/TLS: only pick local servers, secure DNS may NEVER come
from VPN server
Require for TLS, not for HTTPS (not even sure about their need).
2021-01-26 11:20:01 +01:00
Davide De Rosa
3abb7cbccc
Fix up misleading log from condition in latest commit
2021-01-26 10:59:37 +01:00
Davide De Rosa
0f097d50af
Fall back to network settings when no DNS servers
...
Rather than forcing CloudFlare (by default).
Fixes #197
2021-01-26 10:18:04 +01:00
Davide De Rosa
fd9d34b49c
Print description of new DNS settings
2021-01-22 21:14:38 +01:00
Davide De Rosa
dd81ad7a99
Pick proper DNS settings according to protocol
2021-01-22 21:14:38 +01:00
Davide De Rosa
3c92e18c0e
Add DNSProtocol
2021-01-22 21:14:38 +01:00
Davide De Rosa
e388842d37
Add fallback compression algorithm
...
Disabled.
2021-01-13 08:10:33 +01:00
Davide De Rosa
c15d6f521a
Parse dataCiphersFallback as last resort
...
Prioritize over deprecate cipher.
2021-01-08 19:50:28 +01:00
Davide De Rosa
7ea088e4a1
Make peerInfo dynamic to add IV_CIPHERS
...
Fixes #193
2021-01-08 19:41:16 +01:00
Davide De Rosa
119d2f02e4
Add OpenVPN dataCiphers field
2021-01-08 19:26:20 +01:00
Davide De Rosa
80d99cab6c
Refactor legacy parsing of provider configuration
...
Leverage Codable implementation of OpenVPN*.Configuration
2021-01-03 10:47:06 +01:00
Davide De Rosa
e923382c81
Default to unspecified MTU
...
Hardcode control channel packets to 1000 bytes.
2020-12-28 16:04:15 +01:00
Davide De Rosa
1966143fe9
Parse MTU from --tun-mtu
2020-12-28 13:07:19 +01:00
Davide De Rosa
6cb04da05d
Add MTU to OpenVPN layer
2020-12-28 13:02:09 +01:00
Davide De Rosa
e3ce38e47e
Remove MTU from AppExtension layer
2020-12-27 22:51:58 +01:00
Davide De Rosa
ba3ead13a3
Update copyright
2020-12-27 17:29:39 +01:00
Davide De Rosa
663cab34c9
Centralize reconnection delay
2020-12-20 19:43:23 +01:00
Davide De Rosa
304d0215b6
Use keychain service as item context
...
Primary key = (context, username)
2020-12-20 10:57:06 +01:00
Davide De Rosa
6b8d88fef5
Consider last appearing DOMAIN option
2020-12-15 13:59:06 +01:00
Davide De Rosa
7535458339
Parse domain option
2020-12-11 17:09:15 +01:00
Davide De Rosa
44844cfd9c
Update API to access current Wi-Fi SSID
2020-11-21 19:10:58 +01:00
Davide De Rosa
e098117bf1
Drop StandardVPNProvider class name
...
Had only renamed file, not class.
See 945bb1b9b7
2020-11-15 22:09:02 +01:00
Davide De Rosa
945bb1b9b7
Fix context of StandardVPNProvider
...
Not generic, rather an OpenVPN implementation.
- Move to OpenVPN subspec
- Rename to OpenVPNProvider
- Depend OpenVPN on Manager
2020-11-15 21:12:53 +01:00
Kirill Pahnev
014f8aabbd
Make IV_UI_VER flag overridable
2020-06-29 16:31:20 +03:00
Kirill Pahnev
d3caa5c4ad
Set IV_PLAT based on current OS
2020-06-29 13:00:17 +03:00
Davide De Rosa
a232af1100
Redefine generic Session.serverConfiguration()
...
For reuse in Session implementations.
2020-06-13 13:32:21 +02:00
Davide De Rosa
6c3e667f80
Add a few missing nodoc
2020-06-13 13:31:15 +02:00
Davide De Rosa
74ed3cb4cd
Move some initialization after logging configuration
...
Logging and masking were not configured at Credentials and
ConnectionStrategy initialization time, hence the missing log
entries from e.g. ConnectionStrategy.init().
2020-06-11 16:37:20 +02:00
Davide De Rosa
1ff936895f
Improve logging of ConnectionStrategy
2020-06-11 16:22:45 +02:00
Davide De Rosa
7a278dba69
Fix nullability of partitioned route
2020-05-23 17:07:59 +02:00
Davide De Rosa
17cb2601be
Fix unused result warning
2020-05-23 17:05:46 +02:00
Davide De Rosa
9095ea250e
Address concerns from Guido Vranken fuzzers ( #141 )
...
* 002: Assert return value of snprintf/getnameinfo
* 003: Address OOB reads on decrypted data
* 004: Handle boundary prefixes in .partitioned()
* 005: Fix OOB read in matchesDestination()
* 006: Fix parsing in netname6()
* 007: Fix incorrect use of sizeof()
* 008: Add safety checks in MSSFix()
* 009: Fix bad usage of minilzo calls
* Add checks after RoutingTableEntryAddress4/6
2020-05-16 15:10:07 +02:00
Davide De Rosa
5285ba7aa8
Set reasserting to false if canRebindLink()
...
Code is currently disabled (canRebindLink() is hardcoded to false),
still it's good to stay consistent with semantics of
reasserting = false, i.e. "connection has become active again".
2020-05-09 15:01:11 +02:00
Davide De Rosa
9b82d7f9ec
Evaluate reconnection without touching reasserting
...
Use a different variable to signal an upcoming reconnection. Make
sure that reasserting is never set to false with the meaning of
"do not reconnect", because doing so would trigger a transient
"connected" state in the VPN.
Reverts use of cancelTunnelWithError() in sessionDidStop.
2020-05-09 12:09:03 +02:00
Davide De Rosa
93c24a96cf
Refactor with an error parameter in sessionDidStop
...
Both versions prevent clients from compiling, but this version
impacts less on existing codebase.
2020-05-09 12:09:03 +02:00
Robert Patchett
1cd00f9459
Call cancelTunnelWithError(_:) if a connection fails and won't be retried
2020-05-09 12:09:03 +02:00
Jose Blaya
c22bfb3edd
Set MTU value in Tunnel settings
2020-05-09 01:09:20 +02:00
Jaroslav_
1ceeb8ddbb
SAN host check ( #168 )
...
* Check if host is present in certificates SAN list
* Save .tlsServerHost error as .tlsServerVerification into last error
Co-authored-by: Davide De Rosa <keeshux@gmail.com>
2020-05-09 00:02:16 +02:00
Roopesh Chander
753927f36b
Fix how NETunnelInterface handles IP protocol number
...
The IP protocol number passed to NEPacketTunnelFlow is determined per
packet based on the IP header, instead of determining it based on
whether IPv6 settings are available or not.
2020-05-06 09:37:24 +05:30
Davide De Rosa
4bdf6b7006
Redefine endpoint strategy according to IPv4/6
2020-04-14 22:57:23 +02:00
Davide De Rosa
6f235e9ea2
Handle IPv4/IPv6 variants in SocketType
2020-04-14 21:54:21 +02:00