9b82d7f9ec
Evaluate reconnection without touching reasserting
...
Use a different variable to signal an upcoming reconnection. Make
sure that reasserting is never set to false with the meaning of
"do not reconnect", because doing so would trigger a transient
"connected" state in the VPN.
Reverts use of cancelTunnelWithError() in sessionDidStop.
2020-05-09 12:09:03 +02:00
93c24a96cf
Refactor with an error parameter in sessionDidStop
...
Both versions prevent clients from compiling, but this version
impacts less on existing codebase.
2020-05-09 12:09:03 +02:00
1cd00f9459
Call cancelTunnelWithError(_:) if a connection fails and won't be retried
2020-05-09 12:09:03 +02:00
c22bfb3edd
Set MTU value in Tunnel settings
2020-05-09 01:09:20 +02:00
1ceeb8ddbb
SAN host check ( #168 )
...
* Check if host is present in certificates SAN list
* Save .tlsServerHost error as .tlsServerVerification into last error
Co-authored-by: Davide De Rosa <keeshux@gmail.com>
2020-05-09 00:02:16 +02:00
753927f36b
Fix how NETunnelInterface handles IP protocol number
...
The IP protocol number passed to NEPacketTunnelFlow is determined per
packet based on the IP header, instead of determining it based on
whether IPv6 settings are available or not.
2020-05-06 09:37:24 +05:30
4bdf6b7006
Redefine endpoint strategy according to IPv4/6
2020-04-14 22:57:23 +02:00
6f235e9ea2
Handle IPv4/IPv6 variants in SocketType
2020-04-14 21:54:21 +02:00
ffe7fc0a0a
Continue instead of early return on unknown key id
2020-04-10 13:35:12 +02:00
a02857fdb9
Drop unused variable
2020-04-05 17:16:55 +02:00
311015950e
Shut down on server "RESTART" control message
...
Fixes #131
2020-02-29 19:23:26 +01:00
f6d915e6dd
Reset rather than nil out Authenticator
...
For reuse in control channel.
2020-02-29 19:11:15 +01:00
a7aa78141e
Update copyright clause
2020-01-11 09:26:41 +01:00
e3241f4f4d
Fix potential OOB during negotiation
...
Reported by @Grivus with SoftEther.
Closes #143
2019-12-22 16:31:57 +01:00
2c8c2d20f8
Add comment about read failure not shutting down
2019-12-12 20:37:10 +01:00
63aa4b42d7
Use .utility QoS for tunnel queue
...
Fixes #138
2019-12-12 18:34:24 +01:00
88a1bdac06
Schedule ping block even just for timeout check
...
In case keepAliveInterval is not set.
2019-12-12 18:34:20 +01:00
e6f2f3e85a
Send pings at regular schedules
...
Also fixes coalescing schedules.
2019-12-12 18:34:20 +01:00
2687dcf36e
Debug wake/sleep signals
2019-12-12 15:05:21 +01:00
8ae92d29db
Log details about ping schedule
2019-12-12 14:00:43 +01:00
5b0df2eada
Allow customization of debug log level
2019-12-12 09:42:48 +01:00
0f2bf8cf48
Fix non-existing variable in log
2019-12-12 09:34:08 +01:00
90c118a3d0
Warn about discarded received packets
2019-12-12 09:32:34 +01:00
66ae7973ae
Discard data with missing key, do not shut down
...
Probably more resilient to DoS.
2019-12-07 09:43:47 +01:00
8c4b0db301
Debug "reasserting" updates
2019-12-07 09:43:47 +01:00
13027b8932
Only require --ca and --cipher from clients
...
Not in a PUSH_REPLY, for example.
2019-11-20 19:48:40 +01:00
b1c11e3e56
Make --ca and --cipher non-optional in .ovpn
...
Dodge those annoying scenarios where server cipher is not set
and defaults to BF-CBC, whereas default TunnelKit cipher
is AES-128-CBC. And data channel stalls.
2019-11-20 01:07:39 +01:00
3a38b0da15
Log effective search domains
2019-10-25 19:08:44 +02:00
4e77f5b6b3
Parse multiple "dhcp-option DOMAIN" lines
2019-10-25 17:21:44 +02:00
645f65ccd0
Adjust Configuration.searchDomain to searchDomains
...
XXX: "breaks" search domains in existing VPN profiles. Reinstall
to fix.
2019-10-25 17:17:48 +02:00
495944297c
Merge pull request #126 from ThinkChaos/fix_pac_logging
...
Fix logging for Proxy Auto-Configuration (PAC)
2019-10-23 13:07:03 +02:00
e5a7a09b7f
Parse PAC from provider configuration
...
Not propagated to AppExtension.
2019-10-23 13:02:29 +02:00
7608ae2e3c
Expose server configuration via provider message
2019-10-23 10:27:51 +02:00
907bbe20ae
Fix logging for Proxy Auto-Configuration (PAC)
2019-10-23 01:08:39 +02:00
7d0cba8df8
Merge pull request #125 from ThinkChaos/proxy_auto_conf
...
Add Proxy Auto-Configuration (PAC) support
2019-10-22 21:55:29 +02:00
26d7b9fe0f
Address review comments
2019-10-22 21:03:25 +02:00
98b9d71eb3
Assume VPN gateway when route gw is "vpn_gateway"
2019-10-22 13:53:36 +02:00
eb09493882
Merge pull request #122 from rob-patchett/ping-timeout
...
Allow keep-alive timeout to be configured by the server or client
2019-10-22 10:51:27 +02:00
87cb448d12
Fix comment typo
2019-10-22 10:43:57 +02:00
c6cb5a646a
Add Proxy Auto-Configuration (PAC) support
2019-10-21 21:47:45 +02:00
bdf34f8882
Set tunnel provider's reasserting to false after the system starts using the tunnel
2019-10-17 14:23:16 +02:00
55f7e64f19
Allow keep alive timeout to be configured by the server or client
2019-09-30 11:54:29 -07:00
e0ab2a1ddb
Disconnect if HARD_RESET received while SOFT_RESET
...
Bad condition for .staleSession
Fixes #120
See 0f2234f1d1
2019-09-03 00:27:54 +02:00
de21adfef6
Beware of execution queue in write callbacks
...
self.link was not checked against in tunnel queue.
2019-08-23 09:15:59 +02:00
6b281711c7
Ignore errors from outdated link writes
...
Prevents async delegation after cleanup.
2019-08-23 09:15:57 +02:00
a4333eaafe
Revert ENOBUFS mitigation, do disconnect instead
...
Reverts #87 "fix"
2019-07-26 21:14:57 +02:00
aefeb252b3
Do not defer stop more than once
...
May cause multiple delegation and queue deadlock when a
reconnection is scheduled to trigger.
Fixes #106
2019-07-09 14:09:02 +02:00
2c56a8ea95
Send PUSH_REQUEST immediately after auth
...
First call would always fail otherwise.
2019-07-09 12:40:10 +02:00
40139cbef0
Replace key flag with session-wide isRenegotiating
...
Prevent new if one in progress.
Fixes #105
2019-07-09 12:17:12 +02:00
0f2234f1d1
Assume stale session if server sends HARD_RESET
...
When unsolicited.
2019-07-09 11:42:12 +02:00
Davide De Rosa
Robert Patchett
Jose Blaya
Jaroslav_
Roopesh Chander
Johan Kool
ThinkChaos