Commit Graph

77 Commits

Author SHA1 Message Date
Davide De Rosa 119d2f02e4 Add OpenVPN dataCiphers field 2021-01-08 19:26:20 +01:00
Davide De Rosa 80d99cab6c Refactor legacy parsing of provider configuration
Leverage Codable implementation of OpenVPN*.Configuration
2021-01-03 10:47:06 +01:00
Davide De Rosa e923382c81 Default to unspecified MTU
Hardcode control channel packets to 1000 bytes.
2020-12-28 16:04:15 +01:00
Davide De Rosa 1966143fe9 Parse MTU from --tun-mtu 2020-12-28 13:07:19 +01:00
Davide De Rosa 6cb04da05d Add MTU to OpenVPN layer 2020-12-28 13:02:09 +01:00
Davide De Rosa e3ce38e47e Remove MTU from AppExtension layer 2020-12-27 22:51:58 +01:00
Davide De Rosa ba3ead13a3 Update copyright 2020-12-27 17:29:39 +01:00
Davide De Rosa 663cab34c9 Centralize reconnection delay 2020-12-20 19:43:23 +01:00
Davide De Rosa 304d0215b6 Use keychain service as item context
Primary key = (context, username)
2020-12-20 10:57:06 +01:00
Davide De Rosa 6b8d88fef5 Consider last appearing DOMAIN option 2020-12-15 13:59:06 +01:00
Davide De Rosa 7535458339 Parse domain option 2020-12-11 17:09:15 +01:00
Davide De Rosa 44844cfd9c Update API to access current Wi-Fi SSID 2020-11-21 19:10:58 +01:00
Davide De Rosa e098117bf1 Drop StandardVPNProvider class name
Had only renamed file, not class.

See 945bb1b9b7
2020-11-15 22:09:02 +01:00
Davide De Rosa 945bb1b9b7 Fix context of StandardVPNProvider
Not generic, rather an OpenVPN implementation.

- Move to OpenVPN subspec
- Rename to OpenVPNProvider
- Depend OpenVPN on Manager
2020-11-15 21:12:53 +01:00
Kirill Pahnev 014f8aabbd Make IV_UI_VER flag overridable 2020-06-29 16:31:20 +03:00
Kirill Pahnev d3caa5c4ad Set IV_PLAT based on current OS 2020-06-29 13:00:17 +03:00
Davide De Rosa a232af1100 Redefine generic Session.serverConfiguration()
For reuse in Session implementations.
2020-06-13 13:32:21 +02:00
Davide De Rosa 6c3e667f80 Add a few missing nodoc 2020-06-13 13:31:15 +02:00
Davide De Rosa 74ed3cb4cd Move some initialization after logging configuration
Logging and masking were not configured at Credentials and
ConnectionStrategy initialization time, hence the missing log
entries from e.g. ConnectionStrategy.init().
2020-06-11 16:37:20 +02:00
Davide De Rosa 1ff936895f Improve logging of ConnectionStrategy 2020-06-11 16:22:45 +02:00
Davide De Rosa 7a278dba69 Fix nullability of partitioned route 2020-05-23 17:07:59 +02:00
Davide De Rosa 17cb2601be Fix unused result warning 2020-05-23 17:05:46 +02:00
Davide De Rosa 9095ea250e
Address concerns from Guido Vranken fuzzers (#141)
* 002: Assert return value of snprintf/getnameinfo

* 003: Address OOB reads on decrypted data

* 004: Handle boundary prefixes in .partitioned()

* 005: Fix OOB read in matchesDestination()

* 006: Fix parsing in netname6()

* 007: Fix incorrect use of sizeof()

* 008: Add safety checks in MSSFix()

* 009: Fix bad usage of minilzo calls

* Add checks after RoutingTableEntryAddress4/6
2020-05-16 15:10:07 +02:00
Davide De Rosa 5285ba7aa8 Set reasserting to false if canRebindLink()
Code is currently disabled (canRebindLink() is hardcoded to false),
still it's good to stay consistent with semantics of
reasserting = false, i.e. "connection has become active again".
2020-05-09 15:01:11 +02:00
Davide De Rosa 9b82d7f9ec Evaluate reconnection without touching reasserting
Use a different variable to signal an upcoming reconnection. Make
sure that reasserting is never set to false with the meaning of
"do not reconnect", because doing so would trigger a transient
"connected" state in the VPN.

Reverts use of cancelTunnelWithError() in sessionDidStop.
2020-05-09 12:09:03 +02:00
Davide De Rosa 93c24a96cf Refactor with an error parameter in sessionDidStop
Both versions prevent clients from compiling, but this version
impacts less on existing codebase.
2020-05-09 12:09:03 +02:00
Robert Patchett 1cd00f9459 Call cancelTunnelWithError(_:) if a connection fails and won't be retried 2020-05-09 12:09:03 +02:00
Jose Blaya c22bfb3edd Set MTU value in Tunnel settings 2020-05-09 01:09:20 +02:00
Jaroslav_ 1ceeb8ddbb
SAN host check (#168)
* Check if host is present in certificates SAN list

* Save .tlsServerHost error as .tlsServerVerification into last error

Co-authored-by: Davide De Rosa <keeshux@gmail.com>
2020-05-09 00:02:16 +02:00
Roopesh Chander 753927f36b Fix how NETunnelInterface handles IP protocol number
The IP protocol number passed to NEPacketTunnelFlow is determined per
packet based on the IP header, instead of determining it based on
whether IPv6 settings are available or not.
2020-05-06 09:37:24 +05:30
Davide De Rosa 4bdf6b7006 Redefine endpoint strategy according to IPv4/6 2020-04-14 22:57:23 +02:00
Davide De Rosa 6f235e9ea2 Handle IPv4/IPv6 variants in SocketType 2020-04-14 21:54:21 +02:00
Johan Kool ffe7fc0a0a Continue instead of early return on unknown key id 2020-04-10 13:35:12 +02:00
Davide De Rosa a02857fdb9 Drop unused variable 2020-04-05 17:16:55 +02:00
Davide De Rosa 311015950e Shut down on server "RESTART" control message
Fixes #131
2020-02-29 19:23:26 +01:00
Davide De Rosa f6d915e6dd Reset rather than nil out Authenticator
For reuse in control channel.
2020-02-29 19:11:15 +01:00
Davide De Rosa a7aa78141e Update copyright clause 2020-01-11 09:26:41 +01:00
Davide De Rosa e3241f4f4d Fix potential OOB during negotiation
Reported by @Grivus with SoftEther.

Closes #143
2019-12-22 16:31:57 +01:00
Davide De Rosa 2c8c2d20f8 Add comment about read failure not shutting down 2019-12-12 20:37:10 +01:00
Davide De Rosa 63aa4b42d7 Use .utility QoS for tunnel queue
Fixes #138
2019-12-12 18:34:24 +01:00
Davide De Rosa 88a1bdac06 Schedule ping block even just for timeout check
In case keepAliveInterval is not set.
2019-12-12 18:34:20 +01:00
Davide De Rosa e6f2f3e85a Send pings at regular schedules
Also fixes coalescing schedules.
2019-12-12 18:34:20 +01:00
Davide De Rosa 2687dcf36e Debug wake/sleep signals 2019-12-12 15:05:21 +01:00
Davide De Rosa 8ae92d29db Log details about ping schedule 2019-12-12 14:00:43 +01:00
Davide De Rosa 5b0df2eada Allow customization of debug log level 2019-12-12 09:42:48 +01:00
Davide De Rosa 0f2bf8cf48 Fix non-existing variable in log 2019-12-12 09:34:08 +01:00
Davide De Rosa 90c118a3d0 Warn about discarded received packets 2019-12-12 09:32:34 +01:00
Davide De Rosa 66ae7973ae Discard data with missing key, do not shut down
Probably more resilient to DoS.
2019-12-07 09:43:47 +01:00
Davide De Rosa 8c4b0db301 Debug "reasserting" updates 2019-12-07 09:43:47 +01:00
Davide De Rosa 13027b8932 Only require --ca and --cipher from clients
Not in a PUSH_REPLY, for example.
2019-11-20 19:48:40 +01:00