66ae7973ae
Discard data with missing key, do not shut down
...
Probably more resilient to DoS.
2019-12-07 09:43:47 +01:00
8c4b0db301
Debug "reasserting" updates
2019-12-07 09:43:47 +01:00
13027b8932
Only require --ca and --cipher from clients
...
Not in a PUSH_REPLY, for example.
2019-11-20 19:48:40 +01:00
b1c11e3e56
Make --ca and --cipher non-optional in .ovpn
...
Dodge those annoying scenarios where server cipher is not set
and defaults to BF-CBC, whereas default TunnelKit cipher
is AES-128-CBC. And data channel stalls.
2019-11-20 01:07:39 +01:00
4ced1c499d
Use modern structure for notifications
2019-11-02 11:32:16 +01:00
3a38b0da15
Log effective search domains
2019-10-25 19:08:44 +02:00
4e77f5b6b3
Parse multiple "dhcp-option DOMAIN" lines
2019-10-25 17:21:44 +02:00
645f65ccd0
Adjust Configuration.searchDomain to searchDomains
...
XXX: "breaks" search domains in existing VPN profiles. Reinstall
to fix.
2019-10-25 17:17:48 +02:00
495944297c
Merge pull request #126 from ThinkChaos/fix_pac_logging
...
Fix logging for Proxy Auto-Configuration (PAC)
2019-10-23 13:07:03 +02:00
e5a7a09b7f
Parse PAC from provider configuration
...
Not propagated to AppExtension.
2019-10-23 13:02:29 +02:00
dcac7cb2d4
Fix hidden IPv4Settings fields
2019-10-23 10:55:37 +02:00
7608ae2e3c
Expose server configuration via provider message
2019-10-23 10:27:51 +02:00
907bbe20ae
Fix logging for Proxy Auto-Configuration (PAC)
2019-10-23 01:08:39 +02:00
7d0cba8df8
Merge pull request #125 from ThinkChaos/proxy_auto_conf
...
Add Proxy Auto-Configuration (PAC) support
2019-10-22 21:55:29 +02:00
26d7b9fe0f
Address review comments
2019-10-22 21:03:25 +02:00
98b9d71eb3
Assume VPN gateway when route gw is "vpn_gateway"
2019-10-22 13:53:36 +02:00
eb09493882
Merge pull request #122 from rob-patchett/ping-timeout
...
Allow keep-alive timeout to be configured by the server or client
2019-10-22 10:51:27 +02:00
87cb448d12
Fix comment typo
2019-10-22 10:43:57 +02:00
c6cb5a646a
Add Proxy Auto-Configuration (PAC) support
2019-10-21 21:47:45 +02:00
bdf34f8882
Set tunnel provider's reasserting to false after the system starts using the tunnel
2019-10-17 14:23:16 +02:00
55f7e64f19
Allow keep alive timeout to be configured by the server or client
2019-09-30 11:54:29 -07:00
d22f40f7e9
Fix potential OOB in memcmp()
2019-09-17 23:41:35 +02:00
d815f5222f
Change var to let
...
Xcode no more signals wrong side-effect in withUnsafeBytes.
2019-09-17 16:09:09 +02:00
e0ab2a1ddb
Disconnect if HARD_RESET received while SOFT_RESET
...
Bad condition for .staleSession
Fixes #120
See 0f2234f1d1
2019-09-03 00:27:54 +02:00
de21adfef6
Beware of execution queue in write callbacks
...
self.link was not checked against in tunnel queue.
2019-08-23 09:15:59 +02:00
6b281711c7
Ignore errors from outdated link writes
...
Prevents async delegation after cleanup.
2019-08-23 09:15:57 +02:00
a4333eaafe
Revert ENOBUFS mitigation, do disconnect instead
...
Reverts #87 "fix"
2019-07-26 21:14:57 +02:00
aefeb252b3
Do not defer stop more than once
...
May cause multiple delegation and queue deadlock when a
reconnection is scheduled to trigger.
Fixes #106
2019-07-09 14:09:02 +02:00
2c56a8ea95
Send PUSH_REQUEST immediately after auth
...
First call would always fail otherwise.
2019-07-09 12:40:10 +02:00
40139cbef0
Replace key flag with session-wide isRenegotiating
...
Prevent new if one in progress.
Fixes #105
2019-07-09 12:17:12 +02:00
0f2234f1d1
Assume stale session if server sends HARD_RESET
...
When unsolicited.
2019-07-09 11:42:12 +02:00
1dcf4d7745
Shut down abruptly to work around macOS bug
...
Fixes #111
2019-07-07 23:36:06 +02:00
b04f7f20d4
Log info about DNS servers in use
2019-07-03 19:04:53 +02:00
eb56a9a56c
Optimize [Data].flatCount
2019-06-05 14:14:15 +02:00
2ddf712176
Update jazzy YAML
2019-05-24 16:04:19 +02:00
be1081aad6
Nest subspecs by purpose
...
- Protocols
- Extra
2019-05-24 16:02:59 +02:00
21eee24e7c
Add missing documentation
2019-05-24 16:02:06 +02:00
72ce14b676
Make AppExtension entities public
2019-05-24 16:02:06 +02:00
3edd00b2da
Drop deprecated endpointProtocols
2019-05-24 10:59:20 +02:00
185f0707cf
Move OpenVPN configuration part on top
2019-05-24 10:59:20 +02:00
1f8c51c126
Parse OpenVPN.Configuration from defaults
2019-05-24 10:59:20 +02:00
5561c7adc6
Group OpenVPN.Configuration funcs into extension
...
- with (creation)
- store (convert to dict)
- print (log)
2019-05-24 10:54:25 +02:00
a85404e951
Rename provider class to OpenVPNTunnelProvider
2019-05-24 10:41:30 +02:00
9445b825d0
Make AppExtension generic
...
- Make AppExtension a standalone util subspec
- Move OpenVPN tunnel provider to OpenVPN subspec
- Move Utils to Core subspec
- Depend OpenVPN on Core + AppExtension
2019-05-24 10:41:26 +02:00
b6da3f2d13
Rename proxy to session
...
According to SessionProxy -> OpenVPNSession.
2019-05-19 15:56:44 +02:00
8be0f14aa9
Move PRNG initialization to namespace level
2019-05-19 15:52:55 +02:00
d057e9645b
Restore AppExtension with recent changes
2019-05-19 15:50:12 +02:00
6ebf025859
Take Session protocol out of OpenVPNSession
...
Fix some doc.
2019-05-19 15:08:43 +02:00
313d076ddf
Move Error extension to Core
2019-05-19 14:34:27 +02:00
c4a84a5ade
Prefix top-level entities with OpenVPN*
2019-05-19 14:34:23 +02:00
9c7ae47679
Make SessionProxy* top level
...
Drop redundant SessionReply.
2019-05-19 14:17:18 +02:00
465e08e42f
Wrap OpenVPN entities in pseudonamespace
...
Temporarily exclude AppExtension and tests.
2019-05-19 14:05:02 +02:00
50d492096f
Move a few generic entities to Core
...
- IPv4Settings
- IPv6Settings
- Proxy
- EndpointProtocol (Codable)
2019-05-19 12:40:20 +02:00
930f05c984
Move OpenVPN timeouts out of Core
2019-05-19 12:39:51 +02:00
5b81aa6a78
Drop "Box" from error codes
2019-05-19 12:22:32 +02:00
9da7fa9667
Split Core into Core+OpenVPN
...
Two Obj-C modules:
- __TunnelKitCore
- __TunnelKitOpenVPN
Seems the only way to do it in multiple module maps.
Move OpenVPN specifics out of CoreConfiguration.
2019-05-19 12:22:32 +02:00
491092f2a3
Drop extra header lines
2019-05-19 12:21:44 +02:00
21b67fd9ff
Make CoreConfiguration a class for bundle lookup
2019-05-19 11:36:26 +02:00
470c50b037
Return just <masked> when masked description
...
Why bother with useless hashes?
2019-05-19 11:36:26 +02:00
d19e029131
Use guard
2019-05-19 11:36:26 +02:00
713a46d817
Update GitHub URL
...
Move to passepartoutvpn org.
2019-05-14 10:58:47 +02:00
7cbcfcd264
Fix condition for SOFT_RESET
...
May receive multiple packets while handling in progress.
2019-05-13 12:15:44 +02:00
d06b2e1928
Shut down if no default gateway
2019-05-11 17:40:46 +02:00
5ce49953a0
Assume empty policies to override server settings
...
Empty != nil. When nil, pull from server.
2019-05-11 16:33:49 +02:00
43c70b2673
Refine logging of some configuration
...
Log about routing entries.
2019-05-11 14:54:25 +02:00
ff0dfc450c
Get TLS security level via AppExtension
...
Improves #97
2019-05-08 16:16:30 +02:00
3a136bdce9
Make TLS security level an option
...
Default level by default.
2019-05-08 16:10:35 +02:00
82f0431303
Take optional securityLevel field in TLSBox
2019-05-08 15:54:05 +02:00
97f178cdac
Tolerate weak certificates
...
Lower SSL security level.
Fixes #97
2019-05-05 17:51:24 +02:00
273007cc59
Copy route.h from macOS
...
Missing on iOS.
2019-05-03 15:14:25 +02:00
a693075e90
Block LAN when redirect-gateway block-local
...
Fixes #81
2019-05-03 15:14:25 +02:00
13cae06a49
Add method to partition a subnet
2019-05-03 15:14:25 +02:00
03a1eb2203
Return IPv4 network mask for a route
2019-05-03 15:14:25 +02:00
4295e63c98
Read relevant routing table
2019-05-03 15:14:25 +02:00
d44d08c95e
Retain self weakly for shutdown on timeout
2019-05-02 13:13:43 +02:00
1430241b0c
Do not fake BF-CBC, pleae
2019-05-01 23:18:54 +02:00
037f08ed62
Retry auth once without local options
...
Hack around picky server implementations.
Fixes #95
2019-05-01 11:14:52 +02:00
14b7f08fb5
Use strict ordering in local options
...
And add TLS wrapping.
2019-05-01 11:14:38 +02:00
7389d72f1f
Fix mutable SessionProxy.Configuration
2019-05-01 11:14:38 +02:00
f799f47c25
Add direct routes to DNS servers
...
If VPN is not default gateway.
Further fix of #94
2019-04-28 15:51:16 +02:00
0b72a30cdd
Add full set of CloudFlare DNS servers
2019-04-28 10:56:39 +02:00
ebabf02eb5
Fix DNS in VPN when not default gateway
...
Awful API requires .matchDomains = [""]
Fixes #94
2019-04-28 10:39:55 +02:00
b331e3cfe6
Mask fallback DNS servers
...
Comment about fallback DNS being public
2019-04-28 10:39:25 +02:00
7978398e1e
Fix logging of routing policies
2019-04-27 22:55:20 +02:00
0ee39c8fb0
Extend handling of redirect-gateway flags
...
- def1 (IPv4)
- ipv6 (IPv6)
- !ipv4 (IPv6 only)
2019-04-27 22:55:20 +02:00
155bd5f1e7
Revert def1 trick
...
Not needed, routes are not persistent.
Revert 7d26323d3f
2019-04-27 22:55:19 +02:00
7d26323d3f
Use OpenVPN trick to retain default gateway
...
Override default gateway with 2 split routes.
- IPv4: 0.0.0.0/1, 128.0.0.0/1
- IPv6: 2000::/4, 3000::/4
2019-04-27 22:29:51 +02:00
3505f68b04
Revert DNS merge
...
Revert 1d3660459e
2019-04-27 18:25:08 +02:00
a48bcc7261
Decrypt generic EVP private key
...
Why PKCS#8?
2019-04-27 10:54:32 +02:00
e0c06ece18
Drop extra EVP_PKEY_free call
2019-04-27 10:44:08 +02:00
6fb409b112
Drop UDP packets on no buffer space available
...
Tolerate only on data channel. Control channel should never reach
high speeds.
Fixes #87
2019-04-25 17:29:10 +02:00
b8cd969a1a
Fall back to configurable preset DNS servers
...
Default to CloudFlare 1.1.1.1
Hard time making it work with system DNS servers. Retry later.
2019-04-25 17:18:28 +02:00
31d9019f1a
Read system-wide DNS servers
...
Add libresolv to podspec.
2019-04-25 16:36:16 +02:00
1d3660459e
Merge local and remote DNS servers
...
- Local first
- Remote last
2019-04-25 16:18:54 +02:00
82394e0433
Skip DNS settings if no servers are provided
2019-04-25 16:18:54 +02:00
4ce2d78c5a
Adjust log of routing policies
...
Consistent with print configuration.
2019-04-25 16:18:52 +02:00
1b0c9979ce
Log "default" DNS when servers are empty
2019-04-25 16:09:04 +02:00
3f37489c13
Handle pushed routing policies
2019-04-25 16:02:19 +02:00
7382616e8b
Parse routing policies for TunnelKitProvider
2019-04-25 14:39:47 +02:00
f9f642b64e
Set as default gateway based on routing policies
...
Also fix IPv6 routes not properly set.
2019-04-25 14:39:40 +02:00
Davide De Rosa
ThinkChaos
Robert Patchett