Davide De Rosa
0b72a30cdd
Add full set of CloudFlare DNS servers
2019-04-28 10:56:39 +02:00
Davide De Rosa
ebabf02eb5
Fix DNS in VPN when not default gateway
...
Awful API requires .matchDomains = [""]
Fixes #94
2019-04-28 10:39:55 +02:00
Davide De Rosa
b331e3cfe6
Mask fallback DNS servers
...
Comment about fallback DNS being public
2019-04-28 10:39:25 +02:00
Davide De Rosa
a4d6f94b7f
Merge branch 'extend-redirect-gateway-flags'
2019-04-27 23:06:46 +02:00
Davide De Rosa
7978398e1e
Fix logging of routing policies
2019-04-27 22:55:20 +02:00
Davide De Rosa
0ee39c8fb0
Extend handling of redirect-gateway flags
...
- def1 (IPv4)
- ipv6 (IPv6)
- !ipv4 (IPv6 only)
2019-04-27 22:55:20 +02:00
Davide De Rosa
155bd5f1e7
Revert def1 trick
...
Not needed, routes are not persistent.
Revert 7d26323d3f
2019-04-27 22:55:19 +02:00
Davide De Rosa
7d26323d3f
Use OpenVPN trick to retain default gateway
...
Override default gateway with 2 split routes.
- IPv4: 0.0.0.0/1, 128.0.0.0/1
- IPv6: 2000::/4, 3000::/4
2019-04-27 22:29:51 +02:00
Davide De Rosa
a047d2bdd5
Fix Demo
...
- Update pods
- Prevent crash when no debug log available (#93 )
2019-04-27 22:29:15 +02:00
Davide De Rosa
3505f68b04
Revert DNS merge
...
Revert 1d3660459e
2019-04-27 18:25:08 +02:00
Davide De Rosa
53c393f2d7
Update CHANGELOG
...
Fixes #91
2019-04-27 18:24:48 +02:00
Davide De Rosa
56d05e17ae
Update README
2019-04-27 13:54:14 +02:00
Davide De Rosa
a48bcc7261
Decrypt generic EVP private key
...
Why PKCS#8?
2019-04-27 10:54:32 +02:00
Davide De Rosa
e0c06ece18
Drop extra EVP_PKEY_free call
2019-04-27 10:44:08 +02:00
Davide De Rosa
212ef481dc
Upgrade OpenSSL to 1.1.0j
2019-04-27 10:01:09 +02:00
Davide De Rosa
6fb409b112
Drop UDP packets on no buffer space available
...
Tolerate only on data channel. Control channel should never reach
high speeds.
Fixes #87
2019-04-25 17:29:10 +02:00
Davide De Rosa
4acf7f3b49
Merge branch 'improve-dns-fallback'
...
Fixes #84
2019-04-25 17:23:01 +02:00
Davide De Rosa
b8cd969a1a
Fall back to configurable preset DNS servers
...
Default to CloudFlare 1.1.1.1
Hard time making it work with system DNS servers. Retry later.
2019-04-25 17:18:28 +02:00
Davide De Rosa
31d9019f1a
Read system-wide DNS servers
...
Add libresolv to podspec.
2019-04-25 16:36:16 +02:00
Davide De Rosa
1d3660459e
Merge local and remote DNS servers
...
- Local first
- Remote last
2019-04-25 16:18:54 +02:00
Davide De Rosa
82394e0433
Skip DNS settings if no servers are provided
2019-04-25 16:18:54 +02:00
Davide De Rosa
4ce2d78c5a
Adjust log of routing policies
...
Consistent with print configuration.
2019-04-25 16:18:52 +02:00
Davide De Rosa
1b0c9979ce
Log "default" DNS when servers are empty
2019-04-25 16:09:04 +02:00
Davide De Rosa
e17c5d0fdd
Merge branch 'routing-policies'
2019-04-25 16:07:11 +02:00
Davide De Rosa
f95d9ae551
Update CHANGELOG
...
Fixes #90
2019-04-25 16:02:19 +02:00
Davide De Rosa
3f37489c13
Handle pushed routing policies
2019-04-25 16:02:19 +02:00
Davide De Rosa
7382616e8b
Parse routing policies for TunnelKitProvider
2019-04-25 14:39:47 +02:00
Davide De Rosa
f9f642b64e
Set as default gateway based on routing policies
...
Also fix IPv6 routes not properly set.
2019-04-25 14:39:40 +02:00
Davide De Rosa
224a76ac58
Parse --redirect-gateway from configuration
...
FIXME: for now only redirects ALL traffic when the option is found
in the configuration file, whatever the arguments.
Also drop unnecessary base options in tests as everything was made
optional recently.
2019-04-25 14:39:23 +02:00
Davide De Rosa
1b8647bcac
Convert PacketSteram to Obj-C
...
For better TCP efficiency.
2019-04-25 12:42:29 +02:00
Davide De Rosa
3d914f72c4
Merge branch 'replay-timestamp'
2019-04-24 17:47:40 +02:00
Davide De Rosa
ef5180a4ed
Set tls-auth/crypt timestamp once
...
Packets rejected due to replay protection.
Fixes #88
Fixes #61
2019-04-23 23:07:32 +02:00
Davide De Rosa
65af163aeb
Do not resend non-acked packets if reliable
...
In control channel.
2019-04-23 23:06:39 +02:00
Davide De Rosa
707db2c6de
Add keydir to local options
2019-04-20 17:20:45 +02:00
Davide De Rosa
9b8be02c2a
Shut down when no IPv4/6 routing available
...
Would fake-connect without VPN icon otherwise.
2019-04-19 09:45:15 +02:00
Davide De Rosa
c565e32dcd
Add "dev-type tun" to local options
...
Plus other hardcoded options like key-method and tls-client.
Seems that older OpenVPN servers didn't send routing info in
PUSH_REPLY if dev-type is not specified explicitly.
Fixes #86
2019-04-18 13:10:57 +02:00
Davide De Rosa
95ba9dacdb
Fix typo
2019-04-18 12:02:23 +02:00
Davide De Rosa
65f6f8938c
Bump version
2019-04-17 16:16:52 +02:00
Davide De Rosa
e7a5ce062e
Update CHANGELOG
2019-04-17 09:25:49 +02:00
Davide De Rosa
887e2ae55d
Consider stale if HARD_RESET while connected
...
Was disconnecting when more than one HARD_RESET_SERVER was
received during negotiation.
2019-04-17 09:24:16 +02:00
Davide De Rosa
0c3a4235aa
Merge pull request #85 from keeshux/dns-inconsistency-issues
...
DNS inconsistency issues
2019-04-17 09:23:27 +02:00
Davide De Rosa
233aa02169
Add FIXME for default DNS from network interface
2019-04-17 00:50:53 +02:00
Davide De Rosa
b199064b94
Only override domain if non-nil
2019-04-17 00:50:53 +02:00
Davide De Rosa
28fd80f4e0
Treat empty DNS servers as nil
...
Empty local DNS array was pretty much hiding server-pushed DNS.
2019-04-17 00:50:53 +02:00
Davide De Rosa
537b733130
Merge branch 'handle-push-continuation'
2019-04-17 00:50:45 +02:00
Davide De Rosa
80f5a3250d
Update CHANGELOG
2019-04-17 00:26:56 +02:00
Davide De Rosa
6fd6d228bf
Loop pulling plain text from TLS
...
There might be more data to read.
Fixes #71 , #73
2019-04-17 00:18:02 +02:00
Davide De Rosa
88cd62064a
Handle continuation in PUSH_REPLY
2019-04-16 23:59:56 +02:00
Davide De Rosa
380ac2beac
Throw to exit PUSH_REPLY parsing on continuation
2019-04-16 23:59:56 +02:00
Davide De Rosa
23b6e3b98e
Relax negotiation timeouts
2019-04-16 23:59:56 +02:00