Commit Graph

1035 Commits

Author SHA1 Message Date
Davide De Rosa 0b72a30cdd Add full set of CloudFlare DNS servers 2019-04-28 10:56:39 +02:00
Davide De Rosa ebabf02eb5 Fix DNS in VPN when not default gateway
Awful API requires .matchDomains = [""]

Fixes #94
2019-04-28 10:39:55 +02:00
Davide De Rosa b331e3cfe6 Mask fallback DNS servers
Comment about fallback DNS being public
2019-04-28 10:39:25 +02:00
Davide De Rosa a4d6f94b7f Merge branch 'extend-redirect-gateway-flags' 2019-04-27 23:06:46 +02:00
Davide De Rosa 7978398e1e Fix logging of routing policies 2019-04-27 22:55:20 +02:00
Davide De Rosa 0ee39c8fb0 Extend handling of redirect-gateway flags
- def1 (IPv4)
- ipv6 (IPv6)
- !ipv4 (IPv6 only)
2019-04-27 22:55:20 +02:00
Davide De Rosa 155bd5f1e7 Revert def1 trick
Not needed, routes are not persistent.

Revert 7d26323d3f
2019-04-27 22:55:19 +02:00
Davide De Rosa 7d26323d3f Use OpenVPN trick to retain default gateway
Override default gateway with 2 split routes.

- IPv4: 0.0.0.0/1, 128.0.0.0/1
- IPv6: 2000::/4, 3000::/4
2019-04-27 22:29:51 +02:00
Davide De Rosa a047d2bdd5 Fix Demo
- Update pods
- Prevent crash when no debug log available (#93)
2019-04-27 22:29:15 +02:00
Davide De Rosa 3505f68b04 Revert DNS merge
Revert 1d3660459e
2019-04-27 18:25:08 +02:00
Davide De Rosa 53c393f2d7 Update CHANGELOG
Fixes #91
2019-04-27 18:24:48 +02:00
Davide De Rosa 56d05e17ae Update README 2019-04-27 13:54:14 +02:00
Davide De Rosa a48bcc7261 Decrypt generic EVP private key
Why PKCS#8?
2019-04-27 10:54:32 +02:00
Davide De Rosa e0c06ece18 Drop extra EVP_PKEY_free call 2019-04-27 10:44:08 +02:00
Davide De Rosa 212ef481dc Upgrade OpenSSL to 1.1.0j 2019-04-27 10:01:09 +02:00
Davide De Rosa 6fb409b112 Drop UDP packets on no buffer space available
Tolerate only on data channel. Control channel should never reach
high speeds.

Fixes #87
2019-04-25 17:29:10 +02:00
Davide De Rosa 4acf7f3b49 Merge branch 'improve-dns-fallback'
Fixes #84
2019-04-25 17:23:01 +02:00
Davide De Rosa b8cd969a1a Fall back to configurable preset DNS servers
Default to CloudFlare 1.1.1.1

Hard time making it work with system DNS servers. Retry later.
2019-04-25 17:18:28 +02:00
Davide De Rosa 31d9019f1a Read system-wide DNS servers
Add libresolv to podspec.
2019-04-25 16:36:16 +02:00
Davide De Rosa 1d3660459e Merge local and remote DNS servers
- Local first
- Remote last
2019-04-25 16:18:54 +02:00
Davide De Rosa 82394e0433 Skip DNS settings if no servers are provided 2019-04-25 16:18:54 +02:00
Davide De Rosa 4ce2d78c5a Adjust log of routing policies
Consistent with print configuration.
2019-04-25 16:18:52 +02:00
Davide De Rosa 1b0c9979ce Log "default" DNS when servers are empty 2019-04-25 16:09:04 +02:00
Davide De Rosa e17c5d0fdd Merge branch 'routing-policies' 2019-04-25 16:07:11 +02:00
Davide De Rosa f95d9ae551 Update CHANGELOG
Fixes #90
2019-04-25 16:02:19 +02:00
Davide De Rosa 3f37489c13 Handle pushed routing policies 2019-04-25 16:02:19 +02:00
Davide De Rosa 7382616e8b Parse routing policies for TunnelKitProvider 2019-04-25 14:39:47 +02:00
Davide De Rosa f9f642b64e Set as default gateway based on routing policies
Also fix IPv6 routes not properly set.
2019-04-25 14:39:40 +02:00
Davide De Rosa 224a76ac58 Parse --redirect-gateway from configuration
FIXME: for now only redirects ALL traffic when the option is found
in the configuration file, whatever the arguments.

Also drop unnecessary base options in tests as everything was made
optional recently.
2019-04-25 14:39:23 +02:00
Davide De Rosa 1b8647bcac Convert PacketSteram to Obj-C
For better TCP efficiency.
2019-04-25 12:42:29 +02:00
Davide De Rosa 3d914f72c4 Merge branch 'replay-timestamp' 2019-04-24 17:47:40 +02:00
Davide De Rosa ef5180a4ed Set tls-auth/crypt timestamp once
Packets rejected due to replay protection.

Fixes #88
Fixes #61
2019-04-23 23:07:32 +02:00
Davide De Rosa 65af163aeb Do not resend non-acked packets if reliable
In control channel.
2019-04-23 23:06:39 +02:00
Davide De Rosa 707db2c6de Add keydir to local options 2019-04-20 17:20:45 +02:00
Davide De Rosa 9b8be02c2a Shut down when no IPv4/6 routing available
Would fake-connect without VPN icon otherwise.
2019-04-19 09:45:15 +02:00
Davide De Rosa c565e32dcd Add "dev-type tun" to local options
Plus other hardcoded options like key-method and tls-client.

Seems that older OpenVPN servers didn't send routing info in
PUSH_REPLY if dev-type is not specified explicitly.

Fixes #86
2019-04-18 13:10:57 +02:00
Davide De Rosa 95ba9dacdb Fix typo 2019-04-18 12:02:23 +02:00
Davide De Rosa 65f6f8938c Bump version 2019-04-17 16:16:52 +02:00
Davide De Rosa e7a5ce062e Update CHANGELOG 2019-04-17 09:25:49 +02:00
Davide De Rosa 887e2ae55d Consider stale if HARD_RESET while connected
Was disconnecting when more than one HARD_RESET_SERVER was
received during negotiation.
2019-04-17 09:24:16 +02:00
Davide De Rosa 0c3a4235aa
Merge pull request #85 from keeshux/dns-inconsistency-issues
DNS inconsistency issues
2019-04-17 09:23:27 +02:00
Davide De Rosa 233aa02169 Add FIXME for default DNS from network interface 2019-04-17 00:50:53 +02:00
Davide De Rosa b199064b94 Only override domain if non-nil 2019-04-17 00:50:53 +02:00
Davide De Rosa 28fd80f4e0 Treat empty DNS servers as nil
Empty local DNS array was pretty much hiding server-pushed DNS.
2019-04-17 00:50:53 +02:00
Davide De Rosa 537b733130 Merge branch 'handle-push-continuation' 2019-04-17 00:50:45 +02:00
Davide De Rosa 80f5a3250d Update CHANGELOG 2019-04-17 00:26:56 +02:00
Davide De Rosa 6fd6d228bf Loop pulling plain text from TLS
There might be more data to read.

Fixes #71, #73
2019-04-17 00:18:02 +02:00
Davide De Rosa 88cd62064a Handle continuation in PUSH_REPLY 2019-04-16 23:59:56 +02:00
Davide De Rosa 380ac2beac Throw to exit PUSH_REPLY parsing on continuation 2019-04-16 23:59:56 +02:00
Davide De Rosa 23b6e3b98e Relax negotiation timeouts 2019-04-16 23:59:56 +02:00