Commit Graph

161 Commits

Author SHA1 Message Date
Davide De Rosa a7a7424257 Use WireGuardKit entities directly
No need to duplicate a well-written API.

- Offer convenience accessors in Configuration[Builder]
- Make Configuration init non-optional

Sanity checks are done in Builder with throws and decoded object
is always deemed valid.
2022-03-12 15:09:41 +01:00
Davide De Rosa 3741a17c20 Rewrite Manager package to make it stateless
In order to avoid chaos from multiple profiles, retain the
profile to be installed and remove all the other ones. Also,
make sure to do the removal AFTER install, as doing it
before would trigger the VPN permission alert again.

XXX: there is some weird behavior from NetworkExtension
occasionally sending notifications with a bogus NEVPNManager
object having a nil .localizedDescription and other properties set
to nonsensical values. Discard the notification when such an object
is identified.

Encapsulate extra NetworkExtension settings:

- passwordReference
- onDemandRules
- disconnectsOnSleep

Also:

- Only set on-demand if any rules are set
- Assume VPN is enabled even with on-demand disabled
- Use DataCount instead of raw Int pair

Attach useful information to VPN notifications:

- VPN isEnabled
- VPN status
- VPN command error
- Tunnel bundle identifier (if available)

Expose specific OpenVPN/WireGuard shared data via extensions in
UserDefaults/FileManager.

Finally, drop incomplete IKE support. No fit.
2022-03-12 10:35:39 +01:00
Davide De Rosa 133b4b2337 Replace hostname/endpointProtocols with remotes
Like official OpenVPN options.
2022-03-05 14:20:29 +01:00
Davide De Rosa 2bcd11fd7e Revisit WireGuard.Configuration
- Make Configuration Codable
- Expose WireGuard ConfigurationError
- Produce ConfigurationBuilder from Configuration
- Support multiple peers
- Make private key a requirement
2022-03-03 13:59:49 +01:00
Davide De Rosa c019cecbe0 Improve some things about OpenVPN.Configuration
- Treat empty passphrase as no passphrase
- Parse authentication requirement from --auth-user-pass
- Overload ConfigurationParser with String parameter
- Move OpenVPN fallbacks inline with builder

Give a withFallbacks: option to initialize basic fields rather
than leaving them nil.
2022-03-03 13:44:40 +01:00
Davide De Rosa 88544e4877
[ci skip] Set release date 2022-02-09 17:47:16 +00:00
Davide De Rosa 871e51517c Relax macOS target to 10.14
Requires updating OpenSSL package.
2022-02-02 23:24:29 +01:00
Davide De Rosa 430e0e6afb Handle --keepalive option 2022-01-04 09:21:45 +01:00
Davide De Rosa fda232edcb
Add WireGuard package (#236)
* Add WireGuard packages

- Use eduVPN script for WireGuardKitGo
- Wrap WireGuardKit entities into Configuration
- Split demo into OpenVPN/WireGuard controllers

* Rewrite README with multiple VPN protocols
2021-12-01 13:54:00 +01:00
Davide De Rosa b88f490b82 Set release date 2021-11-27 12:35:21 +01:00
Davide De Rosa 80fd2d99e1 Set release date 2021-11-25 13:00:10 +01:00
Davide De Rosa 7a85d3cac7
Restore and fix former PEM caching PR (#235)
This reverts commit 995009121a.

* Improve error handling

* Trust intermediate CA

* Update CHANGELOG
2021-11-25 12:36:17 +01:00
Davide De Rosa b6d3cdc3b1
Revert to OpenSSL (#233)
* Use an OpenSSL binary without Bitcode
* Restore TLS security level override
* Disable Bitcode completely in Demo
2021-11-24 16:40:19 +01:00
Davide De Rosa 333fc2f6ed Update CHANGELOG 2021-11-18 12:53:48 +01:00
Davide De Rosa 995009121a Revert "Avoid caching PEMs on disk (#213)"
This reverts commit 00d908cc89.
2021-11-18 12:05:06 +01:00
Davide De Rosa 29ff5a3772 Set release date 2021-11-16 11:56:49 +01:00
Davide De Rosa bc776eda85 Replace OpenSSL with BoringSSL from SwiftNIO SSL
- Raise iOS target to 13
- Drop support for TLS security level
- Address warnings about integer conversion (iOS)
2021-11-12 10:00:46 +01:00
Davide De Rosa 950f5503e3 Drop CocoaPods from README 2021-11-05 11:51:21 +01:00
Davide De Rosa 0978b973eb Update CHANGELOG
Fixes #210
2021-10-26 15:43:14 +02:00
Davide De Rosa 44a0624b10 Set release date 2021-10-18 12:01:17 +02:00
Davide De Rosa 942dcc48b1 Support native IKE providers (IPSec/IKEv2) 2021-10-18 11:33:45 +02:00
Roopesh Chander 00d908cc89
Avoid caching PEMs on disk (#213)
* TLSBox: Use OpenSSL calls that take in-memory cert / private key

* TLSBox: Add ability to compute MD5 hash for cert in memory

* OpenVPNSession: Remove disk caching of ca, cert and key

* Add test for computing MD5 hash for cert in memory

Co-authored-by: Davide De Rosa <keeshux@gmail.com>
2021-10-13 10:51:14 +02:00
Davide De Rosa 16c00410ed Update OpenSSL to 1.1.1l 2021-10-06 18:19:28 +02:00
Davide De Rosa 13b255623a Prepare for release
- Upgrade OpenSSL
- Set release date
2021-08-07 23:15:53 +02:00
Davide De Rosa 65774c9a09 Update CHANGELOG
Move XOR PR credits to README.
2021-07-22 10:55:57 +02:00
Davide De Rosa 194f74e126 Set release date 2021-07-18 22:53:40 +02:00
Davide De Rosa 7a6e97da36 Merge branch 'support-stub-v2' 2021-07-18 22:50:30 +02:00
Davide De Rosa a98943728f Relax handling of .ovpn whitespaces 2021-07-17 09:46:32 +02:00
Davide De Rosa 4dc3eeeeea Handle stub/stub-v2 as viable --compress arguments 2021-07-17 09:44:38 +02:00
Davide De Rosa 0a1f33823a Return error in install completion handler
Fixes #206
2021-07-02 11:23:58 +02:00
Davide De Rosa 68d7e08461 Update CHANGELOG 2021-06-26 11:13:51 +02:00
Davide De Rosa d03204589f Update + fix CHANGELOG 2021-03-02 15:00:40 +01:00
Davide De Rosa 4fe379a239 Update CHANGELOG 2021-02-12 01:40:53 +01:00
Davide De Rosa 8618b66900 Set release date 2021-01-28 10:43:54 +01:00
Davide De Rosa 4490f0c116 Pick tunnel password reference from existing item
Assume that credentials already exist elsewhere for reuse as
password reference. Avoids a redundant keychain entry.
2021-01-27 01:28:27 +01:00
Davide De Rosa 0f097d50af Fall back to network settings when no DNS servers
Rather than forcing CloudFlare (by default).

Fixes #197
2021-01-26 10:18:04 +01:00
Davide De Rosa dd81ad7a99 Pick proper DNS settings according to protocol 2021-01-22 21:14:38 +01:00
Davide De Rosa c15d6f521a Parse dataCiphersFallback as last resort
Prioritize over deprecate cipher.
2021-01-08 19:50:28 +01:00
Davide De Rosa 7ea088e4a1 Make peerInfo dynamic to add IV_CIPHERS
Fixes #193
2021-01-08 19:41:16 +01:00
Davide De Rosa 8e351f91b4 Set release date 2021-01-07 22:02:49 +01:00
Davide De Rosa c4b86506cf Update Demo and metadata 2021-01-03 17:47:48 +01:00
Davide De Rosa 3c2ed00c90 Set release date 2020-12-28 17:50:22 +01:00
Davide De Rosa 1966143fe9 Parse MTU from --tun-mtu 2020-12-28 13:07:19 +01:00
Davide De Rosa 304d0215b6 Use keychain service as item context
Primary key = (context, username)
2020-12-20 10:57:06 +01:00
Davide De Rosa 44844cfd9c Update API to access current Wi-Fi SSID 2020-11-21 19:10:58 +01:00
Davide De Rosa 5c4a4e39c8 Bump version to 3.0.0 2020-11-15 21:24:37 +01:00
Davide De Rosa cf3151788c Upgrade OpenSSL-Apple
- Apple Silicon
- OpenSSL as XCFramework
2020-11-15 21:12:53 +01:00
Davide De Rosa 11acbfcb96 Update CHANGELOG 2020-10-29 19:19:17 +01:00
Davide De Rosa 683617ddd4 Use active profile name in VPN configuration
Rather than "Passepartout", as seen in device settings.
2020-07-02 19:26:50 +02:00
Davide De Rosa 7d2184d205 Update CHANGELOG 2020-06-29 13:36:51 +02:00