Commit Graph

968 Commits

Author SHA1 Message Date
Davide De Rosa b8cd969a1a Fall back to configurable preset DNS servers
Default to CloudFlare 1.1.1.1

Hard time making it work with system DNS servers. Retry later.
2019-04-25 17:18:28 +02:00
Davide De Rosa 31d9019f1a Read system-wide DNS servers
Add libresolv to podspec.
2019-04-25 16:36:16 +02:00
Davide De Rosa 1d3660459e Merge local and remote DNS servers
- Local first
- Remote last
2019-04-25 16:18:54 +02:00
Davide De Rosa 82394e0433 Skip DNS settings if no servers are provided 2019-04-25 16:18:54 +02:00
Davide De Rosa 4ce2d78c5a Adjust log of routing policies
Consistent with print configuration.
2019-04-25 16:18:52 +02:00
Davide De Rosa 1b0c9979ce Log "default" DNS when servers are empty 2019-04-25 16:09:04 +02:00
Davide De Rosa e17c5d0fdd Merge branch 'routing-policies' 2019-04-25 16:07:11 +02:00
Davide De Rosa f95d9ae551 Update CHANGELOG
Fixes #90
2019-04-25 16:02:19 +02:00
Davide De Rosa 3f37489c13 Handle pushed routing policies 2019-04-25 16:02:19 +02:00
Davide De Rosa 7382616e8b Parse routing policies for TunnelKitProvider 2019-04-25 14:39:47 +02:00
Davide De Rosa f9f642b64e Set as default gateway based on routing policies
Also fix IPv6 routes not properly set.
2019-04-25 14:39:40 +02:00
Davide De Rosa 224a76ac58 Parse --redirect-gateway from configuration
FIXME: for now only redirects ALL traffic when the option is found
in the configuration file, whatever the arguments.

Also drop unnecessary base options in tests as everything was made
optional recently.
2019-04-25 14:39:23 +02:00
Davide De Rosa 1b8647bcac Convert PacketSteram to Obj-C
For better TCP efficiency.
2019-04-25 12:42:29 +02:00
Davide De Rosa 3d914f72c4 Merge branch 'replay-timestamp' 2019-04-24 17:47:40 +02:00
Davide De Rosa ef5180a4ed Set tls-auth/crypt timestamp once
Packets rejected due to replay protection.

Fixes #88
Fixes #61
2019-04-23 23:07:32 +02:00
Davide De Rosa 65af163aeb Do not resend non-acked packets if reliable
In control channel.
2019-04-23 23:06:39 +02:00
Davide De Rosa 707db2c6de Add keydir to local options 2019-04-20 17:20:45 +02:00
Davide De Rosa 9b8be02c2a Shut down when no IPv4/6 routing available
Would fake-connect without VPN icon otherwise.
2019-04-19 09:45:15 +02:00
Davide De Rosa c565e32dcd Add "dev-type tun" to local options
Plus other hardcoded options like key-method and tls-client.

Seems that older OpenVPN servers didn't send routing info in
PUSH_REPLY if dev-type is not specified explicitly.

Fixes #86
2019-04-18 13:10:57 +02:00
Davide De Rosa 95ba9dacdb Fix typo 2019-04-18 12:02:23 +02:00
Davide De Rosa 65f6f8938c Bump version 2019-04-17 16:16:52 +02:00
Davide De Rosa e7a5ce062e Update CHANGELOG 2019-04-17 09:25:49 +02:00
Davide De Rosa 887e2ae55d Consider stale if HARD_RESET while connected
Was disconnecting when more than one HARD_RESET_SERVER was
received during negotiation.
2019-04-17 09:24:16 +02:00
Davide De Rosa 0c3a4235aa
Merge pull request #85 from keeshux/dns-inconsistency-issues
DNS inconsistency issues
2019-04-17 09:23:27 +02:00
Davide De Rosa 233aa02169 Add FIXME for default DNS from network interface 2019-04-17 00:50:53 +02:00
Davide De Rosa b199064b94 Only override domain if non-nil 2019-04-17 00:50:53 +02:00
Davide De Rosa 28fd80f4e0 Treat empty DNS servers as nil
Empty local DNS array was pretty much hiding server-pushed DNS.
2019-04-17 00:50:53 +02:00
Davide De Rosa 537b733130 Merge branch 'handle-push-continuation' 2019-04-17 00:50:45 +02:00
Davide De Rosa 80f5a3250d Update CHANGELOG 2019-04-17 00:26:56 +02:00
Davide De Rosa 6fd6d228bf Loop pulling plain text from TLS
There might be more data to read.

Fixes #71, #73
2019-04-17 00:18:02 +02:00
Davide De Rosa 88cd62064a Handle continuation in PUSH_REPLY 2019-04-16 23:59:56 +02:00
Davide De Rosa 380ac2beac Throw to exit PUSH_REPLY parsing on continuation 2019-04-16 23:59:56 +02:00
Davide De Rosa 23b6e3b98e Relax negotiation timeouts 2019-04-16 23:59:56 +02:00
Davide De Rosa d097afccdc Resend PUSH_REQUEST every 2 seconds
Regardless of link reliability.
2019-04-16 23:43:33 +02:00
Davide De Rosa ad964e2041 Send local options with authentication
Fixes some obsolete servers requiring cipher keysize.
2019-04-15 17:37:57 +02:00
Davide De Rosa 322242de5c Fix malformed key generation message
Make nullTerminated argument explicit, easier to debug.

Fixes #67
2019-04-13 23:55:18 +02:00
Davide De Rosa 0a956f5b9f Handle dhcp-option PROXY_BYPASS 2019-04-13 19:23:02 +02:00
Davide De Rosa b118030d43 Enable both HTTP and HTTPS proxies 2019-04-13 17:55:08 +02:00
Davide De Rosa 4f8a669967 Clarify App Groups usage in Demo 2019-04-13 11:04:46 +02:00
Davide De Rosa 07b69f2a34 Prefix App Group with team ID in macOS
Team ID is not a sensitive value.

Fixes #79
2019-04-13 10:40:29 +02:00
Davide De Rosa 12b26df10d Merge branch 'http-proxy-settings' 2019-04-13 09:35:08 +02:00
Davide De Rosa 904e7bae21 Apply proxy settings if present
Fixes #74
2019-04-12 08:21:04 +02:00
Davide De Rosa ef9f3c6d0a Parse proxies into AppExtension configuration 2019-04-12 08:21:04 +02:00
Davide De Rosa 5fb70b5bab Parse dhcp-option PROXY_HTTP* into Configuration 2019-04-12 08:10:47 +02:00
Davide De Rosa 4af8305f7a Fix unit tests 2019-04-11 16:47:55 +02:00
Davide De Rosa 26cec205a7 Move builder() to extension 2019-04-11 16:46:52 +02:00
Davide De Rosa 5df614b5e2 Fix incomplete builder() from Configuration
Adding a Configuration field is error-prone beyond reason...
2019-04-11 15:30:14 +02:00
Davide De Rosa ef82b86627 Update Demo 2019-04-09 21:02:39 +02:00
Davide De Rosa 914864c31a Infer serverAddress from sessionConfiguration 2019-04-09 20:45:28 +02:00
Davide De Rosa 14567ac50f Bump version 2019-04-09 20:35:25 +02:00