Commit Graph

343 Commits

Author SHA1 Message Date
Davide De Rosa 5561c7adc6 Group OpenVPN.Configuration funcs into extension
- with (creation)
- store (convert to dict)
- print (log)
2019-05-24 10:54:25 +02:00
Davide De Rosa a85404e951 Rename provider class to OpenVPNTunnelProvider 2019-05-24 10:41:30 +02:00
Davide De Rosa 9445b825d0 Make AppExtension generic
- Make AppExtension a standalone util subspec
- Move OpenVPN tunnel provider to OpenVPN subspec
- Move Utils to Core subspec
- Depend OpenVPN on Core + AppExtension
2019-05-24 10:41:26 +02:00
Davide De Rosa b6da3f2d13 Rename proxy to session
According to SessionProxy -> OpenVPNSession.
2019-05-19 15:56:44 +02:00
Davide De Rosa 8be0f14aa9 Move PRNG initialization to namespace level 2019-05-19 15:52:55 +02:00
Davide De Rosa d057e9645b Restore AppExtension with recent changes 2019-05-19 15:50:12 +02:00
Davide De Rosa 6ebf025859 Take Session protocol out of OpenVPNSession
Fix some doc.
2019-05-19 15:08:43 +02:00
Davide De Rosa 313d076ddf Move Error extension to Core 2019-05-19 14:34:27 +02:00
Davide De Rosa c4a84a5ade Prefix top-level entities with OpenVPN* 2019-05-19 14:34:23 +02:00
Davide De Rosa 9c7ae47679 Make SessionProxy* top level
Drop redundant SessionReply.
2019-05-19 14:17:18 +02:00
Davide De Rosa 465e08e42f Wrap OpenVPN entities in pseudonamespace
Temporarily exclude AppExtension and tests.
2019-05-19 14:05:02 +02:00
Davide De Rosa 50d492096f Move a few generic entities to Core
- IPv4Settings
- IPv6Settings
- Proxy
- EndpointProtocol (Codable)
2019-05-19 12:40:20 +02:00
Davide De Rosa 930f05c984 Move OpenVPN timeouts out of Core 2019-05-19 12:39:51 +02:00
Davide De Rosa 5b81aa6a78 Drop "Box" from error codes 2019-05-19 12:22:32 +02:00
Davide De Rosa 9da7fa9667 Split Core into Core+OpenVPN
Two Obj-C modules:

- __TunnelKitCore
- __TunnelKitOpenVPN

Seems the only way to do it in multiple module maps.

Move OpenVPN specifics out of CoreConfiguration.
2019-05-19 12:22:32 +02:00
Davide De Rosa 491092f2a3 Drop extra header lines 2019-05-19 12:21:44 +02:00
Davide De Rosa 21b67fd9ff Make CoreConfiguration a class for bundle lookup 2019-05-19 11:36:26 +02:00
Davide De Rosa 470c50b037 Return just <masked> when masked description
Why bother with useless hashes?
2019-05-19 11:36:26 +02:00
Davide De Rosa d19e029131 Use guard 2019-05-19 11:36:26 +02:00
Davide De Rosa 713a46d817 Update GitHub URL
Move to passepartoutvpn org.
2019-05-14 10:58:47 +02:00
Davide De Rosa 7cbcfcd264 Fix condition for SOFT_RESET
May receive multiple packets while handling in progress.
2019-05-13 12:15:44 +02:00
Davide De Rosa d06b2e1928 Shut down if no default gateway 2019-05-11 17:40:46 +02:00
Davide De Rosa 5ce49953a0 Assume empty policies to override server settings
Empty != nil. When nil, pull from server.
2019-05-11 16:33:49 +02:00
Davide De Rosa 43c70b2673 Refine logging of some configuration
Log about routing entries.
2019-05-11 14:54:25 +02:00
Davide De Rosa ff0dfc450c Get TLS security level via AppExtension
Improves #97
2019-05-08 16:16:30 +02:00
Davide De Rosa 3a136bdce9 Make TLS security level an option
Default level by default.
2019-05-08 16:10:35 +02:00
Davide De Rosa 82f0431303 Take optional securityLevel field in TLSBox 2019-05-08 15:54:05 +02:00
Davide De Rosa 97f178cdac Tolerate weak certificates
Lower SSL security level.

Fixes #97
2019-05-05 17:51:24 +02:00
Davide De Rosa 273007cc59 Copy route.h from macOS
Missing on iOS.
2019-05-03 15:14:25 +02:00
Davide De Rosa a693075e90 Block LAN when redirect-gateway block-local
Fixes #81
2019-05-03 15:14:25 +02:00
Davide De Rosa 13cae06a49 Add method to partition a subnet 2019-05-03 15:14:25 +02:00
Davide De Rosa 03a1eb2203 Return IPv4 network mask for a route 2019-05-03 15:14:25 +02:00
Davide De Rosa 4295e63c98 Read relevant routing table 2019-05-03 15:14:25 +02:00
Davide De Rosa d44d08c95e Retain self weakly for shutdown on timeout 2019-05-02 13:13:43 +02:00
Davide De Rosa 1430241b0c Do not fake BF-CBC, pleae 2019-05-01 23:18:54 +02:00
Davide De Rosa 037f08ed62 Retry auth once without local options
Hack around picky server implementations.

Fixes #95
2019-05-01 11:14:52 +02:00
Davide De Rosa 14b7f08fb5 Use strict ordering in local options
And add TLS wrapping.
2019-05-01 11:14:38 +02:00
Davide De Rosa 7389d72f1f Fix mutable SessionProxy.Configuration 2019-05-01 11:14:38 +02:00
Davide De Rosa f799f47c25 Add direct routes to DNS servers
If VPN is not default gateway.

Further fix of #94
2019-04-28 15:51:16 +02:00
Davide De Rosa 0b72a30cdd Add full set of CloudFlare DNS servers 2019-04-28 10:56:39 +02:00
Davide De Rosa ebabf02eb5 Fix DNS in VPN when not default gateway
Awful API requires .matchDomains = [""]

Fixes #94
2019-04-28 10:39:55 +02:00
Davide De Rosa b331e3cfe6 Mask fallback DNS servers
Comment about fallback DNS being public
2019-04-28 10:39:25 +02:00
Davide De Rosa 7978398e1e Fix logging of routing policies 2019-04-27 22:55:20 +02:00
Davide De Rosa 0ee39c8fb0 Extend handling of redirect-gateway flags
- def1 (IPv4)
- ipv6 (IPv6)
- !ipv4 (IPv6 only)
2019-04-27 22:55:20 +02:00
Davide De Rosa 155bd5f1e7 Revert def1 trick
Not needed, routes are not persistent.

Revert 7d26323d3f
2019-04-27 22:55:19 +02:00
Davide De Rosa 7d26323d3f Use OpenVPN trick to retain default gateway
Override default gateway with 2 split routes.

- IPv4: 0.0.0.0/1, 128.0.0.0/1
- IPv6: 2000::/4, 3000::/4
2019-04-27 22:29:51 +02:00
Davide De Rosa 3505f68b04 Revert DNS merge
Revert 1d3660459e
2019-04-27 18:25:08 +02:00
Davide De Rosa a48bcc7261 Decrypt generic EVP private key
Why PKCS#8?
2019-04-27 10:54:32 +02:00
Davide De Rosa e0c06ece18 Drop extra EVP_PKEY_free call 2019-04-27 10:44:08 +02:00
Davide De Rosa 6fb409b112 Drop UDP packets on no buffer space available
Tolerate only on data channel. Control channel should never reach
high speeds.

Fixes #87
2019-04-25 17:29:10 +02:00