Commit Graph

1069 Commits

Author SHA1 Message Date
Davide De Rosa 46918a767a Adjust current SSID to also support Catalyst 2022-04-06 09:31:33 +02:00
Davide De Rosa 521c1fd79d Mention golang requirement for WireGuard 2022-04-06 09:31:33 +02:00
Davide De Rosa 6b54fd6124 Move Fallback into Configuration 2022-04-06 09:31:32 +02:00
Davide De Rosa f046bcd629 Add options to explicitly enable/disable DNS/proxy
DNS/proxy settings, when missing from configuration, fall back to
whatever the server pushes.

With isDNSEnabled/isProxyEnabled it's now possible to override this
behavior.
2022-03-26 17:22:45 +01:00
Davide De Rosa 4bfa0b4e74 Make sure MTU is positive 2022-03-26 17:08:45 +01:00
Davide De Rosa bbdc21fd61 Fix a few things in demo
- OpenVPN: Set default gateway
- WireGuard: "Connect" button not updated
2022-03-25 18:05:36 +01:00
Davide De Rosa 3bdff1ee8b Customize WireGuard debug log format 2022-03-25 18:02:39 +01:00
Davide De Rosa f1bdc8490c Use "struct" in data models to leverage Equatable
This way Configuration objects can be compared for changes.
2022-03-25 18:02:21 +01:00
Davide De Rosa f4508911aa Refine Keychain class
- Require context (kSecAttrService)

- Support userDefined parameter (kSecAttrGeneric)
2022-03-21 17:28:44 +01:00
Davide De Rosa 155d01005c Make Endpoint RawRepresentable
Can be convenient.
2022-03-18 18:40:58 +01:00
Davide De Rosa 69a00834cb Fix missing WireGuard dependency on SwiftyBeaver 2022-03-13 22:40:49 +01:00
Davide De Rosa 007c64f2b4 Add DataUnit entity 2022-03-13 22:35:57 +01:00
Davide De Rosa a7a7424257 Use WireGuardKit entities directly
No need to duplicate a well-written API.

- Offer convenience accessors in Configuration[Builder]
- Make Configuration init non-optional

Sanity checks are done in Builder with throws and decoded object
is always deemed valid.
2022-03-12 15:09:41 +01:00
Davide De Rosa ff235e2b96 Log OpenVPN tunnel via SwiftyBeaver file
This way debug log is updated without manual flush.

Useful for immediate access.
2022-03-12 10:35:39 +01:00
Davide De Rosa 3807b4754b Review some Core/OpenVPN entities
- Drop redundant Equatable (automatic in structs)
- Make IPv4/6 routes Hashable
- Expose StaticKey as hex String
- Mask PAC URL
2022-03-12 10:35:39 +01:00
Davide De Rosa 3741a17c20 Rewrite Manager package to make it stateless
In order to avoid chaos from multiple profiles, retain the
profile to be installed and remove all the other ones. Also,
make sure to do the removal AFTER install, as doing it
before would trigger the VPN permission alert again.

XXX: there is some weird behavior from NetworkExtension
occasionally sending notifications with a bogus NEVPNManager
object having a nil .localizedDescription and other properties set
to nonsensical values. Discard the notification when such an object
is identified.

Encapsulate extra NetworkExtension settings:

- passwordReference
- onDemandRules
- disconnectsOnSleep

Also:

- Only set on-demand if any rules are set
- Assume VPN is enabled even with on-demand disabled
- Use DataCount instead of raw Int pair

Attach useful information to VPN notifications:

- VPN isEnabled
- VPN status
- VPN command error
- Tunnel bundle identifier (if available)

Expose specific OpenVPN/WireGuard shared data via extensions in
UserDefaults/FileManager.

Finally, drop incomplete IKE support. No fit.
2022-03-12 10:35:39 +01:00
Davide De Rosa 133b4b2337 Replace hostname/endpointProtocols with remotes
Like official OpenVPN options.
2022-03-05 14:20:29 +01:00
Davide De Rosa 2bcd11fd7e Revisit WireGuard.Configuration
- Make Configuration Codable
- Expose WireGuard ConfigurationError
- Produce ConfigurationBuilder from Configuration
- Support multiple peers
- Make private key a requirement
2022-03-03 13:59:49 +01:00
Davide De Rosa c019cecbe0 Improve some things about OpenVPN.Configuration
- Treat empty passphrase as no passphrase
- Parse authentication requirement from --auth-user-pass
- Overload ConfigurationParser with String parameter
- Move OpenVPN fallbacks inline with builder

Give a withFallbacks: option to initialize basic fields rather
than leaving them nil.
2022-03-03 13:44:40 +01:00
Davide De Rosa 88544e4877
[ci skip] Set release date 2022-02-09 17:47:16 +00:00
Davide De Rosa 2646762bb4 [ci skip] Update copyright 2022-02-04 12:57:40 +01:00
Davide De Rosa 871e51517c Relax macOS target to 10.14
Requires updating OpenSSL package.
2022-02-02 23:24:29 +01:00
Davide De Rosa 1aa54d22fb Fix workflow syntax 2022-01-04 09:27:57 +01:00
Davide De Rosa 430e0e6afb Handle --keepalive option 2022-01-04 09:21:45 +01:00
Davide De Rosa decc82fb9f [ci skip] Change job name 2021-12-03 00:16:28 +01:00
Davide De Rosa 90d29d64e8 [ci skip] Ignore updates to *.md for testing 2021-12-02 15:44:28 +01:00
Davide De Rosa e8a3abc0da [ci skip] Trigger release on milestone closed 2021-12-02 09:54:11 +01:00
Davide De Rosa 0c500fa4ee Add job names 2021-12-02 09:54:09 +01:00
Davide De Rosa fda232edcb
Add WireGuard package (#236)
* Add WireGuard packages

- Use eduVPN script for WireGuardKitGo
- Wrap WireGuardKit entities into Configuration
- Split demo into OpenVPN/WireGuard controllers

* Rewrite README with multiple VPN protocols
2021-12-01 13:54:00 +01:00
Davide De Rosa ae6cb4e8dc [ci skip] Add manual release action 2021-12-01 13:46:14 +01:00
Davide De Rosa a199955b2d [ci skip] Add local script to push release 2021-11-28 19:45:11 +01:00
Davide De Rosa f5b9ba0eba [ci skip] Rename workflow 2021-11-28 19:35:36 +01:00
Davide De Rosa ccb6480fdb [ci skip] Polish case in badges 2021-11-28 16:50:56 +01:00
Davide De Rosa 80e4f2ff4e Add test workflow on push to master
Add badge in README.
2021-11-28 16:13:12 +01:00
Davide De Rosa b88f490b82 Set release date 2021-11-27 12:35:21 +01:00
Davide De Rosa 9c63b856cb
Verify CA from on-disk file (#237)
* Verify CA from on-disk file

Revert part of #213 again, because `SSL_CTX_load_verify_locations`
is just more reliable at setting up the trust store.

It looks like it's able to reference the .pem multiple times in
those cases where the root issuer of the CA is also embedded in
the file (which is the case with e.g. Let's Encrypt).

This is better than the current implementation, and I couldn't
easily find a way to do the same in-memory. I'd rather use the
standard API here.

See 7a85d3cac7
2021-11-27 12:32:30 +01:00
Davide De Rosa 9f46054f04 Fix Bitcode note in README 2021-11-25 13:28:50 +01:00
Davide De Rosa 80fd2d99e1 Set release date 2021-11-25 13:00:10 +01:00
Davide De Rosa d1e8f70da3 Bind to OpenSSL 1.1.1l 2021-11-25 12:40:56 +01:00
Davide De Rosa 7a85d3cac7
Restore and fix former PEM caching PR (#235)
This reverts commit 995009121a.

* Improve error handling

* Trust intermediate CA

* Update CHANGELOG
2021-11-25 12:36:17 +01:00
Davide De Rosa e8f7778179 Use semantic version for OpenSSL 2021-11-25 09:30:24 +01:00
Davide De Rosa 67f6d83321 Mention "Run Script" fix around Xcode plugin bug
Redundant "Frameworks" in app extensions.
2021-11-24 18:21:27 +01:00
Davide De Rosa b6d3cdc3b1
Revert to OpenSSL (#233)
* Use an OpenSSL binary without Bitcode
* Restore TLS security level override
* Disable Bitcode completely in Demo
2021-11-24 16:40:19 +01:00
Davide De Rosa 74f38d335b Move TunnelKit errors specific to OpenVPN
Use local error domain in LZO to not depend on anything.
2021-11-23 19:17:43 +01:00
Davide De Rosa c7ffa79e91 Export TunnelKitCore together with OpenVPN 2021-11-23 19:17:43 +01:00
Davide De Rosa bb5cd1e1ab Return password reference at the time of setting
Simplifies app/extension IPC.
2021-11-23 19:17:43 +01:00
Davide De Rosa 8e6624e113 Strip dependencies on TunnelKitCore
- TunnelKitManager
- TunnelKitIKE
- TunnelKitOpenVPNManager
2021-11-23 13:17:52 +01:00
Davide De Rosa f1f2dddbf2 Bump demo version 2021-11-23 12:22:07 +01:00
Davide De Rosa 333fc2f6ed Update CHANGELOG 2021-11-18 12:53:48 +01:00
Davide De Rosa 995009121a Revert "Avoid caching PEMs on disk (#213)"
This reverts commit 00d908cc89.
2021-11-18 12:05:06 +01:00