663cab34c9
Centralize reconnection delay
2020-12-20 19:43:23 +01:00
304d0215b6
Use keychain service as item context
...
Primary key = (context, username)
2020-12-20 10:57:06 +01:00
6b8d88fef5
Consider last appearing DOMAIN option
2020-12-15 13:59:06 +01:00
7535458339
Parse domain option
2020-12-11 17:09:15 +01:00
44844cfd9c
Update API to access current Wi-Fi SSID
2020-11-21 19:10:58 +01:00
e098117bf1
Drop StandardVPNProvider class name
...
Had only renamed file, not class.
See 945bb1b9b7
2020-11-15 22:09:02 +01:00
945bb1b9b7
Fix context of StandardVPNProvider
...
Not generic, rather an OpenVPN implementation.
- Move to OpenVPN subspec
- Rename to OpenVPNProvider
- Depend OpenVPN on Manager
2020-11-15 21:12:53 +01:00
014f8aabbd
Make IV_UI_VER flag overridable
2020-06-29 16:31:20 +03:00
d3caa5c4ad
Set IV_PLAT based on current OS
2020-06-29 13:00:17 +03:00
a232af1100
Redefine generic Session.serverConfiguration()
...
For reuse in Session implementations.
2020-06-13 13:32:21 +02:00
6c3e667f80
Add a few missing nodoc
2020-06-13 13:31:15 +02:00
74ed3cb4cd
Move some initialization after logging configuration
...
Logging and masking were not configured at Credentials and
ConnectionStrategy initialization time, hence the missing log
entries from e.g. ConnectionStrategy.init().
2020-06-11 16:37:20 +02:00
1ff936895f
Improve logging of ConnectionStrategy
2020-06-11 16:22:45 +02:00
7a278dba69
Fix nullability of partitioned route
2020-05-23 17:07:59 +02:00
17cb2601be
Fix unused result warning
2020-05-23 17:05:46 +02:00
9095ea250e
Address concerns from Guido Vranken fuzzers ( #141 )
...
* 002: Assert return value of snprintf/getnameinfo
* 003: Address OOB reads on decrypted data
* 004: Handle boundary prefixes in .partitioned()
* 005: Fix OOB read in matchesDestination()
* 006: Fix parsing in netname6()
* 007: Fix incorrect use of sizeof()
* 008: Add safety checks in MSSFix()
* 009: Fix bad usage of minilzo calls
* Add checks after RoutingTableEntryAddress4/6
2020-05-16 15:10:07 +02:00
5285ba7aa8
Set reasserting to false if canRebindLink()
...
Code is currently disabled (canRebindLink() is hardcoded to false),
still it's good to stay consistent with semantics of
reasserting = false, i.e. "connection has become active again".
2020-05-09 15:01:11 +02:00
9b82d7f9ec
Evaluate reconnection without touching reasserting
...
Use a different variable to signal an upcoming reconnection. Make
sure that reasserting is never set to false with the meaning of
"do not reconnect", because doing so would trigger a transient
"connected" state in the VPN.
Reverts use of cancelTunnelWithError() in sessionDidStop.
2020-05-09 12:09:03 +02:00
93c24a96cf
Refactor with an error parameter in sessionDidStop
...
Both versions prevent clients from compiling, but this version
impacts less on existing codebase.
2020-05-09 12:09:03 +02:00
1cd00f9459
Call cancelTunnelWithError(_:) if a connection fails and won't be retried
2020-05-09 12:09:03 +02:00
c22bfb3edd
Set MTU value in Tunnel settings
2020-05-09 01:09:20 +02:00
1ceeb8ddbb
SAN host check ( #168 )
...
* Check if host is present in certificates SAN list
* Save .tlsServerHost error as .tlsServerVerification into last error
Co-authored-by: Davide De Rosa <keeshux@gmail.com>
2020-05-09 00:02:16 +02:00
753927f36b
Fix how NETunnelInterface handles IP protocol number
...
The IP protocol number passed to NEPacketTunnelFlow is determined per
packet based on the IP header, instead of determining it based on
whether IPv6 settings are available or not.
2020-05-06 09:37:24 +05:30
4bdf6b7006
Redefine endpoint strategy according to IPv4/6
2020-04-14 22:57:23 +02:00
6f235e9ea2
Handle IPv4/IPv6 variants in SocketType
2020-04-14 21:54:21 +02:00
ffe7fc0a0a
Continue instead of early return on unknown key id
2020-04-10 13:35:12 +02:00
a02857fdb9
Drop unused variable
2020-04-05 17:16:55 +02:00
311015950e
Shut down on server "RESTART" control message
...
Fixes #131
2020-02-29 19:23:26 +01:00
f6d915e6dd
Reset rather than nil out Authenticator
...
For reuse in control channel.
2020-02-29 19:11:15 +01:00
a7aa78141e
Update copyright clause
2020-01-11 09:26:41 +01:00
e3241f4f4d
Fix potential OOB during negotiation
...
Reported by @Grivus with SoftEther.
Closes #143
2019-12-22 16:31:57 +01:00
2c8c2d20f8
Add comment about read failure not shutting down
2019-12-12 20:37:10 +01:00
63aa4b42d7
Use .utility QoS for tunnel queue
...
Fixes #138
2019-12-12 18:34:24 +01:00
88a1bdac06
Schedule ping block even just for timeout check
...
In case keepAliveInterval is not set.
2019-12-12 18:34:20 +01:00
e6f2f3e85a
Send pings at regular schedules
...
Also fixes coalescing schedules.
2019-12-12 18:34:20 +01:00
2687dcf36e
Debug wake/sleep signals
2019-12-12 15:05:21 +01:00
8ae92d29db
Log details about ping schedule
2019-12-12 14:00:43 +01:00
5b0df2eada
Allow customization of debug log level
2019-12-12 09:42:48 +01:00
0f2bf8cf48
Fix non-existing variable in log
2019-12-12 09:34:08 +01:00
90c118a3d0
Warn about discarded received packets
2019-12-12 09:32:34 +01:00
66ae7973ae
Discard data with missing key, do not shut down
...
Probably more resilient to DoS.
2019-12-07 09:43:47 +01:00
8c4b0db301
Debug "reasserting" updates
2019-12-07 09:43:47 +01:00
13027b8932
Only require --ca and --cipher from clients
...
Not in a PUSH_REPLY, for example.
2019-11-20 19:48:40 +01:00
b1c11e3e56
Make --ca and --cipher non-optional in .ovpn
...
Dodge those annoying scenarios where server cipher is not set
and defaults to BF-CBC, whereas default TunnelKit cipher
is AES-128-CBC. And data channel stalls.
2019-11-20 01:07:39 +01:00
3a38b0da15
Log effective search domains
2019-10-25 19:08:44 +02:00
4e77f5b6b3
Parse multiple "dhcp-option DOMAIN" lines
2019-10-25 17:21:44 +02:00
645f65ccd0
Adjust Configuration.searchDomain to searchDomains
...
XXX: "breaks" search domains in existing VPN profiles. Reinstall
to fix.
2019-10-25 17:17:48 +02:00
495944297c
Merge pull request #126 from ThinkChaos/fix_pac_logging
...
Fix logging for Proxy Auto-Configuration (PAC)
2019-10-23 13:07:03 +02:00
e5a7a09b7f
Parse PAC from provider configuration
...
Not propagated to AppExtension.
2019-10-23 13:02:29 +02:00
7608ae2e3c
Expose server configuration via provider message
2019-10-23 10:27:51 +02:00
Davide De Rosa
Kirill Pahnev
Robert Patchett
Jose Blaya
Jaroslav_
Roopesh Chander
Johan Kool