Davide De Rosa
13027b8932
Only require --ca and --cipher from clients
...
Not in a PUSH_REPLY, for example.
2019-11-20 19:48:40 +01:00
Davide De Rosa
b1c11e3e56
Make --ca and --cipher non-optional in .ovpn
...
Dodge those annoying scenarios where server cipher is not set
and defaults to BF-CBC, whereas default TunnelKit cipher
is AES-128-CBC. And data channel stalls.
2019-11-20 01:07:39 +01:00
Davide De Rosa
4ced1c499d
Use modern structure for notifications
2019-11-02 11:32:16 +01:00
Davide De Rosa
3a38b0da15
Log effective search domains
2019-10-25 19:08:44 +02:00
Davide De Rosa
4e77f5b6b3
Parse multiple "dhcp-option DOMAIN" lines
2019-10-25 17:21:44 +02:00
Davide De Rosa
645f65ccd0
Adjust Configuration.searchDomain to searchDomains
...
XXX: "breaks" search domains in existing VPN profiles. Reinstall
to fix.
2019-10-25 17:17:48 +02:00
Davide De Rosa
495944297c
Merge pull request #126 from ThinkChaos/fix_pac_logging
...
Fix logging for Proxy Auto-Configuration (PAC)
2019-10-23 13:07:03 +02:00
Davide De Rosa
e5a7a09b7f
Parse PAC from provider configuration
...
Not propagated to AppExtension.
2019-10-23 13:02:29 +02:00
Davide De Rosa
dcac7cb2d4
Fix hidden IPv4Settings fields
2019-10-23 10:55:37 +02:00
Davide De Rosa
7608ae2e3c
Expose server configuration via provider message
2019-10-23 10:27:51 +02:00
ThinkChaos
907bbe20ae
Fix logging for Proxy Auto-Configuration (PAC)
2019-10-23 01:08:39 +02:00
Davide De Rosa
7d0cba8df8
Merge pull request #125 from ThinkChaos/proxy_auto_conf
...
Add Proxy Auto-Configuration (PAC) support
2019-10-22 21:55:29 +02:00
ThinkChaos
26d7b9fe0f
Address review comments
2019-10-22 21:03:25 +02:00
Davide De Rosa
98b9d71eb3
Assume VPN gateway when route gw is "vpn_gateway"
2019-10-22 13:53:36 +02:00
Davide De Rosa
eb09493882
Merge pull request #122 from rob-patchett/ping-timeout
...
Allow keep-alive timeout to be configured by the server or client
2019-10-22 10:51:27 +02:00
Robert Patchett
87cb448d12
Fix comment typo
2019-10-22 10:43:57 +02:00
ThinkChaos
c6cb5a646a
Add Proxy Auto-Configuration (PAC) support
2019-10-21 21:47:45 +02:00
Robert Patchett
bdf34f8882
Set tunnel provider's reasserting to false after the system starts using the tunnel
2019-10-17 14:23:16 +02:00
Robert Patchett
55f7e64f19
Allow keep alive timeout to be configured by the server or client
2019-09-30 11:54:29 -07:00
Davide De Rosa
d22f40f7e9
Fix potential OOB in memcmp()
2019-09-17 23:41:35 +02:00
Davide De Rosa
d815f5222f
Change var to let
...
Xcode no more signals wrong side-effect in withUnsafeBytes.
2019-09-17 16:09:09 +02:00
Davide De Rosa
e0ab2a1ddb
Disconnect if HARD_RESET received while SOFT_RESET
...
Bad condition for .staleSession
Fixes #120
See 0f2234f1d1
2019-09-03 00:27:54 +02:00
Davide De Rosa
de21adfef6
Beware of execution queue in write callbacks
...
self.link was not checked against in tunnel queue.
2019-08-23 09:15:59 +02:00
Davide De Rosa
6b281711c7
Ignore errors from outdated link writes
...
Prevents async delegation after cleanup.
2019-08-23 09:15:57 +02:00
Davide De Rosa
a4333eaafe
Revert ENOBUFS mitigation, do disconnect instead
...
Reverts #87 "fix"
2019-07-26 21:14:57 +02:00
Davide De Rosa
aefeb252b3
Do not defer stop more than once
...
May cause multiple delegation and queue deadlock when a
reconnection is scheduled to trigger.
Fixes #106
2019-07-09 14:09:02 +02:00
Davide De Rosa
2c56a8ea95
Send PUSH_REQUEST immediately after auth
...
First call would always fail otherwise.
2019-07-09 12:40:10 +02:00
Davide De Rosa
40139cbef0
Replace key flag with session-wide isRenegotiating
...
Prevent new if one in progress.
Fixes #105
2019-07-09 12:17:12 +02:00
Davide De Rosa
0f2234f1d1
Assume stale session if server sends HARD_RESET
...
When unsolicited.
2019-07-09 11:42:12 +02:00
Davide De Rosa
1dcf4d7745
Shut down abruptly to work around macOS bug
...
Fixes #111
2019-07-07 23:36:06 +02:00
Davide De Rosa
b04f7f20d4
Log info about DNS servers in use
2019-07-03 19:04:53 +02:00
Davide De Rosa
eb56a9a56c
Optimize [Data].flatCount
2019-06-05 14:14:15 +02:00
Davide De Rosa
2ddf712176
Update jazzy YAML
2019-05-24 16:04:19 +02:00
Davide De Rosa
be1081aad6
Nest subspecs by purpose
...
- Protocols
- Extra
2019-05-24 16:02:59 +02:00
Davide De Rosa
21eee24e7c
Add missing documentation
2019-05-24 16:02:06 +02:00
Davide De Rosa
72ce14b676
Make AppExtension entities public
2019-05-24 16:02:06 +02:00
Davide De Rosa
3edd00b2da
Drop deprecated endpointProtocols
2019-05-24 10:59:20 +02:00
Davide De Rosa
185f0707cf
Move OpenVPN configuration part on top
2019-05-24 10:59:20 +02:00
Davide De Rosa
1f8c51c126
Parse OpenVPN.Configuration from defaults
2019-05-24 10:59:20 +02:00
Davide De Rosa
5561c7adc6
Group OpenVPN.Configuration funcs into extension
...
- with (creation)
- store (convert to dict)
- print (log)
2019-05-24 10:54:25 +02:00
Davide De Rosa
a85404e951
Rename provider class to OpenVPNTunnelProvider
2019-05-24 10:41:30 +02:00
Davide De Rosa
9445b825d0
Make AppExtension generic
...
- Make AppExtension a standalone util subspec
- Move OpenVPN tunnel provider to OpenVPN subspec
- Move Utils to Core subspec
- Depend OpenVPN on Core + AppExtension
2019-05-24 10:41:26 +02:00
Davide De Rosa
b6da3f2d13
Rename proxy to session
...
According to SessionProxy -> OpenVPNSession.
2019-05-19 15:56:44 +02:00
Davide De Rosa
8be0f14aa9
Move PRNG initialization to namespace level
2019-05-19 15:52:55 +02:00
Davide De Rosa
d057e9645b
Restore AppExtension with recent changes
2019-05-19 15:50:12 +02:00
Davide De Rosa
6ebf025859
Take Session protocol out of OpenVPNSession
...
Fix some doc.
2019-05-19 15:08:43 +02:00
Davide De Rosa
313d076ddf
Move Error extension to Core
2019-05-19 14:34:27 +02:00
Davide De Rosa
c4a84a5ade
Prefix top-level entities with OpenVPN*
2019-05-19 14:34:23 +02:00
Davide De Rosa
9c7ae47679
Make SessionProxy* top level
...
Drop redundant SessionReply.
2019-05-19 14:17:18 +02:00
Davide De Rosa
465e08e42f
Wrap OpenVPN entities in pseudonamespace
...
Temporarily exclude AppExtension and tests.
2019-05-19 14:05:02 +02:00
Davide De Rosa
50d492096f
Move a few generic entities to Core
...
- IPv4Settings
- IPv6Settings
- Proxy
- EndpointProtocol (Codable)
2019-05-19 12:40:20 +02:00
Davide De Rosa
930f05c984
Move OpenVPN timeouts out of Core
2019-05-19 12:39:51 +02:00
Davide De Rosa
5b81aa6a78
Drop "Box" from error codes
2019-05-19 12:22:32 +02:00
Davide De Rosa
9da7fa9667
Split Core into Core+OpenVPN
...
Two Obj-C modules:
- __TunnelKitCore
- __TunnelKitOpenVPN
Seems the only way to do it in multiple module maps.
Move OpenVPN specifics out of CoreConfiguration.
2019-05-19 12:22:32 +02:00
Davide De Rosa
491092f2a3
Drop extra header lines
2019-05-19 12:21:44 +02:00
Davide De Rosa
21b67fd9ff
Make CoreConfiguration a class for bundle lookup
2019-05-19 11:36:26 +02:00
Davide De Rosa
470c50b037
Return just <masked> when masked description
...
Why bother with useless hashes?
2019-05-19 11:36:26 +02:00
Davide De Rosa
d19e029131
Use guard
2019-05-19 11:36:26 +02:00
Davide De Rosa
713a46d817
Update GitHub URL
...
Move to passepartoutvpn org.
2019-05-14 10:58:47 +02:00
Davide De Rosa
7cbcfcd264
Fix condition for SOFT_RESET
...
May receive multiple packets while handling in progress.
2019-05-13 12:15:44 +02:00
Davide De Rosa
d06b2e1928
Shut down if no default gateway
2019-05-11 17:40:46 +02:00
Davide De Rosa
5ce49953a0
Assume empty policies to override server settings
...
Empty != nil. When nil, pull from server.
2019-05-11 16:33:49 +02:00
Davide De Rosa
43c70b2673
Refine logging of some configuration
...
Log about routing entries.
2019-05-11 14:54:25 +02:00
Davide De Rosa
ff0dfc450c
Get TLS security level via AppExtension
...
Improves #97
2019-05-08 16:16:30 +02:00
Davide De Rosa
3a136bdce9
Make TLS security level an option
...
Default level by default.
2019-05-08 16:10:35 +02:00
Davide De Rosa
82f0431303
Take optional securityLevel field in TLSBox
2019-05-08 15:54:05 +02:00
Davide De Rosa
97f178cdac
Tolerate weak certificates
...
Lower SSL security level.
Fixes #97
2019-05-05 17:51:24 +02:00
Davide De Rosa
273007cc59
Copy route.h from macOS
...
Missing on iOS.
2019-05-03 15:14:25 +02:00
Davide De Rosa
a693075e90
Block LAN when redirect-gateway block-local
...
Fixes #81
2019-05-03 15:14:25 +02:00
Davide De Rosa
13cae06a49
Add method to partition a subnet
2019-05-03 15:14:25 +02:00
Davide De Rosa
03a1eb2203
Return IPv4 network mask for a route
2019-05-03 15:14:25 +02:00
Davide De Rosa
4295e63c98
Read relevant routing table
2019-05-03 15:14:25 +02:00
Davide De Rosa
d44d08c95e
Retain self weakly for shutdown on timeout
2019-05-02 13:13:43 +02:00
Davide De Rosa
1430241b0c
Do not fake BF-CBC, pleae
2019-05-01 23:18:54 +02:00
Davide De Rosa
037f08ed62
Retry auth once without local options
...
Hack around picky server implementations.
Fixes #95
2019-05-01 11:14:52 +02:00
Davide De Rosa
14b7f08fb5
Use strict ordering in local options
...
And add TLS wrapping.
2019-05-01 11:14:38 +02:00
Davide De Rosa
7389d72f1f
Fix mutable SessionProxy.Configuration
2019-05-01 11:14:38 +02:00
Davide De Rosa
f799f47c25
Add direct routes to DNS servers
...
If VPN is not default gateway.
Further fix of #94
2019-04-28 15:51:16 +02:00
Davide De Rosa
0b72a30cdd
Add full set of CloudFlare DNS servers
2019-04-28 10:56:39 +02:00
Davide De Rosa
ebabf02eb5
Fix DNS in VPN when not default gateway
...
Awful API requires .matchDomains = [""]
Fixes #94
2019-04-28 10:39:55 +02:00
Davide De Rosa
b331e3cfe6
Mask fallback DNS servers
...
Comment about fallback DNS being public
2019-04-28 10:39:25 +02:00
Davide De Rosa
7978398e1e
Fix logging of routing policies
2019-04-27 22:55:20 +02:00
Davide De Rosa
0ee39c8fb0
Extend handling of redirect-gateway flags
...
- def1 (IPv4)
- ipv6 (IPv6)
- !ipv4 (IPv6 only)
2019-04-27 22:55:20 +02:00
Davide De Rosa
155bd5f1e7
Revert def1 trick
...
Not needed, routes are not persistent.
Revert 7d26323d3f
2019-04-27 22:55:19 +02:00
Davide De Rosa
7d26323d3f
Use OpenVPN trick to retain default gateway
...
Override default gateway with 2 split routes.
- IPv4: 0.0.0.0/1, 128.0.0.0/1
- IPv6: 2000::/4, 3000::/4
2019-04-27 22:29:51 +02:00
Davide De Rosa
3505f68b04
Revert DNS merge
...
Revert 1d3660459e
2019-04-27 18:25:08 +02:00
Davide De Rosa
a48bcc7261
Decrypt generic EVP private key
...
Why PKCS#8?
2019-04-27 10:54:32 +02:00
Davide De Rosa
e0c06ece18
Drop extra EVP_PKEY_free call
2019-04-27 10:44:08 +02:00
Davide De Rosa
6fb409b112
Drop UDP packets on no buffer space available
...
Tolerate only on data channel. Control channel should never reach
high speeds.
Fixes #87
2019-04-25 17:29:10 +02:00
Davide De Rosa
b8cd969a1a
Fall back to configurable preset DNS servers
...
Default to CloudFlare 1.1.1.1
Hard time making it work with system DNS servers. Retry later.
2019-04-25 17:18:28 +02:00
Davide De Rosa
31d9019f1a
Read system-wide DNS servers
...
Add libresolv to podspec.
2019-04-25 16:36:16 +02:00
Davide De Rosa
1d3660459e
Merge local and remote DNS servers
...
- Local first
- Remote last
2019-04-25 16:18:54 +02:00
Davide De Rosa
82394e0433
Skip DNS settings if no servers are provided
2019-04-25 16:18:54 +02:00
Davide De Rosa
4ce2d78c5a
Adjust log of routing policies
...
Consistent with print configuration.
2019-04-25 16:18:52 +02:00
Davide De Rosa
1b0c9979ce
Log "default" DNS when servers are empty
2019-04-25 16:09:04 +02:00
Davide De Rosa
3f37489c13
Handle pushed routing policies
2019-04-25 16:02:19 +02:00
Davide De Rosa
7382616e8b
Parse routing policies for TunnelKitProvider
2019-04-25 14:39:47 +02:00
Davide De Rosa
f9f642b64e
Set as default gateway based on routing policies
...
Also fix IPv6 routes not properly set.
2019-04-25 14:39:40 +02:00
Davide De Rosa
224a76ac58
Parse --redirect-gateway from configuration
...
FIXME: for now only redirects ALL traffic when the option is found
in the configuration file, whatever the arguments.
Also drop unnecessary base options in tests as everything was made
optional recently.
2019-04-25 14:39:23 +02:00
Davide De Rosa
1b8647bcac
Convert PacketSteram to Obj-C
...
For better TCP efficiency.
2019-04-25 12:42:29 +02:00