Commit Graph

173 Commits

Author SHA1 Message Date
Davide De Rosa 7ea088e4a1 Make peerInfo dynamic to add IV_CIPHERS
Fixes #193
2021-01-08 19:41:16 +01:00
Davide De Rosa 8e351f91b4 Set release date 2021-01-07 22:02:49 +01:00
Davide De Rosa c4b86506cf Update Demo and metadata 2021-01-03 17:47:48 +01:00
Davide De Rosa 3c2ed00c90 Set release date 2020-12-28 17:50:22 +01:00
Davide De Rosa 1966143fe9 Parse MTU from --tun-mtu 2020-12-28 13:07:19 +01:00
Davide De Rosa 304d0215b6 Use keychain service as item context
Primary key = (context, username)
2020-12-20 10:57:06 +01:00
Davide De Rosa 44844cfd9c Update API to access current Wi-Fi SSID 2020-11-21 19:10:58 +01:00
Davide De Rosa 5c4a4e39c8 Bump version to 3.0.0 2020-11-15 21:24:37 +01:00
Davide De Rosa cf3151788c Upgrade OpenSSL-Apple
- Apple Silicon
- OpenSSL as XCFramework
2020-11-15 21:12:53 +01:00
Davide De Rosa 11acbfcb96 Update CHANGELOG 2020-10-29 19:19:17 +01:00
Davide De Rosa 683617ddd4 Use active profile name in VPN configuration
Rather than "Passepartout", as seen in device settings.
2020-07-02 19:26:50 +02:00
Davide De Rosa 7d2184d205 Update CHANGELOG 2020-06-29 13:36:51 +02:00
Davide De Rosa 48dcad83e2 Fix tunnel bundle identifiers in Demo
Also fix past CHANGELOG.

Fixes #176
2020-06-13 13:24:35 +02:00
Davide De Rosa 1ff936895f Improve logging of ConnectionStrategy 2020-06-11 16:22:45 +02:00
Davide De Rosa e1e386c61a Update CHANGELOG 2020-05-20 00:50:55 +02:00
Davide De Rosa 2619036961 Set release date 2020-05-12 15:13:10 +02:00
Davide De Rosa fe697c2c56 Update CHANGELOG
And fix year of recent releases (was 2019).
2020-05-10 11:33:37 +02:00
Davide De Rosa 0d4fc503ec Update CHANGELOG 2020-05-09 12:12:27 +02:00
Jaroslav_ 1ceeb8ddbb
SAN host check (#168)
* Check if host is present in certificates SAN list

* Save .tlsServerHost error as .tlsServerVerification into last error

Co-authored-by: Davide De Rosa <keeshux@gmail.com>
2020-05-09 00:02:16 +02:00
Davide De Rosa 56eda2720e Fix CHANGELOG format 2020-05-08 23:50:03 +02:00
Davide De Rosa 60213bafb8 Fix and improve #169
- Use constants
- Check packet length for OOB read
- Replace assertion with logging
2020-05-08 21:01:36 +02:00
Davide De Rosa 60e6bcdba8 Update OpenSSL to 1.1.1g
Fixes #166
2020-04-21 22:03:08 +02:00
Davide De Rosa 7ba022527c Update CHANGELOG and README 2020-04-19 02:33:44 +02:00
Davide De Rosa 735c1fd7fd Update CHANGELOG 2020-04-18 17:11:39 +02:00
Davide De Rosa d24fe30c7e Update CHANGELOG 2020-04-15 11:22:54 +02:00
Davide De Rosa e8f3d74894 Update CHANGELOG
Fixes #153
2020-04-14 22:57:23 +02:00
Davide De Rosa af9f7f8165 Update CHANGELOG 2020-04-13 17:53:10 +02:00
Davide De Rosa deff855bbc Fix pointers to local buffers 2020-04-05 17:30:17 +02:00
Davide De Rosa 8825a4e9c8 Update CHANGELOG 2020-02-29 19:26:43 +01:00
Davide De Rosa e3241f4f4d Fix potential OOB during negotiation
Reported by @Grivus with SoftEther.

Closes #143
2019-12-22 16:31:57 +01:00
Davide De Rosa 6ae741a310 Refine CHANGELOG
Issue #138 not really fixed, Apple feedback needed.
2019-12-14 10:14:27 +01:00
Davide De Rosa db787268a2 Update CHANGELOG 2019-12-12 18:37:16 +01:00
Davide De Rosa a65682a89a Update CHANGELOG 2019-12-11 16:44:04 +01:00
Davide De Rosa b1c11e3e56 Make --ca and --cipher non-optional in .ovpn
Dodge those annoying scenarios where server cipher is not set
and defaults to BF-CBC, whereas default TunnelKit cipher
is AES-128-CBC. And data channel stalls.
2019-11-20 01:07:39 +01:00
Davide De Rosa 907c8ec00c Set release date
Fixes #123
2019-11-03 03:46:04 +01:00
Davide De Rosa 9c92d1d567 Upgrade OpenSSL to 1.1.1d 2019-11-02 00:21:51 +01:00
Davide De Rosa eabcf39f35 Upgrade OpenSSL to 1.1.0l 2019-10-28 11:11:49 +01:00
Davide De Rosa 4d930d3562 Update CHANGELOG
Fixes #127
2019-10-25 19:08:44 +02:00
Davide De Rosa 74ec321946 Update CHANGELOG 2019-10-22 22:01:04 +02:00
Davide De Rosa 98b9d71eb3 Assume VPN gateway when route gw is "vpn_gateway" 2019-10-22 13:53:36 +02:00
Davide De Rosa 920a84f952 Update CHANGELOG 2019-10-22 11:02:51 +02:00
Davide De Rosa 9619d21d15 Add missing changelog for 2.0.5 2019-09-30 10:28:57 +02:00
Davide De Rosa 93ac2442b3 Set release date 2019-09-06 23:19:52 +02:00
Davide De Rosa 1ab045e413 Update CHANGELOG
Fixes #106
2019-08-23 09:15:59 +02:00
Davide De Rosa a893504b5f Set release date 2019-07-27 00:14:44 +02:00
Davide De Rosa 3577674fd2 Update CHANGELOG
Fixes #104
2019-07-26 23:26:51 +02:00
Davide De Rosa ca517b3075 Add missing changelogs of recent 2.x versions 2019-07-26 21:14:23 +02:00
Davide De Rosa a7a912a0d8 Update CHANGELOG 2019-07-11 18:45:39 +02:00
Davide De Rosa 1dcf4d7745 Shut down abruptly to work around macOS bug
Fixes #111
2019-07-07 23:36:06 +02:00
Davide De Rosa e4f60ddd3a Update GitHub URL in CHANGELOG 2019-05-14 11:17:18 +02:00
Davide De Rosa 05d12a22d1 Update CHANGELOG 2019-05-14 11:16:56 +02:00
Davide De Rosa 97f178cdac Tolerate weak certificates
Lower SSL security level.

Fixes #97
2019-05-05 17:51:24 +02:00
Davide De Rosa 037f08ed62 Retry auth once without local options
Hack around picky server implementations.

Fixes #95
2019-05-01 11:14:52 +02:00
Davide De Rosa 2b41264e48 Set release date 2019-05-01 11:13:27 +02:00
Davide De Rosa ebabf02eb5 Fix DNS in VPN when not default gateway
Awful API requires .matchDomains = [""]

Fixes #94
2019-04-28 10:39:55 +02:00
Davide De Rosa 53c393f2d7 Update CHANGELOG
Fixes #91
2019-04-27 18:24:48 +02:00
Davide De Rosa 212ef481dc Upgrade OpenSSL to 1.1.0j 2019-04-27 10:01:09 +02:00
Davide De Rosa 6fb409b112 Drop UDP packets on no buffer space available
Tolerate only on data channel. Control channel should never reach
high speeds.

Fixes #87
2019-04-25 17:29:10 +02:00
Davide De Rosa b8cd969a1a Fall back to configurable preset DNS servers
Default to CloudFlare 1.1.1.1

Hard time making it work with system DNS servers. Retry later.
2019-04-25 17:18:28 +02:00
Davide De Rosa f95d9ae551 Update CHANGELOG
Fixes #90
2019-04-25 16:02:19 +02:00
Davide De Rosa ef5180a4ed Set tls-auth/crypt timestamp once
Packets rejected due to replay protection.

Fixes #88
Fixes #61
2019-04-23 23:07:32 +02:00
Davide De Rosa c565e32dcd Add "dev-type tun" to local options
Plus other hardcoded options like key-method and tls-client.

Seems that older OpenVPN servers didn't send routing info in
PUSH_REPLY if dev-type is not specified explicitly.

Fixes #86
2019-04-18 13:10:57 +02:00
Davide De Rosa e7a5ce062e Update CHANGELOG 2019-04-17 09:25:49 +02:00
Davide De Rosa 80f5a3250d Update CHANGELOG 2019-04-17 00:26:56 +02:00
Davide De Rosa 322242de5c Fix malformed key generation message
Make nullTerminated argument explicit, easier to debug.

Fixes #67
2019-04-13 23:55:18 +02:00
Davide De Rosa 904e7bae21 Apply proxy settings if present
Fixes #74
2019-04-12 08:21:04 +02:00
Davide De Rosa 3fe9c6de6d Make hostname optional in ConnectionStrategy
Assume preferring resolved addresses.
2019-04-09 20:34:03 +02:00
Davide De Rosa f4683bd337 Update CHANGELOG 2019-04-08 23:28:19 +02:00
Davide De Rosa 604f76320d Set release date 2019-04-06 16:57:56 +02:00
Davide De Rosa 79850575e9 Update CHANGELOG 2019-04-03 13:34:08 +02:00
Davide De Rosa 46fb871375 Update CHANGELOG 2019-04-02 01:04:46 +02:00
Davide De Rosa 559bb6607c Add and test PKCS#8 decryption
Fixes #80
2019-04-02 00:34:23 +02:00
Davide De Rosa 60345f2964 Set release date 2019-04-01 10:01:38 +02:00
Davide De Rosa 93a7729425 Set Swift 5 in docs 2019-03-30 23:21:11 +01:00
Davide De Rosa 44fb5a5b48 Track data count in shared UserDefaults
Default disabled (dataCountInterval = 0).
2019-03-30 19:56:26 +01:00
Davide De Rosa d03f1bd9af Fix checksEKU not propagated to TunnelKitProvider 2019-03-26 00:37:35 +01:00
Davide De Rosa 39a4c33f43 Set release date 2019-03-25 21:20:04 +01:00
Davide De Rosa b5b68474af Update CHANGELOG and README
Fixes #72
2019-03-25 20:30:32 +01:00
Davide De Rosa 3e2c9ad7ba Update CHANGELOG 2019-03-25 15:53:26 +01:00
Davide De Rosa c93461b153 Send explicit exit notification if UDP
Implement --explicit-exit-notify by default.

Fixes #29
2019-03-20 17:57:56 +01:00
Davide De Rosa a31ad09711 Set release date 2019-03-20 16:47:09 +01:00
Davide De Rosa 40458ebf5f Update CHANGELOG 2019-03-20 09:08:35 +01:00
Davide De Rosa a238c2c806 Update CHANGELOG 2019-03-19 16:19:01 +01:00
Davide De Rosa a15fae2993 Set release date 2019-03-18 18:45:56 +01:00
Davide De Rosa 08b04c8e02 Fix not propagated checksEKU flag 2019-03-18 17:27:48 +01:00
Davide De Rosa 147cbb8376 Bump version and update CHANGELOG 2019-03-08 13:37:09 +01:00
Davide De Rosa fc26b4f1c5 Update CHANGELOG 2019-03-05 10:43:20 +01:00
Davide De Rosa 86420ba8ea Shut down on compressed data packet
Re-inforce #65 at the data path level. Should now cover all
compression scenarios.
2019-02-28 17:16:14 +01:00
Davide De Rosa f67b33bf56 Set release date 2019-02-25 23:46:46 +01:00
Davide De Rosa 068d05b82f Update CHANGELOG 2019-02-25 23:35:38 +01:00
Davide De Rosa 78ac025e97 Add PR link to CHANGELOG 2019-02-25 23:18:42 +01:00
Davide De Rosa 3aadaf0186 Shut down when server pushes compression enabled 2019-02-25 23:01:21 +01:00
Davide De Rosa d4b70cd3bd Update CHANGELOG 2019-02-25 11:16:26 +01:00
Davide De Rosa 0e891a1029 Fix OpenSSL version in pod and podspec
And bump spec to 1.4.1
2019-02-23 23:19:06 +01:00
Davide De Rosa e12240f33a Update CHANGELOG 2019-01-05 22:54:21 +01:00
Davide De Rosa 7179d6471c Upgrade demo code to TunnelKit 1.4.0
Fixes #52
2018-12-04 20:26:17 +01:00
Davide De Rosa 62c9b98092 Update CHANGELOG 2018-11-17 18:02:32 +01:00
Davide De Rosa 61345a2dbe Update CHANGELOG 2018-11-10 11:16:20 +01:00
Davide De Rosa 698112e220 Set release date 2018-11-08 00:00:06 +01:00
Davide De Rosa 9cf97250f3 Update CHANGELOG 2018-11-05 20:28:21 +01:00