Davide De Rosa
707db2c6de
Add keydir to local options
2019-04-20 17:20:45 +02:00
Davide De Rosa
9b8be02c2a
Shut down when no IPv4/6 routing available
...
Would fake-connect without VPN icon otherwise.
2019-04-19 09:45:15 +02:00
Davide De Rosa
c565e32dcd
Add "dev-type tun" to local options
...
Plus other hardcoded options like key-method and tls-client.
Seems that older OpenVPN servers didn't send routing info in
PUSH_REPLY if dev-type is not specified explicitly.
Fixes #86
2019-04-18 13:10:57 +02:00
Davide De Rosa
95ba9dacdb
Fix typo
2019-04-18 12:02:23 +02:00
Davide De Rosa
887e2ae55d
Consider stale if HARD_RESET while connected
...
Was disconnecting when more than one HARD_RESET_SERVER was
received during negotiation.
2019-04-17 09:24:16 +02:00
Davide De Rosa
233aa02169
Add FIXME for default DNS from network interface
2019-04-17 00:50:53 +02:00
Davide De Rosa
b199064b94
Only override domain if non-nil
2019-04-17 00:50:53 +02:00
Davide De Rosa
28fd80f4e0
Treat empty DNS servers as nil
...
Empty local DNS array was pretty much hiding server-pushed DNS.
2019-04-17 00:50:53 +02:00
Davide De Rosa
6fd6d228bf
Loop pulling plain text from TLS
...
There might be more data to read.
Fixes #71 , #73
2019-04-17 00:18:02 +02:00
Davide De Rosa
88cd62064a
Handle continuation in PUSH_REPLY
2019-04-16 23:59:56 +02:00
Davide De Rosa
380ac2beac
Throw to exit PUSH_REPLY parsing on continuation
2019-04-16 23:59:56 +02:00
Davide De Rosa
23b6e3b98e
Relax negotiation timeouts
2019-04-16 23:59:56 +02:00
Davide De Rosa
d097afccdc
Resend PUSH_REQUEST every 2 seconds
...
Regardless of link reliability.
2019-04-16 23:43:33 +02:00
Davide De Rosa
ad964e2041
Send local options with authentication
...
Fixes some obsolete servers requiring cipher keysize.
2019-04-15 17:37:57 +02:00
Davide De Rosa
322242de5c
Fix malformed key generation message
...
Make nullTerminated argument explicit, easier to debug.
Fixes #67
2019-04-13 23:55:18 +02:00
Davide De Rosa
0a956f5b9f
Handle dhcp-option PROXY_BYPASS
2019-04-13 19:23:02 +02:00
Davide De Rosa
b118030d43
Enable both HTTP and HTTPS proxies
2019-04-13 17:55:08 +02:00
Davide De Rosa
904e7bae21
Apply proxy settings if present
...
Fixes #74
2019-04-12 08:21:04 +02:00
Davide De Rosa
ef9f3c6d0a
Parse proxies into AppExtension configuration
2019-04-12 08:21:04 +02:00
Davide De Rosa
5fb70b5bab
Parse dhcp-option PROXY_HTTP* into Configuration
2019-04-12 08:10:47 +02:00
Davide De Rosa
26cec205a7
Move builder() to extension
2019-04-11 16:46:52 +02:00
Davide De Rosa
5df614b5e2
Fix incomplete builder() from Configuration
...
Adding a Configuration field is error-prone beyond reason...
2019-04-11 15:30:14 +02:00
Davide De Rosa
914864c31a
Infer serverAddress from sessionConfiguration
2019-04-09 20:45:28 +02:00
Davide De Rosa
3fe9c6de6d
Make hostname optional in ConnectionStrategy
...
Assume preferring resolved addresses.
2019-04-09 20:34:03 +02:00
Davide De Rosa
9f358d6326
Accept nil cipher/digest in AppExtension
...
Reorganize code for clarity.
2019-04-07 08:35:40 +02:00
Davide De Rosa
3717136bd9
Move EndpointProtocol Codable to Core spec
2019-04-05 00:46:45 +02:00
Davide De Rosa
5e2f9b59f1
Rename ParsingResult to Result
...
No need to prefix an inner class.
2019-04-04 19:22:22 +02:00
Davide De Rosa
7333ea226c
Document ignored settings client-side
2019-04-04 18:51:06 +02:00
Davide De Rosa
8394fd0676
Rely on default ConfigurationBuilder.init()
2019-04-04 18:51:06 +02:00
Davide De Rosa
55534df6fa
Work around cipher/digest/framing issues
...
- Make them optional
- Set default values inside SessionProxy
Fallback is not needed anywhere else.
2019-04-04 18:51:06 +02:00
Davide De Rosa
0d86bd20b6
Expose ConfigurationBuilder.init()
2019-04-04 18:51:06 +02:00
Davide De Rosa
4dc9539260
Rename OptionsError to ConfigurationError
2019-04-04 18:51:06 +02:00
Davide De Rosa
a2250686b6
Merge OptionsBundle into Configuration
...
FIXME: issues with non-optional .cipher and .compressionFraming
Because:
- No pushed cipher (nil) is NOT .aes128cbc
- No pushed framing (nil) is NOT .disabled
Breaks conditions on pushed cipher/framing via PUSH_REPLY.
2019-04-04 18:51:06 +02:00
Davide De Rosa
cfe61d5d40
Retain .endpointProtocols for migration
...
For deserialization of old format.
2019-04-04 13:10:33 +02:00
Davide De Rosa
7aec0637b2
Move endpoints inside SessionProxy.Configuration
...
Make optional.
TunnelKitProvider still gets hostname from .serverAddress rather
than SessionProxy.Configuration
Also drop useless Equatable implementations.
2019-04-04 13:09:50 +02:00
Davide De Rosa
e8396ec2cd
Parse search domain from configuration
...
Fixes #77
2019-04-03 14:29:09 +02:00
Davide De Rosa
370e68aa3f
Parse search domain from dhcp-option DOMAIN
2019-04-03 14:29:09 +02:00
Davide De Rosa
fe2ad52df0
Document OptionsBundle
...
Move most from SessionProxy.Configuration.
2019-04-03 13:34:08 +02:00
Davide De Rosa
f9ae3412a5
Move malformed error out of unrelated SessionError
...
Also give more detail about the reason.
2019-04-03 13:20:49 +02:00
Davide De Rosa
42232804ca
Rename file to public entity
2019-04-03 13:19:47 +02:00
Davide De Rosa
49c805af52
Fix a few isHandled
...
Skip to exclude from strippedLines.
2019-04-03 13:19:47 +02:00
Davide De Rosa
9876c81de5
Parse PUSH_REPLY options in OptionsBundle
...
- auth-token
- peer-id
- Routing
Reorganize options by semantic.
Reuse OptionsBundle in PushReply.
2019-04-03 13:19:21 +02:00
Davide De Rosa
b9b9c4db60
Parse basic options in OptionsBundle
...
- Handle isEncrypted inside CryptoContainer
- Rename ParsingError to OptionsError
Reuse OptionsBundle in ConfigurationParser.
2019-04-03 13:19:16 +02:00
Davide De Rosa
e7dadefabb
Generalize cipher regex
2019-04-03 12:20:53 +02:00
Davide De Rosa
d72b583900
Improve parsing of PUSH_REPLY prefix
2019-04-03 12:20:53 +02:00
Davide De Rosa
27901c991b
Skip deinit documentation
2019-04-02 19:18:23 +02:00
Davide De Rosa
ccb6329f05
Don't parse a block begin while inside a block
...
If a PEM contained anything like <foobar>, the parser was doomed.
Fixes #78
2019-04-02 19:07:48 +02:00
Davide De Rosa
11fd418f82
Extend encrypted private key quick test
...
Test .ovpn didn't use an PKCS#8 key due to a slip-up. Fixing it
unveiled that isEncrypted returned false for PKCS#8 keys.
Fixes #80
2019-04-02 11:41:18 +02:00
Davide De Rosa
22f80735ca
Strip certificate preamble
...
Fixes #78
2019-04-02 00:55:58 +02:00
Davide De Rosa
def622506b
Check PKCS#1 via "Proc-Type" presence instead
2019-04-02 00:37:52 +02:00