Commit Graph

179 Commits

Author SHA1 Message Date
Davide De Rosa 7ce254be02
Extend WireGuard with DoH/DoT options (#314) 2023-03-19 08:22:30 +01:00
Davide De Rosa e0c0cc137f
Split DNS domain and search domains (#313) 2023-03-17 20:22:21 +01:00
Davide De Rosa 11ae9e4141
Delay tunnel disposal (#311)
Postpone reconnection due to on-demand trigger.
2023-03-17 20:20:44 +01:00
Davide De Rosa 48af81e414 Update CHANGELOG 2022-11-06 17:54:33 +01:00
Davide De Rosa 0d21731e12
Set includeAllNetworks for best-effort kill switch (#300)
* Update CHANGELOG

* Make kill switch an option
2022-10-30 09:07:17 +01:00
Davide De Rosa cae371bb40
Split IPv4/6 settings and routes (#298)
* Postpone setting route gateway

Resolve in NetworkSettingsBuilder.

* Store routes separately from IP*Settings

Parse as optionals to avoid empty arrays.

* Deprecate routes stored in IP*Settings

* Apply routes from new fields

* Update CHANGELOG
2022-10-29 12:24:28 +02:00
Davide De Rosa 703d1416ad
Deal with remote options properly (#297)
Some take over, some are merged.

Also:

- Drop non-existing DOMAIN-SEARCH dhcp-option

- Only first DNS domain was parsed
2022-10-29 11:00:39 +02:00
Davide De Rosa 7659057888
Parse IPv6 enpdoints properly (#294)
* Fix incorrect parsing of IPv6 address in endpoint

* Use better names for space-based regex extensions
2022-10-25 11:29:36 +02:00
Davide De Rosa 31db8ebb9d
Delegate network settings to ad-hoc builder (#292)
* Delegate network settings to ad-hoc builder

- Assert network settings nil or non-empty, NOT precondition

- Fix log about local DNS, only if not gateway

- Remove non-working block-local code

Fixes #289, fixes #290

* Unmask safe and helpful network settings
2022-10-25 08:58:34 +02:00
Davide De Rosa 17c272d733
Support --remote-random-hostname (#286) 2022-10-17 09:00:23 +02:00
Davide De Rosa 8df7e90c95 Update CHANGELOG 2022-10-12 22:39:21 +02:00
Davide De Rosa 080ee35e61
Replace continuations with natively async methods (#284) 2022-10-12 22:28:33 +02:00
Davide De Rosa a3822678cf
Support --route-nopull (#280)
* Parse --route-no-pull

When provided, pull everything except:

- Routes
- DNS
- Proxy

Implement with higher granularity compared to OpenVPN.

* Apply no-pull mask in tunnel settings

Pull server settings by default to match standard OpenVPN
behavior. Library was prioritizing client over server.

* Add link in CHANGELOG
2022-10-08 08:54:55 +02:00
Davide De Rosa a5ad04a0a6 Upgrade OpenSSL to 1.1.1q 2022-09-30 21:28:27 +02:00
Davide De Rosa ca378c4999
[ci skip] Set release date 2022-09-23 19:51:37 +00:00
Davide De Rosa 000fde0aa2 Update CHANGELOG 2022-09-23 16:16:48 +02:00
Davide De Rosa e12e0b3051 Make VPN public methods async
- With Swift Concurrency
- Raise targets to iOS 13 / macOS 10.15
2022-04-06 11:18:06 +02:00
Davide De Rosa f046bcd629 Add options to explicitly enable/disable DNS/proxy
DNS/proxy settings, when missing from configuration, fall back to
whatever the server pushes.

With isDNSEnabled/isProxyEnabled it's now possible to override this
behavior.
2022-03-26 17:22:45 +01:00
Davide De Rosa a7a7424257 Use WireGuardKit entities directly
No need to duplicate a well-written API.

- Offer convenience accessors in Configuration[Builder]
- Make Configuration init non-optional

Sanity checks are done in Builder with throws and decoded object
is always deemed valid.
2022-03-12 15:09:41 +01:00
Davide De Rosa 3741a17c20 Rewrite Manager package to make it stateless
In order to avoid chaos from multiple profiles, retain the
profile to be installed and remove all the other ones. Also,
make sure to do the removal AFTER install, as doing it
before would trigger the VPN permission alert again.

XXX: there is some weird behavior from NetworkExtension
occasionally sending notifications with a bogus NEVPNManager
object having a nil .localizedDescription and other properties set
to nonsensical values. Discard the notification when such an object
is identified.

Encapsulate extra NetworkExtension settings:

- passwordReference
- onDemandRules
- disconnectsOnSleep

Also:

- Only set on-demand if any rules are set
- Assume VPN is enabled even with on-demand disabled
- Use DataCount instead of raw Int pair

Attach useful information to VPN notifications:

- VPN isEnabled
- VPN status
- VPN command error
- Tunnel bundle identifier (if available)

Expose specific OpenVPN/WireGuard shared data via extensions in
UserDefaults/FileManager.

Finally, drop incomplete IKE support. No fit.
2022-03-12 10:35:39 +01:00
Davide De Rosa 133b4b2337 Replace hostname/endpointProtocols with remotes
Like official OpenVPN options.
2022-03-05 14:20:29 +01:00
Davide De Rosa 2bcd11fd7e Revisit WireGuard.Configuration
- Make Configuration Codable
- Expose WireGuard ConfigurationError
- Produce ConfigurationBuilder from Configuration
- Support multiple peers
- Make private key a requirement
2022-03-03 13:59:49 +01:00
Davide De Rosa c019cecbe0 Improve some things about OpenVPN.Configuration
- Treat empty passphrase as no passphrase
- Parse authentication requirement from --auth-user-pass
- Overload ConfigurationParser with String parameter
- Move OpenVPN fallbacks inline with builder

Give a withFallbacks: option to initialize basic fields rather
than leaving them nil.
2022-03-03 13:44:40 +01:00
Davide De Rosa 88544e4877
[ci skip] Set release date 2022-02-09 17:47:16 +00:00
Davide De Rosa 871e51517c Relax macOS target to 10.14
Requires updating OpenSSL package.
2022-02-02 23:24:29 +01:00
Davide De Rosa 430e0e6afb Handle --keepalive option 2022-01-04 09:21:45 +01:00
Davide De Rosa fda232edcb
Add WireGuard package (#236)
* Add WireGuard packages

- Use eduVPN script for WireGuardKitGo
- Wrap WireGuardKit entities into Configuration
- Split demo into OpenVPN/WireGuard controllers

* Rewrite README with multiple VPN protocols
2021-12-01 13:54:00 +01:00
Davide De Rosa b88f490b82 Set release date 2021-11-27 12:35:21 +01:00
Davide De Rosa 80fd2d99e1 Set release date 2021-11-25 13:00:10 +01:00
Davide De Rosa 7a85d3cac7
Restore and fix former PEM caching PR (#235)
This reverts commit 995009121a.

* Improve error handling

* Trust intermediate CA

* Update CHANGELOG
2021-11-25 12:36:17 +01:00
Davide De Rosa b6d3cdc3b1
Revert to OpenSSL (#233)
* Use an OpenSSL binary without Bitcode
* Restore TLS security level override
* Disable Bitcode completely in Demo
2021-11-24 16:40:19 +01:00
Davide De Rosa 333fc2f6ed Update CHANGELOG 2021-11-18 12:53:48 +01:00
Davide De Rosa 995009121a Revert "Avoid caching PEMs on disk (#213)"
This reverts commit 00d908cc89.
2021-11-18 12:05:06 +01:00
Davide De Rosa 29ff5a3772 Set release date 2021-11-16 11:56:49 +01:00
Davide De Rosa bc776eda85 Replace OpenSSL with BoringSSL from SwiftNIO SSL
- Raise iOS target to 13
- Drop support for TLS security level
- Address warnings about integer conversion (iOS)
2021-11-12 10:00:46 +01:00
Davide De Rosa 950f5503e3 Drop CocoaPods from README 2021-11-05 11:51:21 +01:00
Davide De Rosa 0978b973eb Update CHANGELOG
Fixes #210
2021-10-26 15:43:14 +02:00
Davide De Rosa 44a0624b10 Set release date 2021-10-18 12:01:17 +02:00
Davide De Rosa 942dcc48b1 Support native IKE providers (IPSec/IKEv2) 2021-10-18 11:33:45 +02:00
Roopesh Chander 00d908cc89
Avoid caching PEMs on disk (#213)
* TLSBox: Use OpenSSL calls that take in-memory cert / private key

* TLSBox: Add ability to compute MD5 hash for cert in memory

* OpenVPNSession: Remove disk caching of ca, cert and key

* Add test for computing MD5 hash for cert in memory

Co-authored-by: Davide De Rosa <keeshux@gmail.com>
2021-10-13 10:51:14 +02:00
Davide De Rosa 16c00410ed Update OpenSSL to 1.1.1l 2021-10-06 18:19:28 +02:00
Davide De Rosa 13b255623a Prepare for release
- Upgrade OpenSSL
- Set release date
2021-08-07 23:15:53 +02:00
Davide De Rosa 65774c9a09 Update CHANGELOG
Move XOR PR credits to README.
2021-07-22 10:55:57 +02:00
Davide De Rosa 194f74e126 Set release date 2021-07-18 22:53:40 +02:00
Davide De Rosa 7a6e97da36 Merge branch 'support-stub-v2' 2021-07-18 22:50:30 +02:00
Davide De Rosa a98943728f Relax handling of .ovpn whitespaces 2021-07-17 09:46:32 +02:00
Davide De Rosa 4dc3eeeeea Handle stub/stub-v2 as viable --compress arguments 2021-07-17 09:44:38 +02:00
Davide De Rosa 0a1f33823a Return error in install completion handler
Fixes #206
2021-07-02 11:23:58 +02:00
Davide De Rosa 68d7e08461 Update CHANGELOG 2021-06-26 11:13:51 +02:00
Davide De Rosa d03204589f Update + fix CHANGELOG 2021-03-02 15:00:40 +01:00