Johan Kool
ffe7fc0a0a
Continue instead of early return on unknown key id
2020-04-10 13:35:12 +02:00
Davide De Rosa
deff855bbc
Fix pointers to local buffers
2020-04-05 17:30:17 +02:00
Davide De Rosa
a02857fdb9
Drop unused variable
2020-04-05 17:16:55 +02:00
Davide De Rosa
311015950e
Shut down on server "RESTART" control message
...
Fixes #131
2020-02-29 19:23:26 +01:00
Davide De Rosa
f6d915e6dd
Reset rather than nil out Authenticator
...
For reuse in control channel.
2020-02-29 19:11:15 +01:00
Davide De Rosa
a7aa78141e
Update copyright clause
2020-01-11 09:26:41 +01:00
Davide De Rosa
e3241f4f4d
Fix potential OOB during negotiation
...
Reported by @Grivus with SoftEther.
Closes #143
2019-12-22 16:31:57 +01:00
Davide De Rosa
2c8c2d20f8
Add comment about read failure not shutting down
2019-12-12 20:37:10 +01:00
Davide De Rosa
63aa4b42d7
Use .utility QoS for tunnel queue
...
Fixes #138
2019-12-12 18:34:24 +01:00
Davide De Rosa
88a1bdac06
Schedule ping block even just for timeout check
...
In case keepAliveInterval is not set.
2019-12-12 18:34:20 +01:00
Davide De Rosa
e6f2f3e85a
Send pings at regular schedules
...
Also fixes coalescing schedules.
2019-12-12 18:34:20 +01:00
Davide De Rosa
2687dcf36e
Debug wake/sleep signals
2019-12-12 15:05:21 +01:00
Davide De Rosa
8ae92d29db
Log details about ping schedule
2019-12-12 14:00:43 +01:00
Davide De Rosa
5b0df2eada
Allow customization of debug log level
2019-12-12 09:42:48 +01:00
Davide De Rosa
0f2bf8cf48
Fix non-existing variable in log
2019-12-12 09:34:08 +01:00
Davide De Rosa
90c118a3d0
Warn about discarded received packets
2019-12-12 09:32:34 +01:00
Davide De Rosa
66ae7973ae
Discard data with missing key, do not shut down
...
Probably more resilient to DoS.
2019-12-07 09:43:47 +01:00
Davide De Rosa
8c4b0db301
Debug "reasserting" updates
2019-12-07 09:43:47 +01:00
Davide De Rosa
13027b8932
Only require --ca and --cipher from clients
...
Not in a PUSH_REPLY, for example.
2019-11-20 19:48:40 +01:00
Davide De Rosa
b1c11e3e56
Make --ca and --cipher non-optional in .ovpn
...
Dodge those annoying scenarios where server cipher is not set
and defaults to BF-CBC, whereas default TunnelKit cipher
is AES-128-CBC. And data channel stalls.
2019-11-20 01:07:39 +01:00
Davide De Rosa
4ced1c499d
Use modern structure for notifications
2019-11-02 11:32:16 +01:00
Davide De Rosa
3a38b0da15
Log effective search domains
2019-10-25 19:08:44 +02:00
Davide De Rosa
4e77f5b6b3
Parse multiple "dhcp-option DOMAIN" lines
2019-10-25 17:21:44 +02:00
Davide De Rosa
645f65ccd0
Adjust Configuration.searchDomain to searchDomains
...
XXX: "breaks" search domains in existing VPN profiles. Reinstall
to fix.
2019-10-25 17:17:48 +02:00
Davide De Rosa
495944297c
Merge pull request #126 from ThinkChaos/fix_pac_logging
...
Fix logging for Proxy Auto-Configuration (PAC)
2019-10-23 13:07:03 +02:00
Davide De Rosa
e5a7a09b7f
Parse PAC from provider configuration
...
Not propagated to AppExtension.
2019-10-23 13:02:29 +02:00
Davide De Rosa
dcac7cb2d4
Fix hidden IPv4Settings fields
2019-10-23 10:55:37 +02:00
Davide De Rosa
7608ae2e3c
Expose server configuration via provider message
2019-10-23 10:27:51 +02:00
ThinkChaos
907bbe20ae
Fix logging for Proxy Auto-Configuration (PAC)
2019-10-23 01:08:39 +02:00
Davide De Rosa
7d0cba8df8
Merge pull request #125 from ThinkChaos/proxy_auto_conf
...
Add Proxy Auto-Configuration (PAC) support
2019-10-22 21:55:29 +02:00
ThinkChaos
26d7b9fe0f
Address review comments
2019-10-22 21:03:25 +02:00
Davide De Rosa
98b9d71eb3
Assume VPN gateway when route gw is "vpn_gateway"
2019-10-22 13:53:36 +02:00
Davide De Rosa
eb09493882
Merge pull request #122 from rob-patchett/ping-timeout
...
Allow keep-alive timeout to be configured by the server or client
2019-10-22 10:51:27 +02:00
Robert Patchett
87cb448d12
Fix comment typo
2019-10-22 10:43:57 +02:00
ThinkChaos
c6cb5a646a
Add Proxy Auto-Configuration (PAC) support
2019-10-21 21:47:45 +02:00
Robert Patchett
bdf34f8882
Set tunnel provider's reasserting to false after the system starts using the tunnel
2019-10-17 14:23:16 +02:00
Robert Patchett
55f7e64f19
Allow keep alive timeout to be configured by the server or client
2019-09-30 11:54:29 -07:00
Davide De Rosa
d22f40f7e9
Fix potential OOB in memcmp()
2019-09-17 23:41:35 +02:00
Davide De Rosa
d815f5222f
Change var to let
...
Xcode no more signals wrong side-effect in withUnsafeBytes.
2019-09-17 16:09:09 +02:00
Davide De Rosa
e0ab2a1ddb
Disconnect if HARD_RESET received while SOFT_RESET
...
Bad condition for .staleSession
Fixes #120
See 0f2234f1d1
2019-09-03 00:27:54 +02:00
Davide De Rosa
de21adfef6
Beware of execution queue in write callbacks
...
self.link was not checked against in tunnel queue.
2019-08-23 09:15:59 +02:00
Davide De Rosa
6b281711c7
Ignore errors from outdated link writes
...
Prevents async delegation after cleanup.
2019-08-23 09:15:57 +02:00
Davide De Rosa
a4333eaafe
Revert ENOBUFS mitigation, do disconnect instead
...
Reverts #87 "fix"
2019-07-26 21:14:57 +02:00
Davide De Rosa
aefeb252b3
Do not defer stop more than once
...
May cause multiple delegation and queue deadlock when a
reconnection is scheduled to trigger.
Fixes #106
2019-07-09 14:09:02 +02:00
Davide De Rosa
2c56a8ea95
Send PUSH_REQUEST immediately after auth
...
First call would always fail otherwise.
2019-07-09 12:40:10 +02:00
Davide De Rosa
40139cbef0
Replace key flag with session-wide isRenegotiating
...
Prevent new if one in progress.
Fixes #105
2019-07-09 12:17:12 +02:00
Davide De Rosa
0f2234f1d1
Assume stale session if server sends HARD_RESET
...
When unsolicited.
2019-07-09 11:42:12 +02:00
Davide De Rosa
1dcf4d7745
Shut down abruptly to work around macOS bug
...
Fixes #111
2019-07-07 23:36:06 +02:00
Davide De Rosa
b04f7f20d4
Log info about DNS servers in use
2019-07-03 19:04:53 +02:00
Davide De Rosa
eb56a9a56c
Optimize [Data].flatCount
2019-06-05 14:14:15 +02:00
Davide De Rosa
2ddf712176
Update jazzy YAML
2019-05-24 16:04:19 +02:00
Davide De Rosa
be1081aad6
Nest subspecs by purpose
...
- Protocols
- Extra
2019-05-24 16:02:59 +02:00
Davide De Rosa
21eee24e7c
Add missing documentation
2019-05-24 16:02:06 +02:00
Davide De Rosa
72ce14b676
Make AppExtension entities public
2019-05-24 16:02:06 +02:00
Davide De Rosa
3edd00b2da
Drop deprecated endpointProtocols
2019-05-24 10:59:20 +02:00
Davide De Rosa
185f0707cf
Move OpenVPN configuration part on top
2019-05-24 10:59:20 +02:00
Davide De Rosa
1f8c51c126
Parse OpenVPN.Configuration from defaults
2019-05-24 10:59:20 +02:00
Davide De Rosa
5561c7adc6
Group OpenVPN.Configuration funcs into extension
...
- with (creation)
- store (convert to dict)
- print (log)
2019-05-24 10:54:25 +02:00
Davide De Rosa
a85404e951
Rename provider class to OpenVPNTunnelProvider
2019-05-24 10:41:30 +02:00
Davide De Rosa
9445b825d0
Make AppExtension generic
...
- Make AppExtension a standalone util subspec
- Move OpenVPN tunnel provider to OpenVPN subspec
- Move Utils to Core subspec
- Depend OpenVPN on Core + AppExtension
2019-05-24 10:41:26 +02:00
Davide De Rosa
b6da3f2d13
Rename proxy to session
...
According to SessionProxy -> OpenVPNSession.
2019-05-19 15:56:44 +02:00
Davide De Rosa
8be0f14aa9
Move PRNG initialization to namespace level
2019-05-19 15:52:55 +02:00
Davide De Rosa
d057e9645b
Restore AppExtension with recent changes
2019-05-19 15:50:12 +02:00
Davide De Rosa
6ebf025859
Take Session protocol out of OpenVPNSession
...
Fix some doc.
2019-05-19 15:08:43 +02:00
Davide De Rosa
313d076ddf
Move Error extension to Core
2019-05-19 14:34:27 +02:00
Davide De Rosa
c4a84a5ade
Prefix top-level entities with OpenVPN*
2019-05-19 14:34:23 +02:00
Davide De Rosa
9c7ae47679
Make SessionProxy* top level
...
Drop redundant SessionReply.
2019-05-19 14:17:18 +02:00
Davide De Rosa
465e08e42f
Wrap OpenVPN entities in pseudonamespace
...
Temporarily exclude AppExtension and tests.
2019-05-19 14:05:02 +02:00
Davide De Rosa
50d492096f
Move a few generic entities to Core
...
- IPv4Settings
- IPv6Settings
- Proxy
- EndpointProtocol (Codable)
2019-05-19 12:40:20 +02:00
Davide De Rosa
930f05c984
Move OpenVPN timeouts out of Core
2019-05-19 12:39:51 +02:00
Davide De Rosa
5b81aa6a78
Drop "Box" from error codes
2019-05-19 12:22:32 +02:00
Davide De Rosa
9da7fa9667
Split Core into Core+OpenVPN
...
Two Obj-C modules:
- __TunnelKitCore
- __TunnelKitOpenVPN
Seems the only way to do it in multiple module maps.
Move OpenVPN specifics out of CoreConfiguration.
2019-05-19 12:22:32 +02:00
Davide De Rosa
491092f2a3
Drop extra header lines
2019-05-19 12:21:44 +02:00
Davide De Rosa
21b67fd9ff
Make CoreConfiguration a class for bundle lookup
2019-05-19 11:36:26 +02:00
Davide De Rosa
470c50b037
Return just <masked> when masked description
...
Why bother with useless hashes?
2019-05-19 11:36:26 +02:00
Davide De Rosa
d19e029131
Use guard
2019-05-19 11:36:26 +02:00
Davide De Rosa
713a46d817
Update GitHub URL
...
Move to passepartoutvpn org.
2019-05-14 10:58:47 +02:00
Davide De Rosa
7cbcfcd264
Fix condition for SOFT_RESET
...
May receive multiple packets while handling in progress.
2019-05-13 12:15:44 +02:00
Davide De Rosa
d06b2e1928
Shut down if no default gateway
2019-05-11 17:40:46 +02:00
Davide De Rosa
5ce49953a0
Assume empty policies to override server settings
...
Empty != nil. When nil, pull from server.
2019-05-11 16:33:49 +02:00
Davide De Rosa
43c70b2673
Refine logging of some configuration
...
Log about routing entries.
2019-05-11 14:54:25 +02:00
Davide De Rosa
ff0dfc450c
Get TLS security level via AppExtension
...
Improves #97
2019-05-08 16:16:30 +02:00
Davide De Rosa
3a136bdce9
Make TLS security level an option
...
Default level by default.
2019-05-08 16:10:35 +02:00
Davide De Rosa
82f0431303
Take optional securityLevel field in TLSBox
2019-05-08 15:54:05 +02:00
Davide De Rosa
97f178cdac
Tolerate weak certificates
...
Lower SSL security level.
Fixes #97
2019-05-05 17:51:24 +02:00
Davide De Rosa
273007cc59
Copy route.h from macOS
...
Missing on iOS.
2019-05-03 15:14:25 +02:00
Davide De Rosa
a693075e90
Block LAN when redirect-gateway block-local
...
Fixes #81
2019-05-03 15:14:25 +02:00
Davide De Rosa
13cae06a49
Add method to partition a subnet
2019-05-03 15:14:25 +02:00
Davide De Rosa
03a1eb2203
Return IPv4 network mask for a route
2019-05-03 15:14:25 +02:00
Davide De Rosa
4295e63c98
Read relevant routing table
2019-05-03 15:14:25 +02:00
Davide De Rosa
d44d08c95e
Retain self weakly for shutdown on timeout
2019-05-02 13:13:43 +02:00
Davide De Rosa
1430241b0c
Do not fake BF-CBC, pleae
2019-05-01 23:18:54 +02:00
Davide De Rosa
037f08ed62
Retry auth once without local options
...
Hack around picky server implementations.
Fixes #95
2019-05-01 11:14:52 +02:00
Davide De Rosa
14b7f08fb5
Use strict ordering in local options
...
And add TLS wrapping.
2019-05-01 11:14:38 +02:00
Davide De Rosa
7389d72f1f
Fix mutable SessionProxy.Configuration
2019-05-01 11:14:38 +02:00
Davide De Rosa
f799f47c25
Add direct routes to DNS servers
...
If VPN is not default gateway.
Further fix of #94
2019-04-28 15:51:16 +02:00
Davide De Rosa
0b72a30cdd
Add full set of CloudFlare DNS servers
2019-04-28 10:56:39 +02:00
Davide De Rosa
ebabf02eb5
Fix DNS in VPN when not default gateway
...
Awful API requires .matchDomains = [""]
Fixes #94
2019-04-28 10:39:55 +02:00
Davide De Rosa
b331e3cfe6
Mask fallback DNS servers
...
Comment about fallback DNS being public
2019-04-28 10:39:25 +02:00
Davide De Rosa
7978398e1e
Fix logging of routing policies
2019-04-27 22:55:20 +02:00