Commit Graph

193 Commits

Author SHA1 Message Date
Davide De Rosa a353050af1
Create cross-platform SwiftUI Demo
- Autogen apps/extensions Info.plist
- Avoid . in bundle identifiers of extensions
- Normalize demo version
- Beware of extension runpath
- Drop host app

Closes #399
2023-12-31 13:08:31 +01:00
Davide De Rosa 708c785e61
[ci skip] Set release date 2023-12-31 00:11:51 +00:00
Davide De Rosa 6101e92c3b
Add tvOS support
- Upgrade OpenSSL for tvOS Simulator on arm64
- Use own WireGuard fork on develop

Closes #337
2023-12-27 17:28:02 +01:00
Davide De Rosa c56bfd7224
Attach user data to VPN configuration (#400) 2023-12-24 00:40:42 +01:00
Davide De Rosa cd2a640622
[ci skip] Set release date 2023-12-14 10:42:00 +01:00
Davide De Rosa f56dfa313c
Use OpenSSL 3 (#347)
- Replace deprecated peer cert calls
- Use atomic HMAC
- Upgrade HMAC to EVP_MAC
2023-12-13 21:17:38 +01:00
Davide De Rosa 9525f49a97
[ci skip] Set release date 2023-07-06 10:09:03 +00:00
Davide De Rosa d69899bbc0
Fix keychain error escaping catch block (#326) 2023-07-06 12:03:31 +02:00
Davide De Rosa fc52725ed1
[ci skip] Set release date 2023-07-05 16:12:09 +00:00
Davide De Rosa 729e8973cf
Hide errors behind façade TunnelKit*Error (#325) 2023-07-02 11:56:40 +02:00
Davide De Rosa 8f066a9e48
[ci skip] Set release date 2023-04-02 21:47:12 +00:00
Davide De Rosa 0652bf34f9 Revert release in CHANGELOG 2023-04-02 23:44:33 +02:00
Davide De Rosa 422f3163d3
Reuse native WireGuard error as ConfigurationError (#316)
There was a duplicate ConfigurationError.
2023-04-02 23:42:05 +02:00
Davide De Rosa 42f7bfc6df
[ci skip] Set release date 2023-04-01 21:04:14 +00:00
Davide De Rosa 7ce254be02
Extend WireGuard with DoH/DoT options (#314) 2023-03-19 08:22:30 +01:00
Davide De Rosa e0c0cc137f
Split DNS domain and search domains (#313) 2023-03-17 20:22:21 +01:00
Davide De Rosa 11ae9e4141
Delay tunnel disposal (#311)
Postpone reconnection due to on-demand trigger.
2023-03-17 20:20:44 +01:00
Davide De Rosa 48af81e414 Update CHANGELOG 2022-11-06 17:54:33 +01:00
Davide De Rosa 0d21731e12
Set includeAllNetworks for best-effort kill switch (#300)
* Update CHANGELOG

* Make kill switch an option
2022-10-30 09:07:17 +01:00
Davide De Rosa cae371bb40
Split IPv4/6 settings and routes (#298)
* Postpone setting route gateway

Resolve in NetworkSettingsBuilder.

* Store routes separately from IP*Settings

Parse as optionals to avoid empty arrays.

* Deprecate routes stored in IP*Settings

* Apply routes from new fields

* Update CHANGELOG
2022-10-29 12:24:28 +02:00
Davide De Rosa 703d1416ad
Deal with remote options properly (#297)
Some take over, some are merged.

Also:

- Drop non-existing DOMAIN-SEARCH dhcp-option

- Only first DNS domain was parsed
2022-10-29 11:00:39 +02:00
Davide De Rosa 7659057888
Parse IPv6 enpdoints properly (#294)
* Fix incorrect parsing of IPv6 address in endpoint

* Use better names for space-based regex extensions
2022-10-25 11:29:36 +02:00
Davide De Rosa 31db8ebb9d
Delegate network settings to ad-hoc builder (#292)
* Delegate network settings to ad-hoc builder

- Assert network settings nil or non-empty, NOT precondition

- Fix log about local DNS, only if not gateway

- Remove non-working block-local code

Fixes #289, fixes #290

* Unmask safe and helpful network settings
2022-10-25 08:58:34 +02:00
Davide De Rosa 17c272d733
Support --remote-random-hostname (#286) 2022-10-17 09:00:23 +02:00
Davide De Rosa 8df7e90c95 Update CHANGELOG 2022-10-12 22:39:21 +02:00
Davide De Rosa 080ee35e61
Replace continuations with natively async methods (#284) 2022-10-12 22:28:33 +02:00
Davide De Rosa a3822678cf
Support --route-nopull (#280)
* Parse --route-no-pull

When provided, pull everything except:

- Routes
- DNS
- Proxy

Implement with higher granularity compared to OpenVPN.

* Apply no-pull mask in tunnel settings

Pull server settings by default to match standard OpenVPN
behavior. Library was prioritizing client over server.

* Add link in CHANGELOG
2022-10-08 08:54:55 +02:00
Davide De Rosa a5ad04a0a6 Upgrade OpenSSL to 1.1.1q 2022-09-30 21:28:27 +02:00
Davide De Rosa ca378c4999
[ci skip] Set release date 2022-09-23 19:51:37 +00:00
Davide De Rosa 000fde0aa2 Update CHANGELOG 2022-09-23 16:16:48 +02:00
Davide De Rosa e12e0b3051 Make VPN public methods async
- With Swift Concurrency
- Raise targets to iOS 13 / macOS 10.15
2022-04-06 11:18:06 +02:00
Davide De Rosa f046bcd629 Add options to explicitly enable/disable DNS/proxy
DNS/proxy settings, when missing from configuration, fall back to
whatever the server pushes.

With isDNSEnabled/isProxyEnabled it's now possible to override this
behavior.
2022-03-26 17:22:45 +01:00
Davide De Rosa a7a7424257 Use WireGuardKit entities directly
No need to duplicate a well-written API.

- Offer convenience accessors in Configuration[Builder]
- Make Configuration init non-optional

Sanity checks are done in Builder with throws and decoded object
is always deemed valid.
2022-03-12 15:09:41 +01:00
Davide De Rosa 3741a17c20 Rewrite Manager package to make it stateless
In order to avoid chaos from multiple profiles, retain the
profile to be installed and remove all the other ones. Also,
make sure to do the removal AFTER install, as doing it
before would trigger the VPN permission alert again.

XXX: there is some weird behavior from NetworkExtension
occasionally sending notifications with a bogus NEVPNManager
object having a nil .localizedDescription and other properties set
to nonsensical values. Discard the notification when such an object
is identified.

Encapsulate extra NetworkExtension settings:

- passwordReference
- onDemandRules
- disconnectsOnSleep

Also:

- Only set on-demand if any rules are set
- Assume VPN is enabled even with on-demand disabled
- Use DataCount instead of raw Int pair

Attach useful information to VPN notifications:

- VPN isEnabled
- VPN status
- VPN command error
- Tunnel bundle identifier (if available)

Expose specific OpenVPN/WireGuard shared data via extensions in
UserDefaults/FileManager.

Finally, drop incomplete IKE support. No fit.
2022-03-12 10:35:39 +01:00
Davide De Rosa 133b4b2337 Replace hostname/endpointProtocols with remotes
Like official OpenVPN options.
2022-03-05 14:20:29 +01:00
Davide De Rosa 2bcd11fd7e Revisit WireGuard.Configuration
- Make Configuration Codable
- Expose WireGuard ConfigurationError
- Produce ConfigurationBuilder from Configuration
- Support multiple peers
- Make private key a requirement
2022-03-03 13:59:49 +01:00
Davide De Rosa c019cecbe0 Improve some things about OpenVPN.Configuration
- Treat empty passphrase as no passphrase
- Parse authentication requirement from --auth-user-pass
- Overload ConfigurationParser with String parameter
- Move OpenVPN fallbacks inline with builder

Give a withFallbacks: option to initialize basic fields rather
than leaving them nil.
2022-03-03 13:44:40 +01:00
Davide De Rosa 88544e4877
[ci skip] Set release date 2022-02-09 17:47:16 +00:00
Davide De Rosa 871e51517c Relax macOS target to 10.14
Requires updating OpenSSL package.
2022-02-02 23:24:29 +01:00
Davide De Rosa 430e0e6afb Handle --keepalive option 2022-01-04 09:21:45 +01:00
Davide De Rosa fda232edcb
Add WireGuard package (#236)
* Add WireGuard packages

- Use eduVPN script for WireGuardKitGo
- Wrap WireGuardKit entities into Configuration
- Split demo into OpenVPN/WireGuard controllers

* Rewrite README with multiple VPN protocols
2021-12-01 13:54:00 +01:00
Davide De Rosa b88f490b82 Set release date 2021-11-27 12:35:21 +01:00
Davide De Rosa 80fd2d99e1 Set release date 2021-11-25 13:00:10 +01:00
Davide De Rosa 7a85d3cac7
Restore and fix former PEM caching PR (#235)
This reverts commit 995009121a.

* Improve error handling

* Trust intermediate CA

* Update CHANGELOG
2021-11-25 12:36:17 +01:00
Davide De Rosa b6d3cdc3b1
Revert to OpenSSL (#233)
* Use an OpenSSL binary without Bitcode
* Restore TLS security level override
* Disable Bitcode completely in Demo
2021-11-24 16:40:19 +01:00
Davide De Rosa 333fc2f6ed Update CHANGELOG 2021-11-18 12:53:48 +01:00
Davide De Rosa 995009121a Revert "Avoid caching PEMs on disk (#213)"
This reverts commit 00d908cc89.
2021-11-18 12:05:06 +01:00
Davide De Rosa 29ff5a3772 Set release date 2021-11-16 11:56:49 +01:00
Davide De Rosa bc776eda85 Replace OpenSSL with BoringSSL from SwiftNIO SSL
- Raise iOS target to 13
- Drop support for TLS security level
- Address warnings about integer conversion (iOS)
2021-11-12 10:00:46 +01:00
Davide De Rosa 950f5503e3 Drop CocoaPods from README 2021-11-05 11:51:21 +01:00