* Postpone setting route gateway
Resolve in NetworkSettingsBuilder.
* Store routes separately from IP*Settings
Parse as optionals to avoid empty arrays.
* Deprecate routes stored in IP*Settings
* Apply routes from new fields
* Update CHANGELOG
* Delegate network settings to ad-hoc builder
- Assert network settings nil or non-empty, NOT precondition
- Fix log about local DNS, only if not gateway
- Remove non-working block-local code
Fixes#289, fixes#290
* Unmask safe and helpful network settings
* Parse --route-no-pull
When provided, pull everything except:
- Routes
- DNS
- Proxy
Implement with higher granularity compared to OpenVPN.
* Apply no-pull mask in tunnel settings
Pull server settings by default to match standard OpenVPN
behavior. Library was prioritizing client over server.
* Add link in CHANGELOG
DNS/proxy settings, when missing from configuration, fall back to
whatever the server pushes.
With isDNSEnabled/isProxyEnabled it's now possible to override this
behavior.
No need to duplicate a well-written API.
- Offer convenience accessors in Configuration[Builder]
- Make Configuration init non-optional
Sanity checks are done in Builder with throws and decoded object
is always deemed valid.
In order to avoid chaos from multiple profiles, retain the
profile to be installed and remove all the other ones. Also,
make sure to do the removal AFTER install, as doing it
before would trigger the VPN permission alert again.
XXX: there is some weird behavior from NetworkExtension
occasionally sending notifications with a bogus NEVPNManager
object having a nil .localizedDescription and other properties set
to nonsensical values. Discard the notification when such an object
is identified.
Encapsulate extra NetworkExtension settings:
- passwordReference
- onDemandRules
- disconnectsOnSleep
Also:
- Only set on-demand if any rules are set
- Assume VPN is enabled even with on-demand disabled
- Use DataCount instead of raw Int pair
Attach useful information to VPN notifications:
- VPN isEnabled
- VPN status
- VPN command error
- Tunnel bundle identifier (if available)
Expose specific OpenVPN/WireGuard shared data via extensions in
UserDefaults/FileManager.
Finally, drop incomplete IKE support. No fit.
- Make Configuration Codable
- Expose WireGuard ConfigurationError
- Produce ConfigurationBuilder from Configuration
- Support multiple peers
- Make private key a requirement
- Treat empty passphrase as no passphrase
- Parse authentication requirement from --auth-user-pass
- Overload ConfigurationParser with String parameter
- Move OpenVPN fallbacks inline with builder
Give a withFallbacks: option to initialize basic fields rather
than leaving them nil.
* TLSBox: Use OpenSSL calls that take in-memory cert / private key
* TLSBox: Add ability to compute MD5 hash for cert in memory
* OpenVPNSession: Remove disk caching of ca, cert and key
* Add test for computing MD5 hash for cert in memory
Co-authored-by: Davide De Rosa <keeshux@gmail.com>