9da7fa9667
Split Core into Core+OpenVPN
...
Two Obj-C modules:
- __TunnelKitCore
- __TunnelKitOpenVPN
Seems the only way to do it in multiple module maps.
Move OpenVPN specifics out of CoreConfiguration.
2019-05-19 12:22:32 +02:00
491092f2a3
Drop extra header lines
2019-05-19 12:21:44 +02:00
21b67fd9ff
Make CoreConfiguration a class for bundle lookup
2019-05-19 11:36:26 +02:00
470c50b037
Return just <masked> when masked description
...
Why bother with useless hashes?
2019-05-19 11:36:26 +02:00
d19e029131
Use guard
2019-05-19 11:36:26 +02:00
713a46d817
Update GitHub URL
...
Move to passepartoutvpn org.
2019-05-14 10:58:47 +02:00
7cbcfcd264
Fix condition for SOFT_RESET
...
May receive multiple packets while handling in progress.
2019-05-13 12:15:44 +02:00
3a136bdce9
Make TLS security level an option
...
Default level by default.
2019-05-08 16:10:35 +02:00
82f0431303
Take optional securityLevel field in TLSBox
2019-05-08 15:54:05 +02:00
97f178cdac
Tolerate weak certificates
...
Lower SSL security level.
Fixes #97
2019-05-05 17:51:24 +02:00
273007cc59
Copy route.h from macOS
...
Missing on iOS.
2019-05-03 15:14:25 +02:00
a693075e90
Block LAN when redirect-gateway block-local
...
Fixes #81
2019-05-03 15:14:25 +02:00
13cae06a49
Add method to partition a subnet
2019-05-03 15:14:25 +02:00
03a1eb2203
Return IPv4 network mask for a route
2019-05-03 15:14:25 +02:00
4295e63c98
Read relevant routing table
2019-05-03 15:14:25 +02:00
1430241b0c
Do not fake BF-CBC, pleae
2019-05-01 23:18:54 +02:00
037f08ed62
Retry auth once without local options
...
Hack around picky server implementations.
Fixes #95
2019-05-01 11:14:52 +02:00
14b7f08fb5
Use strict ordering in local options
...
And add TLS wrapping.
2019-05-01 11:14:38 +02:00
7389d72f1f
Fix mutable SessionProxy.Configuration
2019-05-01 11:14:38 +02:00
0ee39c8fb0
Extend handling of redirect-gateway flags
...
- def1 (IPv4)
- ipv6 (IPv6)
- !ipv4 (IPv6 only)
2019-04-27 22:55:20 +02:00
a48bcc7261
Decrypt generic EVP private key
...
Why PKCS#8?
2019-04-27 10:54:32 +02:00
e0c06ece18
Drop extra EVP_PKEY_free call
2019-04-27 10:44:08 +02:00
6fb409b112
Drop UDP packets on no buffer space available
...
Tolerate only on data channel. Control channel should never reach
high speeds.
Fixes #87
2019-04-25 17:29:10 +02:00
31d9019f1a
Read system-wide DNS servers
...
Add libresolv to podspec.
2019-04-25 16:36:16 +02:00
f9f642b64e
Set as default gateway based on routing policies
...
Also fix IPv6 routes not properly set.
2019-04-25 14:39:40 +02:00
224a76ac58
Parse --redirect-gateway from configuration
...
FIXME: for now only redirects ALL traffic when the option is found
in the configuration file, whatever the arguments.
Also drop unnecessary base options in tests as everything was made
optional recently.
2019-04-25 14:39:23 +02:00
1b8647bcac
Convert PacketSteram to Obj-C
...
For better TCP efficiency.
2019-04-25 12:42:29 +02:00
ef5180a4ed
Set tls-auth/crypt timestamp once
...
Packets rejected due to replay protection.
Fixes #88
Fixes #61
2019-04-23 23:07:32 +02:00
65af163aeb
Do not resend non-acked packets if reliable
...
In control channel.
2019-04-23 23:06:39 +02:00
707db2c6de
Add keydir to local options
2019-04-20 17:20:45 +02:00
9b8be02c2a
Shut down when no IPv4/6 routing available
...
Would fake-connect without VPN icon otherwise.
2019-04-19 09:45:15 +02:00
c565e32dcd
Add "dev-type tun" to local options
...
Plus other hardcoded options like key-method and tls-client.
Seems that older OpenVPN servers didn't send routing info in
PUSH_REPLY if dev-type is not specified explicitly.
Fixes #86
2019-04-18 13:10:57 +02:00
887e2ae55d
Consider stale if HARD_RESET while connected
...
Was disconnecting when more than one HARD_RESET_SERVER was
received during negotiation.
2019-04-17 09:24:16 +02:00
28fd80f4e0
Treat empty DNS servers as nil
...
Empty local DNS array was pretty much hiding server-pushed DNS.
2019-04-17 00:50:53 +02:00
6fd6d228bf
Loop pulling plain text from TLS
...
There might be more data to read.
Fixes #71 , #73
2019-04-17 00:18:02 +02:00
88cd62064a
Handle continuation in PUSH_REPLY
2019-04-16 23:59:56 +02:00
380ac2beac
Throw to exit PUSH_REPLY parsing on continuation
2019-04-16 23:59:56 +02:00
d097afccdc
Resend PUSH_REQUEST every 2 seconds
...
Regardless of link reliability.
2019-04-16 23:43:33 +02:00
ad964e2041
Send local options with authentication
...
Fixes some obsolete servers requiring cipher keysize.
2019-04-15 17:37:57 +02:00
322242de5c
Fix malformed key generation message
...
Make nullTerminated argument explicit, easier to debug.
Fixes #67
2019-04-13 23:55:18 +02:00
0a956f5b9f
Handle dhcp-option PROXY_BYPASS
2019-04-13 19:23:02 +02:00
5fb70b5bab
Parse dhcp-option PROXY_HTTP* into Configuration
2019-04-12 08:10:47 +02:00
26cec205a7
Move builder() to extension
2019-04-11 16:46:52 +02:00
3717136bd9
Move EndpointProtocol Codable to Core spec
2019-04-05 00:46:45 +02:00
5e2f9b59f1
Rename ParsingResult to Result
...
No need to prefix an inner class.
2019-04-04 19:22:22 +02:00
7333ea226c
Document ignored settings client-side
2019-04-04 18:51:06 +02:00
55534df6fa
Work around cipher/digest/framing issues
...
- Make them optional
- Set default values inside SessionProxy
Fallback is not needed anywhere else.
2019-04-04 18:51:06 +02:00
0d86bd20b6
Expose ConfigurationBuilder.init()
2019-04-04 18:51:06 +02:00
4dc9539260
Rename OptionsError to ConfigurationError
2019-04-04 18:51:06 +02:00
a2250686b6
Merge OptionsBundle into Configuration
...
FIXME: issues with non-optional .cipher and .compressionFraming
Because:
- No pushed cipher (nil) is NOT .aes128cbc
- No pushed framing (nil) is NOT .disabled
Breaks conditions on pushed cipher/framing via PUSH_REPLY.
2019-04-04 18:51:06 +02:00
Davide De Rosa