Commit Graph

173 Commits

Author SHA1 Message Date
Davide De Rosa 65774c9a09 Update CHANGELOG
Move XOR PR credits to README.
2021-07-22 10:55:57 +02:00
sam e69079d1f6 Add xormask option 2021-07-22 10:55:57 +02:00
Davide De Rosa 7f84d8338c Upgrade Xcode project 2021-06-26 11:00:24 +02:00
Roopesh Chander 433e3f8dc9 Keychain: Enable correct keychain sharing in macOS
To enable sharing of keychain items using access groups in macOS,
the kSecUseDataProtectionKeychain attribute should be set.
This key has effect only in macOS, and is unavailable in iOS 12,
so we set it only in macOS.
2021-02-12 01:07:43 +01:00
Roopesh Chander 2b3eb5412c Keychain: Use app group when dereferencing a password reference
Co-authored-by: Davide De Rosa <keeshux@gmail.com>

Better retain access group every time keychain is written to or
read from, there is no good reason to omit it. Requires Keychain
method to be reverted to non-static.

Partially revert 4490f0c116, based
on wrong assumptions about password references.
2021-02-11 13:44:00 +01:00
Davide De Rosa e923382c81 Default to unspecified MTU
Hardcode control channel packets to 1000 bytes.
2020-12-28 16:04:15 +01:00
Davide De Rosa ba3ead13a3 Update copyright 2020-12-27 17:29:39 +01:00
Davide De Rosa 304d0215b6 Use keychain service as item context
Primary key = (context, username)
2020-12-20 10:57:06 +01:00
Davide De Rosa 4a5bc92fcb Remove password inside try/catch 2020-12-18 19:11:52 +01:00
Davide De Rosa ecb2c951a8 Handle keychain cancelation
E.g. stop on "Deny" button.
2020-12-18 19:11:52 +01:00
Davide De Rosa 44844cfd9c Update API to access current Wi-Fi SSID 2020-11-21 19:10:58 +01:00
Davide De Rosa 10aec5185d Document Manager subspec
Refactor notifications to newer Swift convention.
2020-06-13 17:38:55 +02:00
Davide De Rosa 01554713b8 Move IP header logic to separate struct 2020-05-12 13:07:09 +02:00
Davide De Rosa f1a28a8d32 Revert to more efficient ternary op in IP header
See #169 and 753927f36b
2020-05-12 12:59:33 +02:00
Davide De Rosa 60213bafb8 Fix and improve #169
- Use constants
- Check packet length for OOB read
- Replace assertion with logging
2020-05-08 21:01:36 +02:00
Roopesh Chander 753927f36b Fix how NETunnelInterface handles IP protocol number
The IP protocol number passed to NEPacketTunnelFlow is determined per
packet based on the IP header, instead of determining it based on
whether IPv6 settings are available or not.
2020-05-06 09:37:24 +05:30
Johan Kool 78e332d48b Force IPv4 on Mojave otherwise it breaks 2020-04-10 13:37:15 +02:00
Davide De Rosa a7aa78141e Update copyright clause 2020-01-11 09:26:41 +01:00
Davide De Rosa 4ced1c499d Use modern structure for notifications 2019-11-02 11:32:16 +01:00
Davide De Rosa 21eee24e7c Add missing documentation 2019-05-24 16:02:06 +02:00
Davide De Rosa 72ce14b676 Make AppExtension entities public 2019-05-24 16:02:06 +02:00
Davide De Rosa 9445b825d0 Make AppExtension generic
- Make AppExtension a standalone util subspec
- Move OpenVPN tunnel provider to OpenVPN subspec
- Move Utils to Core subspec
- Depend OpenVPN on Core + AppExtension
2019-05-24 10:41:26 +02:00
Davide De Rosa b6da3f2d13 Rename proxy to session
According to SessionProxy -> OpenVPNSession.
2019-05-19 15:56:44 +02:00
Davide De Rosa 8be0f14aa9 Move PRNG initialization to namespace level 2019-05-19 15:52:55 +02:00
Davide De Rosa d057e9645b Restore AppExtension with recent changes 2019-05-19 15:50:12 +02:00
Davide De Rosa 930f05c984 Move OpenVPN timeouts out of Core 2019-05-19 12:39:51 +02:00
Davide De Rosa 5b81aa6a78 Drop "Box" from error codes 2019-05-19 12:22:32 +02:00
Davide De Rosa 9da7fa9667 Split Core into Core+OpenVPN
Two Obj-C modules:

- __TunnelKitCore
- __TunnelKitOpenVPN

Seems the only way to do it in multiple module maps.

Move OpenVPN specifics out of CoreConfiguration.
2019-05-19 12:22:32 +02:00
Davide De Rosa 491092f2a3 Drop extra header lines 2019-05-19 12:21:44 +02:00
Davide De Rosa 713a46d817 Update GitHub URL
Move to passepartoutvpn org.
2019-05-14 10:58:47 +02:00
Davide De Rosa d06b2e1928 Shut down if no default gateway 2019-05-11 17:40:46 +02:00
Davide De Rosa 5ce49953a0 Assume empty policies to override server settings
Empty != nil. When nil, pull from server.
2019-05-11 16:33:49 +02:00
Davide De Rosa 43c70b2673 Refine logging of some configuration
Log about routing entries.
2019-05-11 14:54:25 +02:00
Davide De Rosa ff0dfc450c Get TLS security level via AppExtension
Improves #97
2019-05-08 16:16:30 +02:00
Davide De Rosa a693075e90 Block LAN when redirect-gateway block-local
Fixes #81
2019-05-03 15:14:25 +02:00
Davide De Rosa d44d08c95e Retain self weakly for shutdown on timeout 2019-05-02 13:13:43 +02:00
Davide De Rosa f799f47c25 Add direct routes to DNS servers
If VPN is not default gateway.

Further fix of #94
2019-04-28 15:51:16 +02:00
Davide De Rosa 0b72a30cdd Add full set of CloudFlare DNS servers 2019-04-28 10:56:39 +02:00
Davide De Rosa ebabf02eb5 Fix DNS in VPN when not default gateway
Awful API requires .matchDomains = [""]

Fixes #94
2019-04-28 10:39:55 +02:00
Davide De Rosa b331e3cfe6 Mask fallback DNS servers
Comment about fallback DNS being public
2019-04-28 10:39:25 +02:00
Davide De Rosa 7978398e1e Fix logging of routing policies 2019-04-27 22:55:20 +02:00
Davide De Rosa 155bd5f1e7 Revert def1 trick
Not needed, routes are not persistent.

Revert 7d26323d3f
2019-04-27 22:55:19 +02:00
Davide De Rosa 7d26323d3f Use OpenVPN trick to retain default gateway
Override default gateway with 2 split routes.

- IPv4: 0.0.0.0/1, 128.0.0.0/1
- IPv6: 2000::/4, 3000::/4
2019-04-27 22:29:51 +02:00
Davide De Rosa 3505f68b04 Revert DNS merge
Revert 1d3660459e
2019-04-27 18:25:08 +02:00
Davide De Rosa b8cd969a1a Fall back to configurable preset DNS servers
Default to CloudFlare 1.1.1.1

Hard time making it work with system DNS servers. Retry later.
2019-04-25 17:18:28 +02:00
Davide De Rosa 1d3660459e Merge local and remote DNS servers
- Local first
- Remote last
2019-04-25 16:18:54 +02:00
Davide De Rosa 82394e0433 Skip DNS settings if no servers are provided 2019-04-25 16:18:54 +02:00
Davide De Rosa 4ce2d78c5a Adjust log of routing policies
Consistent with print configuration.
2019-04-25 16:18:52 +02:00
Davide De Rosa 1b0c9979ce Log "default" DNS when servers are empty 2019-04-25 16:09:04 +02:00
Davide De Rosa 3f37489c13 Handle pushed routing policies 2019-04-25 16:02:19 +02:00