**ORIGINAL REPO WAS DELETED OR HIDDEN (https://github.com/passepartoutvpn)** VPN client library for Apple platforms.
Go to file
Davide De Rosa dbd552116c
Merge pull request #46 from keeshux/endianness-agnostic-dns
Endianness-agnostic IPv4/UInt32 conversions
2018-11-05 20:39:17 +01:00
.github Update contribution guidelines 2018-08-23 12:19:46 +02:00
Demo Update Demo code 2018-10-25 21:06:00 +02:00
TunnelKit/Sources Use standard inet_ntop/pton for IPv4 conversion 2018-11-05 20:21:10 +01:00
TunnelKit-iOS Automate version/build numbers 2018-09-24 10:26:43 +02:00
TunnelKit-macOS Automate version/build numbers 2018-09-24 10:26:43 +02:00
TunnelKit.xcodeproj Reuse tests for macOS target 2018-11-05 18:37:15 +01:00
TunnelKit.xcworkspace Rename library to TunnelKit 2018-08-23 12:10:41 +02:00
TunnelKitHost Bump version 2018-11-05 15:48:27 +01:00
TunnelKitTests Reuse tests for macOS target 2018-11-05 18:37:15 +01:00
TunnelKitTests-iOS Reuse tests for macOS target 2018-11-05 18:37:15 +01:00
TunnelKitTests-macOS Reuse tests for macOS target 2018-11-05 18:37:15 +01:00
ci Bump version 2018-10-10 18:59:50 +02:00
.gitignore Initial commit 2018-08-23 10:19:25 +02:00
.jazzy.yaml Add StaticKey class for static OpenVPN keys 2018-10-19 16:11:35 +02:00
CHANGELOG.md Update CHANGELOG 2018-11-05 20:28:21 +01:00
CLA.rst Add basic CLA 2018-08-28 12:53:12 +02:00
CONTRIBUTING.md Update contribution guidelines 2018-08-23 12:19:46 +02:00
Gemfile Add Gemfile to lock CocoaPods 2018-09-26 11:52:39 +02:00
Gemfile.lock Add Gemfile to lock CocoaPods 2018-09-26 11:52:39 +02:00
LICENSE Relicense to GPLv3 2018-08-23 12:14:53 +02:00
Podfile Reuse tests for macOS target 2018-11-05 18:37:15 +01:00
Podfile.lock Reuse tests for macOS target 2018-11-05 18:37:15 +01:00
README.md Update README and CHANGELOG 2018-10-23 23:49:57 +02:00
TunnelKit.podspec Bump version 2018-11-05 15:48:27 +01:00

README.md

TunnelKit

iOS 11+ OpenSSL 1.1.0i License GPLv3 Tweet

This library provides a simplified Swift/Obj-C implementation of the OpenVPN® protocol for the Apple platforms. The crypto layer is built on top of OpenSSL 1.1.0i, which in turn enables support for a certain range of encryption and digest algorithms.

Getting started

The client is known to work with OpenVPN® 2.3+ servers. Key renegotiation and replay protection are also included, but full-fledged configuration files (.ovpn) are not currently supported.

  • Handshake and tunneling over UDP or TCP
  • Ciphers
    • AES-CBC (128/192/256 bit)
    • AES-GCM (128/192/256 bit, 2.4)
  • HMAC digests
    • SHA-1
    • SHA-2 (224/256/384/512 bit)
  • NCP (Negotiable Crypto Parameters, 2.4)
    • Server-side
  • TLS handshake
    • Server validation (CA, EKU)
    • Client certificate
  • TLS wrapping
    • Authentication (--tls-auth)
    • Encryption (--tls-crypt)
  • Compression framing
    • Disabled
    • Compress (2.4)
    • LZO (deprecated in 2.4)
  • Replay protection (hardcoded window)

The library therefore supports compression framing, just not compression. Remember to match server-side compression framing in order to avoid a confusing loss of data packets. E.g. if server has comp-lzo no, client must use compressionFraming = .compLZO.

Installation

Requirements

  • iOS 11.0+ / macOS 10.11+
  • Xcode 10+ (Swift 4.2)
  • Git (preinstalled with Xcode Command Line Tools)
  • Ruby (preinstalled with macOS)
  • CocoaPods 1.4.0
  • jazzy (optional, for documentation)

It's highly recommended to use the Git and Ruby packages provided by Homebrew.

CocoaPods

To use with CocoaPods just add this to your Podfile:

pod 'TunnelKit'

Testing

Download the library codebase locally:

$ git clone https://github.com/keeshux/tunnelkit.git

Assuming you have a working CocoaPods environment, setting up the library workspace only requires installing the pod dependencies:

$ pod install

After that, open TunnelKit.xcworkspace in Xcode and run the unit tests found in the TunnelKitTests target. A simple CMD+U while on TunnelKit-iOS should do that as well.

Demo

There is a Demo directory containing a simple app for testing the tunnel, called BasicTunnel. As usual, prepare for CocoaPods:

$ pod install

then open Demo.xcworkspace and run the BasicTunnel-iOS target.

For the VPN to work properly, the BasicTunnel demo requires:

  • App Groups and Keychain Sharing capabilities
  • App IDs with Packet Tunnel entitlements

both in the main app and the tunnel extension target.

In order to test connection to your own server, modify the file Demo/BasicTunnel-[iOS|macOS]/ViewController.swift and make sure to set ca to the PEM encoded certificate of your VPN server's CA.

Example:

private let ca = CryptoContainer(pem: """
-----BEGIN CERTIFICATE-----
MIIFJDCC...
-----END CERTIFICATE-----
""")

Documentation

The library is split into two modules, in order to decouple the low-level protocol implementation from the platform-specific bridging, namely the NetworkExtension VPN framework.

Full documentation of the public interface is available and can be generated with jazzy. After installing the jazzy Ruby gem with:

$ gem install jazzy

enter the root directory of the repository and run:

$ jazzy

The generated output is stored into the docs directory in HTML format.

Core

Here you will find the low-level entities on top of which the connection is established. Code is mixed Swift and Obj-C, most of it is not exposed to consumers. The Core module depends on OpenSSL and is mostly platform-agnostic.

The entry point is the SessionProxy class. The networking layer is fully abstract and delegated externally with the use of opaque IOInterface (LinkInterface and TunnelInterface) and SessionProxyDelegate protocols.

AppExtension

The goal of this module is packaging up a black box implementation of a NEPacketTunnelProvider, which is the essential part of a Packet Tunnel Provider app extension. You will find the main implementation in the TunnelKitProvider class.

Currently, the extension supports VPN over both UDP and TCP sockets. A debug log snapshot is optionally maintained and shared to host apps via UserDefaults in a shared App Group.

License

Part I

This project is licensed under the GPLv3.

Part II

As seen in libsignal-protocol-c:

Additional Permissions For Submission to Apple App Store: Provided that you are otherwise in compliance with the GPLv3 for each covered work you convey (including without limitation making the Corresponding Source available in compliance with Section 6 of the GPLv3), the Author also grants you the additional permission to convey through the Apple App Store non-source executable versions of the Program as incorporated into each applicable covered work as Executable Versions only under the Mozilla Public License version 2.0 (https://www.mozilla.org/en-US/MPL/2.0/).

Contributing

By contributing to this project you are agreeing to the terms stated in the Contributor License Agreement (CLA).

For more details please see CONTRIBUTING.

Credits

  • PIATunnel - Copyright (c) 2018-Present Private Internet Access
  • SwiftyBeaver - Copyright (c) 2015 Sebastian Kreutzberger

This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (https://www.openssl.org/)

© 2002-2018 OpenVPN Inc. - OpenVPN is a registered trademark of OpenVPN Inc.

Contacts

Twitter: @keeshux

Website: davidederosa.com