rms/amnezia-client
1
0
Fork 0
mirror of https://github.com/amnezia-vpn/amnezia-client.git synced 2026-05-19 01:15:56 +03:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: rms:2.0.5
Branches Tags
rms:dev rms:feat/support_multipeer rms:fix/conan-openvpn-msvc-ninja rms:feat/locations_change_rework rms:feat/implement-QR-code-generation-and-scanning rms:feat/fixed-push-notifications-on-VPN-connect-disconnect-2 rms:feat/add-deep-link rms:feat/add-captcha-gateway rms:feat/xray-subscription-link rms:feat/add-telemt rms:feat/locations_change rms:feat/macos-arm64-non-ne rms:refactoring/tests rms:fix/android_keystore_read_error rms:fix/conan_build_android_on_win rms:feat/add-mtproxy rms:chore/bump-qt-version rms:fix/make_dbus_async rms:feature/dns rms:rebase/apple-tv-target-on-conan rms:fix/outbound_freedom_xray_with_dns_fix rms:feat/apk_support rms:feature/local-proxy-integration rms:feat/fallback-proxy rms:chore/bump-version rms:feat/apple-tv-target rms:fix/dns_reconnection_issue rms:feat/fixed-push-notifications-on-VPN-connect-disconnect rms:fix/linux-firewall rms:docker-regional-locks rms:appstore-review-popup rms:feat/file-password-protection rms:feat/storekit2 rms:fix/uninstall-split-tunnelling-driver rms:revert-2376-chore/license-file rms:support_16kb_android rms:bump_version rms:feat_add_review_android rms:bugfix/translation-absence-on-subscription-key-page rms:feat/location-separation-by-region rms:bugfix/text-moving-when-resing-window rms:fix_backup rms:feature/add-purchase-android rms:bugfix/moved-text-while-resizing-window rms:bugfix/incorrect-killswitch-restore-from-backup rms:fix/backup-exclude-secondary-api-configs rms:feat/proxy-fields-for-dev-console rms:bugfix/ovpn-ios-fix rms:feat_copy_docker_configs rms:bugfix/linux-bundle-libraries rms:fix/xray-app-split-win rms:fix/upload-to-s3 rms:chore/add-release-date-upload rms:feat_add_webview_support rms:feature/configuration-transfer-through-qr rms:feat/switch_to_alive_protocol rms:feat/bot-key-unlink-device rms:fix/ad-link-lang-support rms:fix/qsecuresettings-with-android rms:feat/add-support-arm64-win rms:spanish-translations rms:fix/context-menu rms:feat/add-system-dns-support rms:fix/qt6-9-support rms:fix/qt6_9_support rms:bugfix/strict-killswitch-ui rms:android-7 rms:chore/minor-bugfixes rms:feature/awg-net-fix-macos-wakeup rms:fixbug/ios18 rms:bugfix/ios-ne-crash rms:fix/linux-tray-quit-button rms:cryptpad-support rms:bugfix/disable-linux-killswitch rms:fix/minor-ui-fixes rms:feature/setup-guid-tun2socks rms:feature/linux-ipsec rms:feature/ipsec-linux rms:refactoring/server-config-in-classes rms:feature/macos-ipsec rms:fix/ui-fixes-after-merge-with-d20ed4a rms:chore/focus_control_after_qt_6.9_migration rms:feature/integrate-xray-as-a-library rms:maxos-awg-fix rms:feature/add-new-awg-docker-image rms:chore/update-3rd-prebuild rms:feature/test-news rms:fix/api-conf-files rms:bugfix/split-tunneling-with-api-config rms:bugfix/ios-awg-new-fields rms:feature/special-handshake-2 rms:feat/xray-api-support rms:fix/desktop-entry rms:bugfix/shadowsocks-cipher-setting-not-changing rms:feature/update-tap rms:bugfix/openvpn_import_fix rms:feature/ability-to-change-port-after-installing-xray rms:bugfix/strict-mode-ovpn rms:bugfix/win-ipv6-ovpn rms:bugfix/subnet-adress-setting rms:exception-podman-docker rms:bugfix/fix-listviewtype-scrolling rms:bugfix/win-disabled-ipv6 rms:bugfix/win-ipv6-disabled-ovpn rms:feature/killswitch-strict-mode rms:feature/awg-network-check rms:feature/empty-split-tunneling-list rms:feature/support-info rms:chore/update-go-version rms:checking-Linux-version rms:update_server_scripts rms:bugfix/button-selection-easy-setup-page rms:feature/old-api-proxy rms:patch/user-checking rms:fix/correcting-version rms:support-podman rms:support_podman rms:user-checking-patch rms:feature/check-docker-version rms:feature/allowed-dns-list rms:without_lsof rms:chore/error-body rms:Update-amneziavpn_ru_RU rms:shiroow-patch-8 rms:shiroow-patch-7 rms:shiroow-patch-6 rms:shiroow-patch-5 rms:shiroow-patch-4 rms:shiroow-patch-3 rms:shiroow-patch-2 rms:shiroow-patch-1 rms:check_sudo_permissions rms:feature/euphoria rms:add_next_octet_to_ip_settings rms:bugfix/mobile-controllers-init rms:euphoria rms:bugfix/android-crush rms:feature/macox-network-extension rms:bugfix/pre-release-hotfixes rms:bugfix/ipsec-pfs rms:chore/ios-site-links rms:checking_sudo_permissions rms:feature/android-tv rms:improve_navigation_cpp rms:bugfix/linux-firewall-install rms:fixbug/wireguard-handshake-time rms:ReadmeRu_full rms:feature/xray-user-management rms:feature/subscription-end-date rms:chore/clang-format rms:feature/ru-in-readme rms:chore/increased-api-timeout rms:chore/deploy-workflow rms:bugfix/services-list-scroll rms:wheel_group_suppor rms:chore/bump-xcode-version rms:fixbug/mac-network-extension rms:feature/android-gpb rms:feature/page-home-drawer-country-selection rms:checking-sudo-users rms:bugfix/service-info-from-response rms:fixbug/build-macos-ne-2 rms:android-qt-6.7.3 rms:fixbug/build-macos-ne rms:bugfix/wg-windows-log-folder rms:feature/psk-key-api-request rms:bugfix/user-management-qml-warnings rms:fix/macos-network-extension rms:fixbug/macos-NE-build rms:bugfix/fixed-isDevEnv-initialization rms:bugfix/revert-ios-ovpn rms:feature/tun2socksSrv rms:fix/disable_singleapp rms:feature/awg-wg-name-resolving rms:feature/disable-dhcp rms:bugfix/allowed-ips-old-configs rms:feature/goodbyedpi rms:feature/add-exception-log rms:refactoring/remove-ipv6-from-default-routes rms:refactoring/singleapplication-submodule rms:macos-dirty-build rms:test/gateway rms:Update-amneziavpn_fa_IR.ts rms:bugfix/ipsec-win rms:fix/xray-custom-port rms:improve-tab-navigation rms:test-win-11 rms:feature/android-tv-remote-control-support rms:KsZnak-patch-1 rms:feature/awg-wg-qr rms:bugfix/fix-loopback-splittunel rms:fix/setup_host_firewall rms:feature/android-xray rms:feature/openvpn-pass rms:feature/connection-string rms:fix/clickable-errors rms:bugfix/api_1100_fix rms:feature/graphview rms:testsvg rms:feature/update-win-awg rms:feature/open-as-amnezia rms:feature/update-mozilla-upstream rms:bugfix/qr-code-cutting rms:feature/native-wg-psk rms:test/awg-centos rms:bugfix/hide_error rms:feature/add-uninstaller-checkbox rms:bugfix/cancel-button-on-install-page rms:bugfix/anchors-page-home-warning rms:awg-udptlspipe rms:button-focus-fix rms:revert-677-fix/logger rms:bugfix/Revert_PR_596 rms:bugfix/allowed-ips-api-configs rms:bugfix/on-escape-pressed rms:feature/auto-scroll-for-server-selection-list rms:fix/ui-fixes rms:translations/update_fa_IR.ts rms:feature/new-awg-docker-container rms:bugfix/awg_ipv6_fix rms:feature/tab-navigation rms:fix/username-no-autocapitalization rms:sure rms:refactoring/servers-model-cleanup rms:feature/wg-mtu-setup-ios rms:3rd_adaptation_to_diff_OS rms:sudo_not_found rms:test/docker-ce rms:bugfix/double_clear_server_from_amnezia rms:fix/android rms:client/3rd-prebuilt rms:revert-559-KsZnak-translation-ru-ex rms:KsZnak-translation-ru-ex rms:KsZnak-br1 rms:KsZnak-text-change rms:feature/api-awg rms:feature/error-code-output rms:feature/win_x32_builds rms:master rms:text/debug-output rms:feature/ovpn3-desktop-cli rms:bugfix/secureqsettings-deadlock rms:refactoring/change-settings-when-connected rms:files_check rms:ArchLinux-support rms:second_adaptation_to_diff_os rms:sudo rms:refactoring/android-build rms:adaptation_to_different_os rms:feature/online_installer_for_v4 rms:update_to_r2 rms:bugfix/return-after-installation rms:feature/custom_drawer_component rms:bugfix/split-tunneling rms:bugfix/existing-awg-container rms:revert-370-feature/custom_drawer_component rms:bugfix/adapted_awg_questiondrawer rms:bugfix/updated_drawer_height_pageserverdata rms:bugfix/translated_new_source_strings_to_chinese rms:feature/split-tunneling-config rms:feature/accessibility-support rms:branch_connectivity_change_fix rms:feature/ikev2_android rms:android_ss_transport rms:bugfix/macos_fixes rms:feature/nextcloud-support rms:feature/macos_network_extension rms:android_pt_transport_source rms:feature/ios-openvpn3-pluggable-transport-Cloak rms:bugfix/cloak_for_desktops_fix rms:arm-build-macos rms:fix-macos-build-brew rms:bugfix/ios-build-openvpnadapter-from-source rms:feature/download-native-wireguard-config-on-connect rms:feature/v2ray-container rms:bugfix/dpkg-busy-checking-stuck rms:feature/online-installer rms:dev-killswitch rms:dev-netadapters
rms:4.8.15.4 rms:4.8.15.0 rms:4.8.14.5 rms:4.8.14.1 rms:4.8.12.9 rms:4.8.12.8 rms:4.8.12.7 rms:4.8.12.6 rms:4.8.11.4 rms:4.8.11.3 rms:4.8.11.2 rms:4.8.11.1 rms:4.8.11.0 rms:4.8.10.0 rms:4.8.9.2 rms:4.8.9.1 rms:4.8.9.0 rms:4.8.8.3 rms:4.8.8.2 rms:4.8.8.1 rms:4.8.7.2 rms:4.8.7.1 rms:4.8.7.0 rms:4.8.6.0 rms:4.8.5.0 rms:4.8.4.5 rms:4.8.4.4 rms:4.8.4.3 rms:4.8.4.2 rms:4.8.4.1 rms:4.8.4.0 rms:4.8.3.2 rms:4.8.3.1 rms:4.8.2.3 rms:4.8.1.9 rms:4.8.1.0 rms:4.8.0.5 rms:4.7.0.0 rms:4.6.0.3 rms:4.6.0.1 rms:4.5.3.0 rms:4.5.0.0 rms:4.4.0.0 rms:4.3.0.0 rms:4.2.1.0 rms:4.2.0.1 rms:4.1.2.0_cloak_pt_experimental rms:4.1.0.1 rms:4.0.8 rms:3.1.0 rms:3.0.8 rms:3.0.7 rms:3.0.5 rms:2.1.2 rms:2.1.0 rms:2.0.10 rms:2.0.9 rms:2.0.8 rms:2.0.7 rms:2.0.6 rms:2.0.5 rms:2.0.1 rms:2.0 rms:1.9.1 rms:1.9 rms:1.8 rms:1.7 rms:1.6 rms:1.5 rms:1.4 rms:1.3 rms:1.2 rms:1.1 rms:1.0
...
compare: rms:dev-killswitch
Branches Tags
rms:feat/support_multipeer rms:fix/conan-openvpn-msvc-ninja rms:feat/locations_change_rework rms:feat/implement-QR-code-generation-and-scanning rms:feat/fixed-push-notifications-on-VPN-connect-disconnect-2 rms:feat/add-deep-link rms:feat/add-captcha-gateway rms:feat/xray-subscription-link rms:dev rms:feat/add-telemt rms:feat/locations_change rms:feat/macos-arm64-non-ne rms:refactoring/tests rms:fix/android_keystore_read_error rms:fix/conan_build_android_on_win rms:feat/add-mtproxy rms:chore/bump-qt-version rms:fix/make_dbus_async rms:feature/dns rms:rebase/apple-tv-target-on-conan rms:fix/outbound_freedom_xray_with_dns_fix rms:feat/apk_support rms:feature/local-proxy-integration rms:feat/fallback-proxy rms:chore/bump-version rms:feat/apple-tv-target rms:fix/dns_reconnection_issue rms:feat/fixed-push-notifications-on-VPN-connect-disconnect rms:fix/linux-firewall rms:docker-regional-locks rms:appstore-review-popup rms:feat/file-password-protection rms:feat/storekit2 rms:fix/uninstall-split-tunnelling-driver rms:revert-2376-chore/license-file rms:support_16kb_android rms:bump_version rms:feat_add_review_android rms:bugfix/translation-absence-on-subscription-key-page rms:feat/location-separation-by-region rms:bugfix/text-moving-when-resing-window rms:fix_backup rms:feature/add-purchase-android rms:bugfix/moved-text-while-resizing-window rms:bugfix/incorrect-killswitch-restore-from-backup rms:fix/backup-exclude-secondary-api-configs rms:feat/proxy-fields-for-dev-console rms:bugfix/ovpn-ios-fix rms:feat_copy_docker_configs rms:bugfix/linux-bundle-libraries rms:fix/xray-app-split-win rms:fix/upload-to-s3 rms:chore/add-release-date-upload rms:feat_add_webview_support rms:feature/configuration-transfer-through-qr rms:feat/switch_to_alive_protocol rms:feat/bot-key-unlink-device rms:fix/ad-link-lang-support rms:fix/qsecuresettings-with-android rms:feat/add-support-arm64-win rms:spanish-translations rms:fix/context-menu rms:feat/add-system-dns-support rms:fix/qt6-9-support rms:fix/qt6_9_support rms:bugfix/strict-killswitch-ui rms:android-7 rms:chore/minor-bugfixes rms:feature/awg-net-fix-macos-wakeup rms:fixbug/ios18 rms:bugfix/ios-ne-crash rms:fix/linux-tray-quit-button rms:cryptpad-support rms:bugfix/disable-linux-killswitch rms:fix/minor-ui-fixes rms:feature/setup-guid-tun2socks rms:feature/linux-ipsec rms:feature/ipsec-linux rms:refactoring/server-config-in-classes rms:feature/macos-ipsec rms:fix/ui-fixes-after-merge-with-d20ed4a rms:chore/focus_control_after_qt_6.9_migration rms:feature/integrate-xray-as-a-library rms:maxos-awg-fix rms:feature/add-new-awg-docker-image rms:chore/update-3rd-prebuild rms:feature/test-news rms:fix/api-conf-files rms:bugfix/split-tunneling-with-api-config rms:bugfix/ios-awg-new-fields rms:feature/special-handshake-2 rms:feat/xray-api-support rms:fix/desktop-entry rms:bugfix/shadowsocks-cipher-setting-not-changing rms:feature/update-tap rms:bugfix/openvpn_import_fix rms:feature/ability-to-change-port-after-installing-xray rms:bugfix/strict-mode-ovpn rms:bugfix/win-ipv6-ovpn rms:bugfix/subnet-adress-setting rms:exception-podman-docker rms:bugfix/fix-listviewtype-scrolling rms:bugfix/win-disabled-ipv6 rms:bugfix/win-ipv6-disabled-ovpn rms:feature/killswitch-strict-mode rms:feature/awg-network-check rms:feature/empty-split-tunneling-list rms:feature/support-info rms:chore/update-go-version rms:checking-Linux-version rms:update_server_scripts rms:bugfix/button-selection-easy-setup-page rms:feature/old-api-proxy rms:patch/user-checking rms:fix/correcting-version rms:support-podman rms:support_podman rms:user-checking-patch rms:feature/check-docker-version rms:feature/allowed-dns-list rms:without_lsof rms:chore/error-body rms:Update-amneziavpn_ru_RU rms:shiroow-patch-8 rms:shiroow-patch-7 rms:shiroow-patch-6 rms:shiroow-patch-5 rms:shiroow-patch-4 rms:shiroow-patch-3 rms:shiroow-patch-2 rms:shiroow-patch-1 rms:check_sudo_permissions rms:feature/euphoria rms:add_next_octet_to_ip_settings rms:bugfix/mobile-controllers-init rms:euphoria rms:bugfix/android-crush rms:feature/macox-network-extension rms:bugfix/pre-release-hotfixes rms:bugfix/ipsec-pfs rms:chore/ios-site-links rms:checking_sudo_permissions rms:feature/android-tv rms:improve_navigation_cpp rms:bugfix/linux-firewall-install rms:fixbug/wireguard-handshake-time rms:ReadmeRu_full rms:feature/xray-user-management rms:feature/subscription-end-date rms:chore/clang-format rms:feature/ru-in-readme rms:chore/increased-api-timeout rms:chore/deploy-workflow rms:bugfix/services-list-scroll rms:wheel_group_suppor rms:chore/bump-xcode-version rms:fixbug/mac-network-extension rms:feature/android-gpb rms:feature/page-home-drawer-country-selection rms:checking-sudo-users rms:bugfix/service-info-from-response rms:fixbug/build-macos-ne-2 rms:android-qt-6.7.3 rms:fixbug/build-macos-ne rms:bugfix/wg-windows-log-folder rms:feature/psk-key-api-request rms:bugfix/user-management-qml-warnings rms:fix/macos-network-extension rms:fixbug/macos-NE-build rms:bugfix/fixed-isDevEnv-initialization rms:bugfix/revert-ios-ovpn rms:feature/tun2socksSrv rms:fix/disable_singleapp rms:feature/awg-wg-name-resolving rms:feature/disable-dhcp rms:bugfix/allowed-ips-old-configs rms:feature/goodbyedpi rms:feature/add-exception-log rms:refactoring/remove-ipv6-from-default-routes rms:refactoring/singleapplication-submodule rms:macos-dirty-build rms:test/gateway rms:Update-amneziavpn_fa_IR.ts rms:bugfix/ipsec-win rms:fix/xray-custom-port rms:improve-tab-navigation rms:test-win-11 rms:feature/android-tv-remote-control-support rms:KsZnak-patch-1 rms:feature/awg-wg-qr rms:bugfix/fix-loopback-splittunel rms:fix/setup_host_firewall rms:feature/android-xray rms:feature/openvpn-pass rms:feature/connection-string rms:fix/clickable-errors rms:bugfix/api_1100_fix rms:feature/graphview rms:testsvg rms:feature/update-win-awg rms:feature/open-as-amnezia rms:feature/update-mozilla-upstream rms:bugfix/qr-code-cutting rms:feature/native-wg-psk rms:test/awg-centos rms:bugfix/hide_error rms:feature/add-uninstaller-checkbox rms:bugfix/cancel-button-on-install-page rms:bugfix/anchors-page-home-warning rms:awg-udptlspipe rms:button-focus-fix rms:revert-677-fix/logger rms:bugfix/Revert_PR_596 rms:bugfix/allowed-ips-api-configs rms:bugfix/on-escape-pressed rms:feature/auto-scroll-for-server-selection-list rms:fix/ui-fixes rms:translations/update_fa_IR.ts rms:feature/new-awg-docker-container rms:bugfix/awg_ipv6_fix rms:feature/tab-navigation rms:fix/username-no-autocapitalization rms:sure rms:refactoring/servers-model-cleanup rms:feature/wg-mtu-setup-ios rms:3rd_adaptation_to_diff_OS rms:sudo_not_found rms:test/docker-ce rms:bugfix/double_clear_server_from_amnezia rms:fix/android rms:client/3rd-prebuilt rms:revert-559-KsZnak-translation-ru-ex rms:KsZnak-translation-ru-ex rms:KsZnak-br1 rms:KsZnak-text-change rms:feature/api-awg rms:feature/error-code-output rms:feature/win_x32_builds rms:master rms:text/debug-output rms:feature/ovpn3-desktop-cli rms:bugfix/secureqsettings-deadlock rms:refactoring/change-settings-when-connected rms:files_check rms:ArchLinux-support rms:second_adaptation_to_diff_os rms:sudo rms:refactoring/android-build rms:adaptation_to_different_os rms:feature/online_installer_for_v4 rms:update_to_r2 rms:bugfix/return-after-installation rms:feature/custom_drawer_component rms:bugfix/split-tunneling rms:bugfix/existing-awg-container rms:revert-370-feature/custom_drawer_component rms:bugfix/adapted_awg_questiondrawer rms:bugfix/updated_drawer_height_pageserverdata rms:bugfix/translated_new_source_strings_to_chinese rms:feature/split-tunneling-config rms:feature/accessibility-support rms:branch_connectivity_change_fix rms:feature/ikev2_android rms:android_ss_transport rms:bugfix/macos_fixes rms:feature/nextcloud-support rms:feature/macos_network_extension rms:android_pt_transport_source rms:feature/ios-openvpn3-pluggable-transport-Cloak rms:bugfix/cloak_for_desktops_fix rms:arm-build-macos rms:fix-macos-build-brew rms:bugfix/ios-build-openvpnadapter-from-source rms:feature/download-native-wireguard-config-on-connect rms:feature/v2ray-container rms:bugfix/dpkg-busy-checking-stuck rms:feature/online-installer rms:dev-killswitch rms:dev-netadapters
rms:4.8.15.4 rms:4.8.15.0 rms:4.8.14.5 rms:4.8.14.1 rms:4.8.12.9 rms:4.8.12.8 rms:4.8.12.7 rms:4.8.12.6 rms:4.8.11.4 rms:4.8.11.3 rms:4.8.11.2 rms:4.8.11.1 rms:4.8.11.0 rms:4.8.10.0 rms:4.8.9.2 rms:4.8.9.1 rms:4.8.9.0 rms:4.8.8.3 rms:4.8.8.2 rms:4.8.8.1 rms:4.8.7.2 rms:4.8.7.1 rms:4.8.7.0 rms:4.8.6.0 rms:4.8.5.0 rms:4.8.4.5 rms:4.8.4.4 rms:4.8.4.3 rms:4.8.4.2 rms:4.8.4.1 rms:4.8.4.0 rms:4.8.3.2 rms:4.8.3.1 rms:4.8.2.3 rms:4.8.1.9 rms:4.8.1.0 rms:4.8.0.5 rms:4.7.0.0 rms:4.6.0.3 rms:4.6.0.1 rms:4.5.3.0 rms:4.5.0.0 rms:4.4.0.0 rms:4.3.0.0 rms:4.2.1.0 rms:4.2.0.1 rms:4.1.2.0_cloak_pt_experimental rms:4.1.0.1 rms:4.0.8 rms:3.1.0 rms:3.0.8 rms:3.0.7 rms:3.0.5 rms:2.1.2 rms:2.1.0 rms:2.0.10 rms:2.0.9 rms:2.0.8 rms:2.0.7 rms:2.0.6 rms:2.0.5 rms:2.0.1 rms:2.0 rms:1.9.1 rms:1.9 rms:1.8 rms:1.7 rms:1.6 rms:1.5 rms:1.4 rms:1.3 rms:1.2 rms:1.1 rms:1.0

23 Commits
2.0.5 ... dev-killsw

Author SHA1 Message Date
Fedotov Anton
7bc520819a The 'Kill Switch' option (used Mozilla VPN sources) is activated by default 2022-02-17 19:31:45 +03:00
Fedotov Anton
858537df1f The couple objects were added from Mozilla VPN for Killswitch functionality 2022-02-02 00:59:45 +03:00
pokamest
8f23970ccc Gradle build bump 2022-01-04 17:12:32 +03:00
pokamest
9ec39658fe DNS container with EmerCoin DNS support 2022-01-03 18:30:53 +03:00
pokamest
9943e081d9 RegExp validators fix 2021-12-25 23:01:53 +03:00
pokamest
68a51c9c63 WireGuard protocol fix 2021-12-25 21:14:55 +03:00
pokamest
e7dd964825 ServerController fix 2021-12-22 13:41:09 +03:00
pokamest
f20134415e IKEv2 class file renamed 2021-12-21 02:57:23 +03:00
pokamest
bd9b9600c1 Release 2.0.6 2021-12-21 00:35:18 +03:00
pokamest
5ae9873455 Destructor crash fix 2021-12-20 15:43:36 +03:00
pokamest
5776ca0384 Merge pull request #47 from amnezia-vpn/qr_rework 
Qr rework
 2021-12-20 03:23:48 +03:00
pokamest
f8f4b39965 qzxing submodule 2021-12-20 02:42:16 +03:00
pokamest
1d51419a11 QR codes rework 2021-12-20 02:29:23 +03:00
pokamest
5e1ca0c19f iOS icons asset 2021-12-16 11:54:07 -08:00
pokamest
b341224c92 AppStore icon fix 2021-12-16 15:04:59 +03:00
pokamest
3861f23af3 iOS icon fixed 2021-12-16 14:45:08 +03:00
pokamest
e7beff79d0 iOS icons 2021-12-16 14:38:41 +03:00
pokamest
2380875cbf Merge branch 'ios-wireguard' into dev 2021-12-15 06:06:08 -08:00
Alex Kh
090e50e936 [WIP] protocol switching and relaunch crash issues (possibly) fixed 2021-12-09 12:59:56 +04:00
Alex Kh
b6bab0c723 [WIP] seamless protocol switching without leaving the app 2021-12-08 19:40:43 +04:00
Alex Kh
1a333f7968 [WIP] move connection state call to main thread 2021-12-08 17:10:15 +04:00
Alex Kh
87c00b3804 Merge branch 'ios-wireguard' of https://github.com/amnezia-vpn/desktop-client into ios-wireguard 2021-12-08 15:57:16 +04:00
Alex Kh
eba71469a4 [WIP] OpenVPN tunnel implementation 2021-12-08 15:55:36 +04:00
93 changed files with 3666 additions and 2577 deletions
Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -47,6 +47,7 @@ client/amneziavpn_qml_plugin_import.cpp
client/qmlcache_loader.cpp
client/rep_ipc_interface_replica.h
client/resources_qmlcache.qrc
client/3rd/OpenVPNAdpter/build/
# QtCreator

6
.gitmodules vendored
View File

@@ -7,3 +7,9 @@
[submodule "client/3rd/wireguard-apple"]
path = client/3rd/wireguard-apple
url = https://github.com/WireGuard/wireguard-apple
[submodule "client/3rd/OpenVPNAdapter"]
path = client/3rd/OpenVPNAdapter
url = https://github.com/ss-abramchuk/OpenVPNAdapter.git
[submodule "client/3rd/qzxing"]
path = client/3rd/qzxing
url = https://github.com/ftylitak/qzxing.git

1
client/3rd/OpenVPNAdapter Submodule

Submodule client/3rd/OpenVPNAdapter added at 0e2db0baa0

1802
client/3rd/QRCodeGenerator/QRCodeGenerator.cpp
View File

File diff suppressed because it is too large Load Diff

129
client/3rd/QRCodeGenerator/QRCodeGenerator.h
View File

@@ -1,129 +0,0 @@
#if !defined(AFX_QR_ENCODE_H__AC886DF7_C0AE_4C9F_AC7A_FCDA8CB1DD37__INCLUDED_)
#define AFX_QR_ENCODE_H__AC886DF7_C0AE_4C9F_AC7A_FCDA8CB1DD37__INCLUDED_
#if _MSC_VER > 1000
#pragma once
#endif // _MSC_VER > 1000
/////////////////////////////////////////////////////////////////////////////
//
#define QR_LEVEL_L 0
#define QR_LEVEL_M 1
#define QR_LEVEL_Q 2
#define QR_LEVEL_H 3
//
#define QR_MODE_NUMERAL 0
#define QR_MODE_ALPHABET 1
#define QR_MODE_8BIT 2
#define QR_MODE_KANJI 3
//
#define QR_VRESION_S 0
#define QR_VRESION_M 1
#define QR_VRESION_L 2
#define MAX_ALLCODEWORD 3706
#define MAX_DATACODEWORD 2956
#define MAX_CODEBLOCK 153
#define MAX_MODULESIZE 177
#define QR_MARGIN 0
/////////////////////////////////////////////////////////////////////////////
typedef struct tagRS_BLOCKINFO
{
int ncRSBlock;
int ncAllCodeWord;
int ncDataCodeWord;
} RS_BLOCKINFO, *LPRS_BLOCKINFO;
/////////////////////////////////////////////////////////////////////////////
typedef struct tagQR_VERSIONINFO
{
int nVersionNo;
int ncAllCodeWord;
int ncDataCodeWord[4];
int ncAlignPoint;
int nAlignPoint[6];
RS_BLOCKINFO RS_BlockInfo1[4];
RS_BLOCKINFO RS_BlockInfo2[4];
} QR_VERSIONINFO, *LPQR_VERSIONINFO;
/////////////////////////////////////////////////////////////////////////////
class CQR_Encode
{
public:
CQR_Encode();
~CQR_Encode();
public:
int m_nLevel;
int m_nVersion;
bool m_bAutoExtent;
int m_nMaskingNo;
public:
int m_nSymbleSize;
unsigned char m_byModuleData[MAX_MODULESIZE][MAX_MODULESIZE]; // [x][y]
private:
int m_ncDataCodeWordBit;
unsigned char m_byDataCodeWord[MAX_DATACODEWORD];
int m_ncDataBlock;
unsigned char m_byBlockMode[MAX_DATACODEWORD];
int m_nBlockLength[MAX_DATACODEWORD];
int m_ncAllCodeWord;
unsigned char m_byAllCodeWord[MAX_ALLCODEWORD];
unsigned char m_byRSWork[MAX_CODEBLOCK];
public:
bool EncodeData(int nLevel, int nVersion, bool bAutoExtent, int nMaskingNo, const char* lpsSource, int ncSource = 0);
private:
int GetEncodeVersion(int nVersion, const char* lpsSource, int ncLength);
bool EncodeSourceData(const char* lpsSource, int ncLength, int nVerGroup);
int GetBitLength(unsigned char nMode, int ncData, int nVerGroup);
int SetBitStream(int nIndex, unsigned short wData, int ncData);
bool IsNumeralData(unsigned char c);
bool IsAlphabetData(unsigned char c);
bool IsKanjiData(unsigned char c1, unsigned char c2);
unsigned char AlphabetToBinaly(unsigned char c);
unsigned short KanjiToBinaly(unsigned short wc);
void GetRSCodeWord(unsigned char * lpbyRSWork, int ncDataCodeWord, int ncRSCodeWord);
private:
void FormatModule();
void SetFunctionModule();
void SetFinderPattern(int x, int y);
void SetAlignmentPattern(int x, int y);
void SetVersionPattern();
void SetCodeWordPattern();
void SetMaskingPattern(int nPatternNo);
void SetFormatInfoPattern(int nPatternNo);
int CountPenalty();
};
/////////////////////////////////////////////////////////////////////////////
#endif // !defined(AFX_QR_ENCODE_H__AC886DF7_C0AE_4C9F_AC7A_FCDA8CB1DD37__INCLUDED_)

5
client/3rd/QRCodeGenerator/QRCodeGenerator.pri
View File

@@ -1,5 +0,0 @@
HEADERS += \
3rd/QRCodeGenerator/QRCodeGenerator.h \
SOURCES += \
3rd/QRCodeGenerator/QRCodeGenerator.cpp \

2
client/3rd/QtSsh/src/botan/botan.pri
View File

@@ -11,7 +11,7 @@ win32 {
-lcrypt32 \
!contains(QMAKE_TARGET.arch, x86_64) {
INCLUDEPATH += $$PWD/windows/x86_64
INCLUDEPATH += $$PWD/windows/x86
HEADERS += $$PWD/windows/x86/botan_all.h
SOURCES += $$PWD/windows/x86/botan_all.cpp
}

4
client/3rd/QtSsh/src/ssh/sshconnection.cpp
View File

@@ -940,8 +940,8 @@ void SshConnectionPrivate::connectToHost()
this, &SshConnectionPrivate::handleSocketConnected);
connect(m_socket, &QIODevice::readyRead,
this, &SshConnectionPrivate::handleIncomingData);
connect(m_socket, SIGNAL(error(QAbstractSocket::SocketError)), this,
SLOT(handleSocketError()));
connect(m_socket, &QAbstractSocket::errorOccurred,
this, &SshConnectionPrivate::handleSocketError);
connect(m_socket, &QAbstractSocket::disconnected,
this, &SshConnectionPrivate::handleSocketDisconnected);
connect(&m_timeoutTimer, &QTimer::timeout, this, &SshConnectionPrivate::handleTimeout);

1
client/3rd/qzxing Submodule

Submodule client/3rd/qzxing added at 2fd4dd60c0

4
client/AmneziaVPN-Swift.h
View File

@@ -217,7 +217,9 @@ enum ConnectionState : NSInteger;
SWIFT_CLASS("_TtC10AmneziaVPN18IOSVpnProtocolImpl")
@interface IOSVpnProtocolImpl : NSObject
- (nonnull instancetype)initWithBundleID:(NSString * _Nonnull)bundleID privateKey:(NSData * _Nonnull)privateKey deviceIpv4Address:(NSString * _Nonnull)deviceIpv4Address deviceIpv6Address:(NSString * _Nonnull)deviceIpv6Address closure:(void (^ _Nonnull)(enum ConnectionState, NSDate * _Nullable))closure callback:(void (^ _Nonnull)(BOOL))callback OBJC_DESIGNATED_INITIALIZER;
- (nonnull instancetype)initWithBundleID:(NSString * _Nonnull)bundleID config:(NSString * _Nonnull)config closure:(void (^ _Nonnull)(enum ConnectionState, NSDate * _Nullable))closure callback:(void (^ _Nonnull)(BOOL))callback;
- (void)connectWithDnsServer:(NSString * _Nonnull)dnsServer serverIpv6Gateway:(NSString * _Nonnull)serverIpv6Gateway serverPublicKey:(NSString * _Nonnull)serverPublicKey presharedKey:(NSString * _Nonnull)presharedKey serverIpv4AddrIn:(NSString * _Nonnull)serverIpv4AddrIn serverPort:(NSInteger)serverPort allowedIPAddressRanges:(NSArray<VPNIPAddressRange *> * _Nonnull)allowedIPAddressRanges ipv6Enabled:(Boolean)enabled reason:(NSInteger)reason failureCallback:(void (^ _Nonnull)(void))failureCallback;
- (void)connectWithOvpnConfig:(NSString * _Nonnull)ovpnConfig failureCallback:(void (^ _Nonnull)(void))failureCallback;
- (void)disconnect;
- (void)checkStatusWithCallback:(void (^ _Nonnull)(NSString * _Nonnull, NSString * _Nonnull, NSString * _Nonnull))callback;
- (nonnull instancetype)init SWIFT_UNAVAILABLE;
@@ -230,8 +232,6 @@ typedef SWIFT_ENUM(NSInteger, ConnectionState, closed) {
ConnectionStateDisconnected = 2,
};
SWIFT_CLASS("_TtC10AmneziaVPN17VPNIPAddressRange")
@interface VPNIPAddressRange : NSObject
- (nonnull instancetype)initWithAddress:(NSString * _Nonnull)address networkPrefixLength:(uint8_t)networkPrefixLength isIpv6:(BOOL)isIpv6 OBJC_DESIGNATED_INITIALIZER;

3
client/android/AndroidManifest.xml
View File

@@ -2,12 +2,13 @@
<manifest package="org.amnezia.vpn" xmlns:android="http://schemas.android.com/apk/res/android" android:versionName="-- %%INSERT_VERSION_NAME%% --" android:versionCode="-- %%INSERT_VERSION_CODE%% --" android:installLocation="auto">
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE" />
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
<uses-permission android:name="android.permission.FOREGROUND_SERVICE" />
<uses-permission android:name="android.permission.RECEIVE_BOOT_COMPLETED" />
<uses-permission android:name="android.permission.QUERY_ALL_PACKAGES"/>
<uses-permission android:name="android.permission.CAMERA"/>
<!-- The following comment will be replaced upon deployment with default features based on the dependencies of the application.
Remove the comment if you do not require these default features. -->

4
client/android/build.gradle
View File

@@ -102,8 +102,8 @@ android {
resConfig "en"
minSdkVersion = 24
targetSdkVersion = 30
versionCode 5 // Change to a higher number
versionName "2.0.5" // Change to a higher number
versionCode 7 // Change to a higher number
versionName "2.0.7" // Change to a higher number
}
buildTypes {

6
client/android/src/org/ftylitak/qzxing/NativeFunctions.java Normal file
View File

@@ -0,0 +1,6 @@
package org.ftylitak.qzxing;
public class NativeFunctions {
public static native void onPermissionsGranted();
public static native void onPermissionsDenied();
}

25
client/android/src/org/ftylitak/qzxing/QZXingLiveActivity.java Normal file
View File

@@ -0,0 +1,25 @@
package org.ftylitak.qzxing;
import android.Manifest;
import android.content.pm.PackageManager;
import org.qtproject.qt5.android.bindings.QtActivity;
import static org.ftylitak.qzxing.Utilities.REQUEST_CAMERA;
public class QZXingLiveActivity extends QtActivity {
@Override
public void onRequestPermissionsResult(int requestCode,
String permissions[], int[] grantResults) {
switch (requestCode) {
case REQUEST_CAMERA: {
// If request is cancelled, the result arrays are empty.
if (grantResults.length > 0
&& grantResults[0] == PackageManager.PERMISSION_GRANTED) {
NativeFunctions.onPermissionsGranted();
} else {
NativeFunctions.onPermissionsDenied();
}
return;
}
}
}
}

42
client/android/src/org/ftylitak/qzxing/Utilities.java Normal file
View File

@@ -0,0 +1,42 @@
package org.ftylitak.qzxing;
import android.Manifest;
import android.app.Activity;
import android.content.pm.PackageManager;
import androidx.core.app.ActivityCompat;
import androidx.core.content.ContextCompat;
import java.util.ArrayList;
public class Utilities {
public static final int REQUEST_CAMERA = 0;
public static final String[] requiredPermissionsModifyPhoneState = {
Manifest.permission.CAMERA,
Manifest.permission.READ_EXTERNAL_STORAGE,
Manifest.permission.WRITE_EXTERNAL_STORAGE
};
public static void checkAndRequestPermissionList(Activity activity, String[] permissions) {
ArrayList<String> permissionsToRequest = new ArrayList<>();
for (int i = 0; i < permissions.length; i++) {
if (ContextCompat.checkSelfPermission(activity, permissions[i])
!= PackageManager.PERMISSION_GRANTED)
permissionsToRequest.add(permissions[i]);
}
if (permissionsToRequest.size() != 0)
ActivityCompat.requestPermissions(activity,
permissionsToRequest.toArray(new String[0]),
REQUEST_CAMERA);
else
NativeFunctions.onPermissionsGranted();
}
public static void requestQZXingPermissions(Activity activity) {
checkAndRequestPermissionList(activity, requiredPermissionsModifyPhoneState);
}
}

24
client/client.pro
View File

@@ -5,14 +5,17 @@ TEMPLATE = app
#CONFIG += console
CONFIG += qtquickcompiler
CONFIG += qzxing_multimedia \
enable_decoder_qr_code \
enable_encoder_qr_code
DEFINES += QT_DEPRECATED_WARNINGS
include("3rd/QtSsh/src/ssh/qssh.pri")
include("3rd/QtSsh/src/botan/botan.pri")
!android:!ios:include("3rd/SingleApplication/singleapplication.pri")
include("3rd/QRCodeGenerator/QRCodeGenerator.pri")
include ("3rd/SortFilterProxyModel/SortFilterProxyModel.pri")
include("3rd/QZXing/src/QZXing-components.pri")
INCLUDEPATH += $$PWD/3rd/OpenSSL/include
DEPENDPATH += $$PWD/3rd/OpenSSL/include
@@ -48,6 +51,7 @@ HEADERS += \
ui/pages_logic/NetworkSettingsLogic.h \
ui/pages_logic/NewServerProtocolsLogic.h \
ui/pages_logic/PageLogicBase.h \
ui/pages_logic/QrDecoderLogic.h \
ui/pages_logic/ServerConfiguringProgressLogic.h \
ui/pages_logic/ServerContainersLogic.h \
ui/pages_logic/ServerListLogic.h \
@@ -103,6 +107,7 @@ SOURCES += \
ui/pages_logic/NetworkSettingsLogic.cpp \
ui/pages_logic/NewServerProtocolsLogic.cpp \
ui/pages_logic/PageLogicBase.cpp \
ui/pages_logic/QrDecoderLogic.cpp \
ui/pages_logic/ServerConfiguringProgressLogic.cpp \
ui/pages_logic/ServerContainersLogic.cpp \
ui/pages_logic/ServerListLogic.cpp \
@@ -141,12 +146,14 @@ win32 {
RC_FILE = platform_win/vpnclient.rc
HEADERS += \
ui/framelesswindow.h \
protocols/ikev2_vpn_protocol_windows.h \
ui/framelesswindow.h
SOURCES += \
protocols/ikev2_vpn_protocol_windows.cpp \
ui/framelesswindow.cpp
VERSION = 1.0.0.0
VERSION = 2.0.0.0
QMAKE_TARGET_COMPANY = "AmneziaVPN"
QMAKE_TARGET_PRODUCT = "AmneziaVPN"
@@ -197,7 +204,6 @@ win32|macx|linux:!android {
HEADERS += \
ui/systemtray_notificationhandler.h \
protocols/openvpnprotocol.h \
protocols/ikev2_vpn_protocol.h \
protocols/openvpnovercloakprotocol.h \
protocols/shadowsocksvpnprotocol.h \
protocols/wireguardprotocol.h \
@@ -205,7 +211,6 @@ win32|macx|linux:!android {
SOURCES += \
ui/systemtray_notificationhandler.cpp \
protocols/openvpnprotocol.cpp \
protocols/ikev2_vpn_protocol.cpp \
protocols/openvpnovercloakprotocol.cpp \
protocols/shadowsocksvpnprotocol.cpp \
protocols/wireguardprotocol.cpp \
@@ -218,11 +223,13 @@ android {
INCLUDEPATH += platforms/android
HEADERS += \
platforms/android/native.h \
platforms/android/android_controller.h \
platforms/android/android_notificationhandler.h \
protocols/android_vpnprotocol.h
SOURCES += \
platforms/android/native.cpp \
platforms/android/android_controller.cpp \
platforms/android/android_notificationhandler.cpp \
protocols/android_vpnprotocol.cpp
@@ -276,6 +283,11 @@ ios {
LIBS += -framework StoreKit
LIBS += -framework UserNotifications
# LIBS += $$PWD/3rd/OpenVPNAdapter/build/Debug-iphoneos/LZ4.framework
# LIBS += $$PWD/3rd/OpenVPNAdapter/build/Debug-iphoneos/mbedTLS.framework
# LIBS += $$PWD/3rd/OpenVPNAdapter/build/Debug-iphoneos/OpenVPNClient.framework
# LIBS += $$PWD/3rd/OpenVPNAdapter/build/Debug-iphoneos/OpenVPNAdapter.framework
DEFINES += MVPN_IOS
HEADERS += \
@@ -309,7 +321,7 @@ ios {
QMAKE_DEVELOPMENT_TEAM = X7UJ388FXK
QMAKE_PROVISIONING_PROFILE = f2fefb59-14aa-4aa9-ac14-1d5531b06dcc
QMAKE_XCODE_CODE_SIGN_IDENTITY = "Apple Distribution"
QMAKE_INFO_PLIST= $$PWD/ios/app/Info.plist
QMAKE_INFO_PLIST = $$PWD/ios/app/Info.plist
XCODEBUILD_FLAGS += -allowProvisioningUpdates

60
client/configurators/wireguard_configurator.cpp
View File

@@ -50,7 +50,7 @@ WireguardConfigurator::ConnectionData WireguardConfigurator::genClientKeys()
}
WireguardConfigurator::ConnectionData WireguardConfigurator::prepareWireguardConfig(const ServerCredentials &credentials,
DockerContainer container, ErrorCode *errorCode)
DockerContainer container, const QJsonObject &containerConfig, ErrorCode *errorCode)
{
WireguardConfigurator::ConnectionData connData = WireguardConfigurator::genClientKeys();
connData.host = credentials.hostName;
@@ -61,6 +61,49 @@ WireguardConfigurator::ConnectionData WireguardConfigurator::prepareWireguardCon
}
ErrorCode e = ErrorCode::NoError;
// Get list of already created clients (only IP addreses)
QString nextIpNumber;
{
QString script = QString("cat %1 | grep AllowedIPs").arg(amnezia::protocols::wireguard::serverConfigPath);
QString stdOut;
auto cbReadStdOut = [&](const QString &data, QSharedPointer<QSsh::SshRemoteProcess> proc) {
stdOut += data + "\n";
};
ServerController::runContainerScript(credentials, container, script, cbReadStdOut);
stdOut.replace("AllowedIPs = ", "");
stdOut.replace("/32", "");
QStringList ips = stdOut.split("\n", Qt::SkipEmptyParts);
// Calc next IP address
if (ips.isEmpty()) {
nextIpNumber = "2";
}
else {
int next = ips.last().split(".").last().toInt() + 1;
if (next > 254) {
if (errorCode) *errorCode = ErrorCode::AddressPoolError;
return connData;
}
nextIpNumber = QString::number(next);
}
}
QString subnetIp = containerConfig.value(config_key::subnet_address).toString(protocols::wireguard::defaultSubnetAddress);
{
QStringList l = subnetIp.split(".", Qt::SkipEmptyParts);
if (l.isEmpty()) {
if (errorCode) *errorCode = ErrorCode::AddressPoolError;
return connData;
}
l.removeLast();
l.append(nextIpNumber);
connData.clientIP = l.join(".");
}
// Get keys
connData.serverPubKey = ServerController::getTextFileFromContainer(container, credentials, amnezia::protocols::wireguard::serverPublicKeyPath, &e);
connData.serverPubKey.replace("\n", "");
if (e) {
@@ -76,18 +119,15 @@ WireguardConfigurator::ConnectionData WireguardConfigurator::prepareWireguardCon
return connData;
}
// Add client to config
QString configPart = QString(
"[Peer]\n"
"PublicKey = %1\n"
"PresharedKey = %2\n"
"AllowedIPs = $WIREGUARD_SUBNET_IP/$WIREGUARD_SUBNET_CIDR\n\n").
"AllowedIPs = %3/32\n\n").
arg(connData.clientPubKey).
arg(connData.pskKey);
configPart = ServerController::replaceVars(configPart, ServerController::genVarsForScript(credentials, container));
qDebug().noquote() << "Adding wg conf part to server" << configPart;
arg(connData.pskKey).
arg(connData.clientIP);
e = ServerController::uploadTextFileToContainer(container, credentials, configPart,
protocols::wireguard::serverConfigPath, QSsh::SftpOverwriteMode::SftpAppendToExisting);
@@ -116,12 +156,13 @@ QString WireguardConfigurator::genWireguardConfig(const ServerCredentials &crede
QString config = ServerController::replaceVars(amnezia::scriptData(ProtocolScriptType::wireguard_template, container),
ServerController::genVarsForScript(credentials, container, containerConfig));
ConnectionData connData = prepareWireguardConfig(credentials, container, errorCode);
ConnectionData connData = prepareWireguardConfig(credentials, container, containerConfig, errorCode);
if (errorCode && *errorCode) {
return "";
}
config.replace("$WIREGUARD_CLIENT_PRIVATE_KEY", connData.clientPrivKey);
config.replace("$WIREGUARD_CLIENT_IP", connData.clientIP);
config.replace("$WIREGUARD_SERVER_PUBLIC_KEY", connData.serverPubKey);
config.replace("$WIREGUARD_PSK", connData.pskKey);
@@ -130,6 +171,7 @@ QString WireguardConfigurator::genWireguardConfig(const ServerCredentials &crede
jConfig[config_key::hostName] = connData.host;
jConfig[config_key::client_priv_key] = connData.clientPrivKey;
jConfig[config_key::client_ip] = connData.clientIP;
jConfig[config_key::client_pub_key] = connData.clientPubKey;
jConfig[config_key::psk_key] = connData.pskKey;
jConfig[config_key::server_pub_key] = connData.serverPubKey;

3
client/configurators/wireguard_configurator.h
View File

@@ -15,6 +15,7 @@ public:
struct ConnectionData {
QString clientPrivKey; // client private key
QString clientPubKey; // client public key
QString clientIP; // internal client IP address
QString serverPubKey; // tls-auth key
QString pskKey; // preshared key
QString host; // host ip
@@ -29,7 +30,7 @@ public:
private:
static ConnectionData prepareWireguardConfig(const ServerCredentials &credentials,
DockerContainer container, ErrorCode *errorCode = nullptr);
DockerContainer container, const QJsonObject &containerConfig, ErrorCode *errorCode = nullptr);
static ConnectionData genClientKeys();

3
client/core/defs.h
View File

@@ -6,6 +6,8 @@
namespace amnezia {
constexpr const qint16 qrMagicCode = 1984;
struct ServerCredentials
{
QString hostName;
@@ -58,6 +60,7 @@ enum ErrorCode
OpenVpnAdaptersInUseError,
OpenVpnUnknownError,
OpenVpnTapAdapterError,
AddressPoolError,
// 3rd party utils errors
OpenSslFailed,

1
client/core/errorstrings.cpp
View File

@@ -45,6 +45,7 @@ QString errorString(ErrorCode code){
// VPN errors
case (OpenVpnAdaptersInUseError): return QObject::tr("Can't connect: another VPN connection is active");
case (OpenVpnTapAdapterError): return QObject::tr("Can't setup OpenVPN TAP network adapter");
case (AddressPoolError): return QObject::tr("VPN pool error: no available addresses");
case(InternalError):
default:

17
client/core/servercontroller.cpp
View File

@@ -165,8 +165,9 @@ ErrorCode ServerController::uploadTextFileToContainer(DockerContainer container,
};
// mkdir
QFileInfo fi(path);
QString mkdir = "sudo docker exec -i $CONTAINER_NAME mkdir -p " + fi.absoluteDir().absolutePath();
QString mkdir = QString("sudo docker exec -i $CONTAINER_NAME mkdir -p \"$(dirname %1)\"")
.arg(path);
e = runScript(credentials,
replaceVars(mkdir, genVarsForScript(credentials, container)));
if (e) return e;
@@ -477,8 +478,10 @@ QJsonObject ServerController::createContainerInitialConfig(DockerContainer conta
bool ServerController::isReinstallContainerRequred(DockerContainer container, const QJsonObject &oldConfig, const QJsonObject &newConfig)
{
const QJsonObject &oldProtoConfig = oldConfig[ContainerProps::containerToString(container)].toObject();
const QJsonObject &newProtoConfig = newConfig[ContainerProps::containerToString(container)].toObject();
Proto mainProto = ContainerProps::defaultProtocol(container);
const QJsonObject &oldProtoConfig = oldConfig.value(ProtocolProps::protoToString(mainProto)).toObject();
const QJsonObject &newProtoConfig = newConfig.value(ProtocolProps::protoToString(mainProto)).toObject();
if (container == DockerContainer::OpenVpn) {
if (oldProtoConfig.value(config_key::transport_proto).toString(protocols::openvpn::defaultTransportProto) !=
@@ -666,9 +669,9 @@ ServerController::Vars ServerController::genVarsForScript(const ServerCredential
vars.append({{"$FAKE_WEB_SITE_ADDRESS", cloakConfig.value(config_key::site).toString(protocols::cloak::defaultRedirSite) }});
// Wireguard vars
vars.append({{"$WIREGUARD_SUBNET_IP", openvpnConfig.value(config_key::subnet_address).toString(protocols::wireguard::defaultSubnetAddress) }});
vars.append({{"$WIREGUARD_SUBNET_CIDR", openvpnConfig.value(config_key::subnet_cidr).toString(protocols::wireguard::defaultSubnetCidr) }});
vars.append({{"$WIREGUARD_SUBNET_MASK", openvpnConfig.value(config_key::subnet_mask).toString(protocols::wireguard::defaultSubnetMask) }});
vars.append({{"$WIREGUARD_SUBNET_IP", wireguarConfig.value(config_key::subnet_address).toString(protocols::wireguard::defaultSubnetAddress) }});
vars.append({{"$WIREGUARD_SUBNET_CIDR", wireguarConfig.value(config_key::subnet_cidr).toString(protocols::wireguard::defaultSubnetCidr) }});
vars.append({{"$WIREGUARD_SUBNET_MASK", wireguarConfig.value(config_key::subnet_mask).toString(protocols::wireguard::defaultSubnetMask) }});
vars.append({{"$WIREGUARD_SERVER_PORT", wireguarConfig.value(config_key::port).toString(protocols::wireguard::defaultPort) }});

4
client/defines.h
View File

@@ -4,7 +4,7 @@
#define APPLICATION_NAME "AmneziaVPN"
#define SERVICE_NAME "AmneziaVPN-service"
#define ORGANIZATION_NAME "AmneziaVPN.ORG"
#define APP_MAJOR_VERSION "2.0.5"
#define APP_VERSION "2.0.5.0"
#define APP_MAJOR_VERSION "2.0.7"
#define APP_VERSION "2.0.7.0"
#endif // DEFINES_H

BIN
client/images/ios/icon_1024x1024.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 499 KiB

BIN
client/images/ios/icon_120x120.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 16 KiB

BIN
client/images/ios/icon_180x180.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 27 KiB

BIN
client/images/ios/icon_40x40.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 3.5 KiB

BIN
client/images/ios/icon_58x58.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 5.9 KiB

BIN
client/images/ios/icon_60x60.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 6.1 KiB

BIN
client/images/ios/icon_80x80.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 9.0 KiB

BIN
client/images/ios/icon_87x87.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 10 KiB

62
client/ios/Media.xcassets/AppIcon.appiconset/Contents.json Normal file
View File

@@ -0,0 +1,62 @@
{
"images" : [
{
"filename" : "icon_40x40.png",
"idiom" : "iphone",
"scale" : "2x",
"size" : "20x20"
},
{
"filename" : "icon_60x60.png",
"idiom" : "iphone",
"scale" : "3x",
"size" : "20x20"
},
{
"filename" : "icon_58x58.png",
"idiom" : "iphone",
"scale" : "2x",
"size" : "29x29"
},
{
"filename" : "icon_87x87.png",
"idiom" : "iphone",
"scale" : "3x",
"size" : "29x29"
},
{
"filename" : "icon_80x80.png",
"idiom" : "iphone",
"scale" : "2x",
"size" : "40x40"
},
{
"filename" : "icon_120x120.png",
"idiom" : "iphone",
"scale" : "3x",
"size" : "40x40"
},
{
"filename" : "icon_120x120-1.png",
"idiom" : "iphone",
"scale" : "2x",
"size" : "60x60"
},
{
"filename" : "icon_180x180.png",
"idiom" : "iphone",
"scale" : "3x",
"size" : "60x60"
},
{
"filename" : "icon_1024x1024.png",
"idiom" : "ios-marketing",
"scale" : "1x",
"size" : "1024x1024"
}
],
"info" : {
"author" : "xcode",
"version" : 1
}
}

BIN
client/ios/Media.xcassets/AppIcon.appiconset/icon_1024x1024.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 499 KiB

BIN
client/ios/Media.xcassets/AppIcon.appiconset/icon_120x120-1.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 16 KiB

BIN
client/ios/Media.xcassets/AppIcon.appiconset/icon_120x120.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 16 KiB

BIN
client/ios/Media.xcassets/AppIcon.appiconset/icon_180x180.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 27 KiB

BIN
client/ios/Media.xcassets/AppIcon.appiconset/icon_40x40.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 3.5 KiB

BIN
client/ios/Media.xcassets/AppIcon.appiconset/icon_58x58.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 5.9 KiB

BIN
client/ios/Media.xcassets/AppIcon.appiconset/icon_60x60.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 6.1 KiB

BIN
client/ios/Media.xcassets/AppIcon.appiconset/icon_80x80.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 9.0 KiB

BIN
client/ios/Media.xcassets/AppIcon.appiconset/icon_87x87.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 10 KiB

6
client/ios/Media.xcassets/Contents.json Normal file
View File

@@ -0,0 +1,6 @@
{
"info" : {
"author" : "xcode",
"version" : 1
}
}

19
client/main.cpp
View File

@@ -16,8 +16,9 @@
#include "ui/pages_logic/AppSettingsLogic.h"
#include "ui/pages_logic/GeneralSettingsLogic.h"
#include "ui/pages_logic/NetworkSettingsLogic.h"
#include "ui/pages_logic/ServerConfiguringProgressLogic.h"
#include "ui/pages_logic/NewServerProtocolsLogic.h"
#include "ui/pages_logic/QrDecoderLogic.h"
#include "ui/pages_logic/ServerConfiguringProgressLogic.h"
#include "ui/pages_logic/ServerContainersLogic.h"
#include "ui/pages_logic/ServerListLogic.h"
#include "ui/pages_logic/ServerSettingsLogic.h"
@@ -34,6 +35,8 @@
#include "ui/uilogic.h"
#include "QZXing.h"
#include "debug.h"
#include "defines.h"
@@ -48,6 +51,10 @@
#include "Windows.h"
#endif
#if defined(Q_OS_ANDROID)
#include "native.h"
#endif
static void loadTranslator()
{
QTranslator* translator = new QTranslator;
@@ -79,6 +86,11 @@ int main(int argc, char *argv[])
QApplication app(argc, argv);
#endif
#if defined(Q_OS_ANDROID)
NativeHelpers::registerApplicationInstance(&app);
#endif
#ifdef Q_OS_WIN
AllowSetForegroundWindow(0);
#endif
@@ -116,6 +128,8 @@ int main(int argc, char *argv[])
app.setQuitOnLastWindowClosed(false);
QZXing::registerQMLTypes();
qRegisterMetaType<VpnProtocol::VpnConnectionState>("VpnProtocol::VpnConnectionState");
qRegisterMetaType<ServerCredentials>("ServerCredentials");
@@ -156,8 +170,9 @@ int main(int argc, char *argv[])
engine->rootContext()->setContextProperty("AppSettingsLogic", uiLogic->appSettingsLogic());
engine->rootContext()->setContextProperty("GeneralSettingsLogic", uiLogic->generalSettingsLogic());
engine->rootContext()->setContextProperty("NetworkSettingsLogic", uiLogic->networkSettingsLogic());
engine->rootContext()->setContextProperty("ServerConfiguringProgressLogic", uiLogic->serverConfiguringProgressLogic());
engine->rootContext()->setContextProperty("NewServerProtocolsLogic", uiLogic->newServerProtocolsLogic());
engine->rootContext()->setContextProperty("QrDecoderLogic", uiLogic->qrDecoderLogic());
engine->rootContext()->setContextProperty("ServerConfiguringProgressLogic", uiLogic->serverConfiguringProgressLogic());
engine->rootContext()->setContextProperty("ServerListLogic", uiLogic->serverListLogic());
engine->rootContext()->setContextProperty("ServerSettingsLogic", uiLogic->serverSettingsLogic());
engine->rootContext()->setContextProperty("ServerContainersLogic", uiLogic->serverprotocolsLogic());

54
client/platforms/android/native.cpp Normal file
View File

@@ -0,0 +1,54 @@
#include "native.h"
#include <QMetaObject>
#if defined(Q_OS_ANDROID)
#include <jni.h>
#endif // Q_OS_ANDROID
QObject *NativeHelpers::application_p_ = 0;
#if defined(Q_OS_ANDROID)
// define our native static functions
// these are the functions that Java part will call directly from Android UI thread
static void onPermissionsGranted(JNIEnv * /*env*/, jobject /*obj*/)
{
QMetaObject::invokeMethod(NativeHelpers::getApplicationInstance(), "onPermissionsGranted"
, Qt::QueuedConnection);
}
static void onPermissionsDenied(JNIEnv * /*env*/, jobject /*obj*/)
{
QMetaObject::invokeMethod(NativeHelpers::getApplicationInstance(), "onPermissionsDenied"
, Qt::QueuedConnection);
}
//create a vector with all our JNINativeMethod(s)
static JNINativeMethod methods[] = {
{"onPermissionsGranted", "()V", (void *)onPermissionsGranted},
{"onPermissionsDenied", "()V", (void *)onPermissionsDenied},
};
// this method is called automatically by Java after the .so file is loaded
JNIEXPORT jint JNI_OnLoad(JavaVM* vm, void* /*reserved*/)
{
JNIEnv* env;
// get the JNIEnv pointer.
if (vm->GetEnv(reinterpret_cast<void**>(&env), JNI_VERSION_1_6) != JNI_OK)
return JNI_ERR;
// search for Java class which declares the native methods
jclass javaClass = env->FindClass("org/ftylitak/qzxing/NativeFunctions");
if (!javaClass)
return JNI_ERR;
// register our native methods
if (env->RegisterNatives(javaClass, methods,
sizeof(methods) / sizeof(methods[0])) < 0) {
return JNI_ERR;
}
return JNI_VERSION_1_6;
}
#endif // Q_OS_ANDROID

20
client/platforms/android/native.h Normal file
View File

@@ -0,0 +1,20 @@
#ifndef NATIVE_H
#define NATIVE_H
#include <QObject>
class NativeHelpers {
public:
static void registerApplicationInstance(QObject *app_p) {
application_p_ = app_p;
}
static QObject* getApplicationInstance() {
return application_p_;
}
private:
static QObject *application_p_;
};
#endif // NATIVE_H

345
client/platforms/ios/iostunnel.swift
View File

@@ -4,94 +4,72 @@
import Foundation
import NetworkExtension
import os
import OpenVPNAdapter
enum TunnelProtoType: String {
case wireguard, openvpn, none
}
class PacketTunnelProvider: NEPacketTunnelProvider {
private lazy var wgAdapter: WireGuardAdapter = {
return WireGuardAdapter(with: self) { logLevel, message in
wg_log(logLevel.osLogLevel, message: message)
}
}()
private lazy var ovpnAdapter: OpenVPNAdapter = {
let adapter = OpenVPNAdapter()
adapter.delegate = self
return adapter
}()
let vpnReachability = OpenVPNReachability()
var startHandler: ((Error?) -> Void)?
var stopHandler: (() -> Void)?
var protoType: TunnelProtoType = .wireguard
override func startTunnel(options: [String: NSObject]?, completionHandler: @escaping (Error?) -> Void) {
let activationAttemptId = options?["activationAttemptId"] as? String
let errorNotifier = ErrorNotifier(activationAttemptId: activationAttemptId)
Logger.configureGlobal(tagged: "NET", withFilePath: FileManager.logFileURL?.path)
wg_log(.info, message: "Starting tunnel from the " + (activationAttemptId == nil ? "OS directly, rather than the app" : "app"))
guard let tunnelProviderProtocol = self.protocolConfiguration as? NETunnelProviderProtocol,
let tunnelConfiguration = tunnelProviderProtocol.asTunnelConfiguration() else {
errorNotifier.notify(PacketTunnelProviderError.savedProtocolConfigurationIsInvalid)
completionHandler(PacketTunnelProviderError.savedProtocolConfigurationIsInvalid)
return
if let protocolConfiguration = self.protocolConfiguration as? NETunnelProviderProtocol,
let providerConfiguration = protocolConfiguration.providerConfiguration,
let _: Data = providerConfiguration["ovpn"] as? Data {
protoType = .openvpn
} else {
protoType = .wireguard
}
// Start the tunnel
wgAdapter.start(tunnelConfiguration: tunnelConfiguration) { adapterError in
guard let adapterError = adapterError else {
let interfaceName = self.wgAdapter.interfaceName ?? "unknown"
wg_log(.info, message: "Tunnel interface is \(interfaceName)")
completionHandler(nil)
return
}
switch adapterError {
case .cannotLocateTunnelFileDescriptor:
wg_log(.error, staticMessage: "Starting tunnel failed: could not determine file descriptor")
errorNotifier.notify(PacketTunnelProviderError.couldNotDetermineFileDescriptor)
completionHandler(PacketTunnelProviderError.couldNotDetermineFileDescriptor)
case .dnsResolution(let dnsErrors):
let hostnamesWithDnsResolutionFailure = dnsErrors.map { $0.address }
.joined(separator: ", ")
wg_log(.error, message: "DNS resolution failed for the following hostnames: \(hostnamesWithDnsResolutionFailure)")
errorNotifier.notify(PacketTunnelProviderError.dnsResolutionFailure)
completionHandler(PacketTunnelProviderError.dnsResolutionFailure)
case .setNetworkSettings(let error):
wg_log(.error, message: "Starting tunnel failed with setTunnelNetworkSettings returning \(error.localizedDescription)")
errorNotifier.notify(PacketTunnelProviderError.couldNotSetNetworkSettings)
completionHandler(PacketTunnelProviderError.couldNotSetNetworkSettings)
case .startWireGuardBackend(let errorCode):
wg_log(.error, message: "Starting tunnel failed with wgTurnOn returning \(errorCode)")
errorNotifier.notify(PacketTunnelProviderError.couldNotStartBackend)
completionHandler(PacketTunnelProviderError.couldNotStartBackend)
case .invalidState:
// Must never happen
fatalError()
}
switch protoType {
case .wireguard:
startWireguard(activationAttemptId: activationAttemptId,
errorNotifier: errorNotifier,
completionHandler: completionHandler)
case .openvpn:
startOpenVPN(completionHandler: completionHandler)
case .none:
break
}
}
override func stopTunnel(with reason: NEProviderStopReason, completionHandler: @escaping () -> Void) {
wg_log(.info, staticMessage: "Stopping tunnel")
wgAdapter.stop { error in
ErrorNotifier.removeLastErrorFile()
if let error = error {
wg_log(.error, message: "Failed to stop WireGuard adapter: \(error.localizedDescription)")
}
completionHandler()
#if os(macOS)
// HACK: This is a filthy hack to work around Apple bug 32073323 (dup'd by us as 47526107).
// Remove it when they finally fix this upstream and the fix has been rolled out to
// sufficient quantities of users.
exit(0)
#endif
switch protoType {
case .wireguard:
stopWireguard(with: reason, completionHandler: completionHandler)
case .openvpn:
stopOpenVPN(with: reason, completionHandler: completionHandler)
case .none:
break
}
}
override func handleAppMessage(_ messageData: Data, completionHandler: ((Data?) -> Void)? = nil) {
guard let completionHandler = completionHandler else { return }
if messageData.count == 1 && messageData[0] == 0 {
wgAdapter.getRuntimeConfiguration { settings in
var data: Data?
@@ -108,31 +86,144 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
completionHandler(nil)
return
}
do {
let tunnelConfiguration = try TunnelConfiguration(fromWgQuickConfig: configString)
wgAdapter.update(tunnelConfiguration: tunnelConfiguration) { error in
if let error = error {
wg_log(.error, message: "Failed to switch tunnel configuration: \(error.localizedDescription)")
completionHandler(nil)
return
let tunnelConfiguration = try TunnelConfiguration(fromWgQuickConfig: configString)
wgAdapter.update(tunnelConfiguration: tunnelConfiguration) { error in
if let error = error {
wg_log(.error, message: "Failed to switch tunnel configuration: \(error.localizedDescription)")
completionHandler(nil)
return
}
self.wgAdapter.getRuntimeConfiguration { settings in
var data: Data?
if let settings = settings {
data = settings.data(using: .utf8)!
}
completionHandler(data)
}
}
self.wgAdapter.getRuntimeConfiguration { settings in
var data: Data?
if let settings = settings {
data = settings.data(using: .utf8)!
}
completionHandler(data)
}
}
} catch {
completionHandler(nil)
completionHandler(nil)
}
} else {
completionHandler(nil)
}
}
// MARK: Private methods
private func startWireguard(activationAttemptId: String?,
errorNotifier: ErrorNotifier,
completionHandler: @escaping (Error?) -> Void) {
guard let tunnelProviderProtocol = self.protocolConfiguration as? NETunnelProviderProtocol,
let tunnelConfiguration = tunnelProviderProtocol.asTunnelConfiguration() else {
errorNotifier.notify(PacketTunnelProviderError.savedProtocolConfigurationIsInvalid)
completionHandler(PacketTunnelProviderError.savedProtocolConfigurationIsInvalid)
return
}
wg_log(.info, message: "Starting wireguard tunnel from the " + (activationAttemptId == nil ? "OS directly, rather than the app" : "app"))
// Start the tunnel
wgAdapter.start(tunnelConfiguration: tunnelConfiguration) { adapterError in
guard let adapterError = adapterError else {
let interfaceName = self.wgAdapter.interfaceName ?? "unknown"
wg_log(.info, message: "Tunnel interface is \(interfaceName)")
completionHandler(nil)
return
}
switch adapterError {
case .cannotLocateTunnelFileDescriptor:
wg_log(.error, staticMessage: "Starting tunnel failed: could not determine file descriptor")
errorNotifier.notify(PacketTunnelProviderError.couldNotDetermineFileDescriptor)
completionHandler(PacketTunnelProviderError.couldNotDetermineFileDescriptor)
case .dnsResolution(let dnsErrors):
let hostnamesWithDnsResolutionFailure = dnsErrors.map { $0.address }
.joined(separator: ", ")
wg_log(.error, message: "DNS resolution failed for the following hostnames: \(hostnamesWithDnsResolutionFailure)")
errorNotifier.notify(PacketTunnelProviderError.dnsResolutionFailure)
completionHandler(PacketTunnelProviderError.dnsResolutionFailure)
case .setNetworkSettings(let error):
wg_log(.error, message: "Starting tunnel failed with setTunnelNetworkSettings returning \(error.localizedDescription)")
errorNotifier.notify(PacketTunnelProviderError.couldNotSetNetworkSettings)
completionHandler(PacketTunnelProviderError.couldNotSetNetworkSettings)
case .startWireGuardBackend(let errorCode):
wg_log(.error, message: "Starting tunnel failed with wgTurnOn returning \(errorCode)")
errorNotifier.notify(PacketTunnelProviderError.couldNotStartBackend)
completionHandler(PacketTunnelProviderError.couldNotStartBackend)
case .invalidState:
// Must never happen
fatalError()
}
}
}
private func startOpenVPN(completionHandler: @escaping (Error?) -> Void) {
guard let protocolConfiguration = self.protocolConfiguration as? NETunnelProviderProtocol,
let providerConfiguration = protocolConfiguration.providerConfiguration,
let ovpnConfiguration: Data = providerConfiguration["ovpn"] as? Data else {
return
}
let configuration = OpenVPNConfiguration()
configuration.fileContent = ovpnConfiguration
// configuration.settings = [] // Additional setting if needed any
// configuration.tunPersist = true // keep tun active during pauses/reconections
let evaluation: OpenVPNConfigurationEvaluation
do {
evaluation = try ovpnAdapter.apply(configuration: configuration)
} catch {
completionHandler(error)
return
}
if !evaluation.autologin {
print("Implement login with user credentials")
}
vpnReachability.startTracking { [weak self] status in
guard status == .reachableViaWiFi else { return }
self?.ovpnAdapter.reconnect(afterTimeInterval: 5)
}
startHandler = completionHandler
ovpnAdapter.connect(using: packetFlow)
}
private func stopWireguard(with reason: NEProviderStopReason, completionHandler: @escaping () -> Void) {
wg_log(.info, staticMessage: "Stopping tunnel")
wgAdapter.stop { error in
ErrorNotifier.removeLastErrorFile()
if let error = error {
wg_log(.error, message: "Failed to stop WireGuard adapter: \(error.localizedDescription)")
}
completionHandler()
#if os(macOS)
// HACK: This is a filthy hack to work around Apple bug 32073323 (dup'd by us as 47526107).
// Remove it when they finally fix this upstream and the fix has been rolled out to
// sufficient quantities of users.
exit(0)
#endif
}
}
private func stopOpenVPN(with reason: NEProviderStopReason, completionHandler: @escaping () -> Void) {
stopHandler = completionHandler
if vpnReachability.isTracking {
vpnReachability.stopTracking()
}
ovpnAdapter.disconnect()
}
}
extension WireGuardLogLevel {
@@ -145,3 +236,87 @@ extension WireGuardLogLevel {
}
}
}
extension NEPacketTunnelFlow: OpenVPNAdapterPacketFlow {}
extension PacketTunnelProvider: OpenVPNAdapterDelegate {
// OpenVPNAdapter calls this delegate method to configure a VPN tunnel.
// `completionHandler` callback requires an object conforming to `OpenVPNAdapterPacketFlow`
// protocol if the tunnel is configured without errors. Otherwise send nil.
// `OpenVPNAdapterPacketFlow` method signatures are similar to `NEPacketTunnelFlow` so
// you can just extend that class to adopt `OpenVPNAdapterPacketFlow` protocol and
// send `self.packetFlow` to `completionHandler` callback.
func openVPNAdapter(
_ openVPNAdapter: OpenVPNAdapter,
configureTunnelWithNetworkSettings networkSettings: NEPacketTunnelNetworkSettings?,
completionHandler: @escaping (Error?) -> Void
) {
// In order to direct all DNS queries first to the VPN DNS servers before the primary DNS servers
// send empty string to NEDNSSettings.matchDomains
networkSettings?.dnsSettings?.matchDomains = [""]
// Set the network settings for the current tunneling session.
setTunnelNetworkSettings(networkSettings, completionHandler: completionHandler)
}
// Process events returned by the OpenVPN library
func openVPNAdapter(
_ openVPNAdapter: OpenVPNAdapter,
handleEvent event:
OpenVPNAdapterEvent, message: String?
) {
switch event {
case .connected:
if reasserting {
reasserting = false
}
guard let startHandler = startHandler else { return }
startHandler(nil)
self.startHandler = nil
case .disconnected:
guard let stopHandler = stopHandler else { return }
if vpnReachability.isTracking {
vpnReachability.stopTracking()
}
stopHandler()
self.stopHandler = nil
case .reconnecting:
reasserting = true
default:
break
}
}
// Handle errors thrown by the OpenVPN library
func openVPNAdapter(_ openVPNAdapter: OpenVPNAdapter, handleError error: Error) {
// Handle only fatal errors
guard let fatal = (error as NSError).userInfo[OpenVPNAdapterErrorFatalKey] as? Bool,
fatal == true else { return }
if vpnReachability.isTracking {
vpnReachability.stopTracking()
}
if let startHandler = startHandler {
startHandler(error)
self.startHandler = nil
} else {
cancelTunnelWithError(error)
}
}
// Use this method to process any log message returned by OpenVPN library.
func openVPNAdapter(_ openVPNAdapter: OpenVPNAdapter, handleLogMessage logMessage: String) {
// Handle log messages
}
}

286
client/platforms/ios/iosvpnprotocol.swift
View File

@@ -5,7 +5,7 @@
import Foundation
import NetworkExtension
let vpnName = "AmneziaVPN"
let vpnName = "Amnezia WireguardVPN"
var vpnBundleID = "";
@objc class VPNIPAddressRange : NSObject {
@@ -30,27 +30,32 @@ public class IOSVpnProtocolImpl : NSObject {
private var deviceIpv4Address: String? = nil
private var deviceIpv6Address: String? = nil
@objc enum IOSConnectionState: Int { case Error, Connected, Disconnected }
@objc init(bundleID: String, privateKey: Data, deviceIpv4Address: String, deviceIpv6Address: String, closure: @escaping (IOSConnectionState, Date?) -> Void, callback: @escaping (Bool) -> Void) {
@objc enum ConnectionState: Int { case Error, Connected, Disconnected }
@objc init(bundleID: String,
config: String,
closure: @escaping (ConnectionState, Date?) -> Void,
callback: @escaping (Bool) -> Void) {
super.init()
Logger.configureGlobal(tagged: "APP", withFilePath: "")
print("Config from caller: \(config)")
vpnBundleID = bundleID;
precondition(!vpnBundleID.isEmpty)
stateChangeCallback = callback
self.privateKey = PrivateKey(rawValue: privateKey)
self.deviceIpv4Address = deviceIpv4Address
self.deviceIpv6Address = deviceIpv6Address
NotificationCenter.default.addObserver(self, selector: #selector(self.vpnStatusDidChange(notification:)), name: Notification.Name.NEVPNStatusDidChange, object: nil)
NotificationCenter.default.removeObserver(self)
NotificationCenter.default.addObserver(self,
selector: #selector(self.vpnStatusDidChange(notification:)),
name: Notification.Name.NEVPNStatusDidChange,
object: nil)
NETunnelProviderManager.loadAllFromPreferences { [weak self] managers, error in
if let error = error {
Logger.global?.log(message: "Loading from preference failed: \(error)")
closure(IOSConnectionState.Error, nil)
closure(ConnectionState.Error, nil)
return
}
@@ -64,11 +69,22 @@ public class IOSVpnProtocolImpl : NSObject {
print("We have received \(nsManagers.count) managers.")
let tunnel = nsManagers.first(where: IOSVpnProtocolImpl.isOurManager(_:))
// if let name = tunnel?.localizedDescription, name == vpnName {
// tunnel?.removeFromPreferences(completionHandler: { removeError in
// if let error = removeError {
// Logger.global?.log(message: "WireguardVPN Tunnel Remove from Prefs Error: \(error)")
// closure(ConnectionState.Error, nil)
// return
// }
// })
// }
if tunnel == nil {
Logger.global?.log(message: "Creating the tunnel")
print("Creating the tunnel")
self!.tunnel = NETunnelProviderManager()
closure(IOSConnectionState.Disconnected, nil)
closure(ConnectionState.Disconnected, nil)
return
}
@@ -77,9 +93,80 @@ public class IOSVpnProtocolImpl : NSObject {
self!.tunnel = tunnel
if tunnel?.connection.status == .connected {
closure(IOSConnectionState.Connected, tunnel?.connection.connectedDate)
closure(ConnectionState.Connected, tunnel?.connection.connectedDate)
} else {
closure(IOSConnectionState.Disconnected, nil)
closure(ConnectionState.Disconnected, nil)
}
}
}
@objc init(bundleID: String,
privateKey: Data,
deviceIpv4Address: String,
deviceIpv6Address: String,
closure: @escaping (ConnectionState, Date?) -> Void,
callback: @escaping (Bool) -> Void) {
super.init()
Logger.configureGlobal(tagged: "APP", withFilePath: "")
vpnBundleID = bundleID;
precondition(!vpnBundleID.isEmpty)
stateChangeCallback = callback
self.privateKey = PrivateKey(rawValue: privateKey)
self.deviceIpv4Address = deviceIpv4Address
self.deviceIpv6Address = deviceIpv6Address
NotificationCenter.default.removeObserver(self)
NotificationCenter.default.addObserver(self, selector: #selector(self.vpnStatusDidChange(notification:)), name: Notification.Name.NEVPNStatusDidChange, object: nil)
NETunnelProviderManager.loadAllFromPreferences { [weak self] managers, error in
if let error = error {
Logger.global?.log(message: "Loading from preference failed: \(error)")
closure(ConnectionState.Error, nil)
return
}
if self == nil {
Logger.global?.log(message: "We are shutting down.")
return
}
let nsManagers = managers ?? []
Logger.global?.log(message: "We have received \(nsManagers.count) managers.")
print("We have received \(nsManagers.count) managers.")
let tunnel = nsManagers.first(where: IOSVpnProtocolImpl.isOurManager(_:))
// if let name = tunnel?.localizedDescription, name != vpnName {
// tunnel?.removeFromPreferences(completionHandler: { removeError in
// if let error = removeError {
// Logger.global?.log(message: "OpenVpn Tunnel Remove from Prefs Error: \(error)")
// closure(ConnectionState.Error, nil)
// return
// }
// })
// }
if tunnel == nil {
Logger.global?.log(message: "Creating the tunnel")
print("Creating the tunnel")
self!.tunnel = NETunnelProviderManager()
closure(ConnectionState.Disconnected, nil)
return
}
Logger.global?.log(message: "Tunnel already exists")
print("Tunnel already exists")
self!.tunnel = tunnel
if tunnel?.connection.status == .connected {
closure(ConnectionState.Connected, tunnel?.connection.connectedDate)
} else {
closure(ConnectionState.Disconnected, nil)
}
}
}
@@ -142,6 +229,22 @@ public class IOSVpnProtocolImpl : NSObject {
print("Found the manager with the correct bundle identifier: \(tunnelProto.providerBundleIdentifier!)")
return true
}
@objc func connect(ovpnConfig: String, failureCallback: @escaping () -> Void) {
Logger.global?.log(message: "Connecting")
assert(tunnel != nil)
let addr: String = ovpnConfig
.splitToArray(separator: "\n", trimmingCharacters: nil)
.first { $0.starts(with: "remote ") }
.splitToArray(separator: " ", trimmingCharacters: nil)[1]
print("server: \(addr)")
// Let's remove the previous config if it exists.
(tunnel?.protocolConfiguration as? NETunnelProviderProtocol)?.destroyConfigurationReference()
self.configureOpenVPNTunnel(serverAddress: addr, config: ovpnConfig, failureCallback: failureCallback)
}
@objc func connect(dnsServer: String, serverIpv6Gateway: String, serverPublicKey: String, presharedKey: String, serverIpv4AddrIn: String, serverPort: Int, allowedIPAddressRanges: Array<VPNIPAddressRange>, ipv6Enabled: Bool, reason: Int, failureCallback: @escaping () -> Void) {
Logger.global?.log(message: "Connecting")
@@ -247,6 +350,46 @@ public class IOSVpnProtocolImpl : NSObject {
}
}
}
func configureOpenVPNTunnel(serverAddress: String, config: String, failureCallback: @escaping () -> Void) {
let tunnelProtocol = NETunnelProviderProtocol()
tunnelProtocol.serverAddress = serverAddress
tunnelProtocol.providerBundleIdentifier = vpnBundleID
tunnelProtocol.providerConfiguration = ["ovpn": Data(config.utf8)]
tunnel?.protocolConfiguration = tunnelProtocol
tunnel?.localizedDescription = "Amnezia OpenVPN"
tunnel?.isEnabled = true
tunnel?.saveToPreferences { [unowned self] saveError in
if let error = saveError {
Logger.global?.log(message: "Connect OpenVPN Tunnel Save Error: \(error)")
failureCallback()
return
}
Logger.global?.log(message: "Saving the OpenVPN tunnel succeeded")
self.tunnel?.loadFromPreferences { error in
if let error = error {
Logger.global?.log(message: "Connect OpenVPN Tunnel Load Error: \(error)")
failureCallback()
return
}
Logger.global?.log(message: "Loading the OpenVPN tunnel succeeded")
print("Loading the openvpn tunnel succeeded")
do {
print("starting openvpn tunnel")
try self.tunnel?.connection.startVPNTunnel()
} catch let error {
Logger.global?.log(message: "Something went wrong: \(error)")
failureCallback()
return
}
}
}
}
@objc func disconnect() {
Logger.global?.log(message: "Disconnecting")
@@ -257,7 +400,74 @@ public class IOSVpnProtocolImpl : NSObject {
@objc func checkStatus(callback: @escaping (String, String, String) -> Void) {
Logger.global?.log(message: "Check status")
assert(tunnel != nil)
let protoType = (tunnel!.localizedDescription ?? "").toTunnelType
switch protoType {
case .wireguard:
checkWireguardStatus(callback: callback)
case .openvpn:
checkOVPNStatus(callback: callback)
case .empty:
break
}
}
private func checkOVPNStatus(callback: @escaping (String, String, String) -> Void) {
Logger.global?.log(message: "Check OpenVPN")
guard let proto = tunnel?.protocolConfiguration as? NETunnelProviderProtocol else {
callback("", "", "")
return
}
guard let configData = proto.providerConfiguration?["ovpn"] as? Data,
let ovpnConfig = String(data: configData, encoding: .utf8) else {
callback("", "", "")
return
}
let serverIpv4Gateway: String = ovpnConfig
.splitToArray(separator: "\n", trimmingCharacters: nil)
.first { $0.starts(with: "remote ") }
.splitToArray(separator: " ", trimmingCharacters: nil)[1]
print("server IP: \(serverIpv4Gateway)")
let deviceIpv4Address = getTunIPAddress()
print("device IP: \(serverIpv4Gateway)")
if deviceIpv4Address == nil {
callback("", "", "")
return
}
guard let session = tunnel?.connection as? NETunnelProviderSession else {
callback("", "", "")
return
}
do {
try session.sendProviderMessage(Data([UInt8(0)])) { [callback] data in
guard let data = data,
let configString = String(data: data, encoding: .utf8)
else {
Logger.global?.log(message: "Failed to convert data to string")
callback("", "", "")
return
}
callback("\(serverIpv4Gateway)", "\(deviceIpv4Address!)", configString)
}
} catch {
Logger.global?.log(message: "Failed to retrieve data from session")
callback("", "", "")
}
}
private func checkWireguardStatus(callback: @escaping (String, String, String) -> Void) {
Logger.global?.log(message: "Check Wireguard")
let proto = tunnel!.protocolConfiguration as? NETunnelProviderProtocol
if proto == nil {
callback("", "", "")
@@ -305,4 +515,50 @@ public class IOSVpnProtocolImpl : NSObject {
callback("", "", "")
}
}
private func getTunIPAddress() -> String? {
var address: String? = nil
var interfaces: UnsafeMutablePointer<ifaddrs>? = nil
var temp_addr: UnsafeMutablePointer<ifaddrs>? = nil
var success: Int = 0
// retrieve the current interfaces - returns 0 on success
success = Int(getifaddrs(&interfaces))
if success == 0 {
// Loop through linked list of interfaces
temp_addr = interfaces
while temp_addr != nil {
if temp_addr?.pointee.ifa_addr == nil {
continue
}
if temp_addr?.pointee.ifa_addr.pointee.sa_family == UInt8(AF_INET) {
// Check if interface is en0 which is the wifi connection on the iPhone
if let name = temp_addr?.pointee.ifa_name, ((String(utf8String: name)?.contains("tun")) != nil) {
// Get NSString from C String
if let value = temp_addr?.pointee.ifa_addr as? sockaddr_in {
address = String(utf8String: inet_ntoa(value.sin_addr))
}
}
}
temp_addr = temp_addr?.pointee.ifa_next
}
}
freeifaddrs(interfaces)
return address
}
}
enum TunnelType: String {
case wireguard, openvpn, empty
}
extension String {
var toTunnelType: TunnelType {
switch self {
case "wireguard": return .wireguard
case "openvpn": return .openvpn
default:
return .empty
}
}
}

155
client/protocols/ikev2_vpn_protocol.cpp → client/protocols/ikev2_vpn_protocol_windows.cpp
View File

@@ -1,14 +1,13 @@
#include <QCoreApplication>
#include <QFileInfo>
#include <QProcess>
//#include <QRegularExpression>
//#include <QTcpSocket>
#include <QThread>
#include <chrono>
#include "debug.h"
#include "ikev2_vpn_protocol.h"
#include "ikev2_vpn_protocol_windows.h"
#include "utils.h"
static Ikev2Protocol* self = nullptr;
@@ -24,23 +23,19 @@ Ikev2Protocol::Ikev2Protocol(const QJsonObject &configuration, QObject* parent)
VpnProtocol(configuration, parent)
{
self = this;
//m_configFile.setFileTemplate(QDir::tempPath() + QDir::separator() + serviceName() + ".conf");
readIkev2Configuration(configuration);
}
Ikev2Protocol::~Ikev2Protocol()
{
qDebug() << "IpsecProtocol::~IpsecProtocol()";
#ifdef Q_OS_WIN
disconnect_vpn();
#endif
Ikev2Protocol::stop();
}
void Ikev2Protocol::stop()
{
setConnectionState(VpnProtocol::Disconnecting);
#ifdef Q_OS_WINDOWS
{
if (! disconnect_vpn() ){
qDebug()<<"We don't disconnect";
@@ -50,7 +45,6 @@ void Ikev2Protocol::stop()
setConnectionState(VpnProtocol::Disconnected);
}
}
#endif
}
void Ikev2Protocol::newConnectionStateEventReceived(UINT unMsg, tagRASCONNSTATE rasconnstate, DWORD dwError)
@@ -60,181 +54,117 @@ void Ikev2Protocol::newConnectionStateEventReceived(UINT unMsg, tagRASCONNSTATE
switch (rasconnstate)
{
case RASCS_OpenPort:
qDebug()<<__FUNCTION__ << __LINE__;
//qDebug()<<__FUNCTION__ << __LINE__;
setConnectionState(Preparing);
//printf ("RASCS_OpenPort = %d\n", _connection_state);
//printf ("Opening port...\n");
break;
case RASCS_PortOpened:
qDebug()<<__FUNCTION__ << __LINE__;
//qDebug()<<__FUNCTION__ << __LINE__;
setConnectionState(Preparing);
//printf ("RASCS_PortOpened = %d\n", _connection_state);
//printf ("Port opened.\n");
break;
case RASCS_ConnectDevice:
qDebug()<<__FUNCTION__ << __LINE__;
//qDebug()<<__FUNCTION__ << __LINE__;
setConnectionState(Preparing);
//printf ("RASCS_ConnectDevice = %d\n", _connection_state);
//printf ("Connecting device...\n");
break;
case RASCS_DeviceConnected:
qDebug()<<__FUNCTION__ << __LINE__;
//qDebug()<<__FUNCTION__ << __LINE__;
setConnectionState(Preparing);
//printf ("RASCS_DeviceConnected = %d\n", _connection_state);
//printf ("Device connected.\n");
break;
case RASCS_AllDevicesConnected:
qDebug()<<__FUNCTION__ << __LINE__;
//qDebug()<<__FUNCTION__ << __LINE__;
setConnectionState(Preparing);
//printf ("RASCS_AllDevicesConnected = %d\n", _connection_state);
//printf ("All devices connected.\n");
break;
case RASCS_Authenticate:
qDebug()<<__FUNCTION__ << __LINE__;
//qDebug()<<__FUNCTION__ << __LINE__;
setConnectionState(Preparing);
//printf ("RASCS_Authenticate = %d\n", _connection_state);
// printf ("Authenticating...\n");
break;
case RASCS_AuthNotify:
qDebug()<<__FUNCTION__ << __LINE__;
//qDebug()<<__FUNCTION__ << __LINE__;
if (dwError != 0) {
qDebug() << "have error" << dwError;
//qDebug() << "have error" << dwError;
setConnectionState(Disconnected);
} else {
qDebug() << "RASCS_AuthNotify but no error" << dwError;
//qDebug() << "RASCS_AuthNotify but no error" << dwError;
}
//printf ("RASCS_AuthNotify = %d\n", _connection_state);
// printf ("Authentication notify.\n");
break;
case RASCS_AuthRetry:
qDebug()<<__FUNCTION__ << __LINE__;
//qDebug()<<__FUNCTION__ << __LINE__;
setConnectionState(Preparing);
//printf ("RASCS_AuthRetry = %d\n", _connection_state);
//printf ("Retrying authentication...\n");
break;
case RASCS_AuthCallback:
qDebug()<<__FUNCTION__ << __LINE__;
//printf ("RASCS_AuthCallback = %d\n", _connection_state);
//printf ("Authentication callback...\n");
break;
case RASCS_AuthChangePassword:
qDebug()<<__FUNCTION__ << __LINE__;
// printf ("RASCS_AuthChangePassword = %d\n", _connection_state);
//printf ("Change password...\n");
break;
case RASCS_AuthProject:
qDebug()<<__FUNCTION__ << __LINE__;
//printf ("RASCS_AuthProject = %d\n", _connection_state);
//printf ("Projection phase started...\n");
break;
case RASCS_AuthLinkSpeed:
qDebug()<<__FUNCTION__ << __LINE__;
//printf ("RASCS_AuthLinkSpeed = %d\n", _connection_state);
//printf ("Negoting speed...\n");
break;
case RASCS_AuthAck:
qDebug()<<__FUNCTION__ << __LINE__;
//printf ("RASCS_AuthAck = %d\n", _connection_state);
//printf ("Authentication acknowledge...\n");
break;
case RASCS_ReAuthenticate:
qDebug()<<__FUNCTION__ << __LINE__;
//printf ("RASCS_ReAuthenticate = %d\n", _connection_state);
//printf ("Retrying Authentication...\n");
//qDebug()<<__FUNCTION__ << __LINE__;
break;
case RASCS_Authenticated:
qDebug()<<__FUNCTION__ << __LINE__;
//printf ("RASCS_Authenticated = %d\n", _connection_state);
//printf ("Authentication complete.\n");
//qDebug()<<__FUNCTION__ << __LINE__;
break;
case RASCS_PrepareForCallback:
qDebug()<<__FUNCTION__ << __LINE__;
//printf ("RASCS_PrepareForCallback = %d\n", _connection_state);
//printf ("Preparing for callback...\n");
break;
case RASCS_WaitForModemReset:
qDebug()<<__FUNCTION__ << __LINE__;
//printf ("RASCS_WaitForModemReset = %d\n", _connection_state);
// printf ("Waiting for modem reset...\n");
break;
case RASCS_WaitForCallback:
qDebug()<<__FUNCTION__ << __LINE__;
//printf ("RASCS_WaitForCallback = %d\n", _connection_state);
//printf ("Waiting for callback...\n");
break;
case RASCS_Projected:
qDebug()<<__FUNCTION__ << __LINE__;
//printf ("RASCS_Projected = %d\n", _connection_state);
//printf ("Projection completed.\n");
break;
#if (WINVER >= 0x400)
case RASCS_StartAuthentication: // Windows 95 only
qDebug()<<__FUNCTION__ << __LINE__;
//printf ("RASCS_StartAuthentication = %d\n", _connection_state);
//printf ("Starting authentication...\n");
break;
case RASCS_CallbackComplete: // Windows 95 only
qDebug()<<__FUNCTION__ << __LINE__;
//printf ("RASCS_CallbackComplete = %d\n", rasconnstate);
//printf ("Callback complete.\n");
break;
case RASCS_LogonNetwork: // Windows 95 only
qDebug()<<__FUNCTION__ << __LINE__;
//printf ("RASCS_LogonNetwork = %d\n", _connection_state);
//printf ("Login to the network.\n");
break;
#endif
case RASCS_SubEntryConnected:
qDebug()<<__FUNCTION__ << __LINE__;
//printf ("RASCS_SubEntryConnected = %d\n", _connection_state);
//printf ("Subentry connected.\n");
break;
case RASCS_SubEntryDisconnected:
qDebug()<<__FUNCTION__ << __LINE__;
//printf ("RASCS_SubEntryDisconnected = %d\n", _connection_state);
//printf ("Subentry disconnected.\n");
break;
//PAUSED STATES:
case RASCS_Interactive:
qDebug()<<__FUNCTION__ << __LINE__;
//printf ("RASCS_Interactive = %d\n", _connection_state);
//printf ("In Paused state: Interactive mode.\n");
break;
case RASCS_RetryAuthentication:
qDebug()<<__FUNCTION__ << __LINE__;
//printf ("RASCS_RetryAuthentication = %d\n", _connection_state);
//printf ("In Paused state: Retry Authentication...\n");
break;
case RASCS_CallbackSetByCaller:
qDebug()<<__FUNCTION__ << __LINE__;
//printf ("RASCS_CallbackSetByCaller = %d\n", _connection_state);
//printf ("In Paused state: Callback set by Caller.\n");
break;
case RASCS_PasswordExpired:
setConnectionState(Error);
qDebug()<<__FUNCTION__ << __LINE__;
//printf ("RASCS_PasswordExpired = %d\n", _connection_state);
//printf ("In Paused state: Password has expired...\n");
break;
case RASCS_Connected: // = RASCS_DONE:
setConnectionState(Connected);
qDebug()<<__FUNCTION__ << __LINE__;
//printf ("RASCS_Connected = %d\n", _connection_state);
//printf ("Connection completed.\n");
//SetEvent(gEvent_handle);
//qDebug()<<__FUNCTION__ << __LINE__;
break;
case RASCS_Disconnected:
setConnectionState(Disconnected);
qDebug()<<__FUNCTION__ << __LINE__;
//printf ("RASCS_Disconnected = %d\n", _connection_state);
//printf ("Disconnecting...\n");
//qDebug()<<__FUNCTION__ << __LINE__;
break;
default:
qDebug()<<__FUNCTION__ << __LINE__;
//printf ("Unknown Status = %d\n", _connection_state);
//printf ("What are you going to do about it?\n");
//qDebug()<<__FUNCTION__ << __LINE__;
break;
}
}
@@ -246,7 +176,6 @@ void Ikev2Protocol::readIkev2Configuration(const QJsonObject &configuration)
ErrorCode Ikev2Protocol::start()
{
#ifdef Q_OS_WINDOWS
QByteArray cert = QByteArray::fromBase64(m_config[config_key::cert].toString().toUtf8());
setConnectionState(Connecting);
@@ -277,34 +206,10 @@ ErrorCode Ikev2Protocol::start()
});
certInstallProcess->setArguments(arguments);
// qDebug() << arguments.join(" ");
// connect(certInstallProcess.data(), &PrivilegedProcess::errorOccurred, [certInstallProcess](QProcess::ProcessError error) {
// qDebug() << "PrivilegedProcess errorOccurred" << error;
// });
// connect(certInstallProcess.data(), &PrivilegedProcess::stateChanged, [certInstallProcess](QProcess::ProcessState newState) {
// qDebug() << "PrivilegedProcess stateChanged" << newState;
// });
// connect(certInstallProcess.data(), &PrivilegedProcess::readyRead, [certInstallProcess]() {
// auto req = certInstallProcess->readAll();
// req.waitForFinished();
// qDebug() << "PrivilegedProcess readyRead" << req.returnValue();
// });
certInstallProcess->start();
}
// /*
{
// auto adapterRemoveProcess = new QProcess;
// adapterRemoveProcess->setProgram("powershell");
// QString arguments = QString("-command \"Remove-VpnConnection -Name '%1' -Force\"").arg(tunnelName());
// adapterRemoveProcess->setNativeArguments(arguments);
// adapterRemoveProcess->start();
// adapterRemoveProcess->waitForFinished(5000);
if ( disconnect_vpn()){
qDebug()<<"VPN was disconnected";
}
@@ -319,21 +224,6 @@ ErrorCode Ikev2Protocol::start()
qDebug() <<"Can't create the VPN connect";
}
}
// auto adapterInstallProcess = new QProcess;
// adapterInstallProcess->setProgram("powershell");
// QString arguments = QString("-command \"Add-VpnConnection "
// "-ServerAddress '%1' "
// "-Name '%2' "
// "-TunnelType IKEv2 "
// "-AuthenticationMethod MachineCertificate "
// "-EncryptionLevel Required "
// "-PassThru\"")
// .arg(m_config[config_key::hostName].toString())
// .arg(tunnelName());
// adapterInstallProcess->setNativeArguments(arguments);
// adapterInstallProcess->start();
// adapterInstallProcess->waitForFinished(5000);
}
{
@@ -352,10 +242,6 @@ ErrorCode Ikev2Protocol::start()
.arg(tunnelName());
adapterConfigProcess->setNativeArguments(arguments);
// connect(adapterConfigProcess, &QProcess::readyRead, [adapterConfigProcess]() {
// qDebug().noquote() << "adapterConfigProcess readyRead" << adapterConfigProcess->readAll();
// });
adapterConfigProcess->start();
adapterConfigProcess->waitForFinished(5000);
}
@@ -367,13 +253,8 @@ ErrorCode Ikev2Protocol::start()
}
//setConnectionState(Connecting);
return ErrorCode::NoError;
#else
return ErrorCode::NoError;
#endif
}
//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#ifdef Q_OS_WINDOWS
bool Ikev2Protocol::create_new_vpn(const QString & vpn_name,
const QString & serv_addr){
@@ -442,5 +323,3 @@ void WINAPI RasDialFuncCallback(UINT unMsg,
self->newConnectionStateEventReceived(unMsg, rasconnstate, dwError);
}
}
#endif

18
client/protocols/ikev2_vpn_protocol.h → client/protocols/ikev2_vpn_protocol_windows.h
View File

@@ -1,5 +1,5 @@
#ifndef IPSEC_PROTOCOL_H
#define IPSEC_PROTOCOL_H
#ifndef IKEV2_VPN_PROTOCOL_WINDOWS_H
#define IKEV2_VPN_PROTOCOL_WINDOWS_H
#include <QObject>
#include <QProcess>
@@ -10,7 +10,6 @@
#include "vpnprotocol.h"
#include "core/ipcclient.h"
#ifdef Q_OS_WIN
#include <string>
#include <memory>
#include <atomic>
@@ -31,8 +30,6 @@
#pragma comment(lib, "rasapi32.lib")
#pragma comment(lib, "Crypt32.lib")
#endif
class Ikev2Protocol : public VpnProtocol
{
Q_OBJECT
@@ -54,14 +51,9 @@ public:
private:
void readIkev2Configuration(const QJsonObject &configuration);
#ifdef Q_OS_WIN
//certificates variables
#endif
private:
QJsonObject m_config;
#ifdef Q_OS_WIN
//RAS functions and parametrs
HRASCONN hRasConn{nullptr};
bool create_new_vpn(const QString & vpn_name,
@@ -70,12 +62,8 @@ private:
bool connect_to_vpn(const QString & vpn_name);
bool disconnect_vpn();
#endif
};
#ifdef Q_OS_WIN
DWORD CALLBACK rasCallback(UINT msg, RASCONNSTATE rascs, DWORD err);
#endif
#endif // IPSEC_PROTOCOL_H
#endif // IKEV2_VPN_PROTOCOL_WINDOWS_H

7
client/protocols/ios_vpnprotocol.h
View File

@@ -3,6 +3,7 @@
#include "vpnprotocol.h"
#include "protocols/protocols_defs.h"
#include "json.h"
using namespace amnezia;
@@ -45,6 +46,12 @@ private:
bool m_serviceConnected = false;
bool m_checkingStatus = false;
std::function<void(const QString&)> m_logCallback;
void setupWireguardProtocol(const QtJson::JsonObject& result);
void setupOpenVPNProtocol(const QtJson::JsonObject& result);
void launchWireguardTunnel(const QtJson::JsonObject &result);
void launchOpenVPNTunnel(const QtJson::JsonObject &result);
};

407
client/protocols/ios_vpnprotocol.mm
View File

@@ -10,8 +10,6 @@
#include <QByteArray>
#include "json.h"
#include "ipaddressrange.h"
#include "ios_vpnprotocol.h"
#include "core/errorstrings.h"
@@ -21,6 +19,7 @@ namespace
{
IOSVpnProtocol* s_instance = nullptr;
IOSVpnProtocolImpl* m_controller = nullptr;
Proto currentProto = amnezia::Proto::Any;
}
IOSVpnProtocol::IOSVpnProtocol(Proto proto, const QJsonObject &configuration, QObject* parent)
@@ -35,10 +34,9 @@ bool IOSVpnProtocol::initialize()
{
qDebug() << "Initializing Swift Controller";
static bool creating = false;
// No nested creation!
Q_ASSERT(creating == false);
creating = true;
// qDebug() << "config =>";
// qDebug() << QJsonDocument(m_rawConfig).toJson();
if (!m_controller) {
bool ok;
@@ -49,142 +47,69 @@ bool IOSVpnProtocol::initialize()
return false;
}
QString vpnProto = result["protocol"].toString();
qDebug() << "protocol: " << vpnProto;
qDebug() << "config data => ";
QtJson::JsonObject config = result["wireguard_config_data"].toMap();
QString privateKey = config["client_priv_key"].toString();
QByteArray key = QByteArray::fromBase64(privateKey.toLocal8Bit());
qDebug() << " - " << "client_priv_key: " << config["client_priv_key"].toString();
qDebug() << " - " << "client_pub_key: " << config["client_pub_key"].toString();
qDebug() << " - " << "interface config: " << config["config"].toString();
QString addr = config["config"].toString().split("\n").takeAt(1).split(" = ").takeLast();
QString dns = config["config"].toString().split("\n").takeAt(2).split(" = ").takeLast();
QString privkey = config["config"].toString().split("\n").takeAt(3).split(" = ").takeLast();
QString pubkey = config["config"].toString().split("\n").takeAt(6).split(" = ").takeLast();
QString presharedkey = config["config"].toString().split("\n").takeAt(7).split(" = ").takeLast();
QString allowedips = config["config"].toString().split("\n").takeAt(8).split(" = ").takeLast();
QString endpoint = config["config"].toString().split("\n").takeAt(9).split(" = ").takeLast();
QString keepalive = config["config"].toString().split("\n").takeAt(10).split(" = ").takeLast();
qDebug() << " - " << "[Interface] address: " << addr;
qDebug() << " - " << "[Interface] dns: " << dns;
qDebug() << " - " << "[Interface] private key: " << privkey;
qDebug() << " - " << "[Peer] public key: " << pubkey;
qDebug() << " - " << "[Peer] preshared key: " << presharedkey;
qDebug() << " - " << "[Peer] allowed ips: " << allowedips;
qDebug() << " - " << "[Peer] endpoint: " << endpoint;
qDebug() << " - " << "[Peer] keepalive: " << keepalive;
qDebug() << " - " << "hostName: " << config["hostName"].toString();
qDebug() << " - " << "psk_key: " << config["psk_key"].toString();
qDebug() << " - " << "server_pub_key: " << config["server_pub_key"].toString();
m_controller = [[IOSVpnProtocolImpl alloc] initWithBundleID:@VPN_NE_BUNDLEID
privateKey:key.toNSData()
deviceIpv4Address:addr.toNSString()
deviceIpv6Address:@"::/0"
closure:^(ConnectionState state, NSDate* date) {
qDebug() << "Creation completed with connection state:" << state;
creating = false;
switch (state) {
case ConnectionStateError: {
[m_controller dealloc];
m_controller = nullptr;
emit connectionStateChanged(VpnConnectionState::Error);
return;
}
case ConnectionStateConnected: {
Q_ASSERT(date);
QDateTime qtDate(QDateTime::fromNSDate(date));
emit connectionStateChanged(VpnConnectionState::Connected);
return;
}
case ConnectionStateDisconnected:
// Just in case we are connecting, let's call disconnect.
[m_controller disconnect];
emit connectionStateChanged(VpnConnectionState::Disconnected);
return;
}
QString protoName = result["protocol"].toString();
qDebug() << "protocol: " << protoName;
if (protoName == "wireguard") {
setupWireguardProtocol(result);
currentProto = amnezia::Proto::WireGuard;
} else if (protoName == "openvpn") {
setupOpenVPNProtocol(result);
currentProto = amnezia::Proto::OpenVpn;
} else {
return false;
}
callback:^(BOOL a_connected) {
qDebug() << "State changed: " << a_connected;
if (a_connected) {
emit connectionStateChanged(Connected);
return;
}
// emit connectionStateChanged(Disconnected);
}];
}
return true;
}
ErrorCode IOSVpnProtocol::start()
{
bool ok;
QtJson::JsonObject result = QtJson::parse(QJsonDocument(m_rawConfig).toJson(), ok).toMap();
qDebug() << "current protocol: " << currentProto;
qDebug() << "new protocol: " << m_protocol;
qDebug() << "config: " << result;
if(!ok) {
qDebug() << QString("An error occurred during config parsing");
return InternalError;
}
QString protocol = result["protocol"].toString();
QtJson::JsonObject config = result["wireguard_config_data"].toMap();
QString clientPrivateKey = config["client_priv_key"].toString();
QByteArray key = QByteArray::fromBase64(clientPrivateKey.toLocal8Bit());
QString clientPubKey = config["client_pub_key"].toString();
QString addr = config["config"].toString().split("\n").takeAt(1).split(" = ").takeLast();
QStringList dnsServersList = config["config"].toString().split("\n").takeAt(2).split(" = ").takeLast().split(", ");
QString privkey = config["config"].toString().split("\n").takeAt(3).split(" = ").takeLast();
QString pubkey = config["config"].toString().split("\n").takeAt(6).split(" = ").takeLast();
QString presharedkey = config["config"].toString().split("\n").takeAt(7).split(" = ").takeLast();
QStringList allowedIPList = config["config"].toString().split("\n").takeAt(8).split(" = ").takeLast().split(", ");
QString endpoint = config["config"].toString().split("\n").takeAt(9).split(" = ").takeLast();
QString serverAddr = config["config"].toString().split("\n").takeAt(9).split(" = ").takeLast().split(":").takeFirst();
QString port = config["config"].toString().split("\n").takeAt(9).split(" = ").takeLast().split(":").takeLast();
QString keepalive = config["config"].toString().split("\n").takeAt(10).split(" = ").takeLast();
QString hostname = config["hostName"].toString();
QString pskKey = config["psk_key"].toString();
QString serverPubKey = config["server_pub_key"].toString();
qDebug() << "IOSVPNProtocol starts for" << hostname;
qDebug() << "DNS:" << dnsServersList.takeFirst().toNSString();
qDebug() << "serverPublicKey:" << serverPubKey.toNSString();
qDebug() << "serverIpv4AddrIn:" << serverAddr.toNSString();
qDebug() << "serverPort:" << (uint32_t)port.toInt();
qDebug() << "allowed ip list" << allowedIPList;
NSMutableArray<VPNIPAddressRange*>* allowedIPAddressRangesNS =
[NSMutableArray<VPNIPAddressRange*> arrayWithCapacity:allowedIPList.length()];
for (const IPAddressRange item : allowedIPList) {
VPNIPAddressRange* range =
[[VPNIPAddressRange alloc] initWithAddress:item.ipAddress().toNSString()
networkPrefixLength:item.range()
isIpv6:item.type() == IPAddressRange::IPv6];
[allowedIPAddressRangesNS addObject:[range autorelease]];
switch (m_protocol) {
case amnezia::Proto::OpenVpn:
if (currentProto == amnezia::Proto::WireGuard) {
if (m_controller) {
stop();
initialize();
}
launchOpenVPNTunnel(result);
currentProto = amnezia::Proto::OpenVpn;
return NoError;
}
initialize();
launchOpenVPNTunnel(result);
break;
case amnezia::Proto::WireGuard:
if (currentProto == amnezia::Proto::OpenVpn) {
if (m_controller) {
stop();
initialize();
}
launchWireguardTunnel(result);
currentProto = amnezia::Proto::WireGuard;
return NoError;
}
initialize();
launchWireguardTunnel(result);
break;
default:
break;
}
[m_controller connectWithDnsServer:dnsServersList.takeFirst().toNSString()
serverIpv6Gateway:@"FE80::1"
serverPublicKey:serverPubKey.toNSString()
presharedKey:pskKey.toNSString()
serverIpv4AddrIn:serverAddr.toNSString()
serverPort:port.toInt()
allowedIPAddressRanges:allowedIPAddressRangesNS
ipv6Enabled:NO
reason:0
failureCallback:^() {
qDebug() << "IOSVPNProtocol - connection failed";
emit connectionStateChanged(Disconnected);
}];
return NoError;
}
@@ -192,11 +117,21 @@ void IOSVpnProtocol::stop()
{
if (!m_controller) {
qDebug() << "Not correctly initialized";
emit connectionStateChanged(Disconnected);
// dispatch_async(dispatch_get_main_queue(), ^{
// emit connectionStateChanged(Disconnected);
// });
return;
}
[m_controller disconnect];
dispatch_async(dispatch_get_main_queue(), ^{
emit connectionStateChanged(Disconnected);
});
[m_controller dealloc];
m_controller = nullptr;
}
void IOSVpnProtocol::resume_start()
@@ -296,3 +231,225 @@ void IOSVpnProtocol::cleanupBackendLogs()
file.remove();
}
void IOSVpnProtocol::setupWireguardProtocol(const QtJson::JsonObject &result)
{
static bool creating = false;
// No nested creation!
Q_ASSERT(creating == false);
creating = true;
QtJson::JsonObject config = result["wireguard_config_data"].toMap();
QString privateKey = config["client_priv_key"].toString();
QByteArray key = QByteArray::fromBase64(privateKey.toLocal8Bit());
qDebug() << " - " << "client_priv_key: " << config["client_priv_key"].toString();
qDebug() << " - " << "client_pub_key: " << config["client_pub_key"].toString();
qDebug() << " - " << "interface config: " << config["config"].toString();
QString addr = config["config"].toString().split("\n").takeAt(1).split(" = ").takeLast();
QString dns = config["config"].toString().split("\n").takeAt(2).split(" = ").takeLast();
QString privkey = config["config"].toString().split("\n").takeAt(3).split(" = ").takeLast();
QString pubkey = config["config"].toString().split("\n").takeAt(6).split(" = ").takeLast();
QString presharedkey = config["config"].toString().split("\n").takeAt(7).split(" = ").takeLast();
QString allowedips = config["config"].toString().split("\n").takeAt(8).split(" = ").takeLast();
QString endpoint = config["config"].toString().split("\n").takeAt(9).split(" = ").takeLast();
QString keepalive = config["config"].toString().split("\n").takeAt(10).split(" = ").takeLast();
qDebug() << " - " << "[Interface] address: " << addr;
qDebug() << " - " << "[Interface] dns: " << dns;
qDebug() << " - " << "[Interface] private key: " << privkey;
qDebug() << " - " << "[Peer] public key: " << pubkey;
qDebug() << " - " << "[Peer] preshared key: " << presharedkey;
qDebug() << " - " << "[Peer] allowed ips: " << allowedips;
qDebug() << " - " << "[Peer] endpoint: " << endpoint;
qDebug() << " - " << "[Peer] keepalive: " << keepalive;
qDebug() << " - " << "hostName: " << config["hostName"].toString();
qDebug() << " - " << "psk_key: " << config["psk_key"].toString();
qDebug() << " - " << "server_pub_key: " << config["server_pub_key"].toString();
m_controller = [[IOSVpnProtocolImpl alloc] initWithBundleID:@VPN_NE_BUNDLEID
privateKey:key.toNSData()
deviceIpv4Address:addr.toNSString()
deviceIpv6Address:@"::/0"
closure:^(ConnectionState state, NSDate* date) {
qDebug() << "Creation completed with connection state:" << state;
creating = false;
switch (state) {
case ConnectionStateError: {
[m_controller dealloc];
m_controller = nullptr;
dispatch_async(dispatch_get_main_queue(), ^{
emit connectionStateChanged(VpnConnectionState::Error);
});
return;
}
case ConnectionStateConnected: {
Q_ASSERT(date);
QDateTime qtDate(QDateTime::fromNSDate(date));
dispatch_async(dispatch_get_main_queue(), ^{
emit connectionStateChanged(VpnConnectionState::Connected);
});
return;
}
case ConnectionStateDisconnected:
// Just in case we are connecting, let's call disconnect.
[m_controller disconnect];
dispatch_async(dispatch_get_main_queue(), ^{
emit connectionStateChanged(VpnConnectionState::Disconnected);
});
return;
}
}
callback:^(BOOL a_connected) {
if (currentProto != m_protocol) {
qDebug() << "Protocols switched: " << a_connected;
return;
}
qDebug() << "State changed: " << a_connected;
if (a_connected) {
dispatch_async(dispatch_get_main_queue(), ^{
emit connectionStateChanged(Connected);
});
return;
}
// dispatch_async(dispatch_get_main_queue(), ^{
// emit connectionStateChanged(Disconnected);
// });
}];
}
void IOSVpnProtocol::setupOpenVPNProtocol(const QtJson::JsonObject &result)
{
static bool creating = false;
// No nested creation!
Q_ASSERT(creating == false);
creating = true;
QtJson::JsonObject ovpn = result["openvpn_config_data"].toMap();
QString ovpnConfig = ovpn["config"].toString();
// qDebug() << ovpn;
m_controller = [[IOSVpnProtocolImpl alloc] initWithBundleID:@VPN_NE_BUNDLEID
config:ovpnConfig.toNSString()
closure:^(ConnectionState state, NSDate* date) {
qDebug() << "OVPN Creation completed with connection state:" << state;
creating = false;
switch (state) {
case ConnectionStateError: {
[m_controller dealloc];
m_controller = nullptr;
dispatch_async(dispatch_get_main_queue(), ^{
emit connectionStateChanged(VpnConnectionState::Error);
});
return;
}
case ConnectionStateConnected: {
Q_ASSERT(date);
QDateTime qtDate(QDateTime::fromNSDate(date));
dispatch_async(dispatch_get_main_queue(), ^{
emit connectionStateChanged(VpnConnectionState::Connected);
});
return;
}
case ConnectionStateDisconnected:
// Just in case we are connecting, let's call disconnect.
// [m_controller disconnect];
dispatch_async(dispatch_get_main_queue(), ^{
emit connectionStateChanged(VpnConnectionState::Disconnected);
});
return;
}
}
callback:^(BOOL a_connected) {
if (currentProto != m_protocol) {
qDebug() << "Protocols switched: " << a_connected;
return;
}
qDebug() << "OVPN State changed: " << a_connected;
if (a_connected) {
dispatch_async(dispatch_get_main_queue(), ^{
emit connectionStateChanged(Connected);
});
return;
}
// dispatch_async(dispatch_get_main_queue(), ^{
// emit connectionStateChanged(Disconnected);
// });
}];
}
void IOSVpnProtocol::launchWireguardTunnel(const QtJson::JsonObject &result)
{
QtJson::JsonObject config = result["wireguard_config_data"].toMap();
QString clientPrivateKey = config["client_priv_key"].toString();
QByteArray key = QByteArray::fromBase64(clientPrivateKey.toLocal8Bit());
QString clientPubKey = config["client_pub_key"].toString();
QString addr = config["config"].toString().split("\n").takeAt(1).split(" = ").takeLast();
QStringList dnsServersList = config["config"].toString().split("\n").takeAt(2).split(" = ").takeLast().split(", ");
QString privkey = config["config"].toString().split("\n").takeAt(3).split(" = ").takeLast();
QString pubkey = config["config"].toString().split("\n").takeAt(6).split(" = ").takeLast();
QString presharedkey = config["config"].toString().split("\n").takeAt(7).split(" = ").takeLast();
QStringList allowedIPList = config["config"].toString().split("\n").takeAt(8).split(" = ").takeLast().split(", ");
QString endpoint = config["config"].toString().split("\n").takeAt(9).split(" = ").takeLast();
QString serverAddr = config["config"].toString().split("\n").takeAt(9).split(" = ").takeLast().split(":").takeFirst();
QString port = config["config"].toString().split("\n").takeAt(9).split(" = ").takeLast().split(":").takeLast();
QString keepalive = config["config"].toString().split("\n").takeAt(10).split(" = ").takeLast();
QString hostname = config["hostName"].toString();
QString pskKey = config["psk_key"].toString();
QString serverPubKey = config["server_pub_key"].toString();
qDebug() << "IOSVPNProtocol starts for" << hostname;
qDebug() << "DNS:" << dnsServersList.takeFirst().toNSString();
qDebug() << "serverPublicKey:" << serverPubKey.toNSString();
qDebug() << "serverIpv4AddrIn:" << serverAddr.toNSString();
qDebug() << "serverPort:" << (uint32_t)port.toInt();
qDebug() << "allowed ip list" << allowedIPList;
NSMutableArray<VPNIPAddressRange*>* allowedIPAddressRangesNS =
[NSMutableArray<VPNIPAddressRange*> arrayWithCapacity:allowedIPList.length()];
for (const IPAddressRange item : allowedIPList) {
VPNIPAddressRange* range =
[[VPNIPAddressRange alloc] initWithAddress:item.ipAddress().toNSString()
networkPrefixLength:item.range()
isIpv6:item.type() == IPAddressRange::IPv6];
[allowedIPAddressRangesNS addObject:[range autorelease]];
}
[m_controller connectWithDnsServer:dnsServersList.takeFirst().toNSString()
serverIpv6Gateway:@"FE80::1"
serverPublicKey:serverPubKey.toNSString()
presharedKey:pskKey.toNSString()
serverIpv4AddrIn:serverAddr.toNSString()
serverPort:port.toInt()
allowedIPAddressRanges:allowedIPAddressRangesNS
ipv6Enabled:NO
reason:0
failureCallback:^() {
qDebug() << "Wireguard Protocol - connection failed";
dispatch_async(dispatch_get_main_queue(), ^{
emit connectionStateChanged(Disconnected);
});
}];
}
void IOSVpnProtocol::launchOpenVPNTunnel(const QtJson::JsonObject &result)
{
QtJson::JsonObject ovpn = result["openvpn_config_data"].toMap();
QString ovpnConfig = ovpn["config"].toString();
[m_controller connectWithOvpnConfig:ovpnConfig.toNSString()
failureCallback:^{
qDebug() << "IOSVPNProtocol - connection failed";
dispatch_async(dispatch_get_main_queue(), ^{
emit connectionStateChanged(Disconnected);
});
}];
}

1
client/protocols/protocols_defs.h
View File

@@ -40,6 +40,7 @@ constexpr char server_priv_key[] = "server_priv_key";
constexpr char server_pub_key[] = "server_pub_key";
constexpr char psk_key[] = "psk_key";
constexpr char client_ip[] = "client_ip"; // internal ip address
constexpr char site[] = "site";
constexpr char block_outside_dns[] = "block_outside_dns";

5
client/protocols/vpnprotocol.cpp
View File

@@ -9,7 +9,10 @@
#include "shadowsocksvpnprotocol.h"
#include "openvpnovercloakprotocol.h"
#include "wireguardprotocol.h"
#include "ikev2_vpn_protocol.h"
#endif
#ifdef Q_OS_WINDOWS
#include "ikev2_vpn_protocol_windows.h"
#endif

1
client/resources.qrc
View File

@@ -141,5 +141,6 @@
<file>images/animation.gif</file>
<file>images/connected.png</file>
<file>images/disconnected.png</file>
<file>ui/qml/Pages/PageQrDecoder.qml</file>
</qresource>
</RCC>

20
client/scripts/commons.sh
View File

@@ -39,6 +39,26 @@ error() {
printv '' R "$1"
}
XCODEBUILD="/usr/bin/xcodebuild"
WORKINGDIR=`pwd`
compile_openvpn_adapter() {
cd 3rd/OpenVPNAdapter
$XCODEBUILD -scheme OpenVPNAdapter -configuration Debug -xcconfig Configuration/amnezia.xcconfig -sdk iphoneos -destination 'generic/platform=iOS' -project OpenVPNAdapter.xcodeproj
cd ../../
}
prepare_to_build_vpn() {
cat $WORKINGDIR/3rd/OpenVPNAdapter/Configuration/Project.xcconfig > $WORKINGDIR/3rd/OpenVPNAdapter/Configuration/amnezia.xcconfig
cat << EOF >> $WORKINGDIR/3rd/OpenVPNAdapter/Configuration/amnezia.xcconfig
PROJECT_TEMP_DIR = $WORKINGDIR/3rd/OpenVPNAdapter/build/OpenVPNAdapter.build
CONFIGURATION_BUILD_DIR = $WORKINGDIR/3rd/OpenVPNAdapter/build/Debug-iphoneos
BUILT_PRODUCTS_DIR = $WORKINGDIR/3rd/OpenVPNAdapter/build/Debug-iphoneos
EOF
}
die() {
if [[ "$1" ]]; then
error "$1"

12
client/scripts/ios_compile.sh
View File

@@ -126,7 +126,7 @@ printn Y "Retrieve the wireguard-go version... "
print G "done."
printn Y "Cleaning the existing project... "
rm -rf mozillavpn.xcodeproj/ || die "Failed to remove things"
rm -rf AmneziaVPN.xcodeproj/ || die "Failed to remove things"
print G "done."
#print Y "Importing translation files..."
@@ -205,6 +205,16 @@ else
print G none
fi
if [ "$OS" = "ios" ]; then
print Y "Prepare to build OpenVPNAdapter..."
prepare_to_build_vpn
print Y "Building OpenVPNAdapter..."
compile_openvpn_adapter
else
print Y "No OpenVPNAdapter will be built"
fi
print Y "Creating the xcode project via qmake..."
$QMAKE \
VERSION=$SHORTVERSION \

20
client/scripts/xcode_patcher.rb
View File

@@ -61,7 +61,8 @@ class XCodeprojPatcher
config.build_settings['SWIFT_OBJC_BRIDGING_HEADER'] ||= 'macos/app/WireGuard-Bridging-Header.h'
config.build_settings['FRAMEWORK_SEARCH_PATHS'] ||= [
"$(inherited)",
"$(PROJECT_DIR)/3rd"
"$(PROJECT_DIR)/3rd",
"$(PROJECT_DIR)/3rd/OpenVPNAdapter/build/Debug-iphoneos"
]
# Versions and names
@@ -251,6 +252,11 @@ class XCodeprojPatcher
config.build_settings['SWIFT_OBJC_BRIDGING_HEADER'] ||= 'macos/networkextension/WireGuardNetworkExtension-Bridging-Header.h'
config.build_settings['SWIFT_PRECOMPILE_BRIDGING_HEADER'] = 'NO'
config.build_settings['APPLICATION_EXTENSION_API_ONLY'] = 'YES'
config.build_settings['FRAMEWORK_SEARCH_PATHS'] ||= [
"$(inherited)",
"$(PROJECT_DIR)/3rd",
"$(PROJECT_DIR)/3rd/OpenVPNAdapter/build/Debug-iphoneos"
]
# Versions and names
config.build_settings['MARKETING_VERSION'] ||= shortVersion
@@ -350,6 +356,18 @@ class XCodeprojPatcher
framework_ref = frameworks_group.new_file('NetworkExtension.framework')
frameworks_build_phase.add_file_reference(framework_ref)
framework_ref = frameworks_group.new_file('3rd/OpenVPNAdapter/build/Debug-iphoneos/LZ4.framework')
frameworks_build_phase.add_file_reference(framework_ref)
framework_ref = frameworks_group.new_file('3rd/OpenVPNAdapter/build/Debug-iphoneos/mbedTLS.framework')
frameworks_build_phase.add_file_reference(framework_ref)
framework_ref = frameworks_group.new_file('3rd/OpenVPNAdapter/build/Debug-iphoneos/OpenVPNClient.framework')
frameworks_build_phase.add_file_reference(framework_ref)
framework_ref = frameworks_group.new_file('3rd/OpenVPNAdapter/build/Debug-iphoneos/OpenVPNAdapter.framework')
frameworks_build_phase.add_file_reference(framework_ref)
# This fails: @target_main.add_dependency @target_extension
container_proxy = @project.new(Xcodeproj::Project::PBXContainerItemProxy)

45
client/server_scripts/dns/Dockerfile
View File

@@ -1,3 +1,48 @@
FROM mvance/unbound:latest
LABEL maintainer="AmneziaVPN"
RUN echo " \n\
domain-insecure: \"coin.\"\n\
domain-insecure: \"emc.\"\n\
domain-insecure: \"lib.\"\n\
domain-insecure: \"bazar.\"\n\
domain-insecure: \"enum.\"\n\
\n\
stub-zone:\n\
name: coin.\n\
stub-host: seed1.emercoin.com\n\
stub-host: seed2.emercoin.com\n\
stub-first: yes\n\
\n\
stub-zone:\n\
name: emc.\n\
stub-host: seed1.emercoin.com\n\
stub-host: seed2.emercoin.com\n\
stub-first: yes\n\
\n\
stub-zone:\n\
name: lib.\n\
stub-host: seed1.emercoin.com\n\
stub-host: seed2.emercoin.com\n\
stub-first: yes\n\
\n\
stub-zone:\n\
name: bazar.\n\
stub-host: seed1.emercoin.com\n\
stub-host: seed2.emercoin.com\n\
stub-first: yes\n\
\n\
stub-zone:\n\
name: enum.\n\
stub-host: seed1.emercoin.com\n\
stub-host: seed2.emercoin.com\n\
stub-first: yes\n\
\n\
forward-zone:\n\
name: .\n\
forward-tls-upstream: yes\n\
forward-addr: 1.1.1.1@853 #cloudflare-dns.com\n\
forward-addr: 1.0.0.1@853 #cloudflare-dns.com\n\
" | tee /opt/unbound/etc/unbound/forward-records.conf

2
client/server_scripts/wireguard/template.conf
View File

@@ -1,5 +1,5 @@
[Interface]
Address = 10.8.1.2/32
Address = $WIREGUARD_CLIENT_IP/32
DNS = $PRIMARY_DNS, $SECONDARY_DNS
PrivateKey = $WIREGUARD_CLIENT_PRIVATE_KEY

2
client/ui/pages.h
View File

@@ -24,7 +24,7 @@ enum class Page {Start = 0, NewServer, NewServerProtocols, Vpn,
Wizard, WizardLow, WizardMedium, WizardHigh, WizardVpnMode, ServerConfiguringProgress,
GeneralSettings, AppSettings, NetworkSettings, ServerSettings,
ServerContainers, ServersList, ShareConnection, Sites,
ProtocolSettings, ProtocolShare};
ProtocolSettings, ProtocolShare, QrDecoder};
Q_ENUM_NS(Page)
static void declareQmlPageEnum() {

13
client/ui/pages_logic/NetworkSettingsLogic.cpp
View File

@@ -5,7 +5,7 @@
NetworkSettingsLogic::NetworkSettingsLogic(UiLogic *logic, QObject *parent):
PageLogicBase(logic, parent),
m_ipAddressValidatorRegex{Utils::ipAddressRegExp().pattern()}
m_ipAddressRegex{Utils::ipAddressRegExp()}
{
}
@@ -18,16 +18,14 @@ void NetworkSettingsLogic::onUpdatePage()
void NetworkSettingsLogic::onLineEditDns1EditFinished(const QString &text)
{
QRegExp reg{getIpAddressValidatorRegex()};
if (reg.exactMatch(text)) {
if (ipAddressRegex().exactMatch(text)) {
m_settings.setPrimaryDns(text);
}
}
void NetworkSettingsLogic::onLineEditDns2EditFinished(const QString &text)
{
QRegExp reg{getIpAddressValidatorRegex()};
if (reg.exactMatch(text)) {
if (ipAddressRegex().exactMatch(text)) {
m_settings.setSecondaryDns(text);
}
}
@@ -43,8 +41,3 @@ void NetworkSettingsLogic::onPushButtonResetDns2Clicked()
m_settings.setSecondaryDns(m_settings.cloudFlareNs2);
onUpdatePage();
}
QString NetworkSettingsLogic::getIpAddressValidatorRegex() const
{
return m_ipAddressValidatorRegex;
}

3
client/ui/pages_logic/NetworkSettingsLogic.h
View File

@@ -11,7 +11,7 @@ class NetworkSettingsLogic : public PageLogicBase
AUTO_PROPERTY(QString, lineEditDns1Text)
AUTO_PROPERTY(QString, lineEditDns2Text)
READONLY_PROPERTY(QString, ipAddressValidatorRegex)
READONLY_PROPERTY(QRegExp, ipAddressRegex)
public:
Q_INVOKABLE void onUpdatePage() override;
@@ -25,6 +25,5 @@ public:
explicit NetworkSettingsLogic(UiLogic *uiLogic, QObject *parent = nullptr);
~NetworkSettingsLogic() = default;
QString getIpAddressValidatorRegex() const;
};
#endif // NETWORK_SETTINGS_LOGIC_H

79
client/ui/pages_logic/QrDecoderLogic.cpp Normal file
View File

@@ -0,0 +1,79 @@
#include "QrDecoderLogic.h"
#include "ui/uilogic.h"
#include "ui/pages_logic/StartPageLogic.h"
#if defined(Q_OS_ANDROID)
#include "android_controller.h"
#endif
using namespace amnezia;
using namespace PageEnumNS;
QrDecoderLogic::QrDecoderLogic(UiLogic *logic, QObject *parent):
PageLogicBase(logic, parent)
{
}
void QrDecoderLogic::onUpdatePage()
{
m_chunks.clear();
set_detectingEnabled(true);
set_totalChunksCount(0);
set_receivedChunksCount(0);
emit startDecode();
}
void QrDecoderLogic::onDetectedQrCode(const QString &code)
{
//qDebug() << code;
if (!detectingEnabled()) return;
// check if chunk received
QByteArray ba = QByteArray::fromBase64(code.toUtf8(), QByteArray::Base64UrlEncoding | QByteArray::OmitTrailingEquals);
QDataStream s(&ba, QIODevice::ReadOnly);
qint16 magic; s >> magic;
if (magic == amnezia::qrMagicCode) {
qDebug() << "QrDecoderLogic::onDetectedQrCode magic code detected" << magic << ba.size();
quint8 chunksCount; s >> chunksCount;
if (totalChunksCount() != chunksCount) {
m_chunks.clear();
}
set_totalChunksCount(chunksCount);
quint8 chunkId; s >> chunkId;
s >> m_chunks[chunkId];
set_receivedChunksCount(m_chunks.size());
if (m_chunks.size() == totalChunksCount()) {
QByteArray data;
for (int i = 0; i < totalChunksCount(); ++i) {
data.append(m_chunks.value(i));
}
bool ok = uiLogic()->startPageLogic()->importConnectionFromQr(data);
if (ok) {
set_detectingEnabled(false);
emit stopDecode();
}
else {
m_chunks.clear();
set_totalChunksCount(0);
set_receivedChunksCount(0);
}
}
}
else {
bool ok = uiLogic()->startPageLogic()->importConnectionFromQr(ba);
if (ok) {
set_detectingEnabled(false);
emit stopDecode();
}
}
}

30
client/ui/pages_logic/QrDecoderLogic.h Normal file
View File

@@ -0,0 +1,30 @@
#ifndef QR_DECODER_LOGIC_H
#define QR_DECODER_LOGIC_H
#include "PageLogicBase.h"
class UiLogic;
class QrDecoderLogic : public PageLogicBase
{
Q_OBJECT
AUTO_PROPERTY(bool, detectingEnabled)
AUTO_PROPERTY(int, totalChunksCount)
AUTO_PROPERTY(int, receivedChunksCount)
public:
Q_INVOKABLE void onUpdatePage() override;
Q_INVOKABLE void onDetectedQrCode(const QString &code);
public:
explicit QrDecoderLogic(UiLogic *uiLogic, QObject *parent = nullptr);
~QrDecoderLogic() = default;
signals:
void startDecode();
void stopDecode();
private:
QMap<int, QByteArray> m_chunks;
};
#endif // QR_DECODER_LOGIC_H

71
client/ui/pages_logic/ShareConnectionLogic.cpp
View File

@@ -1,11 +1,8 @@
#include <QApplication>
#include <QBuffer>
#include <QClipboard>
#include <QFileDialog>
#include <QTimer>
#include <QSaveFile>
#include <QStandardPaths>
#include <QImage>
#include <QDataStream>
#include <QZXing>
#include <QMessageBox>
#include "ShareConnectionLogic.h"
@@ -18,6 +15,8 @@
#include "configurators/ssh_configurator.h"
#include "defines.h"
#include "core/defs.h"
#include "core/errorstrings.h"
#include <functional>
#include "../uilogic.h"
@@ -35,7 +34,8 @@ ShareConnectionLogic::ShareConnectionLogic(UiLogic *logic, QObject *parent):
void ShareConnectionLogic::onUpdatePage()
{
set_textEditShareAmneziaCodeText(tr(""));
set_shareAmneziaQrCodeText("");
set_shareAmneziaQrCodeTextSeries({});
set_shareAmneziaQrCodeTextSeriesLength(0);
set_textEditShareOpenVpnCodeText("");
@@ -56,7 +56,8 @@ void ShareConnectionLogic::onUpdatePage()
void ShareConnectionLogic::onPushButtonShareAmneziaGenerateClicked()
{
set_textEditShareAmneziaCodeText("");
set_shareAmneziaQrCodeText("");
set_shareAmneziaQrCodeTextSeries({});
set_shareAmneziaQrCodeTextSeriesLength(0);
QJsonObject serverConfig;
// Full access
@@ -97,15 +98,15 @@ void ShareConnectionLogic::onPushButtonShareAmneziaGenerateClicked()
}
}
QByteArray ba = QJsonDocument(serverConfig).toBinaryData();
QByteArray ba = QJsonDocument(serverConfig).toJson();
ba = qCompress(ba, 8);
QString code = QString("vpn://%1").arg(QString(ba.toBase64(QByteArray::Base64UrlEncoding | QByteArray::OmitTrailingEquals)));
set_textEditShareAmneziaCodeText(code);
if (ba.size() < 2900) {
QImage qr = updateQRCodeImage(ba.toBase64(QByteArray::Base64UrlEncoding | QByteArray::OmitTrailingEquals));
set_shareAmneziaQrCodeText(imageToBase64(qr));
}
QList<QString> qrChunks = genQrCodeImageSeries(ba);
set_shareAmneziaQrCodeTextSeries(qrChunks);
set_shareAmneziaQrCodeTextSeriesLength(qrChunks.size());
}
void ShareConnectionLogic::onPushButtonShareOpenVpnGenerateClicked()
@@ -147,7 +148,7 @@ void ShareConnectionLogic::onPushButtonShareShadowSocksGenerateClicked()
ssString = "ss://" + ssString.toUtf8().toBase64();
set_lineEditShareShadowSocksStringText(ssString);
QImage qr = updateQRCodeImage(ssString.toUtf8());
QImage qr = QZXing::encodeData(ssString.toUtf8(), QZXing::EncoderFormat_QR_CODE, QSize(512,512), QZXing::EncodeErrorCorrectionLevel_L);
set_shareShadowSocksQrCodeText(imageToBase64(qr));
QString humanString = QString("Server: %3\n"
@@ -195,12 +196,19 @@ void ShareConnectionLogic::onPushButtonShareWireGuardGenerateClicked()
ErrorCode e = ErrorCode::NoError;
QString cfg = WireguardConfigurator::genWireguardConfig(credentials, container, containerConfig, &e);
if (e) {
QMessageBox::warning(nullptr, APPLICATION_NAME,
tr("Error occurred while configuring server.") + "\n" +
errorString(e));
return;
}
cfg = VpnConfigurator::processConfigWithExportSettings(container, Proto::WireGuard, cfg);
cfg = QJsonDocument::fromJson(cfg.toUtf8()).object()[config_key::config].toString();
set_textEditShareWireGuardCodeText(cfg);
QImage qr = updateQRCodeImage(cfg.toUtf8());
QImage qr = QZXing::encodeData(cfg.toUtf8(), QZXing::EncoderFormat_QR_CODE, QSize(512,512), QZXing::EncodeErrorCorrectionLevel_L);
set_shareWireGuardQrCodeText(imageToBase64(qr));
}
@@ -234,30 +242,29 @@ void ShareConnectionLogic::updateSharingPage(int serverIndex, DockerContainer co
uiLogic()->selectedDockerContainer = container;
uiLogic()->selectedServerIndex = serverIndex;
set_shareFullAccess(container == DockerContainer::None);
m_shareAmneziaQrCodeTextSeries.clear();
set_shareAmneziaQrCodeTextSeriesLength(0);
}
QImage ShareConnectionLogic::updateQRCodeImage(const QByteArray &data)
QList<QString> ShareConnectionLogic::genQrCodeImageSeries(const QByteArray &data)
{
int levelIndex = 1;
int versionIndex = 0;
bool bExtent = true;
int maskIndex = -1;
double k = 1500;
m_qrEncode.EncodeData( levelIndex, versionIndex, bExtent, maskIndex, data.data() );
quint8 chunksCount = std::ceil(data.size() / k);
QList<QString> chunks;
for (int i = 0; i < data.size(); i = i + k) {
QByteArray chunk;
QDataStream s(&chunk, QIODevice::WriteOnly);
s << amnezia::qrMagicCode << chunksCount << (quint8)std::round(i/k) << data.mid(i, k);
int qrImageSize = m_qrEncode.m_nSymbleSize;
QByteArray ba = chunk.toBase64(QByteArray::Base64UrlEncoding | QByteArray::OmitTrailingEquals);
int encodeImageSize = qrImageSize + ( QR_MARGIN * 2 );
QImage encodeImage( encodeImageSize, encodeImageSize, QImage::Format_Mono );
QImage qr = QZXing::encodeData(ba, QZXing::EncoderFormat_QR_CODE, QSize(512,512), QZXing::EncodeErrorCorrectionLevel_L);
chunks.append(imageToBase64(qr));
}
encodeImage.fill( 1 );
for ( int i = 0; i < qrImageSize; i++ )
for ( int j = 0; j < qrImageSize; j++ )
if ( m_qrEncode.m_byModuleData[i][j] )
encodeImage.setPixel( i + QR_MARGIN, j + QR_MARGIN, 0 );
return encodeImage;
return chunks;
}
QString ShareConnectionLogic::imageToBase64(const QImage &image)

9
client/ui/pages_logic/ShareConnectionLogic.h
View File

@@ -2,7 +2,6 @@
#define SHARE_CONNECTION_LOGIC_H
#include "PageLogicBase.h"
#include "3rd/QRCodeGenerator/QRCodeGenerator.h"
class UiLogic;
@@ -14,7 +13,8 @@ public:
AUTO_PROPERTY(bool, shareFullAccess)
AUTO_PROPERTY(QString, textEditShareAmneziaCodeText)
AUTO_PROPERTY(QString, shareAmneziaQrCodeText)
AUTO_PROPERTY(QStringList, shareAmneziaQrCodeTextSeries)
AUTO_PROPERTY(int, shareAmneziaQrCodeTextSeriesLength)
AUTO_PROPERTY(QString, textEditShareOpenVpnCodeText)
@@ -46,11 +46,10 @@ public:
~ShareConnectionLogic() = default;
void updateSharingPage(int serverIndex, DockerContainer container);
QImage updateQRCodeImage(const QByteArray &data);
QList<QString> genQrCodeImageSeries(const QByteArray &data);
QString imageToBase64(const QImage &image);
private:
CQR_Encode m_qrEncode;
};
#endif // SHARE_CONNECTION_LOGIC_H

124
client/ui/pages_logic/StartPageLogic.cpp
View File

@@ -2,6 +2,14 @@
#include "core/errorstrings.h"
#include "configurators/ssh_configurator.h"
#include "../uilogic.h"
#include "utils.h"
#include <QFileDialog>
#include <QStandardPaths>
#ifdef Q_OS_ANDROID
#include "platforms/android/android_controller.h"
#endif
StartPageLogic::StartPageLogic(UiLogic *logic, QObject *parent):
PageLogicBase(logic, parent),
@@ -16,7 +24,8 @@ StartPageLogic::StartPageLogic(UiLogic *logic, QObject *parent):
m_labelWaitInfoVisible{true},
m_labelWaitInfoText{},
m_pushButtonBackFromStartVisible{true},
m_pushButtonConnectVisible{true}
m_pushButtonConnectVisible{true},
m_ipAddressPortRegex{Utils::ipAddressPortRegExp()}
{
}
@@ -119,52 +128,40 @@ void StartPageLogic::onPushButtonConnect()
void StartPageLogic::onPushButtonImport()
{
QString s = lineEditStartExistingCodeText();
s.replace("vpn://", "");
QByteArray ba = QByteArray::fromBase64(s.toUtf8(), QByteArray::Base64UrlEncoding | QByteArray::OmitTrailingEquals);
QByteArray ba_uncompressed = qUncompress(ba);
importConnectionFromCode(lineEditStartExistingCodeText());
}
QJsonObject o;
if (!ba_uncompressed.isEmpty()) {
o = QJsonDocument::fromBinaryData(ba_uncompressed).object();
}
else {
o = QJsonDocument::fromJson(ba).object();
}
void StartPageLogic::onPushButtonImportOpenFile()
{
QString fileName = QFileDialog::getOpenFileName(nullptr, tr("Open profile"),
QStandardPaths::writableLocation(QStandardPaths::DocumentsLocation), "*.vpn");
if (fileName.isEmpty()) return;
QFile file(fileName);
file.open(QIODevice::ReadOnly);
QByteArray data = file.readAll();
importConnectionFromCode(QString(data));
}
bool StartPageLogic::importConnection(const QJsonObject &profile)
{
ServerCredentials credentials;
credentials.hostName = o.value("h").toString();
if (credentials.hostName.isEmpty()) credentials.hostName = o.value(config_key::hostName).toString();
credentials.hostName = profile.value(config_key::hostName).toString();
credentials.port = profile.value(config_key::port).toInt();
credentials.userName = profile.value(config_key::userName).toString();
credentials.password = profile.value(config_key::password).toString();
credentials.port = o.value("p").toInt();
if (credentials.port == 0) credentials.port = o.value(config_key::port).toInt();
credentials.userName = o.value("u").toString();
if (credentials.userName.isEmpty()) credentials.userName = o.value(config_key::userName).toString();
credentials.password = o.value("w").toString();
if (credentials.password.isEmpty()) credentials.password = o.value(config_key::password).toString();
if (credentials.isValid()) {
o.insert(config_key::hostName, credentials.hostName);
o.insert(config_key::port, credentials.port);
o.insert(config_key::userName, credentials.userName);
o.insert(config_key::password, credentials.password);
o.remove("h");
o.remove("p");
o.remove("u");
o.remove("w");
}
qDebug() << QString("Added server %3@%1:%2").
arg(credentials.hostName).
arg(credentials.port).
arg(credentials.userName);
// qDebug() << QString("Added server %3@%1:%2").
// arg(credentials.hostName).
// arg(credentials.port).
// arg(credentials.userName);
//qDebug() << QString("Password") << credentials.password;
if (credentials.isValid() || o.contains(config_key::containers)) {
m_settings.addServer(o);
if (credentials.isValid() || profile.contains(config_key::containers)) {
m_settings.addServer(profile);
m_settings.setDefaultServer(m_settings.serversCount() - 1);
emit uiLogic()->goToPage(Page::Vpn);
@@ -172,15 +169,56 @@ void StartPageLogic::onPushButtonImport()
}
else {
qDebug() << "Failed to import profile";
qDebug().noquote() << QJsonDocument(o).toJson();
return;
qDebug().noquote() << QJsonDocument(profile).toJson();
return false;
}
if (!o.contains(config_key::containers)) {
if (!profile.contains(config_key::containers)) {
uiLogic()->selectedServerIndex = m_settings.defaultServerIndex();
uiLogic()->selectedDockerContainer = m_settings.defaultContainer(uiLogic()->selectedServerIndex);
uiLogic()->onUpdateAllPages();
emit uiLogic()->goToPage(Page::ServerContainers);
}
return true;
}
bool StartPageLogic::importConnectionFromCode(QString code)
{
code.replace("vpn://", "");
QByteArray ba = QByteArray::fromBase64(code.toUtf8(), QByteArray::Base64UrlEncoding | QByteArray::OmitTrailingEquals);
QByteArray ba_uncompressed = qUncompress(ba);
if (!ba_uncompressed.isEmpty()) {
ba = ba_uncompressed;
}
QJsonObject o;
o = QJsonDocument::fromJson(ba).object();
if (!o.isEmpty()) {
return importConnection(o);
}
o = QJsonDocument::fromBinaryData(ba).object();
if (!o.isEmpty()) {
return importConnection(o);
}
return false;
}
bool StartPageLogic::importConnectionFromQr(const QByteArray &data)
{
qDebug() << "StartPageLogic::importConnectionFromQr" << data;
QJsonObject dataObj = QJsonDocument::fromJson(data).object();
if (!dataObj.isEmpty()) {
return importConnection(dataObj);
}
QByteArray ba_uncompressed = qUncompress(data);
if (!ba_uncompressed.isEmpty()) {
return importConnection(QJsonDocument::fromJson(ba_uncompressed).object());
}
return false;
}

6
client/ui/pages_logic/StartPageLogic.h
View File

@@ -22,11 +22,17 @@ class StartPageLogic : public PageLogicBase
AUTO_PROPERTY(bool, pushButtonBackFromStartVisible)
AUTO_PROPERTY(bool, pushButtonConnectVisible)
READONLY_PROPERTY(QRegExp, ipAddressPortRegex)
public:
Q_INVOKABLE void onUpdatePage() override;
Q_INVOKABLE void onPushButtonConnect();
Q_INVOKABLE void onPushButtonImport();
Q_INVOKABLE void onPushButtonImportOpenFile();
bool importConnection(const QJsonObject &profile);
bool importConnectionFromCode(QString code);
bool importConnectionFromQr(const QByteArray &data);
public:
explicit StartPageLogic(UiLogic *uiLogic, QObject *parent = nullptr);

6
client/ui/qml/Pages/PageBase.qml
View File

@@ -10,7 +10,13 @@ Item {
property var page: PageEnum.Start
property var logic: UiLogic
property bool pageActive: false
signal activated(bool reset)
signal deactivated()
onActivated: pageActive = true
onDeactivated: pageActive = false
// width: GC.screenWidth
// height: GC.screenHeight

4
client/ui/qml/Pages/PageNetworkSetting.qml
View File

@@ -37,7 +37,7 @@ PageBase {
NetworkSettingsLogic.onLineEditDns1EditFinished(text)
}
validator: RegExpValidator {
regExp: NetworkSettingsLogic.ipAddressValidatorRegex
regExp: NetworkSettingsLogic.ipAddressRegex
}
}
ImageButtonType {
@@ -74,7 +74,7 @@ PageBase {
NetworkSettingsLogic.onLineEditDns2EditFinished(text)
}
validator: RegExpValidator {
regExp: NetworkSettingsLogic.ipAddressValidatorRegex
regExp: NetworkSettingsLogic.ipAddressRegex
}
}
ImageButtonType {

163
client/ui/qml/Pages/PageQrDecoder.qml Normal file
View File

@@ -0,0 +1,163 @@
import QtQuick 2.12
import QtQuick.Controls 2.12
import PageEnum 1.0
import QtMultimedia 5.5
import QZXing 3.2
import "./"
import "../Controls"
import "../Config"
PageBase {
id: root
page: PageEnum.QrDecoder
logic: QrDecoderLogic
onDeactivated: {
console.debug("Stopping QR decoder")
loader.sourceComponent = undefined
}
BackButton {
}
Caption {
id: caption
text: qsTr("Import configuration")
}
Connections {
target: QrDecoderLogic
function onStartDecode() {
console.debug("Starting QR decoder")
loader.sourceComponent = component
}
function onStopDecode() {
console.debug("Stopping QR decoder")
loader.sourceComponent = undefined
}
}
Loader {
id: loader
anchors.top: caption.bottom
anchors.bottom: parent.bottom
anchors.left: parent.left
anchors.right: parent.right
}
Component {
id: component
Item {
anchors.fill: parent
Camera
{
id:camera
focus {
focusMode: CameraFocus.FocusContinuous
focusPointMode: CameraFocus.FocusPointAuto
}
}
VideoOutput
{
id: videoOutput
source: camera
anchors.top: parent.top
anchors.bottom: parent.bottom
anchors.left: parent.left
anchors.right: parent.right
autoOrientation: true
fillMode: VideoOutput.PreserveAspectFit
filters: [ zxingFilter ]
Rectangle {
color: "black"
opacity: 0.5
width: videoOutput.contentRect.width *0.15
height: videoOutput.contentRect.height
x: (videoOutput.width - videoOutput.contentRect.width)/2
anchors.verticalCenter: videoOutput.verticalCenter
}
Rectangle {
color: "black"
opacity: 0.5
width: videoOutput.contentRect.width *0.15
height: videoOutput.contentRect.height
x: videoOutput.width/2 + videoOutput.contentRect.width/2 - videoOutput.contentRect.width *0.15
anchors.verticalCenter: videoOutput.verticalCenter
}
Rectangle {
color: "black"
opacity: 0.5
width: videoOutput.contentRect.width *0.7
height: videoOutput.contentRect.height *0.15
x: (videoOutput.width - videoOutput.contentRect.width)/2 + videoOutput.contentRect.width *0.15
y: (videoOutput.height - videoOutput.contentRect.height)/2
}
Rectangle {
color: "black"
opacity: 0.5
width: videoOutput.contentRect.width *0.7
height: videoOutput.contentRect.height *0.15
x: (videoOutput.width - videoOutput.contentRect.width)/2 + videoOutput.contentRect.width *0.15
y: videoOutput.height/2 + videoOutput.contentRect.height/2 - videoOutput.contentRect.height *0.15
}
LabelType {
width: parent.width
text: qsTr("Decoded QR chunks " + QrDecoderLogic.receivedChunksCount + "/" + QrDecoderLogic.totalChunksCount)
horizontalAlignment: Text.AlignLeft
visible: QrDecoderLogic.totalChunksCount > 0
anchors.horizontalCenter: videoOutput.horizontalCenter
y: videoOutput.height/2 + videoOutput.contentRect.height/2
}
}
QZXingFilter
{
id: zxingFilter
orientation: videoOutput.orientation
captureRect: {
// setup bindings
videoOutput.contentRect;
videoOutput.sourceRect;
return videoOutput.mapRectToSource(videoOutput.mapNormalizedRectToItem(Qt.rect(
0.15, 0.15, 0.7, 0.7 //0, 0, 1.0, 1.0
)));
}
decoder {
enabledDecoders: QZXing.DecoderFormat_QR_CODE
onTagFound: {
QrDecoderLogic.onDetectedQrCode(tag)
}
tryHarder: true
}
property int framesDecoded: 0
property real timePerFrameDecode: 0
onDecodingFinished:
{
timePerFrameDecode = (decodeTime + framesDecoded * timePerFrameDecode) / (framesDecoded + 1);
framesDecoded++;
if(succeeded)
console.log("frame finished: " + succeeded, decodeTime, timePerFrameDecode, framesDecoded);
}
}
}
}
}

42
client/ui/qml/Pages/PageStart.qml
View File

@@ -12,6 +12,7 @@ PageBase {
BackButton {
id: back_from_start
visible: pageLoader.depth > 1
}
Caption {
@@ -103,12 +104,43 @@ PageBase {
anchors.horizontalCenter: parent.horizontalCenter
y: 210
anchors.top: lineEdit_start_existing_code.bottom
anchors.topMargin: 40
anchors.topMargin: 10
text: qsTr("Connect")
onClicked: {
StartPageLogic.onPushButtonImport()
}
}
BlueButtonType {
id: qr_code_import_open
anchors.horizontalCenter: parent.horizontalCenter
anchors.top: new_sever_import.bottom
anchors.topMargin: 40
text: qsTr("Open file")
visible: StartPageLogic.pushButtonConnectVisible
onClicked: {
StartPageLogic.onPushButtonImportOpenFile()
}
enabled: StartPageLogic.pushButtonConnectEnabled
}
BlueButtonType {
id: qr_code_import
anchors.horizontalCenter: parent.horizontalCenter
anchors.top: qr_code_import_open.bottom
anchors.topMargin: 10
text: qsTr("Scan QR code")
visible: StartPageLogic.pushButtonConnectVisible
onClicked: {
UiLogic.goToPage(PageEnum.QrDecoder)
}
enabled: StartPageLogic.pushButtonConnectEnabled
}
}
@@ -154,7 +186,7 @@ PageBase {
id: label_server_ip
x: 40
anchors.top: new_sever_get_info.bottom
text: qsTr("Server IP address")
text: qsTr("Server IP address [:port]")
}
TextFieldType {
id: new_server_ip
@@ -164,6 +196,10 @@ PageBase {
onEditingFinished: {
StartPageLogic.lineEditIpText = text
}
validator: RegExpValidator {
regExp: StartPageLogic.ipAddressPortRegex
}
}
LabelType {
@@ -224,8 +260,6 @@ PageBase {
wrapMode: Text.Wrap
}
BlueButtonType {
id: new_sever_connect
anchors.horizontalCenter: parent.horizontalCenter

2
client/ui/qml/Pages/PageVPN.qml
View File

@@ -51,7 +51,7 @@ PageBase {
height: width
visible: !VpnLogic.pushButtonConnectVisible
paused: VpnLogic.pushButtonConnectVisible
paused: VpnLogic.pushButtonConnectVisible && !root.pageActive
//VisibleBehavior on visible { }
}

31
client/ui/qml/Pages/Share/PageShareProtoAmnezia.qml
View File

@@ -33,6 +33,13 @@ PageShareProtocolBase {
contentHeight: content.height + 20
clip: true
Behavior on contentY{
NumberAnimation {
duration: 300
easing.type: Easing.InOutCubic
}
}
ColumnLayout {
id: content
enabled: logic.pageEnabled
@@ -73,6 +80,7 @@ New encryption keys pair will be generated.")
ShareConnectionLogic.onPushButtonShareAmneziaGenerateClicked()
enabled = true
genConfigProcess = false
fl.contentY = tfShareCode.mapToItem(fl.contentItem, 0, 0).y
}
}
@@ -114,19 +122,32 @@ New encryption keys pair will be generated.")
}
Image {
id: label_share_code
id: image_share_code
Layout.topMargin: 20
Layout.fillWidth: true
Layout.preferredHeight: width
smooth: false
source: ShareConnectionLogic.shareAmneziaQrCodeText
visible: ShareConnectionLogic.shareAmneziaQrCodeText.length > 0
Timer {
property int idx: 0
interval: 1000
running: root.pageActive && ShareConnectionLogic.shareAmneziaQrCodeTextSeriesLength > 0
repeat: true
onTriggered: {
idx++
if (idx >= ShareConnectionLogic.shareAmneziaQrCodeTextSeriesLength) {
idx = 0
}
image_share_code.source = ShareConnectionLogic.shareAmneziaQrCodeTextSeries[idx]
}
}
visible: ShareConnectionLogic.shareAmneziaQrCodeTextSeriesLength > 0
}
LabelType {
Layout.fillWidth: true
text: qsTr("Config too long to be displayed as QR code")
visible: ShareConnectionLogic.shareAmneziaQrCodeText.length == 0 && tfShareCode.textArea.length > 0
text: qsTr("Scan QR code using AmneziaVPN mobile")
}
}
}

11
client/ui/qml/main.qml
View File

@@ -28,7 +28,6 @@ Window {
UiLogic.onCloseWindow()
}
//flags: Qt.FramelessWindowHint
title: "AmneziaVPN"
function gotoPage(type, page, reset, slide) {
@@ -41,6 +40,9 @@ Window {
console.debug("QML gotoPage " + type + " " + page + " " + p_obj)
if (pageLoader.depth > 0) {
pageLoader.currentItem.deactivated()
}
if (slide) {
pageLoader.push(p_obj, {}, StackView.PushTransition)
@@ -59,10 +61,15 @@ Window {
if (pageLoader.depth <= 1) {
return
}
pageLoader.currentItem.deactivated()
pageLoader.pop()
}
function set_start_page(page, slide) {
if (pageLoader.depth > 0) {
pageLoader.currentItem.deactivated()
}
pageLoader.clear()
if (slide) {
pageLoader.push(pages[page], {}, StackView.PushTransition)
@@ -104,8 +111,6 @@ Window {
color: "white"
}
//PageShareProtoAmnezia {}
StackView {
id: pageLoader
y: GC.isDesktop() ? titleBar.height : 0

31
client/ui/uilogic.cpp
View File

@@ -2,6 +2,7 @@
#include <QClipboard>
#include <QDebug>
#include <QDesktopServices>
#include <QFile>
#include <QFileDialog>
#include <QHBoxLayout>
#include <QHostInfo>
@@ -16,7 +17,6 @@
#include <QThread>
#include <QTimer>
#include <QRegularExpression>
#include <QSaveFile>
#include "configurators/cloak_configurator.h"
#include "configurators/vpn_configurator.h"
@@ -51,8 +51,9 @@
#include "pages_logic/AppSettingsLogic.h"
#include "pages_logic/GeneralSettingsLogic.h"
#include "pages_logic/NetworkSettingsLogic.h"
#include "pages_logic/ServerConfiguringProgressLogic.h"
#include "pages_logic/NewServerProtocolsLogic.h"
#include "pages_logic/QrDecoderLogic.h"
#include "pages_logic/ServerConfiguringProgressLogic.h"
#include "pages_logic/ServerListLogic.h"
#include "pages_logic/ServerSettingsLogic.h"
#include "pages_logic/ServerContainersLogic.h"
@@ -84,8 +85,9 @@ UiLogic::UiLogic(QObject *parent) :
m_appSettingsLogic = new AppSettingsLogic(this);
m_generalSettingsLogic = new GeneralSettingsLogic(this);
m_networkSettingsLogic = new NetworkSettingsLogic(this);
m_serverConfiguringProgressLogic = new ServerConfiguringProgressLogic(this);
m_newServerProtocolsLogic = new NewServerProtocolsLogic(this);
m_qrDecoderLogic = new QrDecoderLogic(this);
m_serverConfiguringProgressLogic = new ServerConfiguringProgressLogic(this);
m_serverListLogic = new ServerListLogic(this);
m_serverSettingsLogic = new ServerSettingsLogic(this);
m_serverprotocolsLogic = new ServerContainersLogic(this);
@@ -121,9 +123,9 @@ UiLogic::~UiLogic()
}
}
m_vpnConnection->deleteLater();
m_vpnConnectionThread.quit();
m_vpnConnectionThread.wait(3000);
delete m_vpnConnection;
qDebug() << "Application closed";
}
@@ -263,9 +265,6 @@ void UiLogic::keyPressEvent(Qt::Key key)
case Qt::Key_Q:
qApp->quit();
break;
// case Qt::Key_0:
// *((char*)-1) = 'x';
// break;
case Qt::Key_H:
selectedServerIndex = m_settings.defaultServerIndex();
selectedDockerContainer = m_settings.defaultContainer(selectedServerIndex);
@@ -645,38 +644,36 @@ PageEnumNS::Page UiLogic::currentPage()
return static_cast<PageEnumNS::Page>(currentPageValue());
}
bool UiLogic::saveTextFile(const QString& desc, const QString& ext, const QString& data)
void UiLogic::saveTextFile(const QString& desc, const QString& ext, const QString& data)
{
QString fileName = QFileDialog::getSaveFileName(nullptr, desc,
QStandardPaths::writableLocation(QStandardPaths::DocumentsLocation), ext);
if (fileName.isEmpty()) return false;
if (fileName.isEmpty()) return;
QSaveFile save(fileName);
QFile save(fileName);
save.open(QIODevice::WriteOnly);
save.write(data.toUtf8());
save.close();
QFileInfo fi(fileName);
QDesktopServices::openUrl(fi.absoluteDir().absolutePath());
return save.commit();
}
bool UiLogic::saveBinaryFile(const QString &desc, const QString &ext, const QString &data)
void UiLogic::saveBinaryFile(const QString &desc, const QString &ext, const QString &data)
{
QString fileName = QFileDialog::getSaveFileName(nullptr, desc,
QStandardPaths::writableLocation(QStandardPaths::DocumentsLocation), ext);
if (fileName.isEmpty()) return false;
if (fileName.isEmpty()) return;
QSaveFile save(fileName);
QFile save(fileName);
save.open(QIODevice::WriteOnly);
save.write(QByteArray::fromBase64(data.toUtf8()));
save.close();
QFileInfo fi(fileName);
QDesktopServices::openUrl(fi.absoluteDir().absolutePath());
return save.commit();
}
void UiLogic::copyToClipboard(const QString &text)

11
client/ui/uilogic.h
View File

@@ -22,6 +22,7 @@ class AppSettingsLogic;
class GeneralSettingsLogic;
class NetworkSettingsLogic;
class NewServerProtocolsLogic;
class QrDecoderLogic;
class ServerConfiguringProgressLogic;
class ServerListLogic;
class ServerSettingsLogic;
@@ -99,8 +100,8 @@ public:
Q_INVOKABLE void keyPressEvent(Qt::Key key);
Q_INVOKABLE bool saveTextFile(const QString& desc, const QString& ext, const QString& data);
Q_INVOKABLE bool saveBinaryFile(const QString& desc, const QString& ext, const QString& data);
Q_INVOKABLE void saveTextFile(const QString& desc, const QString& ext, const QString& data);
Q_INVOKABLE void saveBinaryFile(const QString& desc, const QString& ext, const QString& data);
Q_INVOKABLE void copyToClipboard(const QString& text);
QString getDialogConnectErrorText() const;
@@ -167,8 +168,9 @@ public:
AppSettingsLogic *appSettingsLogic() { return m_appSettingsLogic; }
GeneralSettingsLogic *generalSettingsLogic() { return m_generalSettingsLogic; }
NetworkSettingsLogic *networkSettingsLogic() { return m_networkSettingsLogic; }
ServerConfiguringProgressLogic *serverConfiguringProgressLogic() { return m_serverConfiguringProgressLogic; }
NewServerProtocolsLogic *newServerProtocolsLogic() { return m_newServerProtocolsLogic; }
QrDecoderLogic *qrDecoderLogic() { return m_qrDecoderLogic; }
ServerConfiguringProgressLogic *serverConfiguringProgressLogic() { return m_serverConfiguringProgressLogic; }
ServerListLogic *serverListLogic() { return m_serverListLogic; }
ServerSettingsLogic *serverSettingsLogic() { return m_serverSettingsLogic; }
ServerContainersLogic *serverprotocolsLogic() { return m_serverprotocolsLogic; }
@@ -191,8 +193,9 @@ private:
AppSettingsLogic *m_appSettingsLogic;
GeneralSettingsLogic *m_generalSettingsLogic;
NetworkSettingsLogic *m_networkSettingsLogic;
ServerConfiguringProgressLogic *m_serverConfiguringProgressLogic;
NewServerProtocolsLogic *m_newServerProtocolsLogic;
QrDecoderLogic *m_qrDecoderLogic;
ServerConfiguringProgressLogic *m_serverConfiguringProgressLogic;
ServerListLogic *m_serverListLogic;
ServerSettingsLogic *m_serverSettingsLogic;
ServerContainersLogic *m_serverprotocolsLogic;

10
client/vpnconnection.cpp
View File

@@ -26,16 +26,16 @@
#include "utils.h"
#include "vpnconnection.h"
VpnConnection::VpnConnection(QObject* parent) : QObject(parent)
{
VpnConnection::VpnConnection(QObject* parent) : QObject(parent),
m_settings(this)
{
}
VpnConnection::~VpnConnection()
{
//qDebug() << "VpnConnection::~VpnConnection() 1";
m_vpnProtocol->deleteLater();
m_vpnProtocol.clear();
//qDebug() << "VpnConnection::~VpnConnection() 2";
}
void VpnConnection::onBytesChanged(quint64 receivedBytes, quint64 sentBytes)
@@ -220,7 +220,7 @@ void VpnConnection::connectToVpn(int serverIndex,
#if !defined (Q_OS_ANDROID) && !defined (Q_OS_IOS)
if (!m_IpcClient) {
m_IpcClient = new IpcClient;
m_IpcClient = new IpcClient(this);
}
if (!m_IpcClient->isSocketConnected()) {

2
client/xcode.xconfig
View File

@@ -1,4 +1,4 @@
DEVELOPMENT_TEAM = X7UJ388FXK
DEVELOPMENT_TEAM = 7VAGZXD78P
GROUP_ID_IOS = group.ru.kotit.AmneziaVPN.udev
APP_ID_IOS = ru.kotit.AmneziaVPN

290
service/killswitch/ipaddress.cpp Normal file
View File

@@ -0,0 +1,290 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "ipaddress.h"
#include "leakdetector.h"
//#include "logger.h"
#include <QtMath>
//namespace {
//Logger logger(LOG_NETWORKING, "IPAddress");
//} // namespace
IPAddress::IPAddress() { MVPN_COUNT_CTOR(IPAddress); }
IPAddress::IPAddress(const QString& ip) {
MVPN_COUNT_CTOR(IPAddress);
if (ip.contains("/")) {
QPair<QHostAddress, int> p = QHostAddress::parseSubnet(ip);
m_address = p.first;
m_prefixLength = p.second;
} else {
m_address = QHostAddress(ip);
m_prefixLength = 999999;
}
if (m_address.protocol() == QAbstractSocket::IPv4Protocol) {
if (m_prefixLength >= 32) {
m_prefixLength = 32;
}
} else if (m_address.protocol() == QAbstractSocket::IPv6Protocol) {
if (m_prefixLength >= 128) {
m_prefixLength = 128;
}
} else {
Q_ASSERT(false);
}
}
IPAddress::IPAddress(const IPAddress& other) {
MVPN_COUNT_CTOR(IPAddress);
*this = other;
}
IPAddress& IPAddress::operator=(const IPAddress& other) {
if (this == &other) return *this;
m_address = other.m_address;
m_prefixLength = other.m_prefixLength;
return *this;
}
IPAddress::IPAddress(const QHostAddress& address) : m_address(address) {
MVPN_COUNT_CTOR(IPAddress);
if (address.protocol() == QAbstractSocket::IPv4Protocol) {
m_prefixLength = 32;
} else {
Q_ASSERT(address.protocol() == QAbstractSocket::IPv6Protocol);
m_prefixLength = 128;
}
}
IPAddress::IPAddress(const QHostAddress& address, int prefixLength)
: m_address(address), m_prefixLength(prefixLength) {
MVPN_COUNT_CTOR(IPAddress);
if (address.protocol() == QAbstractSocket::IPv4Protocol) {
Q_ASSERT(prefixLength >= 0 && prefixLength <= 32);
} else {
Q_ASSERT(address.protocol() == QAbstractSocket::IPv6Protocol);
Q_ASSERT(prefixLength >= 0 && prefixLength <= 128);
}
}
IPAddress::~IPAddress() { MVPN_COUNT_DTOR(IPAddress); }
QAbstractSocket::NetworkLayerProtocol IPAddress::type() const {
return m_address.protocol();
}
QHostAddress IPAddress::netmask() const {
if (m_address.protocol() == QAbstractSocket::IPv6Protocol) {
Q_IPV6ADDR rawNetmask = {0};
Q_ASSERT(m_prefixLength <= 128);
memset(&rawNetmask, 0xff, m_prefixLength / 8);
if (m_prefixLength % 8) {
rawNetmask[m_prefixLength / 8] = 0xFF ^ (0xFF >> (m_prefixLength % 8));
}
return QHostAddress(rawNetmask);
} else if (m_address.protocol() == QAbstractSocket::IPv4Protocol) {
quint32 rawNetmask = 0xffffffff;
Q_ASSERT(m_prefixLength <= 32);
if (m_prefixLength < 32) {
rawNetmask ^= (0xffffffff >> m_prefixLength);
}
return QHostAddress(rawNetmask);
} else {
return QHostAddress();
}
}
QHostAddress IPAddress::hostmask() const {
if (m_address.protocol() == QAbstractSocket::IPv6Protocol) {
Q_IPV6ADDR rawHostmask = {0};
int offset = (m_prefixLength + 7) / 8;
Q_ASSERT(m_prefixLength <= 128);
memset(&rawHostmask[offset], 0xff, sizeof(rawHostmask) - offset);
if (m_prefixLength % 8) {
rawHostmask[m_prefixLength / 8] = 0xFF >> (m_prefixLength % 8);
}
return QHostAddress(rawHostmask);
} else if (m_address.protocol() == QAbstractSocket::IPv4Protocol) {
if (m_prefixLength < 32) {
return QHostAddress(0xffffffff >> m_prefixLength);
} else {
quint32 zero = 0;
return QHostAddress(zero);
}
} else {
return QHostAddress();
}
}
QHostAddress IPAddress::broadcastAddress() const {
if (m_address.protocol() == QAbstractSocket::IPv6Protocol) {
Q_IPV6ADDR rawAddress = m_address.toIPv6Address();
int offset = (m_prefixLength + 7) / 8;
memset(&rawAddress[offset], 0xff, sizeof(rawAddress) - offset);
if (m_prefixLength % 8) {
rawAddress[m_prefixLength / 8] |= 0xFF >> (m_prefixLength % 8);
}
return QHostAddress(rawAddress);
} else if (m_address.protocol() == QAbstractSocket::IPv4Protocol) {
quint32 rawAddress = m_address.toIPv4Address();
if (m_prefixLength < 32) {
rawAddress |= (0xffffffff >> m_prefixLength);
}
return QHostAddress(rawAddress);
} else {
return QHostAddress();
}
}
bool IPAddress::overlaps(const IPAddress& other) const {
if (m_prefixLength < other.m_prefixLength) {
return contains(other.m_address);
} else {
return other.contains(m_address);
}
}
bool IPAddress::contains(const QHostAddress& address) const {
if (address.protocol() != m_address.protocol()) {
return false;
}
if (m_prefixLength == 0) {
return true;
}
if (m_address.protocol() == QAbstractSocket::IPv6Protocol) {
Q_IPV6ADDR a = m_address.toIPv6Address();
Q_IPV6ADDR b = address.toIPv6Address();
int bytes = m_prefixLength / 8;
if (bytes > 0) {
if (memcmp(&a, &b, bytes) != 0) {
return false;
}
}
if (m_prefixLength % 8) {
quint8 diff = (a[bytes] ^ b[bytes]) >> (8 - m_prefixLength % 8);
return (diff == 0);
}
return true;
}
if (m_address.protocol() == QAbstractSocket::IPv4Protocol) {
quint32 diff = m_address.toIPv4Address() ^ address.toIPv4Address();
if (m_prefixLength < 32) {
diff >>= (32 - m_prefixLength);
}
return (diff == 0);
}
return false;
}
bool IPAddress::operator==(const IPAddress& other) const {
return m_address == other.m_address && m_prefixLength == other.m_prefixLength;
}
bool IPAddress::subnetOf(const IPAddress& other) const {
if (other.m_address.protocol() != m_address.protocol()) {
return false;
}
if (m_prefixLength < other.m_prefixLength) {
return false;
}
return other.contains(m_address);
}
QList<IPAddress> IPAddress::subnets() const {
QList<IPAddress> list;
if (m_address.protocol() == QAbstractSocket::IPv4Protocol) {
if (m_prefixLength >= 32) {
list.append(*this);
return list;
}
quint32 rawAddress = m_address.toIPv4Address();
list.append(IPAddress(QHostAddress(rawAddress), m_prefixLength + 1));
rawAddress |= (0x80000000 >> m_prefixLength);
list.append(IPAddress(QHostAddress(rawAddress), m_prefixLength + 1));
return list;
}
Q_ASSERT(m_address.protocol() == QAbstractSocket::IPv6Protocol);
if (m_prefixLength >= 128) {
list.append(*this);
return list;
}
Q_IPV6ADDR rawAddress = m_address.toIPv6Address();
list.append(IPAddress(QHostAddress(rawAddress), m_prefixLength + 1));
rawAddress[m_prefixLength / 8] |= (0x80 >> (m_prefixLength % 8));
list.append(IPAddress(QHostAddress(rawAddress), m_prefixLength + 1));
return list;
}
// static
QList<IPAddress> IPAddress::excludeAddresses(
const QList<IPAddress>& sourceList, const QList<IPAddress>& excludeList) {
QList<IPAddress> results = sourceList;
for (const IPAddress& exclude : excludeList) {
QList<IPAddress> newResults;
for (const IPAddress& ip : results) {
if (ip.overlaps(exclude)) {
QList<IPAddress> range = ip.excludeAddresses(exclude);
newResults.append(range);
} else {
newResults.append(ip);
}
}
results = newResults;
}
return results;
}
QList<IPAddress> IPAddress::excludeAddresses(const IPAddress& ip) const {
QList<IPAddress> sn = subnets();
Q_ASSERT(sn.length() >= 2);
QList<IPAddress> result;
while (sn[0] != ip && sn[1] != ip) {
if (ip.subnetOf(sn[0])) {
result.append(sn[1]);
sn = sn[0].subnets();
} else if (ip.subnetOf(sn[1])) {
result.append(sn[0]);
sn = sn[1].subnets();
} else {
Q_ASSERT(false);
}
}
if (sn[0] == ip) {
result.append(sn[1]);
} else if (sn[1] == ip) {
result.append(sn[0]);
} else {
Q_ASSERT(false);
}
return result;
}

53
service/killswitch/ipaddress.h Normal file
View File

@@ -0,0 +1,53 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef IPADDRESS_H
#define IPADDRESS_H
#include <QHostAddress>
class IPAddress final {
public:
static QList<IPAddress> excludeAddresses(const QList<IPAddress>& sourceList,
const QList<IPAddress>& excludeList);
IPAddress();
IPAddress(const QString& ip);
IPAddress(const QHostAddress& address);
IPAddress(const QHostAddress& address, int prefixLength);
IPAddress(const IPAddress& other);
IPAddress& operator=(const IPAddress& other);
~IPAddress();
QString toString() const {
return QString("%1/%2").arg(m_address.toString()).arg(m_prefixLength);
}
const QHostAddress& address() const { return m_address; }
int prefixLength() const { return m_prefixLength; }
QHostAddress netmask() const;
QHostAddress hostmask() const;
QHostAddress broadcastAddress() const;
bool overlaps(const IPAddress& other) const;
bool contains(const QHostAddress& address) const;
bool operator==(const IPAddress& other) const;
bool operator!=(const IPAddress& other) const { return !operator==(other); }
bool subnetOf(const IPAddress& other) const;
QList<IPAddress> subnets() const;
QList<IPAddress> excludeAddresses(const IPAddress& ip) const;
QAbstractSocket::NetworkLayerProtocol type() const;
private:
QHostAddress m_address;
int m_prefixLength;
};
#endif // IPADDRESS_H

17
service/killswitch/killswitch.pri Normal file
View File

@@ -0,0 +1,17 @@
INCLUDEPATH+= $$PWD
DEPENDPATH += $$PWD
QT += core network
HEADERS += \
$$PWD/leakdetector.h \
$$PWD/windowsfirewall.h \
$$PWD/ipaddress.h \
$$PWD/windowscommons.h
SOURCES += \
$$PWD/leakdetector.cpp \
$$PWD/windowsfirewall.cpp \
$$PWD/ipaddress.cpp \
$$PWD/windowscommons.cpp
# TARGET = libkillswitch

75
service/killswitch/leakdetector.cpp Normal file
View File

@@ -0,0 +1,75 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "leakdetector.h"
#include <QHash>
#include <QMutex>
#include <QObject>
#include <QTextStream>
#ifdef MVPN_DEBUG
static QMutex s_leakDetector;
QHash<QString, QHash<void*, uint32_t>> s_leaks;
#endif
LeakDetector::LeakDetector() {
#ifndef MVPN_DEBUG
qFatal("LeakDetector _must_ be created in debug builds only!");
#endif
}
LeakDetector::~LeakDetector() {
#ifdef MVPN_DEBUG
QTextStream out(stderr);
out << "== Mozilla VPN - Leak report ===================" << Qt::endl;
bool hasLeaks = false;
for (auto i = s_leaks.begin(); i != s_leaks.end(); ++i) {
QString className = i.key();
if (i->size() == 0) {
continue;
}
hasLeaks = true;
out << className << Qt::endl;
for (auto l = i->begin(); l != i->end(); ++l) {
out << " - ptr: " << l.key() << " size:" << l.value() << Qt::endl;
}
}
if (!hasLeaks) {
out << "No leaks detected." << Qt::endl;
}
#endif
}
#ifdef MVPN_DEBUG
void LeakDetector::logCtor(void* ptr, const char* typeName, uint32_t size) {
QMutexLocker lock(&s_leakDetector);
QString type(typeName);
if (!s_leaks.contains(type)) {
s_leaks.insert(type, QHash<void*, uint32_t>());
}
s_leaks[type].insert(ptr, size);
}
void LeakDetector::logDtor(void* ptr, const char* typeName, uint32_t size) {
QMutexLocker lock(&s_leakDetector);
QString type(typeName);
Q_ASSERT(s_leaks.contains(type));
QHash<void*, uint32_t>& leak = s_leaks[type];
Q_ASSERT(leak.contains(ptr));
Q_ASSERT(leak[ptr] == size);
leak.remove(ptr);
}
#endif

41
service/killswitch/leakdetector.h Normal file
View File

@@ -0,0 +1,41 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef LEAKDETECTOR_H
#define LEAKDETECTOR_H
#include <QObject>
#ifdef MVPN_DEBUG
# define MVPN_COUNT_CTOR(_type) \
do { \
static_assert(std::is_class<_type>(), \
"Token '" #_type "' is not a class type."); \
LeakDetector::logCtor((void*)this, #_type, sizeof(*this)); \
} while (0)
# define MVPN_COUNT_DTOR(_type) \
do { \
static_assert(std::is_class<_type>(), \
"Token '" #_type "' is not a class type."); \
LeakDetector::logDtor((void*)this, #_type, sizeof(*this)); \
} while (0)
#else
# define MVPN_COUNT_CTOR(_type)
# define MVPN_COUNT_DTOR(_type)
#endif
class LeakDetector {
public:
LeakDetector();
~LeakDetector();
#ifdef MVPN_DEBUG
static void logCtor(void* ptr, const char* typeName, uint32_t size);
static void logDtor(void* ptr, const char* typeName, uint32_t size);
#endif
};
#endif // LEAKDETECTOR_H

182
service/killswitch/windowscommons.cpp Normal file
View File

@@ -0,0 +1,182 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "windowscommons.h"
//#include "logger.h"
#include <QDir>
#include <QtEndian>
#include <QHostAddress>
#include <QSettings>
#include <QStandardPaths>
#include <QSysInfo>
#include <QNetworkInterface>
#include <Windows.h>
#include <iphlpapi.h>
#define TUNNEL_SERVICE_NAME L"WireGuardTunnel$mozvpn"
constexpr const char* VPN_NAME = "MozillaVPN";
constexpr const int WINDOWS_11_BUILD =
22000; // Build Number of the first release win 11 iso
//namespace {
//Logger logger(LOG_MAIN, "WindowsCommons");
//}
QString WindowsCommons::getErrorMessage() {
DWORD errorId = GetLastError();
LPSTR messageBuffer = nullptr;
size_t size = FormatMessageA(
FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM |
FORMAT_MESSAGE_IGNORE_INSERTS,
nullptr, errorId, MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),
(LPSTR)&messageBuffer, 0, nullptr);
std::string message(messageBuffer, size);
QString result(message.c_str());
LocalFree(messageBuffer);
return result;
}
// A simple function to log windows error messages.
void WindowsCommons::windowsLog(const QString& msg) {
QString errmsg = getErrorMessage();
qDebug() << msg << "-" << errmsg;
}
QString WindowsCommons::tunnelConfigFile() {
QStringList paths =
QStandardPaths::standardLocations(QStandardPaths::GenericDataLocation);
for (const QString& path : paths) {
QDir dir(path);
if (!dir.exists()) {
continue;
}
QDir vpnDir(dir.filePath(VPN_NAME));
if (!vpnDir.exists()) {
continue;
}
QString wireguardFile(vpnDir.filePath(QString("%1.conf").arg(VPN_NAME)));
if (!QFileInfo::exists(wireguardFile)) {
continue;
}
qDebug() << "Found the current wireguard configuration:"
<< wireguardFile;
return wireguardFile;
}
for (const QString& path : paths) {
QDir dir(path);
QDir vpnDir(dir.filePath(VPN_NAME));
if (!vpnDir.exists() && !dir.mkdir(VPN_NAME)) {
qDebug() << "Failed to create path Mozilla under" << path;
continue;
}
return vpnDir.filePath(QString("%1.conf").arg(VPN_NAME));
}
qDebug() << "Failed to create the right paths";
return QString();
}
QString WindowsCommons::tunnelLogFile() {
QStringList paths =
QStandardPaths::standardLocations(QStandardPaths::GenericDataLocation);
for (const QString& path : paths) {
QDir dir(path);
if (!dir.exists()) {
continue;
}
QDir vpnDir(dir.filePath(VPN_NAME));
if (!vpnDir.exists()) {
continue;
}
return vpnDir.filePath("log.bin");
}
return QString();
}
// static
int WindowsCommons::AdapterIndexTo(const QHostAddress& dst) {
qDebug() << "Getting Current Internet Adapter that routes to"
<< dst.toString();
quint32_be ipBigEndian;
quint32 ip = dst.toIPv4Address();
qToBigEndian(ip, &ipBigEndian);
_MIB_IPFORWARDROW routeInfo;
auto result = GetBestRoute(ipBigEndian, 0, &routeInfo);
if (result != NO_ERROR) {
return -1;
}
auto adapter =
QNetworkInterface::interfaceFromIndex(routeInfo.dwForwardIfIndex);
//logger.debug() << "Internet Adapter:" << adapter.name();
qDebug()<< "Internet Adapter:" << adapter.name();
return routeInfo.dwForwardIfIndex;
}
// static
int WindowsCommons::VPNAdapterIndex() {
// For someReason QNetworkInterface::fromName(MozillaVPN) does not work >:(
auto adapterList = QNetworkInterface::allInterfaces();
for (const auto& adapter : adapterList) {
if (
adapter.humanReadableName().contains(IKEV2) ||
adapter.humanReadableName().contains(IKEV2)
) {
return adapter.index();
}
}
return -1;
}
// Static
QString WindowsCommons::getCurrentPath() {
QByteArray buffer(2048, 0xFF);
auto ok = GetModuleFileNameA(NULL, buffer.data(), buffer.size());
if (ok == ERROR_INSUFFICIENT_BUFFER) {
buffer.resize(buffer.size() * 2);
ok = GetModuleFileNameA(NULL, buffer.data(), buffer.size());
}
if (ok == 0) {
WindowsCommons::windowsLog("Err fetching dos path");
return "";
}
return QString::fromLocal8Bit(buffer);
}
// Static
QString WindowsCommons::WindowsVersion() {
/* The Tradegy of Getting a somewhat working windows version:
- GetVersion() -> deprecated and Reports win 8.1 for MozillaVPN... its tied
to some .exe flags
- NetWkstaGetInfo -> Reports Windows 10 on windows 11
There is also the regirstry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion
-> CurrentMajorVersion reports 10 on win 11
-> CurrentBuild seems to be correct, so lets infer it
*/
QSettings regCurrentVersion(
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
QSettings::NativeFormat);
int buildNr = regCurrentVersion.value("CurrentBuild").toInt();
if (buildNr >= WINDOWS_11_BUILD) {
return "11";
}
return QSysInfo::productVersion();
}

32
service/killswitch/windowscommons.h Normal file
View File

@@ -0,0 +1,32 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef WINDOWSCOMMONS_H
#define WINDOWSCOMMONS_H
#include <QString>
constexpr char IKEV2[] {"AmneziaVPN IKEv2\0"};
class QHostAddress;
class WindowsCommons final {
public:
static QString getErrorMessage();
static void windowsLog(const QString& msg);
static QString tunnelConfigFile();
static QString tunnelLogFile();
// Returns the Interface Index of the VPN Adapter
static int VPNAdapterIndex();
// Returns the Interface Index that could Route to dst
static int AdapterIndexTo(const QHostAddress& dst);
// Returns the Path of the Current process
static QString getCurrentPath();
// Returns the major version of Windows
static QString WindowsVersion();
};
#endif // WINDOWSCOMMONS_H

857
service/killswitch/windowsfirewall.cpp Normal file
View File

@@ -0,0 +1,857 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "windowsfirewall.h"
//#include "logger.h"
#include "leakdetector.h"
//#include "windowscommons.h"
//#include "../../daemon/interfaceconfig.h"
//#include "../../ipaddress.h"
//#include <QApplication>
#include <QObject>
#include <QFileInfo>
#include <QNetworkInterface>
#include <QScopeGuard>
#include <QHostAddress>
#include <QtEndian>
#include <windows.h>
#include <fwpmu.h>
#include <stdio.h>
#include <comdef.h>
#include <netfw.h>
//#include "winsock.h"
#include <initguid.h>
#include <guiddef.h>
#include <qaccessible.h>
#define IPV6_ADDRESS_SIZE 16
// ID for the Firewall Sublayer
DEFINE_GUID(ST_FW_WINFW_BASELINE_SUBLAYER_KEY, 0xc78056ff, 0x2bc1, 0x4211, 0xaa,
0xdd, 0x7f, 0x35, 0x8d, 0xef, 0x20, 0x2d);
// ID for the Mullvad Split-Tunnel Sublayer Provider
DEFINE_GUID(ST_FW_PROVIDER_KEY, 0xe2c114ee, 0xf32a, 0x4264, 0xa6, 0xcb, 0x3f,
0xa7, 0x99, 0x63, 0x56, 0xd9);
namespace {
//Logger logger(LOG_WINDOWS, "WindowsFirewall");
WindowsFirewall* s_instance = nullptr;
// Note Filter Weight may be between 0-15!
constexpr uint8_t LOW_WEIGHT = 0;
constexpr uint8_t MED_WEIGHT = 7;
constexpr uint8_t HIGH_WEIGHT = 13;
constexpr uint8_t MAX_WEIGHT = 15;
} // namespace
WindowsFirewall* WindowsFirewall::instance() {
if (s_instance == nullptr) {
s_instance = new WindowsFirewall(qApp);
}
return s_instance;
}
WindowsFirewall::WindowsFirewall(QObject* parent) : QObject(parent) {
MVPN_COUNT_CTOR(WindowsFirewall);
Q_ASSERT(s_instance == nullptr);
HANDLE engineHandle = NULL;
DWORD result = ERROR_SUCCESS;
// Use dynamic sessions for efficiency and safety:
// -> Filtering policy objects are deleted even when the application crashes/
// deamon goes down
FWPM_SESSION0 session;
memset(&session, 0, sizeof(session));
session.flags = FWPM_SESSION_FLAG_DYNAMIC;
qDebug() << "Opening the filter engine.";
result =
FwpmEngineOpen0(NULL, RPC_C_AUTHN_WINNT, NULL, &session, &engineHandle);
if (result != ERROR_SUCCESS) {
qDebug()<<"FwpmEngineOpen0 failed "<<GetLastError();
//WindowsCommons::windowsLog("FwpmEngineOpen0 failed");
return;
}
qDebug() << "Filter engine opened successfully.";
m_sessionHandle = engineHandle;
//auto ret = WindowsCommons::VPNAdapterIndex();
}
WindowsFirewall::~WindowsFirewall() {
MVPN_COUNT_DTOR(WindowsFirewall);
if (m_sessionHandle != INVALID_HANDLE_VALUE) {
CloseHandle(m_sessionHandle);
}
}
bool WindowsFirewall::init() {
if (m_init) {
qDebug() << "Alread initialised FW_WFP layer";
return true;
}
if (m_sessionHandle == INVALID_HANDLE_VALUE) {
qDebug() << "Cant Init Sublayer with invalid wfp handle";
return false;
}
// If we were not able to aquire a handle, this will fail anyway.
// We need to open up another handle because of wfp rules:
// If a wfp resource was created with SESSION_DYNAMIC,
// the session exlusively owns the resource, meaning the driver can't add
// filters to the sublayer. So let's have non dynamic session only for the
// sublayer creation. This means the Layer exists until the next Reboot.
DWORD result = ERROR_SUCCESS;
HANDLE wfp = INVALID_HANDLE_VALUE;
FWPM_SESSION0 session;
memset(&session, 0, sizeof(session));
qDebug()<< "Opening the filter engine";
result = FwpmEngineOpen0(NULL, RPC_C_AUTHN_WINNT, NULL, &session, &wfp);
if (result != ERROR_SUCCESS) {
qDebug() << "FwpmEngineOpen0 failed. Return value:.\n" << result<<" "<<GetLastError();
return false;
}
auto cleanup = qScopeGuard([&] { FwpmEngineClose0(wfp); });
// Check if the Layer Already Exists
FWPM_SUBLAYER0* maybeLayer{nullptr};
result = FwpmSubLayerGetByKey0(wfp, &ST_FW_WINFW_BASELINE_SUBLAYER_KEY,
&maybeLayer);
if (result == ERROR_SUCCESS) {
qDebug() << "The Sublayer Already Exists!";
FwpmFreeMemory0((void**)&maybeLayer);
return true;
}
// Step 1: Start Transaction
result = FwpmTransactionBegin(wfp, NULL);
if (result != ERROR_SUCCESS) {
qDebug() << "FwpmTransactionBegin0 failed. Return value:.\n"
<< result<<" "<<GetLastError();
return false;
}
// Step 3: Add Sublayer
FWPM_SUBLAYER0 subLayer;
memset(&subLayer, 0, sizeof(subLayer));
subLayer.subLayerKey = ST_FW_WINFW_BASELINE_SUBLAYER_KEY;
subLayer.displayData.name = (PWSTR)L"AmneziaVPN-SplitTunnel-Sublayer";
subLayer.displayData.description =
(PWSTR)L"Filters that enforce a good baseline";
subLayer.weight = 0xFFFF;
result = FwpmSubLayerAdd0(wfp, &subLayer, NULL);
if (result != ERROR_SUCCESS) {
qDebug() << "FwpmSubLayerAdd0 failed. Return value:.\n" << result<<" "<<GetLastError();
return false;
}
// Step 4: Commit!
result = FwpmTransactionCommit0(wfp);
if (result != ERROR_SUCCESS) {
qDebug() << "FwpmTransactionCommit0 failed. Return value:.\n"
<< result<<" "<<GetLastError();
return false;
}
qDebug() << "Initialised Sublayer";
m_init = true;
return true;
}
bool WindowsFirewall::enableKillSwitch(int vpnAdapterIndex) {
// Checks if the FW_Rule was enabled succesfully,
// disables the whole killswitch and returns false if not.
#define FW_OK(rule) \
{ \
auto result = FwpmTransactionBegin(m_sessionHandle, NULL); \
if (result != ERROR_SUCCESS) { \
disableKillSwitch(); \
return false; \
} \
if (!rule) { \
FwpmTransactionAbort0(m_sessionHandle); \
disableKillSwitch(); \
return false; \
} \
result = FwpmTransactionCommit0(m_sessionHandle); \
if (result != ERROR_SUCCESS) { \
qDebug()<<"FwpmTransactionCommit0 failed. Return value:.\n" \
<< result; \
return false; \
} \
}
qDebug() << "Enabling Killswitch Using Adapter:" << vpnAdapterIndex;
FW_OK(allowTrafficOfAdapter(vpnAdapterIndex, MED_WEIGHT,
"Allow usage of VPN Adapter"));
FW_OK(allowDHCPTraffic(MED_WEIGHT, "Allow DHCP Traffic"));
//FW_OK(allowHyperVTraffic(MED_WEIGHT, "Allow Hyper-V Traffic"));
FW_OK(allowTrafficForAppOnAll(getCurrentPath(), MAX_WEIGHT,
"Allow all for AmneziaVPN-service.exe"));
// disable by 020221 //FW_OK(blockTrafficOnPort(53, MED_WEIGHT, "Block all DNS"));
FW_OK(allowLoopbackTraffic(MED_WEIGHT, "Allow Loopback traffic on device %1"));
qDebug() << "Killswitch on! Rules:" << m_activeRules.length();
return true;
#undef FW_OK
}
/*
bool WindowsFirewall::enablePeerTraffic(const InterfaceConfig& config) {
// Start the firewall transaction
auto result = FwpmTransactionBegin(m_sessionHandle, NULL);
if (result != ERROR_SUCCESS) {
disableKillSwitch();
return false;
}
auto cleanup = qScopeGuard([&] {
FwpmTransactionAbort0(m_sessionHandle);
disableKillSwitch();
});
// Build the firewall rules for this peer.
logger.info() << "Enabling traffic for peer" << config.m_serverPublicKey;
if (!blockTrafficTo(config.m_allowedIPAddressRanges, LOW_WEIGHT,
"Block Internet", config.m_serverPublicKey)) {
return false;
}
if (!config.m_dnsServer.isEmpty()) {
if (!allowTrafficTo(QHostAddress(config.m_dnsServer), 53, HIGH_WEIGHT,
"Allow DNS-Server", config.m_serverPublicKey)) {
return false;
}
// In some cases, we might configure a 2nd DNS server for IPv6, however
// this should probably be cleaned up by converting m_dnsServer into
// a QStringList instead.
if (config.m_dnsServer == config.m_serverIpv4Gateway) {
if (!allowTrafficTo(QHostAddress(config.m_serverIpv6Gateway), 53,
HIGH_WEIGHT, "Allow extra IPv6 DNS-Server",
config.m_serverPublicKey)) {
return false;
}
}
}
result = FwpmTransactionCommit0(m_sessionHandle);
if (result != ERROR_SUCCESS) {
logger.error() << "FwpmTransactionCommit0 failed with error:" << result;
return false;
}
cleanup.dismiss();
return true;
}
*/
bool WindowsFirewall::disablePeerTraffic(const QString& pubkey) {
auto result = FwpmTransactionBegin(m_sessionHandle, NULL);
auto cleanup = qScopeGuard([&] {
if (result != ERROR_SUCCESS) {
FwpmTransactionAbort0(m_sessionHandle);
}
});
if (result != ERROR_SUCCESS) {
qDebug() << "FwpmTransactionBegin0 failed. Return value:.\n"
<< result<<" "<<GetLastError();
return false;
}
qDebug() << "Disabling traffic for peer" << pubkey;
for (const auto& filterID : m_peerRules.values(pubkey)) {
FwpmFilterDeleteById0(m_sessionHandle, filterID);
m_peerRules.remove(pubkey, filterID);
}
// Commit!
result = FwpmTransactionCommit0(m_sessionHandle);
if (result != ERROR_SUCCESS) {
qDebug()<< "FwpmTransactionCommit0 failed. Return value:.\n"
<< result<<" "<<GetLastError();
return false;
}
return true;
}
bool WindowsFirewall::disableKillSwitch() {
auto result = FwpmTransactionBegin(m_sessionHandle, NULL);
auto cleanup = qScopeGuard([&] {
if (result != ERROR_SUCCESS) {
FwpmTransactionAbort0(m_sessionHandle);
}
});
if (result != ERROR_SUCCESS) {
qDebug() << "FwpmTransactionBegin0 failed. Return value:.\n"
<< result<<" "<<GetLastError();
return false;
}
for (const auto& filterID : m_peerRules.values()) {
FwpmFilterDeleteById0(m_sessionHandle, filterID);
}
for (const auto& filterID : qAsConst(m_activeRules)) {
FwpmFilterDeleteById0(m_sessionHandle, filterID);
}
// Commit!
result = FwpmTransactionCommit0(m_sessionHandle);
if (result != ERROR_SUCCESS) {
qDebug() << "FwpmTransactionCommit0 failed. Return value:.\n"
<< result<<" "<<GetLastError();
return false;
}
m_peerRules.clear();
m_activeRules.clear();
qDebug() << "Firewall Disabled!";
return true;
}
bool WindowsFirewall::allowTrafficForAppOnAll(const QString& exePath,
int weight,
const QString& title) {
DWORD result = ERROR_SUCCESS;
Q_ASSERT(weight <= 15);
// Get the AppID for the Executable;
QString appName = QFileInfo(exePath).baseName();
std::wstring wstr = exePath.toStdWString();
PCWSTR appPath = wstr.c_str();
FWP_BYTE_BLOB* appID = NULL;
result = FwpmGetAppIdFromFileName0(appPath, &appID);
if (result != ERROR_SUCCESS) {
qDebug()<<"FwpmGetAppIdFromFileName0 failure:"<< GetLastError();
// WindowsCommons::windowsLog("FwpmGetAppIdFromFileName0 failure");
return false;
}
// Condition: Request must come from the .exe
FWPM_FILTER_CONDITION0 conds;
conds.fieldKey = FWPM_CONDITION_ALE_APP_ID;
conds.matchType = FWP_MATCH_EQUAL;
conds.conditionValue.type = FWP_BYTE_BLOB_TYPE;
conds.conditionValue.byteBlob = appID;
// Assemble the Filter base
FWPM_FILTER0 filter;
memset(&filter, 0, sizeof(filter));
filter.filterCondition = &conds;
filter.numFilterConditions = 1;
filter.action.type = FWP_ACTION_PERMIT;
filter.weight.type = FWP_UINT8;
filter.weight.uint8 = weight;
filter.subLayerKey = ST_FW_WINFW_BASELINE_SUBLAYER_KEY;
filter.flags = FWPM_FILTER_FLAG_CLEAR_ACTION_RIGHT; // Make this decision
// only blockable by veto
// Build and add the Filters
// #1 Permit outbound IPv4 traffic.
{
QString desc("Permit (out) IPv4 Traffic of: " + appName);
filter.layerKey = FWPM_LAYER_ALE_AUTH_CONNECT_V4;
if (!enableFilter(&filter, title, desc)) {
return false;
}
}
// #2 Permit inbound IPv4 traffic.
{
QString desc("Permit (in) IPv4 Traffic of: " + appName);
filter.layerKey = FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V4;
if (!enableFilter(&filter, title, desc)) {
return false;
}
}
return true;
}
bool WindowsFirewall::allowTrafficOfAdapter(int networkAdapter, uint8_t weight,
const QString& title) {
FWPM_FILTER_CONDITION0 conds;
memset(&conds, 0, sizeof(conds));
// Condition: Request must be targeting the TUN interface
conds.fieldKey = FWPM_CONDITION_INTERFACE_INDEX;
conds.matchType = FWP_MATCH_EQUAL;
conds.conditionValue.type = FWP_UINT32;
conds.conditionValue.uint32 = networkAdapter;
// Assemble the Filter base
FWPM_FILTER0 filter;
memset(&filter, 0, sizeof(filter));
filter.filterCondition = &conds;
filter.numFilterConditions = 1;
filter.action.type = FWP_ACTION_PERMIT;
filter.weight.type = FWP_UINT8;
filter.weight.uint8 = weight;
filter.subLayerKey = ST_FW_WINFW_BASELINE_SUBLAYER_KEY;
QString description("Allow %0 traffic on Adapter %1");
// #1 Permit outbound IPv4 traffic.
filter.layerKey = FWPM_LAYER_ALE_AUTH_CONNECT_V4;
if (!enableFilter(&filter, title,
description.arg("out").arg(networkAdapter))) {
return false;
}
// #2 Permit inbound IPv4 traffic.
filter.layerKey = FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V4;
if (!enableFilter(&filter, title,
description.arg("in").arg(networkAdapter))) {
return false;
}
// #3 Permit outbound IPv6 traffic.
filter.layerKey = FWPM_LAYER_ALE_AUTH_CONNECT_V6;
if (!enableFilter(&filter, title,
description.arg("out").arg(networkAdapter))) {
return false;
}
// #4 Permit inbound IPv6 traffic.
filter.layerKey = FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V6;
if (!enableFilter(&filter, title,
description.arg("in").arg(networkAdapter))) {
return false;
}
return true;
}
bool WindowsFirewall::allowTrafficTo(const QHostAddress& targetIP, uint port,
int weight, const QString& title,
const QString& peer) {
bool isIPv4 = targetIP.protocol() == QAbstractSocket::IPv4Protocol;
GUID layerOut =
isIPv4 ? FWPM_LAYER_ALE_AUTH_CONNECT_V4 : FWPM_LAYER_ALE_AUTH_CONNECT_V6;
GUID layerIn = isIPv4 ? FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V4
: FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V6;
quint32_be ipBigEndian;
quint32 ip = targetIP.toIPv4Address();
qToBigEndian(ip, &ipBigEndian);
// Allow Traffic to IP with PORT using any protocol
FWPM_FILTER_CONDITION0 conds[4];
conds[0].fieldKey = FWPM_CONDITION_IP_PROTOCOL;
conds[0].matchType = FWP_MATCH_EQUAL;
conds[0].conditionValue.type = FWP_UINT8;
conds[0].conditionValue.uint8 = (IPPROTO_UDP);
conds[1].fieldKey = FWPM_CONDITION_IP_PROTOCOL;
conds[1].matchType = FWP_MATCH_EQUAL;
conds[1].conditionValue.type = FWP_UINT8;
conds[1].conditionValue.uint16 = (IPPROTO_TCP);
conds[2].fieldKey = FWPM_CONDITION_IP_REMOTE_PORT;
conds[2].matchType = FWP_MATCH_EQUAL;
conds[2].conditionValue.type = FWP_UINT16;
conds[2].conditionValue.uint16 = port;
conds[3].fieldKey = FWPM_CONDITION_IP_REMOTE_ADDRESS;
conds[3].matchType = FWP_MATCH_EQUAL;
QByteArray buffer;
// will hold v6 Addess bytes if present
importAddress(targetIP, conds[3].conditionValue, &buffer);
// Assemble the Filter base
FWPM_FILTER0 filter;
memset(&filter, 0, sizeof(filter));
filter.filterCondition = conds;
filter.numFilterConditions = 4;
filter.action.type = FWP_ACTION_PERMIT;
filter.weight.type = FWP_UINT8;
filter.weight.uint8 = weight;
filter.subLayerKey = ST_FW_WINFW_BASELINE_SUBLAYER_KEY;
filter.flags = FWPM_FILTER_FLAG_CLEAR_ACTION_RIGHT; // Hard Permit!
QString description("Permit traffic %1 %2 on port %3");
filter.layerKey = layerOut;
if (!enableFilter(&filter, title,
description.arg("to").arg(targetIP.toString()).arg(port),
peer)) {
return false;
}
filter.layerKey = layerIn;
if (!enableFilter(&filter, title,
description.arg("from").arg(targetIP.toString()).arg(port),
peer)) {
return false;
}
return true;
}
bool WindowsFirewall::allowDHCPTraffic(uint8_t weight, const QString& title) {
// Allow outbound DHCPv4
{
FWPM_FILTER_CONDITION0 conds[4];
// Condition: Request must be targeting the TUN interface
conds[0].fieldKey = FWPM_CONDITION_IP_PROTOCOL;
conds[0].matchType = FWP_MATCH_EQUAL;
conds[0].conditionValue.type = FWP_UINT8;
conds[0].conditionValue.uint8 = (IPPROTO_UDP);
conds[1].fieldKey = FWPM_CONDITION_IP_LOCAL_PORT;
conds[1].matchType = FWP_MATCH_EQUAL;
conds[1].conditionValue.type = FWP_UINT16;
conds[1].conditionValue.uint16 = (68);
conds[2].fieldKey = FWPM_CONDITION_IP_REMOTE_PORT;
conds[2].matchType = FWP_MATCH_EQUAL;
conds[2].conditionValue.type = FWP_UINT16;
conds[2].conditionValue.uint16 = 67;
conds[3].fieldKey = FWPM_CONDITION_IP_REMOTE_ADDRESS;
conds[3].matchType = FWP_MATCH_EQUAL;
conds[3].conditionValue.type = FWP_UINT32;
conds[3].conditionValue.uint32 = (0xffffffff);
// Assemble the Filter base
FWPM_FILTER0 filter;
memset(&filter, 0, sizeof(filter));
filter.filterCondition = conds;
filter.numFilterConditions = 4;
filter.action.type = FWP_ACTION_PERMIT;
filter.weight.type = FWP_UINT8;
filter.weight.uint8 = weight;
filter.subLayerKey = ST_FW_WINFW_BASELINE_SUBLAYER_KEY;
filter.layerKey = FWPM_LAYER_ALE_AUTH_CONNECT_V4;
if (!enableFilter(&filter, title, "Allow Outbound DHCP")) {
return false;
}
}
// Allow inbound DHCPv4
{
FWPM_FILTER_CONDITION0 conds[3];
conds[0].fieldKey = FWPM_CONDITION_IP_PROTOCOL;
conds[0].matchType = FWP_MATCH_EQUAL;
conds[0].conditionValue.type = FWP_UINT8;
conds[0].conditionValue.uint8 = (IPPROTO_UDP);
conds[1].fieldKey = FWPM_CONDITION_IP_LOCAL_PORT;
conds[1].matchType = FWP_MATCH_EQUAL;
conds[1].conditionValue.type = FWP_UINT16;
conds[1].conditionValue.uint16 = (68);
conds[2].fieldKey = FWPM_CONDITION_IP_REMOTE_PORT;
conds[2].matchType = FWP_MATCH_EQUAL;
conds[2].conditionValue.type = FWP_UINT16;
conds[2].conditionValue.uint16 = 67;
// Assemble the Filter base
FWPM_FILTER0 filter;
memset(&filter, 0, sizeof(filter));
filter.filterCondition = conds;
filter.numFilterConditions = 3;
filter.action.type = FWP_ACTION_PERMIT;
filter.weight.type = FWP_UINT8;
filter.weight.uint8 = weight;
filter.subLayerKey = ST_FW_WINFW_BASELINE_SUBLAYER_KEY;
filter.layerKey = FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V4;
if (!enableFilter(&filter, title, "Allow inbound DHCP")) {
return false;
}
}
// Allow outbound DHCPv6
{
FWPM_FILTER_CONDITION0 conds[3];
// Condition: Request must be targeting the TUN interface
conds[0].fieldKey = FWPM_CONDITION_IP_PROTOCOL;
conds[0].matchType = FWP_MATCH_EQUAL;
conds[0].conditionValue.type = FWP_UINT8;
conds[0].conditionValue.uint8 = (IPPROTO_UDP);
conds[1].fieldKey = FWPM_CONDITION_IP_LOCAL_PORT;
conds[1].matchType = FWP_MATCH_EQUAL;
conds[1].conditionValue.type = FWP_UINT16;
conds[1].conditionValue.uint16 = (68);
conds[2].fieldKey = FWPM_CONDITION_IP_REMOTE_PORT;
conds[2].matchType = FWP_MATCH_EQUAL;
conds[2].conditionValue.type = FWP_UINT16;
conds[2].conditionValue.uint16 = 67;
// Assemble the Filter base
FWPM_FILTER0 filter;
memset(&filter, 0, sizeof(filter));
filter.filterCondition = conds;
filter.numFilterConditions = 3;
filter.action.type = FWP_ACTION_PERMIT;
filter.weight.type = FWP_UINT8;
filter.weight.uint8 = weight;
filter.subLayerKey = ST_FW_WINFW_BASELINE_SUBLAYER_KEY;
filter.layerKey = FWPM_LAYER_ALE_AUTH_CONNECT_V6;
if (!enableFilter(&filter, title, "Allow outbound DHCPv6")) {
return false;
}
}
// Allow inbound DHCPv6
{
FWPM_FILTER_CONDITION0 conds[3];
conds[0].fieldKey = FWPM_CONDITION_IP_PROTOCOL;
conds[0].matchType = FWP_MATCH_EQUAL;
conds[0].conditionValue.type = FWP_UINT8;
conds[0].conditionValue.uint8 = (IPPROTO_UDP);
conds[1].fieldKey = FWPM_CONDITION_IP_LOCAL_PORT;
conds[1].matchType = FWP_MATCH_EQUAL;
conds[1].conditionValue.type = FWP_UINT16;
conds[1].conditionValue.uint16 = (68);
conds[2].fieldKey = FWPM_CONDITION_IP_REMOTE_PORT;
conds[2].matchType = FWP_MATCH_EQUAL;
conds[2].conditionValue.type = FWP_UINT16;
conds[2].conditionValue.uint16 = 67;
// Assemble the Filter base
FWPM_FILTER0 filter;
memset(&filter, 0, sizeof(filter));
filter.filterCondition = conds;
filter.numFilterConditions = 3;
filter.action.type = FWP_ACTION_PERMIT;
filter.weight.type = FWP_UINT8;
filter.weight.uint8 = weight;
filter.subLayerKey = ST_FW_WINFW_BASELINE_SUBLAYER_KEY;
filter.layerKey = FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V6;
if (!enableFilter(&filter, title, "Allow inbound DHCPv6")) {
return false;
}
}
return true;
}
// Allows the internal Hyper-V Switches to work.
bool WindowsFirewall::allowHyperVTraffic(uint8_t weight, const QString& title) {
FWPM_FILTER_CONDITION0 cond;
// Condition: Request must be targeting the TUN interface
cond.fieldKey = FWPM_CONDITION_L2_FLAGS;
cond.matchType = FWP_MATCH_EQUAL;
cond.conditionValue.type = FWP_UINT32;
cond.conditionValue.uint32 = FWP_CONDITION_L2_IS_VM2VM;
// Assemble the Filter base
FWPM_FILTER0 filter;
memset(&filter, 0, sizeof(filter));
filter.filterCondition = &cond;
filter.numFilterConditions = 1;
filter.action.type = FWP_ACTION_PERMIT;
filter.weight.type = FWP_UINT8;
filter.weight.uint8 = weight;
filter.subLayerKey = ST_FW_WINFW_BASELINE_SUBLAYER_KEY;
// #1 Permit Hyper-V => Hyper-V outbound.
filter.layerKey = FWPM_LAYER_OUTBOUND_MAC_FRAME_NATIVE;
if (!enableFilter(&filter, title, "Permit Hyper-V => Hyper-V outbound")) {
return false;
}
// #2 Permit Hyper-V => Hyper-V inbound.
filter.layerKey = FWPM_LAYER_INBOUND_MAC_FRAME_NATIVE;
if (!enableFilter(&filter, title, "Permit Hyper-V => Hyper-V inbound")) {
return false;
}
return true;
}
bool WindowsFirewall::blockTrafficTo(const IPAddress& addr, uint8_t weight,
const QString& title,
const QString& peer) {
QString description("Block traffic %1 %2 ");
auto lower = addr.address();
auto upper = addr.broadcastAddress();
const bool isV4 = addr.type() == QAbstractSocket::IPv4Protocol;
const GUID layerKeyOut =
isV4 ? FWPM_LAYER_ALE_AUTH_CONNECT_V4 : FWPM_LAYER_ALE_AUTH_CONNECT_V6;
const GUID layerKeyIn = isV4 ? FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V4
: FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V6;
// Assemble the Filter base
FWPM_FILTER0 filter{};
memset(&filter, 0, sizeof(filter));
filter.action.type = FWP_ACTION_BLOCK;
filter.weight.type = FWP_UINT8;
filter.weight.uint8 = weight;
filter.subLayerKey = ST_FW_WINFW_BASELINE_SUBLAYER_KEY;
FWPM_FILTER_CONDITION0 cond[1] = {0};
FWP_RANGE0 ipRange;
QByteArray lowIpV6Buffer;
QByteArray highIpV6Buffer;
importAddress(lower, ipRange.valueLow, &lowIpV6Buffer);
importAddress(upper, ipRange.valueHigh, &highIpV6Buffer);
cond[0].fieldKey = FWPM_CONDITION_IP_REMOTE_ADDRESS;
cond[0].matchType = FWP_MATCH_RANGE;
cond[0].conditionValue.type = FWP_RANGE_TYPE;
cond[0].conditionValue.rangeValue = &ipRange;
filter.numFilterConditions = 1;
filter.filterCondition = cond;
filter.layerKey = layerKeyOut;
if (!enableFilter(&filter, title, description.arg("to").arg(addr.toString()),
peer)) {
return false;
}
filter.layerKey = layerKeyIn;
if (!enableFilter(&filter, title,
description.arg("from").arg(addr.toString()), peer)) {
return false;
}
return true;
}
bool WindowsFirewall::blockTrafficTo(const QList<IPAddress>& rangeList,
uint8_t weight, const QString& title,
const QString& peer) {
for (auto range : rangeList) {
if (!blockTrafficTo(range, weight, title, peer)) {
qDebug() << "Setting Range of" << range.toString() << "failed";
return false;
}
}
return true;
}
// Returns the Path of the Current Executable this runs in
QString WindowsFirewall::getCurrentPath() {
const unsigned char initValue = 0xff;
QByteArray buffer(2048, initValue);
auto ok = GetModuleFileNameA(NULL, buffer.data(), buffer.size());
if (ok == ERROR_INSUFFICIENT_BUFFER) {
buffer.resize(buffer.size() * 2);
ok = GetModuleFileNameA(NULL, buffer.data(), buffer.size());
}
if (ok == 0) {
//WindowsCommons::windowsLog("Err fetching dos path");
return "";
}
return QString::fromLocal8Bit(buffer);
}
void WindowsFirewall::importAddress(const QHostAddress& addr,
OUT FWP_VALUE0_& value,
OUT QByteArray* v6DataBuffer) {
const bool isV4 = addr.protocol() == QAbstractSocket::IPv4Protocol;
if (isV4) {
value.type = FWP_UINT32;
value.uint32 = addr.toIPv4Address();
return;
}
auto v6bytes = addr.toIPv6Address();
v6DataBuffer->append((const char*)v6bytes.c, IPV6_ADDRESS_SIZE);
value.type = FWP_BYTE_ARRAY16_TYPE;
value.byteArray16 = (FWP_BYTE_ARRAY16*)v6DataBuffer->data();
}
void WindowsFirewall::importAddress(const QHostAddress& addr,
OUT FWP_CONDITION_VALUE0_& value,
OUT QByteArray* v6DataBuffer) {
const bool isV4 = addr.protocol() == QAbstractSocket::IPv4Protocol;
if (isV4) {
value.type = FWP_UINT32;
value.uint32 = addr.toIPv4Address();
return;
}
auto v6bytes = addr.toIPv6Address();
v6DataBuffer->append((const char*)v6bytes.c, IPV6_ADDRESS_SIZE);
value.type = FWP_BYTE_ARRAY16_TYPE;
value.byteArray16 = (FWP_BYTE_ARRAY16*)v6DataBuffer->data();
}
bool WindowsFirewall::blockTrafficOnPort(uint port, uint8_t weight,
const QString& title) {
// Allow Traffic to IP with PORT using any protocol
FWPM_FILTER_CONDITION0 conds[3];
conds[0].fieldKey = FWPM_CONDITION_IP_PROTOCOL;
conds[0].matchType = FWP_MATCH_EQUAL;
conds[0].conditionValue.type = FWP_UINT8;
conds[0].conditionValue.uint8 = (IPPROTO_UDP);
conds[1].fieldKey = FWPM_CONDITION_IP_PROTOCOL;
conds[1].matchType = FWP_MATCH_EQUAL;
conds[1].conditionValue.type = FWP_UINT8;
conds[1].conditionValue.uint8 = (IPPROTO_TCP);
conds[2].fieldKey = FWPM_CONDITION_IP_REMOTE_PORT;
conds[2].matchType = FWP_MATCH_EQUAL;
conds[2].conditionValue.type = FWP_UINT16;
conds[2].conditionValue.uint16 = port;
// Assemble the Filter base
FWPM_FILTER0 filter;
memset(&filter, 0, sizeof(filter));
filter.filterCondition = conds;
filter.numFilterConditions = 3;
filter.action.type = FWP_ACTION_BLOCK;
filter.weight.type = FWP_UINT8;
filter.weight.uint8 = weight;
filter.subLayerKey = ST_FW_WINFW_BASELINE_SUBLAYER_KEY;
QString description("Block %1 on Port %2");
filter.layerKey = FWPM_LAYER_ALE_AUTH_CONNECT_V6;
if (!enableFilter(&filter, title, description.arg("outgoing v6").arg(port))) {
return false;
}
filter.layerKey = FWPM_LAYER_ALE_AUTH_CONNECT_V4;
if (!enableFilter(&filter, title, description.arg("outgoing v4").arg(port))) {
return false;
}
filter.layerKey = FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V4;
if (!enableFilter(&filter, title, description.arg("incoming v4").arg(port))) {
return false;
}
filter.layerKey = FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V6;
if (!enableFilter(&filter, title, description.arg("incoming v6").arg(port))) {
return false;
}
return true;
}
bool WindowsFirewall::enableFilter(FWPM_FILTER0* filter, const QString& title,
const QString& description,
const QString& peer) {
uint64_t filterID = 0;
auto name = title.toStdWString();
auto desc = description.toStdWString();
filter->displayData.name = (PWSTR)name.c_str();
filter->displayData.description = (PWSTR)desc.c_str();
auto result = FwpmFilterAdd0(m_sessionHandle, filter, NULL, &filterID);
if (result != ERROR_SUCCESS) {
qDebug() << "Failed to enable filter: " << title << " "
<< description<< "with result "<<result<<" GetLastError:"<< GetLastError();
return false;
}
qDebug() << "Filter added: " << title << ":" << description;
if (peer.isEmpty()) {
m_activeRules.append(filterID);
} else {
m_peerRules.insert(peer, filterID);
}
return true;
}
bool WindowsFirewall::allowLoopbackTraffic(uint8_t weight,
const QString& title) {
QList<QNetworkInterface> networkInterfaces =
QNetworkInterface::allInterfaces();
for (const auto& iface : networkInterfaces) {
if (iface.type() != QNetworkInterface::Loopback) {
continue;
}
if (!allowTrafficOfAdapter(iface.index(), weight,
title.arg(iface.name()))) {
return false;
}
}
return true;
}

69
service/killswitch/windowsfirewall.h Normal file
View File

@@ -0,0 +1,69 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef WINDOWSFIREWALL_H
#define WINDOWSFIREWALL_H
#pragma comment(lib, "Fwpuclnt")
//#include "../../daemon/interfaceconfig.h"
#include "ipaddress.h"
#include <windows.h>
#include <fwpmu.h>
#include <QString>
#include <QObject>
#include <QHostAddress>
#include <QByteArray>
class IpAdressRange;
struct FWP_VALUE0_;
struct FWP_CONDITION_VALUE0_;
class WindowsFirewall final : public QObject {
public:
~WindowsFirewall();
static WindowsFirewall* instance();
bool init();
bool enableKillSwitch(int vpnAdapterIndex);
//bool enablePeerTraffic(const InterfaceConfig& config);
bool disablePeerTraffic(const QString& pubkey);
bool disableKillSwitch();
private:
WindowsFirewall(QObject* parent);
HANDLE m_sessionHandle{INVALID_HANDLE_VALUE};
bool m_init = false;
QList<uint64_t> m_activeRules;
QMultiMap<QString, uint64_t> m_peerRules;
bool allowTrafficForAppOnAll(const QString& exePath, int weight,
const QString& title);
bool blockTrafficTo(const QList<IPAddress>& range, uint8_t weight,
const QString& title, const QString& peer = QString());
bool blockTrafficTo(const IPAddress& addr, uint8_t weight,
const QString& title, const QString& peer = QString());
bool blockTrafficOnPort(uint port, uint8_t weight, const QString& title);
bool allowTrafficTo(const QHostAddress& targetIP, uint port, int weight,
const QString& title, const QString& peer = QString());
bool allowTrafficOfAdapter(int networkAdapter, uint8_t weight,
const QString& title);
bool allowDHCPTraffic(uint8_t weight, const QString& title);
bool allowHyperVTraffic(uint8_t weight, const QString& title);
bool allowLoopbackTraffic(uint8_t weight, const QString& title);
// Utils
QString getCurrentPath();
void importAddress(const QHostAddress& addr, OUT FWP_VALUE0_& value,
OUT QByteArray* v6DataBuffer);
void importAddress(const QHostAddress& addr, OUT FWP_CONDITION_VALUE0_& value,
OUT QByteArray* v6DataBuffer);
bool enableFilter(FWPM_FILTER0* filter, const QString& title,
const QString& description,
const QString& peer = QString());
};
#endif // WINDOWSFIREWALL_H

4
service/server/localserver.cpp
View File

@@ -10,6 +10,7 @@
#include "router.h"
#ifdef Q_OS_WIN
#include "windowsfirewall.h"
#include "tapcontroller_win.h"
#endif
@@ -38,6 +39,9 @@ LocalServer::LocalServer(QObject *parent) : QObject(parent),
LocalServer::~LocalServer()
{
auto cf = WindowsFirewall::instance();
cf->disableKillSwitch();
qDebug()<<"KillSwitch deactivated";
qDebug() << "Local server stopped";
}

29
service/server/main.cpp
View File

@@ -1,4 +1,5 @@
#include <QDir>
#include <QNetworkInterface>
#include "defines.h"
#include "localserver.h"
@@ -6,6 +7,26 @@
#include "systemservice.h"
#include "utils.h"
#ifdef Q_OS_WIN
#include "windowsfirewall.h"
#include <memory>
class KillSwitch final {
public:
explicit KillSwitch(){
qDebug()<<__FUNCTION__;
auto cf = WindowsFirewall::instance();
cf->init();
cf->disableKillSwitch();
}
~KillSwitch(){
qDebug()<<__FUNCTION__;
auto cf = WindowsFirewall::instance();
cf->disableKillSwitch();
}
};
std::unique_ptr<KillSwitch>ks;
#endif
int runApplication(int argc, char** argv)
{
@@ -15,13 +36,15 @@ int runApplication(int argc, char** argv)
return app.exec();
}
int main(int argc, char **argv)
{
Utils::initializePath(Utils::systemLogPath());
Log::initialize();
#ifdef Q_OS_WIN
ks = std::make_unique<KillSwitch>();
#endif
if (argc == 2) {
qInfo() << "Started as console application";
return runApplication(argc, argv);
@@ -32,7 +55,7 @@ int main(int argc, char **argv)
SystemService systemService(argc, argv);
return systemService.exec();
#else
return runApplication(argc, argv);
return runApplication(argc, argv);
#endif
}

154
service/server/router.cpp
View File

@@ -2,18 +2,157 @@
#ifdef Q_OS_WIN
#include "router_win.h"
#elif defined (Q_OS_MAC)
#elif defined(Q_OS_MAC)
#include "router_mac.h"
#elif defined Q_OS_LINUX
#include "router_linux.h"
#endif
#ifdef Q_OS_WIN
#include <QNetworkInterface>
#include "windowsfirewall.h"
#include <cstring>
namespace
{
// TODO:FIXME try to get this constexpr variable from CORE code
constexpr char IKEV2[]{"AmneziaVPN IKEv2"};
constexpr char WG[]{"AmneziaVPN.WireGuard0"};
constexpr char OVPN[]{"TAP-Windows Adapter V9"};
bool is_eth_adapter_activated(char* ethName)
{
auto convert_wide_to_ansi = [](const std::wstring& widestring)->std::string{
auto nchars = WideCharToMultiByte(
CP_ACP,
0,
widestring.c_str(),
static_cast<int>(widestring.length() + 1),
nullptr,
0,
nullptr,
nullptr);
std::string converted_string{};
converted_string.resize(nchars);
WideCharToMultiByte(CP_ACP,
0,
widestring.c_str(),
-1,
&converted_string[0],
static_cast<int>(widestring.length()),
nullptr,
nullptr);
return converted_string;
};
constexpr ULONG MAX_BUFFER_SIZE = 15000;
ULONG bufferSize = MAX_BUFFER_SIZE;
IP_ADAPTER_ADDRESSES *pAdapterAddresses = (IP_ADAPTER_ADDRESSES *)HeapAlloc(GetProcessHeap(), 0, bufferSize);
::GetAdaptersAddresses(AF_INET, 0, nullptr, pAdapterAddresses, &bufferSize);
do
{
const auto Descr = convert_wide_to_ansi(pAdapterAddresses->Description);
if (strcmp(ethName, Descr.data()) == 0) //the same
{
if (pAdapterAddresses->OperStatus == IfOperStatusUp){
return true;
}
}
if (pAdapterAddresses->Next != 0)
{
pAdapterAddresses = pAdapterAddresses->Next;
}
} while (pAdapterAddresses->Next != 0);
//::HeapFree(GetProcessHeap(), 0, pAdapterAddresses);
return false;
}
bool get_eth_name(const QString &adp_name)
{
IP_ADAPTER_INFO *pAdapterInfo{nullptr};
pAdapterInfo = (IP_ADAPTER_INFO *)malloc(sizeof(IP_ADAPTER_INFO));
ULONG buflen = sizeof(IP_ADAPTER_INFO);
if (GetAdaptersInfo(pAdapterInfo, &buflen) == ERROR_BUFFER_OVERFLOW)
{
free(pAdapterInfo);
pAdapterInfo = (IP_ADAPTER_INFO *)
malloc(buflen);
}
if (GetAdaptersInfo(pAdapterInfo, &buflen) == NO_ERROR)
{
IP_ADAPTER_INFO *pAdapter{pAdapterInfo};
if (pAdapter == nullptr)
return false;
while (pAdapter != nullptr)
{
const auto adp_acitvated = is_eth_adapter_activated(pAdapter->Description);
if (adp_name == pAdapter->Description && adp_acitvated){
qDebug() << "We will work with:";
qDebug() << "Adapter Name: " << pAdapter->AdapterName;
qDebug() << "Adapter Desc: " << pAdapter->Description;
qDebug() << "Adapter Index: " << pAdapter->Index;
qDebug() << "Adapter activated:"<<adp_acitvated;
free(pAdapterInfo);
return true;
}
pAdapter = pAdapter->Next;
}
}
free(pAdapterInfo);
return false;
}
void enable_killswitch()
{
auto VPN_LIST = []() -> int
{
const auto adapterList = QNetworkInterface::allInterfaces();
//qAsConst
for (const auto &adapter : adapterList)
{
bool finded{false};
finded = get_eth_name(OVPN);
if (adapter.humanReadableName().contains(IKEV2) ||
adapter.humanReadableName().contains(WG) ||
finded ||
adapter.humanReadableName().contains(OVPN))
{
qDebug() << "Network adapter for 'kill switch' option finded: " << adapter.humanReadableName();
return adapter.index();
}
}
return -1;
};
const auto &current_vpn = VPN_LIST();
if (current_vpn != -1)
{
qInfo() << "KillSwitch option activated";
auto cf = WindowsFirewall::instance();
cf->enableKillSwitch(current_vpn);
}
else
{
// TODO::FIXME
qCritical().noquote() << "No any adapters was found, it's error";
}
}
} // end namespace
#endif
// TODO::FIXME when wireguard is activated, the adapter will alaviable
// after a couple of seconds
#include <thread>
int Router::routeAddList(const QString &gw, const QStringList &ips)
{
#ifdef Q_OS_WIN
return RouterWin::Instance().routeAddList(gw, ips);
#elif defined (Q_OS_MAC)
auto value = RouterWin::Instance().routeAddList(gw, ips);
// TODO::FIXME the next sleep is need only for wireguard
std::this_thread::sleep_for(std::chrono::seconds(5));
enable_killswitch();
return value;
// return RouterWin::Instance().routeAddList(gw, ips);
#elif defined(Q_OS_MAC)
return RouterMac::Instance().routeAddList(gw, ips);
#elif defined Q_OS_LINUX
return RouterLinux::Instance().routeAddList(gw, ips);
@@ -24,7 +163,7 @@ bool Router::clearSavedRoutes()
{
#ifdef Q_OS_WIN
return RouterWin::Instance().clearSavedRoutes();
#elif defined (Q_OS_MAC)
#elif defined(Q_OS_MAC)
return RouterMac::Instance().clearSavedRoutes();
#elif defined Q_OS_LINUX
return RouterLinux::Instance().clearSavedRoutes();
@@ -35,7 +174,7 @@ int Router::routeDeleteList(const QString &gw, const QStringList &ips)
{
#ifdef Q_OS_WIN
return RouterWin::Instance().routeDeleteList(gw, ips);
#elif defined (Q_OS_MAC)
#elif defined(Q_OS_MAC)
return RouterMac::Instance().routeDeleteList(gw, ips);
#elif defined Q_OS_LINUX
return RouterLinux::Instance().routeDeleteList(gw, ips);
@@ -46,7 +185,7 @@ void Router::flushDns()
{
#ifdef Q_OS_WIN
RouterWin::Instance().flushDns();
#elif defined (Q_OS_MAC)
#elif defined(Q_OS_MAC)
RouterMac::Instance().flushDns();
#elif defined Q_OS_LINUX
RouterLinux::Instance().flushDns();
@@ -57,10 +196,9 @@ void Router::resetIpStack()
{
#ifdef Q_OS_WIN
RouterWin::Instance().resetIpStack();
#elif defined (Q_OS_MAC)
#elif defined(Q_OS_MAC)
// todo fixme
#elif defined Q_OS_LINUX
// todo fixme
#endif
}

155
service/server/router_win.cpp
View File

@@ -27,13 +27,12 @@ RouterWin &RouterWin::Instance()
int RouterWin::routeAddList(const QString &gw, const QStringList &ips)
{
// qDebug().noquote() << QString("ROUTE ADD List: IPs size:%1, GW: %2")
// .arg(ips.size())
// .arg(gw);
// qDebug().noquote() << QString("ROUTE ADD List: IPs:\n%1")
// .arg(ips.join("\n"));
// qDebug().noquote() << QString("ROUTE ADD List: IPs size:%1, GW: %2")
// .arg(ips.size())
// .arg(gw);
// qDebug().noquote() << QString("ROUTE ADD List: IPs:\n%1")
// .arg(ips.join("\n"));
if (!Utils::checkIPv4Format(gw)) {
qCritical().noquote() << "Trying to add invalid route, gw: " << gw;
@@ -204,12 +203,12 @@ bool RouterWin::clearSavedRoutes()
int RouterWin::routeDeleteList(const QString &gw, const QStringList &ips)
{
// qDebug().noquote() << QString("ROUTE DELETE List: IPs size:%1, GW: %2")
// .arg(ips.size())
// .arg(gw);
// qDebug().noquote() << QString("ROUTE DELETE List: IPs size:%1, GW: %2")
// .arg(ips.size())
// .arg(gw);
// qDebug().noquote() << QString("ROUTE DELETE List: IPs:\n%1")
// .arg(ips.join("\n"));
// qDebug().noquote() << QString("ROUTE DELETE List: IPs:\n%1")
// .arg(ips.join("\n"));
PMIB_IPFORWARDTABLE pIpForwardTable = NULL;
DWORD dwSize = 0;
@@ -291,11 +290,11 @@ void RouterWin::flushDns()
void RouterWin::resetIpStack()
{
// {
// QProcess p;
// QString command = QString("ipconfig /release");
// p.start(command);
// }
// {
// QProcess p;
// QString command = QString("ipconfig /release");
// p.start(command);
// }
{
QProcess p;
QString command = QString("netsh int ip reset");
@@ -346,90 +345,90 @@ DWORD RouterWin::GetServicePid(LPCWSTR serviceName)
BOOL RouterWin::ListProcessThreads( DWORD dwOwnerPID )
{
HANDLE hThreadSnap = INVALID_HANDLE_VALUE;
THREADENTRY32 te32;
HANDLE hThreadSnap = INVALID_HANDLE_VALUE;
THREADENTRY32 te32;
// Take a snapshot of all running threads
hThreadSnap = CreateToolhelp32Snapshot( TH32CS_SNAPTHREAD, 0 );
if( hThreadSnap == INVALID_HANDLE_VALUE )
return( FALSE );
// Take a snapshot of all running threads
hThreadSnap = CreateToolhelp32Snapshot( TH32CS_SNAPTHREAD, 0 );
if( hThreadSnap == INVALID_HANDLE_VALUE )
return( FALSE );
// Fill in the size of the structure before using it.
te32.dwSize = sizeof(THREADENTRY32);
// Fill in the size of the structure before using it.
te32.dwSize = sizeof(THREADENTRY32);
// Retrieve information about the first thread,
// and exit if unsuccessful
if( !Thread32First( hThreadSnap, &te32 ) )
{
//printError( TEXT("Thread32First") ); // show cause of failure
CloseHandle( hThreadSnap ); // clean the snapshot object
return( FALSE );
}
// Now walk the thread list of the system,
// and display information about each thread
// associated with the specified process
//HANDLE threadHandle;
do
{
if( te32.th32OwnerProcessID == dwOwnerPID )
// Retrieve information about the first thread,
// and exit if unsuccessful
if( !Thread32First( hThreadSnap, &te32 ) )
{
HANDLE threadHandle = OpenThread (PROCESS_QUERY_INFORMATION, FALSE, te32.th32ThreadID);
qDebug() << "OpenThread GetLastError:"<< te32.th32ThreadID << GetLastError() << threadHandle;
ULONG64 cycles = 0;
BOOL ok = QueryThreadCycleTime(threadHandle, &cycles);
qDebug() << "QueryThreadCycleTime GetLastError:" << ok << GetLastError();
qDebug() << "Thread cycles:" << te32.th32ThreadID << cycles;
// _tprintf( TEXT("\n\n THREAD ID = 0x%08X"), te32.th32ThreadID );
// _tprintf( TEXT("\n Base priority = %d"), te32.tpBasePri );
// _tprintf( TEXT("\n Delta priority = %d"), te32.tpDeltaPri );
// _tprintf( TEXT("\n"));
CloseHandle(threadHandle);
//printError( TEXT("Thread32First") ); // show cause of failure
CloseHandle( hThreadSnap ); // clean the snapshot object
return( FALSE );
}
} while( Thread32Next(hThreadSnap, &te32 ) );
CloseHandle( hThreadSnap );
return( TRUE );
// Now walk the thread list of the system,
// and display information about each thread
// associated with the specified process
//HANDLE threadHandle;
do
{
if( te32.th32OwnerProcessID == dwOwnerPID )
{
HANDLE threadHandle = OpenThread (PROCESS_QUERY_INFORMATION, FALSE, te32.th32ThreadID);
qDebug() << "OpenThread GetLastError:"<< te32.th32ThreadID << GetLastError() << threadHandle;
ULONG64 cycles = 0;
BOOL ok = QueryThreadCycleTime(threadHandle, &cycles);
qDebug() << "QueryThreadCycleTime GetLastError:" << ok << GetLastError();
qDebug() << "Thread cycles:" << te32.th32ThreadID << cycles;
// _tprintf( TEXT("\n\n THREAD ID = 0x%08X"), te32.th32ThreadID );
// _tprintf( TEXT("\n Base priority = %d"), te32.tpBasePri );
// _tprintf( TEXT("\n Delta priority = %d"), te32.tpDeltaPri );
// _tprintf( TEXT("\n"));
CloseHandle(threadHandle);
}
} while( Thread32Next(hThreadSnap, &te32 ) );
CloseHandle( hThreadSnap );
return( TRUE );
}
BOOL RouterWin::EnableDebugPrivilege(VOID)
{
HANDLE hToken = NULL;
TOKEN_PRIVILEGES priv;
HANDLE hToken = NULL;
TOKEN_PRIVILEGES priv;
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &hToken))
return FALSE;
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &hToken))
return FALSE;
if (!LookupPrivilegeValueW(NULL, SE_DEBUG_NAME, &priv.Privileges[0].Luid))
return FALSE;
if (!LookupPrivilegeValueW(NULL, SE_DEBUG_NAME, &priv.Privileges[0].Luid))
return FALSE;
priv.PrivilegeCount = 1;
priv.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
priv.PrivilegeCount = 1;
priv.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
return AdjustTokenPrivileges(hToken, FALSE, &priv, sizeof(priv), NULL, NULL);
return AdjustTokenPrivileges(hToken, FALSE, &priv, sizeof(priv), NULL, NULL);
}
BOOL RouterWin::InitNtFunctions(VOID)
{
HMODULE hModule;
HMODULE hModule;
hModule = GetModuleHandleW(L"ntdll.dll");
if (hModule == NULL)
return FALSE;
hModule = GetModuleHandleW(L"ntdll.dll");
if (hModule == NULL)
return FALSE;
//NtSuspendProcess = (decltype(NtSuspendProcess))GetProcAddress(hModule, "NtSuspendThread");
NtSuspendProcess = (decltype(NtSuspendProcess))GetProcAddress(hModule, "NtSuspendProcess");
if (NtSuspendProcess == NULL)
return FALSE;
//NtSuspendProcess = (decltype(NtSuspendProcess))GetProcAddress(hModule, "NtSuspendThread");
NtSuspendProcess = (decltype(NtSuspendProcess))GetProcAddress(hModule, "NtSuspendProcess");
if (NtSuspendProcess == NULL)
return FALSE;
//NtResumeProcess = (decltype(NtResumeProcess))GetProcAddress(hModule, "NtResumeThread");
NtResumeProcess = (decltype(NtResumeProcess))GetProcAddress(hModule, "NtResumeProcess");
if (NtResumeProcess == NULL)
return FALSE;
//NtResumeProcess = (decltype(NtResumeProcess))GetProcAddress(hModule, "NtResumeThread");
NtResumeProcess = (decltype(NtResumeProcess))GetProcAddress(hModule, "NtResumeProcess");
if (NtResumeProcess == NULL)
return FALSE;
return TRUE;
return TRUE;
}
BOOL RouterWin::SuspendProcess(BOOL fSuspend, DWORD dwProcessId)

1
service/server/router_win.h
View File

@@ -35,6 +35,7 @@ class RouterWin : public QObject
public:
static RouterWin& Instance();
int routeAddList(const QString &gw, const QStringList &ips);
bool clearSavedRoutes();
int routeDeleteList(const QString &gw, const QStringList &ips);

2
service/server/server.pro
View File

@@ -24,6 +24,8 @@ SOURCES = \
systemservice.cpp
win32 {
include(../killswitch/killswitch.pri)
HEADERS += \
tapcontroller_win.h \
router_win.h