Android SplitTunnel
This commit is contained in:
Mykola Baibuz
parent
501670bdd2
commit
2df612ec1f
5 changed files with 94 additions and 13 deletions
|
|
@ -297,7 +297,7 @@ void AmneziaApplication::initModels()
|
|||
connect(m_containersModel.get(), &ContainersModel::defaultContainerChanged, this, [this]() {
|
||||
if (m_containersModel->getDefaultContainer() == DockerContainer::WireGuard
|
||||
&& m_sitesModel->isSplitTunnelingEnabled()) {
|
||||
m_sitesModel->toggleSplitTunneling(false);
|
||||
m_sitesModel->toggleSplitTunneling(true);
|
||||
emit m_pageController->showNotificationMessage(
|
||||
tr("Split tunneling for WireGuard is not implemented, the option was disabled"));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -72,6 +72,13 @@ class OpenVPNThreadv3(var service: VPNService): ClientAPI_OpenVPNClient(), Runna
|
|||
|
||||
val jsonVpnConfig = mService.getVpnConfig()
|
||||
val ovpnConfig = jsonVpnConfig.getJSONObject("openvpn_config_data").getString("config")
|
||||
Log.e(tag, "jsonVpnConfig $jsonVpnConfig")
|
||||
val splitTunnelType = jsonVpnConfig.getInt("splitTunnelType")
|
||||
val splitTunnelSites = jsonVpnConfig.getJSONArray("splitTunnelSites")
|
||||
|
||||
Log.e(tag, "splitTunnelType $splitTunnelType")
|
||||
Log.e(tag, "splitTunnelSites $splitTunnelSites")
|
||||
|
||||
|
||||
val resultingConfig = StringBuilder()
|
||||
resultingConfig.append(ovpnConfig)
|
||||
|
|
@ -115,6 +122,7 @@ class OpenVPNThreadv3(var service: VPNService): ClientAPI_OpenVPNClient(), Runna
|
|||
eval_config(config)
|
||||
|
||||
val status = connect()
|
||||
|
||||
if (status.getError()) {
|
||||
Log.i(tag, "connect() error: " + status.getError() + ": " + status.getMessage())
|
||||
}
|
||||
|
|
@ -139,7 +147,46 @@ class OpenVPNThreadv3(var service: VPNService): ClientAPI_OpenVPNClient(), Runna
|
|||
|
||||
override fun tun_builder_establish(): Int {
|
||||
Log.v(tag, "tun_builder_establish")
|
||||
return mService.establish()!!.detachFd()
|
||||
val Fd = mService.establish()!!.detachFd()
|
||||
|
||||
val jsonVpnConfig = mService.getVpnConfig()
|
||||
|
||||
val splitTunnelType = jsonVpnConfig.getInt("splitTunnelType")
|
||||
val splitTunnelSites = jsonVpnConfig.getJSONArray("splitTunnelSites")
|
||||
|
||||
Log.e(tag, "splitTunnelSites $splitTunnelSites")
|
||||
for (i in 0 until splitTunnelSites.length()) {
|
||||
val site = splitTunnelSites.getString(i)
|
||||
if (site.contains("\\/")) {
|
||||
Log.e(tag, "site $site rawMask 32")
|
||||
mService.addRoute(site, 32)
|
||||
} else {
|
||||
var slash = site.lastIndexOf('/');
|
||||
var maskString: String = ""
|
||||
var rawMask = 32
|
||||
var rawAddress: String = ""
|
||||
if (slash >= 0) {
|
||||
maskString = site.substring(slash + 1)
|
||||
try {
|
||||
rawMask = Integer.parseInt(maskString, 10)
|
||||
} catch (e: Exception) {
|
||||
|
||||
}
|
||||
rawAddress = site.substring(0, slash)
|
||||
} else {
|
||||
maskString = ""
|
||||
rawMask = 32
|
||||
rawAddress = site
|
||||
}
|
||||
Log.e(tag, "rawAddress $rawAddress rawMask $rawMask")
|
||||
mService.addRoute(rawAddress, rawMask)
|
||||
//val internet = InetNetwork.parse(site)
|
||||
//peerBuilder.addAllowedIp(internet)
|
||||
}
|
||||
Log.e(tag, "splitTunnelSites $site")
|
||||
}
|
||||
|
||||
return Fd
|
||||
}
|
||||
|
||||
override fun tun_builder_add_address(address: String , prefix_length: Int , gateway: String , ipv6:Boolean , net30: Boolean ): Boolean {
|
||||
|
|
@ -159,7 +206,7 @@ class OpenVPNThreadv3(var service: VPNService): ClientAPI_OpenVPNClient(), Runna
|
|||
|
||||
override fun tun_builder_reroute_gw(ipv4: Boolean, ipv6: Boolean , flags: Long): Boolean {
|
||||
Log.v(tag, "tun_builder_reroute_gw")
|
||||
mService.addRoute("0.0.0.0", 0)
|
||||
// mService.addRoute("0.0.0.0", 0)
|
||||
return true
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -571,6 +571,9 @@ class VPNService : BaseVpnService(), LocalDnsService.Interface {
|
|||
private fun buildWireguardConfig(obj: JSONObject, type: String): Config {
|
||||
val confBuilder = Config.Builder()
|
||||
val wireguardConfigData = obj.getJSONObject(type)
|
||||
val splitTunnelType = obj.getInt("splitTunnelType")
|
||||
val splitTunnelSites = obj.getJSONArray("splitTunnelSites")
|
||||
|
||||
val config = parseConfigData(wireguardConfigData.getString("config"))
|
||||
val peerBuilder = Peer.Builder()
|
||||
val peerConfig = config["Peer"]!!
|
||||
|
|
@ -579,15 +582,37 @@ class VPNService : BaseVpnService(), LocalDnsService.Interface {
|
|||
peerBuilder.setPreSharedKey(Key.fromBase64(it))
|
||||
}
|
||||
val allowedIPList = peerConfig["AllowedIPs"]?.split(",") ?: emptyList()
|
||||
if (allowedIPList.isEmpty()) {
|
||||
val internet = InetNetwork.parse("0.0.0.0/0") // aka The whole internet.
|
||||
peerBuilder.addAllowedIp(internet)
|
||||
} else {
|
||||
allowedIPList.forEach {
|
||||
val network = InetNetwork.parse(it.trim())
|
||||
peerBuilder.addAllowedIp(network)
|
||||
|
||||
Log.e(tag, "splitTunnelSites $splitTunnelSites")
|
||||
for (i in 0 until splitTunnelSites.length()) {
|
||||
val site = splitTunnelSites.getString(i)
|
||||
if (site.contains("\\/")) {
|
||||
val internet = InetNetwork.parse(site + "\\32")
|
||||
peerBuilder.addAllowedIp(internet)
|
||||
} else {
|
||||
val internet = InetNetwork.parse(site)
|
||||
peerBuilder.addAllowedIp(internet)
|
||||
}
|
||||
Log.e(tag, "splitTunnelSites $site")
|
||||
}
|
||||
|
||||
// if (allowedIPList.isEmpty() /*&& splitTunnelType.equals("0", true) */) {
|
||||
// Log.e(tag, "splitTunnelSites $splitTunnelSites")
|
||||
// for (i in 0 until splitTunnelSites.length()) {
|
||||
// val site = splitTunnelSites.getString(i)
|
||||
// Log.e(tag, "splitTunnelSites $site")
|
||||
// }
|
||||
|
||||
// val internet = InetNetwork.parse("0.0.0.0/0") // aka The whole internet.
|
||||
// peerBuilder.addAllowedIp(internet)
|
||||
// } else {
|
||||
|
||||
|
||||
// allowedIPList.forEach {
|
||||
// val network = InetNetwork.parse(it.trim())
|
||||
// peerBuilder.addAllowedIp(network)
|
||||
// }
|
||||
// }
|
||||
val endpointConfig = peerConfig["Endpoint"]
|
||||
val endpoint = InetEndpoint.parse(endpointConfig)
|
||||
peerBuilder.setEndpoint(endpoint)
|
||||
|
|
@ -753,6 +778,9 @@ class VPNService : BaseVpnService(), LocalDnsService.Interface {
|
|||
GoBackend.wgTurnOff(currentTunnelHandle)
|
||||
}
|
||||
val wgConfig: String = wireguard_conf.toWgUserspaceString()
|
||||
|
||||
Log.e(tag, "wgConfig : $wgConfig")
|
||||
|
||||
val builder = Builder()
|
||||
setupBuilder(wireguard_conf, builder)
|
||||
builder.setSession("Amnezia")
|
||||
|
|
|
|||
|
|
@ -125,16 +125,22 @@ QString OpenVpnConfigurator::processConfigWithLocalSettings(QString jsonConfig)
|
|||
config.replace(regex, "");
|
||||
|
||||
if (m_settings->routeMode() == Settings::VpnAllSites) {
|
||||
config.append("\nredirect-gateway def1 ipv6 bypass-dhcp\n");
|
||||
qDebug() << "Settings::VpnAllSites";
|
||||
|
||||
//config.append("\nredirect-gateway def1 ipv6 bypass-dhcp\n");
|
||||
// Prevent ipv6 leak
|
||||
config.append("ifconfig-ipv6 fd15:53b6:dead::2/64 fd15:53b6:dead::1\n");
|
||||
config.append("block-ipv6\n");
|
||||
}
|
||||
if (m_settings->routeMode() == Settings::VpnOnlyForwardSites) {
|
||||
qDebug() << "Settings::VpnOnlyForwardSites";
|
||||
|
||||
// no redirect-gateway
|
||||
}
|
||||
if (m_settings->routeMode() == Settings::VpnAllExceptSites) {
|
||||
config.append("\nredirect-gateway ipv6 !ipv4 bypass-dhcp\n");
|
||||
qDebug() << "Settings::VpnAllExceptSites";
|
||||
|
||||
//config.append("\nredirect-gateway ipv6 !ipv4 bypass-dhcp\n");
|
||||
// Prevent ipv6 leak
|
||||
config.append("ifconfig-ipv6 fd15:53b6:dead::2/64 fd15:53b6:dead::1\n");
|
||||
config.append("block-ipv6\n");
|
||||
|
|
|
|||
|
|
@ -94,7 +94,7 @@ PageType {
|
|||
DividerType {}
|
||||
|
||||
LabelWithButtonType {
|
||||
visible: !GC.isMobile()
|
||||
visible: GC.isDesktop() || Qt.platform.os === "android"
|
||||
|
||||
Layout.fillWidth: true
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue