diff --git a/client/android/protocolApi/src/main/kotlin/ProtocolConfig.kt b/client/android/protocolApi/src/main/kotlin/ProtocolConfig.kt index 75ba1abf..78a24e82 100644 --- a/client/android/protocolApi/src/main/kotlin/ProtocolConfig.kt +++ b/client/android/protocolApi/src/main/kotlin/ProtocolConfig.kt @@ -128,7 +128,8 @@ open class ProtocolConfig protected constructor( } private fun processExcludedRoutes() { - if (Build.VERSION.SDK_INT < Build.VERSION_CODES.TIRAMISU) { + if (Build.VERSION.SDK_INT < Build.VERSION_CODES.TIRAMISU && excludedRoutes.isNotEmpty()) { + // todo: rewrite, taking into account the current routes // for older versions of Android, build a list of subnets without excluded routes // and add them to routes val ipRangeSet = IpRangeSet() diff --git a/client/configurators/wireguard_configurator.h b/client/configurators/wireguard_configurator.h index c1b4aa3c..d2422981 100644 --- a/client/configurators/wireguard_configurator.h +++ b/client/configurators/wireguard_configurator.h @@ -31,11 +31,11 @@ public: QString processConfigWithLocalSettings(QString config); QString processConfigWithExportSettings(QString config); + static ConnectionData genClientKeys(); + private: ConnectionData prepareWireguardConfig(const ServerCredentials &credentials, DockerContainer container, const QJsonObject &containerConfig, ErrorCode *errorCode = nullptr); - - ConnectionData genClientKeys(); bool m_isAwg; QString m_serverConfigPath; diff --git a/client/ui/controllers/apiController.cpp b/client/ui/controllers/apiController.cpp index 14a05410..d4142751 100644 --- a/client/ui/controllers/apiController.cpp +++ b/client/ui/controllers/apiController.cpp @@ -5,12 +5,14 @@ #include #include "configurators/openvpn_configurator.h" +#include "configurators/wireguard_configurator.h" namespace { namespace configKey { constexpr char cloak[] = "cloak"; + constexpr char awg[] = "awg"; constexpr char apiEdnpoint[] = "api_endpoint"; constexpr char accessToken[] = "api_key"; @@ -26,33 +28,42 @@ ApiController::ApiController(const QSharedPointer &serversModel, { } -QString ApiController::genPublicKey(const QString &protocol) -{ - if (protocol == configKey::cloak) { - return "."; - } - return QString(); -} - -QString ApiController::genCertificateRequest(const QString &protocol) -{ - if (protocol == configKey::cloak) { - m_certRequest = OpenVpnConfigurator::createCertRequest(); - return m_certRequest.request; - } - return QString(); -} - -void ApiController::processCloudConfig(const QString &protocol, QString &config) +void ApiController::processCloudConfig(const QString &protocol, const ApiController::ApiPayloadData &apiPayloadData, QString &config) { if (protocol == configKey::cloak) { config.replace("", "\n"); - config.replace("$OPENVPN_PRIV_KEY", m_certRequest.privKey); + config.replace("$OPENVPN_PRIV_KEY", apiPayloadData.certRequest.privKey); return; + } else if (protocol == configKey::awg) { + config.replace("$WIREGUARD_CLIENT_PRIVATE_KEY", apiPayloadData.wireGuardClientPrivKey); } return; } +ApiController::ApiPayloadData ApiController::generateApiPayloadData(const QString &protocol) +{ + ApiController::ApiPayloadData apiPayload; + if (protocol == configKey::cloak) { + apiPayload.certRequest = OpenVpnConfigurator::createCertRequest(); + } else if (protocol == configKey::awg) { + auto connData = WireguardConfigurator::genClientKeys(); + apiPayload.wireGuardClientPubKey = connData.clientPubKey; + apiPayload.wireGuardClientPrivKey = connData.clientPrivKey; + } + return apiPayload; +} + +QJsonObject ApiController::fillApiPayload(const QString &protocol, const ApiController::ApiPayloadData &apiPayloadData) +{ + QJsonObject obj; + if (protocol == configKey::cloak) { + obj[configKey::certificate] = apiPayloadData.certRequest.request; + } else if (protocol == configKey::awg) { + obj[configKey::publicKey] = apiPayloadData.wireGuardClientPubKey; + } + return obj; +} + bool ApiController::updateServerConfigFromApi() { auto serverConfig = m_serversModel->getDefaultServerConfig(); @@ -71,13 +82,9 @@ bool ApiController::updateServerConfigFromApi() QString protocol = serverConfig.value(configKey::protocol).toString(); - QJsonObject obj; + auto apiPayloadData = generateApiPayloadData(protocol); - obj[configKey::publicKey] = genPublicKey(protocol); - obj[configKey::certificate] = genCertificateRequest(protocol); - - QByteArray requestBody = QJsonDocument(obj).toJson(); - qDebug() << requestBody; + QByteArray requestBody = QJsonDocument(fillApiPayload(protocol, apiPayloadData)).toJson(); QScopedPointer reply; reply.reset(manager.post(request, requestBody)); @@ -100,7 +107,7 @@ bool ApiController::updateServerConfigFromApi() } QString configStr = ba; - processCloudConfig(protocol, configStr); + processCloudConfig(protocol, apiPayloadData, configStr); QJsonObject cloudConfig = QJsonDocument::fromJson(configStr.toUtf8()).object(); diff --git a/client/ui/controllers/apiController.h b/client/ui/controllers/apiController.h index 1ce933c6..ed7db533 100644 --- a/client/ui/controllers/apiController.h +++ b/client/ui/controllers/apiController.h @@ -22,15 +22,19 @@ signals: void errorOccurred(const QString &errorMessage); private: - QString genPublicKey(const QString &protocol); - QString genCertificateRequest(const QString &protocol); + struct ApiPayloadData { + OpenVpnConfigurator::ConnectionData certRequest; - void processCloudConfig(const QString &protocol, QString &config); + QString wireGuardClientPrivKey; + QString wireGuardClientPubKey; + }; + + ApiPayloadData generateApiPayloadData(const QString &protocol); + QJsonObject fillApiPayload(const QString &protocol, const ApiController::ApiPayloadData &apiPayloadData); + void processCloudConfig(const QString &protocol, const ApiController::ApiPayloadData &apiPayloadData, QString &config); QSharedPointer m_serversModel; QSharedPointer m_containersModel; - - OpenVpnConfigurator::ConnectionData m_certRequest; }; #endif // APICONTROLLER_H diff --git a/client/vpnconnection.cpp b/client/vpnconnection.cpp index d3588fe4..d267584a 100644 --- a/client/vpnconnection.cpp +++ b/client/vpnconnection.cpp @@ -388,6 +388,25 @@ void VpnConnection::createProtocolConnections() void VpnConnection::appendSplitTunnelingConfig() { + if (m_vpnConfiguration.value(config_key::configVersion).toInt()) { + auto protocolName = m_vpnConfiguration.value(config_key::vpnproto).toString(); + if (protocolName == ProtocolProps::protoToString(Proto::Awg)) { + auto configData = m_vpnConfiguration.value(protocolName + "_config_data").toObject(); + QJsonArray allowedIpsJsonArray = QJsonArray::fromStringList(configData.value("allowed_ips").toString().split(",")); + QJsonArray defaultAllowedIP = QJsonArray::fromStringList(QString("0.0.0.0/0, ::/0").split(",")); + + if (allowedIpsJsonArray != defaultAllowedIP) { + allowedIpsJsonArray.append(m_vpnConfiguration.value(config_key::dns1).toString()); + allowedIpsJsonArray.append(m_vpnConfiguration.value(config_key::dns2).toString()); + + m_vpnConfiguration.insert(config_key::splitTunnelType, Settings::RouteMode::VpnOnlyForwardSites); + m_vpnConfiguration.insert(config_key::splitTunnelSites, allowedIpsJsonArray); + + return; + } + } + } + auto routeMode = m_settings->routeMode(); auto sites = m_settings->getVpnIps(routeMode); @@ -397,7 +416,7 @@ void VpnConnection::appendSplitTunnelingConfig() } // Allow traffic to Amezia DNS - if (routeMode == Settings::VpnOnlyForwardSites){ + if (routeMode == Settings::VpnOnlyForwardSites) { sitesJsonArray.append(m_vpnConfiguration.value(config_key::dns1).toString()); sitesJsonArray.append(m_vpnConfiguration.value(config_key::dns2).toString()); }