Merge 9f8c40f4b0 into efcc0b7efc

client/3rd-prebuilt

@@ -1 +1 @@
-Subproject commit 0f3748efd7cc04e0c914304b68931f925bed1259
+Subproject commit a72a1aeddfb041eaebcf9e7e09ad8adc0c3afbee

client/platforms/ios/PacketTunnelProvider+OpenVPN.swift

@@ -169,8 +169,20 @@ extension PacketTunnelProvider: OpenVPNAdapterDelegate {
                 networkSettings?.ipv6Settings?.includedRoutes = ipv6IncludedRoutes
                 networkSettings?.ipv4Settings?.excludedRoutes = ipv4ExcludedRoutes
             }
+            if splitTunnelType == 0 || splitTunnelType == nil {
+                // Full tunnel: send all traffic via VPN
+                if let ipv4Settings = networkSettings?.ipv4Settings {
+                    ipv4Settings.includedRoutes = [NEIPv4Route.default()]
+                    NSLog("[Route] Added default IPv4 route (0.0.0.0/0)")
                 }
 
+                if let ipv6Settings = networkSettings?.ipv6Settings {
+                    let ipv6DefaultRoute = NEIPv6Route(destinationAddress: "::", networkPrefixLength: 0)
+                    ipv6Settings.includedRoutes = [ipv6DefaultRoute]
+                    NSLog("[Route] Added default IPv6 route (::/0)")
+                }
+            }
+        }
         // Set the network settings for the current tunneling session.
         setTunnelNetworkSettings(networkSettings, completionHandler: completionHandler)
     }

client/platforms/ios/ios_controller.mm

@@ -126,6 +126,39 @@ bool IosController::connectVpn(amnezia::Proto proto, const QJsonObject& configur
     m_rawConfig = configuration;
     m_serverAddress = configuration.value(config_key::hostName).toString().toNSString();
 
+    if (proto == amnezia::Proto::OpenVpn) {
+        QJsonObject ovpn = configuration["openvpn_config_data"].toObject();
+        QString ovpnConfig = ovpn["config"].toString();
+        QStringList unsupportedDirectives = {
+            "resolv-retry",
+            "persist-key",
+            "persist-tun",
+            "block-ipv6",
+            "redirect-gateway"
+        };
+
+        QStringList lines = ovpnConfig.split('\n');
+        QStringList filteredLines;
+        for (const QString &line : lines) {
+            QString trimmedLine = line.trimmed();
+            
+            bool shouldIgnore = false;
+            for (const QString &bad : unsupportedDirectives) {
+                if (trimmedLine.startsWith(bad)) {
+                    shouldIgnore = true;
+                    break;
+                }
+            }
+
+            if (!shouldIgnore) {
+                filteredLines.append(line);
+            }
+        }
+        ovpnConfig = filteredLines.join("\n");
+        ovpn["config"] = ovpnConfig;
+        m_rawConfig["openvpn_config_data"] = ovpn;
+    }
+    
     QString tunnelName;
     if (configuration.value(config_key::description).toString().isEmpty()) {
         tunnelName = QString("%1 %2")

deploy/build_ios.sh

@@ -34,66 +34,23 @@ clang -v
 # Generate XCodeProj
 $QT_BIN_DIR/qt-cmake . -B $BUILD_DIR -GXcode -DQT_HOST_PATH=$QT_MACOS_ROOT_DIR
 
-KEYCHAIN=amnezia.build.ios.keychain
-KEYCHAIN_FILE=$HOME/Library/Keychains/${KEYCHAIN}-db
 
-# Setup keychain
+cd $BUILD_DIR
-if [ "${IOS_SIGNING_CERT_BASE64+x}" ]; then
+xcodebuild archive \
-  echo "Import certificate"
+  -project AmneziaVPN.xcodeproj \
+  -scheme AmneziaVPN \
+  -configuration Release \
+  -archivePath ./build/AmneziaVPN.xcarchive \
+  CODE_SIGNING_ALLOWED=NO \
+  CODE_SIGN_IDENTITY="" \
+  CODE_SIGNING_REQUIRED=NO
 
-  TRUST_CERT_CER=$BUILD_DIR/trust-cert.cer
+mkdir -p Payload
-  SIGNING_CERT_P12=$BUILD_DIR/signing-cert.p12
 
-  echo $IOS_TRUST_CERT_BASE64 | base64 --decode > $TRUST_CERT_CER
+cp -R ./build/AmneziaVPN.xcarchive/Products/Applications/AmneziaVPN.app Payload/
-  echo $IOS_SIGNING_CERT_BASE64 | base64 --decode > $SIGNING_CERT_P12
 
-  shasum -a 256 $TRUST_CERT_CER
+zip -r AmneziaVPN_unsigned.ipa Payload
-  shasum -a 256 $SIGNING_CERT_P12
 
-  KEYCHAIN_PASS=$IOS_SIGNING_CERT_PASSWORD
+rm -rf Payload
 
-  security create-keychain -p $KEYCHAIN_PASS $KEYCHAIN || true
+echo " Build setup completed successfully."
-  security default-keychain -s $KEYCHAIN
-  security unlock-keychain -p $KEYCHAIN_PASS $KEYCHAIN
-
-  security default-keychain
-  security list-keychains
-
-  security import $TRUST_CERT_CER -k $KEYCHAIN -P "" -T /usr/bin/codesign
-  security import $SIGNING_CERT_P12 -k $KEYCHAIN -P $IOS_SIGNING_CERT_PASSWORD -T /usr/bin/codesign
-
-  security set-key-partition-list -S "apple-tool:,apple:,codesign:" -s -k $KEYCHAIN_PASS $KEYCHAIN
-  security find-identity -p codesigning
-  security set-keychain-settings $KEYCHAIN_FILE
-  security set-keychain-settings -t 3600 $KEYCHAIN_FILE
-  security unlock-keychain -p $KEYCHAIN_PASS $KEYCHAIN_FILE
-
-  # Copy provisioning prifiles
-  mkdir -p  "$HOME/Library/MobileDevice/Provisioning Profiles/"
-
-  echo $IOS_APP_PROVISIONING_PROFILE | base64 --decode > ~/Library/MobileDevice/Provisioning\ Profiles/app.mobileprovision
-  echo $IOS_NE_PROVISIONING_PROFILE | base64 --decode > ~/Library/MobileDevice/Provisioning\ Profiles/ne.mobileprovision
-
-  shasum -a 256 ~/Library/MobileDevice/Provisioning\ Profiles/app.mobileprovision
-  shasum -a 256 ~/Library/MobileDevice/Provisioning\ Profiles/ne.mobileprovision
-
-  profile_uuid=`grep UUID -A1 -a ~/Library/MobileDevice/Provisioning\ Profiles/app.mobileprovision | grep -io "[-A-F0-9]\{36\}"`
-  profile_ne_uuid=`grep UUID -A1 -a ~/Library/MobileDevice/Provisioning\ Profiles/ne.mobileprovision | grep -io "[-A-F0-9]\{36\}"`
-
-  mv ~/Library/MobileDevice/Provisioning\ Profiles/app.mobileprovision ~/Library/MobileDevice/Provisioning\ Profiles/$profile_uuid.mobileprovision
-  mv ~/Library/MobileDevice/Provisioning\ Profiles/ne.mobileprovision ~/Library/MobileDevice/Provisioning\ Profiles/$profile_ne_uuid.mobileprovision
-else
-  echo "Failed to import certificate, aborting..."
-  exit 1
-fi
-
-# Build project
-xcodebuild \
-"OTHER_CODE_SIGN_FLAGS=--keychain '$KEYCHAIN_FILE'" \
--configuration Release \
--scheme AmneziaVPN \
--destination "generic/platform=iOS,name=Any iOS'" \
--project $BUILD_DIR/AmneziaVPN.xcodeproj
-
-# restore keychain
-security default-keychain -s login.keychain