AZEN-SGG/amnezia-client
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fixes for split tunneling (#272)

Browse source 
Fixes for split tunneling
This commit is contained in:
pokamest 2023-08-08 16:41:00 -07:00 committed by GitHub
parent b71b87e6e9
commit a1a6185fd6
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
10 changed files with 175 additions and 61 deletions
Download patch file Download diff file Expand all files Collapse all files

37
client/configurators/openvpn_configurator.cpp
View file

@ -110,18 +110,24 @@ QString OpenVpnConfigurator::processConfigWithLocalSettings(QString jsonConfig)
QJsonObject json = QJsonDocument::fromJson(jsonConfig.toUtf8()).object();
QString config = json[config_key::config].toString();
if (m_settings->routeMode() != Settings::VpnAllSites) {
config.replace("redirect-gateway def1 bypass-dhcp", "");
QRegularExpression regex("redirect-gateway.*");
config.replace(regex, "");
if (m_settings->routeMode() == Settings::VpnAllSites) {
config.append("\nredirect-gateway def1 ipv6 bypass-dhcp\n");
// Prevent ipv6 leak
config.append("ifconfig-ipv6 fd15:53b6:dead::2/64 fd15:53b6:dead::1\n");
config.append("block-ipv6\n");
}
else {
if(!config.contains("redirect-gateway def1 bypass-dhcp")) {
config.append("redirect-gateway def1 bypass-dhcp\n");
}
if (m_settings->routeMode() == Settings::VpnOnlyForwardSites) {
// no redirect-gateway
}
if (m_settings->routeMode() == Settings::VpnAllExceptSites) {
config.append("\nredirect-gateway ipv6 !ipv4 bypass-dhcp\n");
// Prevent ipv6 leak
config.append("ifconfig-ipv6 fd15:53b6:dead::2/64 fd15:53b6:dead::1\n");
config.append("block-ipv6\n");
}
// Prevent ipv6 leak
config.append("ifconfig-ipv6 fd15:53b6:dead::2/64 fd15:53b6:dead::1\n");
config.append("redirect-gateway ipv6\n");
#ifndef MZ_WINDOWS
config.replace("block-outside-dns", "");
@ -146,9 +152,14 @@ QString OpenVpnConfigurator::processConfigWithExportSettings(QString jsonConfig)
QJsonObject json = QJsonDocument::fromJson(jsonConfig.toUtf8()).object();
QString config = json[config_key::config].toString();
if(!config.contains("redirect-gateway def1 bypass-dhcp")) {
config.append("redirect-gateway def1 bypass-dhcp\n");
}
QRegularExpression regex("redirect-gateway.*");
config.replace(regex, "");
config.append("\nredirect-gateway def1 ipv6 bypass-dhcp\n");
// Prevent ipv6 leak
config.append("ifconfig-ipv6 fd15:53b6:dead::2/64 fd15:53b6:dead::1\n");
config.append("block-ipv6\n");
// remove block-outside-dns for all exported configs
config.replace("block-outside-dns", "");

32
client/protocols/openvpnprotocol.cpp
View file

@ -42,6 +42,7 @@ QString OpenVpnProtocol::defaultConfigPath()
void OpenVpnProtocol::stop()
{
qDebug() << "OpenVpnProtocol::stop()";
setConnectionState(VpnProtocol::Disconnecting);
// TODO: need refactoring
// sendTermSignal() will even return true while server connected ???
@ -52,10 +53,10 @@ void OpenVpnProtocol::stop()
if (!sendTermSignal()) {
killOpenVpnProcess();
}
QThread::msleep(10);
m_managementServer.stop();
qApp->processEvents();
setConnectionState(VpnProtocol::Disconnecting);
}
setConnectionState(VpnProtocol::Disconnected);
}
ErrorCode OpenVpnProtocol::prepare()
@ -78,11 +79,9 @@ ErrorCode OpenVpnProtocol::prepare()
void OpenVpnProtocol::killOpenVpnProcess()
{
#ifndef Q_OS_IOS
if (m_openVpnProcess){
m_openVpnProcess->close();
}
#endif
}
void OpenVpnProtocol::readOpenVpnConfiguration(const QJsonObject &configuration)
@ -150,7 +149,6 @@ void OpenVpnProtocol::updateRouteGateway(QString line)
ErrorCode OpenVpnProtocol::start()
{
#ifndef Q_OS_IOS
//qDebug() << "Start OpenVPN connection";
OpenVpnProtocol::stop();
@ -164,6 +162,27 @@ ErrorCode OpenVpnProtocol::start()
return lastError();
}
// Detect default gateway
#ifdef Q_OS_MAC
QProcess p;
p.setProcessChannelMode(QProcess::MergedChannels);
p.start("route", QStringList() << "-n" << "get" << "default");
p.waitForFinished();
QString s = p.readAll();
QRegularExpression rx(R"(gateway:\s*(\d+\.\d+\.\d+\.\d+))");
QRegularExpressionMatch match = rx.match(s);
if (match.hasMatch()) {
m_routeGateway = match.captured(1);
qDebug() << "Set VPN route gateway" << m_routeGateway;
}
else {
qWarning() << "Unable to set VPN route gateway, output:\n" << s;
}
#endif
// QString vpnLogFileNamePath = Utils::systemLogPath() + "/openvpn.log";
// Utils::createEmptyFile(vpnLogFileNamePath);
@ -216,9 +235,6 @@ ErrorCode OpenVpnProtocol::start()
//startTimeoutTimer();
return ErrorCode::NoError;
#else
return ErrorCode::NotImplementedError;
#endif
}
bool OpenVpnProtocol::sendTermSignal()

33
client/ui/pages_logic/SitesLogic.cpp
View file

@ -63,14 +63,19 @@ void SitesLogic::onPushButtonAddCustomSitesClicked()
m_settings->addVpnSite(mode, newSite, ip);
if (!ip.isEmpty()) {
uiLogic()->m_vpnConnection->addRoutes(QStringList() << ip);
uiLogic()->m_vpnConnection->flushDns();
QMetaObject::invokeMethod(uiLogic()->m_vpnConnection, "addRoutes",
Qt::QueuedConnection,
Q_ARG(QStringList, QStringList() << ip));
}
else if (Utils::ipAddressWithSubnetRegExp().exactMatch(newSite)) {
uiLogic()->m_vpnConnection->addRoutes(QStringList() << newSite);
uiLogic()->m_vpnConnection->flushDns();
QMetaObject::invokeMethod(uiLogic()->m_vpnConnection, "addRoutes",
Qt::QueuedConnection,
Q_ARG(QStringList, QStringList() << newSite));
}
QMetaObject::invokeMethod(uiLogic()->m_vpnConnection, "flushDns",
Qt::QueuedConnection);
onUpdatePage();
};
@ -116,17 +121,19 @@ void SitesLogic::onPushButtonSitesDeleteClicked(QStringList items)
if (!ok || row < 0 || row >= siteModel->rowCount()) return;
sites.append(siteModel->data(row, 0).toString());
if (uiLogic()->m_vpnConnection->connectionState() == VpnProtocol::Connected) {
if (uiLogic()->m_vpnConnection && uiLogic()->m_vpnConnection->connectionState() == VpnProtocol::Connected) {
ips.append(siteModel->data(row, 1).toString());
}
}
m_settings->removeVpnSites(mode, sites);
if (uiLogic()->m_vpnConnection->connectionState() == VpnProtocol::Connected) {
uiLogic()->m_vpnConnection->deleteRoutes(ips);
uiLogic()->m_vpnConnection->flushDns();
}
QMetaObject::invokeMethod(uiLogic()->m_vpnConnection, "deleteRoutes",
Qt::QueuedConnection,
Q_ARG(QStringList, ips));
QMetaObject::invokeMethod(uiLogic()->m_vpnConnection, "flushDns",
Qt::QueuedConnection);
onUpdatePage();
}
@ -190,8 +197,12 @@ void SitesLogic::onPushButtonSitesImportClicked(const QString& fileName)
m_settings->addVpnIps(mode, ips);
m_settings->addVpnSites(mode, sites);
uiLogic()->m_vpnConnection->addRoutes(QStringList() << ips);
uiLogic()->m_vpnConnection->flushDns();
QMetaObject::invokeMethod(uiLogic()->m_vpnConnection, "addRoutes",
Qt::QueuedConnection,
Q_ARG(QStringList, ips));
QMetaObject::invokeMethod(uiLogic()->m_vpnConnection, "flushDns",
Qt::QueuedConnection);
onUpdatePage();
}

10
client/vpnconnection.cpp
View file

@ -439,7 +439,11 @@ void VpnConnection::disconnectFromVpn()
#endif
return;
}
m_vpnProtocol.data()->stop();
if (m_vpnProtocol) {
m_vpnProtocol->deleteLater();
}
m_vpnProtocol = nullptr;
}
VpnProtocol::VpnConnectionState VpnConnection::connectionState()
@ -450,10 +454,6 @@ VpnProtocol::VpnConnectionState VpnConnection::connectionState()
bool VpnConnection::isConnected() const
{
#ifdef Q_OS_IOS
#endif
if (!m_vpnProtocol.data()) {
return false;
}

10
client/vpnconnection.h
View file

@ -50,17 +50,12 @@ public:
const QJsonObject &containerConfig, ErrorCode *errorCode = nullptr);
bool isConnected() const;
bool isDisconnected() const;
VpnProtocol::VpnConnectionState connectionState();
QSharedPointer<VpnProtocol> vpnProtocol() const;
void addRoutes(const QStringList &ips);
void deleteRoutes(const QStringList &ips);
void flushDns();
const QString &remoteAddress() const;
void addSitesRoutes(const QString &gw, Settings::RouteMode mode);
@ -74,6 +69,11 @@ public slots:
void disconnectFromVpn();
void addRoutes(const QStringList &ips);
void deleteRoutes(const QStringList &ips);
void flushDns();
signals:
void bytesChanged(quint64 receivedBytes, quint64 sentBytes);
void connectionStateChanged(VpnProtocol::VpnConnectionState state);