AZEN-SGG/amnezia-client
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

iOS Cloak/OVPN SplitTunnel

Browse source
This commit is contained in:
Mykola Baibuz 2023-10-24 00:28:41 +03:00
parent 22b14dff5f
commit a386d39495
1 changed files with 132 additions and 102 deletions
Download patch file Download diff file Expand all files Collapse all files

90
client/platforms/ios/iostunnel.swift
View file

@ -168,7 +168,7 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
handleOpenVPNStatusMessage(messageData, completionHandler: completionHandler) handleOpenVPNStatusMessage(messageData, completionHandler: completionHandler)
case .shadowsocks: case .shadowsocks:
break break
// handleShadowSocksAppMessage(messageData, completionHandler: completionHandler) // handleShadowSocksAppMessage(messageData, completionHandler: completionHandler)
case .none: case .none:
break break
@ -196,26 +196,20 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
return return
} }
wg_log(.error, message: tunnelConfiguration.peers.first!.allowedIPs.map { $0.stringRepresentation }.joined(separator: ", "))
if (tunnelConfiguration.peers.first!.allowedIPs.map { $0.stringRepresentation }.joined(separator: ", ") == "0.0.0.0/0, ::/0"){ if (tunnelConfiguration.peers.first!.allowedIPs.map { $0.stringRepresentation }.joined(separator: ", ") == "0.0.0.0/0, ::/0") {
if (SplitTunnelType == "1") { if (SplitTunnelType == "1") {
wg_log(.error, message: SplitTunnelSites!)
for index in tunnelConfiguration.peers.indices { for index in tunnelConfiguration.peers.indices {
tunnelConfiguration.peers[index].allowedIPs.removeAll() tunnelConfiguration.peers[index].allowedIPs.removeAll()
var allowedIPs = [IPAddressRange]() var allowedIPs = [IPAddressRange]()
let STSdata = Data(SplitTunnelSites!.utf8)
let data = Data(SplitTunnelSites!.utf8)
do { do {
let array = try JSONSerialization.jsonObject(with: data) as! [String] let STSArray = try JSONSerialization.jsonObject(with: STSdata) as! [String]
for allowedIPString in array { for allowedIPString in STSArray {
wg_log(.error,message: allowedIPString) if let allowedIP = IPAddressRange(from: allowedIPString) {
guard let allowedIP = IPAddressRange(from: allowedIPString) else {
wg_log(.error,message: "Parse SplitTunnelSites Error")
return
}
allowedIPs.append(allowedIP) allowedIPs.append(allowedIP)
} }
}
} catch { } catch {
wg_log(.error,message: "Parse JSONSerialization Error") wg_log(.error,message: "Parse JSONSerialization Error")
@ -225,22 +219,16 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
} else { } else {
if (SplitTunnelType == "2") if (SplitTunnelType == "2")
{ {
wg_log(.error, message: SplitTunnelSites!)
for index in tunnelConfiguration.peers.indices { for index in tunnelConfiguration.peers.indices {
var excludeIPs = [IPAddressRange]() var excludeIPs = [IPAddressRange]()
let STSdata = Data(SplitTunnelSites!.utf8)
let data = Data(SplitTunnelSites!.utf8)
do { do {
let array = try JSONSerialization.jsonObject(with: data) as! [String] let STSarray = try JSONSerialization.jsonObject(with: STSdata) as! [String]
for excludeIPString in array { for excludeIPString in STSarray {
wg_log(.error,message: excludeIPString) if let excludeIP = IPAddressRange(from: excludeIPString) {
guard let excludeIP = IPAddressRange(from: excludeIPString) else {
wg_log(.error,message: "Parse SplitTunnelSites Error")
return
}
excludeIPs.append(excludeIP) excludeIPs.append(excludeIP)
} }
}
} catch { } catch {
wg_log(.error,message: "Parse JSONSerialization Error") wg_log(.error,message: "Parse JSONSerialization Error")
} }
@ -250,8 +238,6 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
} }
} }
wg_log(.error, message: tunnelConfiguration.peers.first!.allowedIPs.map { $0.stringRepresentation }.joined(separator: ", "))
wg_log(.info, message: "Starting wireguard tunnel from the " + (activationAttemptId == nil ? "OS directly, rather than the app" : "app")) wg_log(.info, message: "Starting wireguard tunnel from the " + (activationAttemptId == nil ? "OS directly, rather than the app" : "app"))
// Start the tunnel // Start the tunnel
@ -451,11 +437,11 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
startHandler = completionHandler startHandler = completionHandler
ovpnAdapter.connect(using: packetFlow) ovpnAdapter.connect(using: packetFlow)
// let ifaces = Interface.allInterfaces() // let ifaces = Interface.allInterfaces()
// .filter { $0.family == .ipv4 } // .filter { $0.family == .ipv4 }
// .map { iface in iface.name } // .map { iface in iface.name }
// wg_log(.error, message: "Available TUN Interfaces: \(ifaces)") // wg_log(.error, message: "Available TUN Interfaces: \(ifaces)")
} }
// MARK: -- Network observing methods // MARK: -- Network observing methods
@ -547,6 +533,50 @@ extension PacketTunnelProvider: OpenVPNAdapterDelegate {
// send empty string to NEDNSSettings.matchDomains // send empty string to NEDNSSettings.matchDomains
networkSettings?.dnsSettings?.matchDomains = [""] networkSettings?.dnsSettings?.matchDomains = [""]
if (SplitTunnelType == "1") {
var ipv4IncludedRoutes = [NEIPv4Route]()
let STSdata = Data(SplitTunnelSites!.utf8)
do {
let STSarray = try JSONSerialization.jsonObject(with: STSdata) as! [String]
for allowedIPString in STSarray {
if let allowedIP = IPAddressRange(from: allowedIPString){
ipv4IncludedRoutes.append(NEIPv4Route(destinationAddress: "\(allowedIP.address)", subnetMask: "\(allowedIP.subnetMask())"))
}
}
} catch {
wg_log(.error,message: "Parse JSONSerialization Error")
}
networkSettings?.ipv4Settings?.includedRoutes = ipv4IncludedRoutes
} else {
if (SplitTunnelType == "2")
{
var ipv4ExcludedRoutes = [NEIPv4Route]()
var ipv4IncludedRoutes = [NEIPv4Route]()
var ipv6IncludedRoutes = [NEIPv6Route]()
let STSdata = Data(SplitTunnelSites!.utf8)
do {
let STSarray = try JSONSerialization.jsonObject(with: STSdata) as! [String]
for excludeIPString in STSarray {
if let excludeIP = IPAddressRange(from: excludeIPString) {
ipv4ExcludedRoutes.append(NEIPv4Route(destinationAddress: "\(excludeIP.address)", subnetMask: "\(excludeIP.subnetMask())"))
}
}
} catch {
wg_log(.error,message: "Parse JSONSerialization Error")
}
if let allIPv4 = IPAddressRange(from: "0.0.0.0/0"){
ipv4IncludedRoutes.append(NEIPv4Route(destinationAddress: "\(allIPv4.address)", subnetMask: "\(allIPv4.subnetMask())"))
}
if let allIPv6 = IPAddressRange(from: "::/0") {
ipv6IncludedRoutes.append(NEIPv6Route(destinationAddress: "\(allIPv6.address)", networkPrefixLength: NSNumber(value: allIPv6.networkPrefixLength)))
}
networkSettings?.ipv4Settings?.includedRoutes = ipv4IncludedRoutes
networkSettings?.ipv6Settings?.includedRoutes = ipv6IncludedRoutes
networkSettings?.ipv4Settings?.excludedRoutes = ipv4ExcludedRoutes
}
}
// Set the network settings for the current tunneling session. // Set the network settings for the current tunneling session.
setTunnelNetworkSettings(networkSettings, completionHandler: completionHandler) setTunnelNetworkSettings(networkSettings, completionHandler: completionHandler)
} }