AZEN-SGG/amnezia-client
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Android OpenVPN/Cloak Split tunnel

Browse source
This commit is contained in:
Mykola Baibuz 2023-10-17 16:39:56 -04:00
parent 546d4c1d3d
commit c14f1b5000
3 changed files with 29 additions and 45 deletions
Download patch file Download diff file Expand all files Collapse all files

47
client/android/src/org/amnezia/vpn/OpenVPNThreadv3.kt
View file

@ -16,6 +16,8 @@ import com.wireguard.crypto.Key
import org.json.JSONObject import org.json.JSONObject
import java.util.Base64 import java.util.Base64
import com.wireguard.config.*
import net.openvpn.ovpn3.ClientAPI_Config import net.openvpn.ovpn3.ClientAPI_Config
import net.openvpn.ovpn3.ClientAPI_EvalConfig import net.openvpn.ovpn3.ClientAPI_EvalConfig
import net.openvpn.ovpn3.ClientAPI_Event import net.openvpn.ovpn3.ClientAPI_Event
@ -147,44 +149,33 @@ class OpenVPNThreadv3(var service: VPNService): ClientAPI_OpenVPNClient(), Runna
override fun tun_builder_establish(): Int { override fun tun_builder_establish(): Int {
Log.v(tag, "tun_builder_establish") Log.v(tag, "tun_builder_establish")
val Fd = mService.establish()!!.detachFd()
val jsonVpnConfig = mService.getVpnConfig() val jsonVpnConfig = mService.getVpnConfig()
val splitTunnelType = jsonVpnConfig.getInt("splitTunnelType") val splitTunnelType = jsonVpnConfig.getInt("splitTunnelType")
val splitTunnelSites = jsonVpnConfig.getJSONArray("splitTunnelSites") val splitTunnelSites = jsonVpnConfig.getJSONArray("splitTunnelSites")
if (splitTunnelType == 1) {
Log.e(tag, "splitTunnelSites $splitTunnelSites")
for (i in 0 until splitTunnelSites.length()) { for (i in 0 until splitTunnelSites.length()) {
val site = splitTunnelSites.getString(i) val site = splitTunnelSites.getString(i)
if (site.contains("\\/")) { val ipRange = IPRange(site)
Log.e(tag, "site $site rawMask 32") mService.addRoute(ipRange.getFrom().getHostAddress(), ipRange.getPrefix())
mService.addRoute(site, 32) Log.e(tag, "splitTunnelSites $ipRange")
} else {
var slash = site.lastIndexOf('/');
var maskString: String = ""
var rawMask = 32
var rawAddress: String = ""
if (slash >= 0) {
maskString = site.substring(slash + 1)
try {
rawMask = Integer.parseInt(maskString, 10)
} catch (e: Exception) {
} }
rawAddress = site.substring(0, slash)
} else {
maskString = ""
rawMask = 32
rawAddress = site
} }
Log.e(tag, "rawAddress $rawAddress rawMask $rawMask") if (splitTunnelType == 2) {
mService.addRoute(rawAddress, rawMask) val ipRangeSet = IPRangeSet.fromString("0.0.0.0/0")
//val internet = InetNetwork.parse(site) ipRangeSet.remove(IPRange("127.0.0.0/8"))
//peerBuilder.addAllowedIp(internet) for (i in 0 until splitTunnelSites.length()) {
val site = splitTunnelSites.getString(i)
ipRangeSet.remove(IPRange(site))
} }
Log.e(tag, "splitTunnelSites $site") ipRangeSet.subnets().forEach {
mService.addRoute(it.getFrom().getHostAddress(), it.getPrefix())
Thread.sleep(100)
Log.e(tag, "splitTunnelSites $it")
} }
mService.addRoute("2000::", 3)
}
val Fd = mService.establish()!!.detachFd()
return Fd return Fd
} }

5
client/android/src/org/amnezia/vpn/VPNService.kt
View file

@ -612,15 +612,10 @@ class VPNService : BaseVpnService(), LocalDnsService.Interface {
for (i in 0 until splitTunnelSites.length()) { for (i in 0 until splitTunnelSites.length()) {
val site = splitTunnelSites.getString(i) val site = splitTunnelSites.getString(i)
Log.e(tag, "splitTunnelSites $site") Log.e(tag, "splitTunnelSites $site")
if (site.contains("\\/")) {
val internet = InetNetwork.parse(site + "\\32")
peerBuilder.addAllowedIp(internet)
} else {
val internet = InetNetwork.parse(site) val internet = InetNetwork.parse(site)
peerBuilder.addAllowedIp(internet) peerBuilder.addAllowedIp(internet)
} }
} }
}
if (splitTunnelType == 2) { if (splitTunnelType == 2) {
/* Use system SplitTunnel */ /* Use system SplitTunnel */
/* VPN connection used for all Internet exclude defined IPs */ /* VPN connection used for all Internet exclude defined IPs */

6
client/configurators/openvpn_configurator.cpp
View file

@ -125,8 +125,6 @@ QString OpenVpnConfigurator::processConfigWithLocalSettings(QString jsonConfig)
config.replace(regex, ""); config.replace(regex, "");
if (m_settings->routeMode() == Settings::VpnAllSites) { if (m_settings->routeMode() == Settings::VpnAllSites) {
qDebug() << "Settings::VpnAllSites";
config.append("\nredirect-gateway def1 ipv6 bypass-dhcp\n"); config.append("\nredirect-gateway def1 ipv6 bypass-dhcp\n");
// Prevent ipv6 leak // Prevent ipv6 leak
config.append("ifconfig-ipv6 fd15:53b6:dead::2/64 fd15:53b6:dead::1\n"); config.append("ifconfig-ipv6 fd15:53b6:dead::2/64 fd15:53b6:dead::1\n");
@ -138,9 +136,9 @@ QString OpenVpnConfigurator::processConfigWithLocalSettings(QString jsonConfig)
// no redirect-gateway // no redirect-gateway
} }
if (m_settings->routeMode() == Settings::VpnAllExceptSites) { if (m_settings->routeMode() == Settings::VpnAllExceptSites) {
qDebug() << "Settings::VpnAllExceptSites"; #ifndef Q_OS_ANDROID
config.append("\nredirect-gateway ipv6 !ipv4 bypass-dhcp\n"); config.append("\nredirect-gateway ipv6 !ipv4 bypass-dhcp\n");
#endif
// Prevent ipv6 leak // Prevent ipv6 leak
config.append("ifconfig-ipv6 fd15:53b6:dead::2/64 fd15:53b6:dead::1\n"); config.append("ifconfig-ipv6 fd15:53b6:dead::2/64 fd15:53b6:dead::1\n");
config.append("block-ipv6\n"); config.append("block-ipv6\n");