AZEN-SGG/amnezia-client
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Android OpenVPN/Cloak Split tunnel

Browse source
This commit is contained in:
Mykola Baibuz 2023-10-17 16:39:56 -04:00
parent 546d4c1d3d
commit c14f1b5000
3 changed files with 29 additions and 45 deletions
Download patch file Download diff file Expand all files Collapse all files

59
client/android/src/org/amnezia/vpn/OpenVPNThreadv3.kt
View file

@ -16,6 +16,8 @@ import com.wireguard.crypto.Key
import org.json.JSONObject import org.json.JSONObject
import java.util.Base64 import java.util.Base64
import com.wireguard.config.*
import net.openvpn.ovpn3.ClientAPI_Config import net.openvpn.ovpn3.ClientAPI_Config
import net.openvpn.ovpn3.ClientAPI_EvalConfig import net.openvpn.ovpn3.ClientAPI_EvalConfig
import net.openvpn.ovpn3.ClientAPI_Event import net.openvpn.ovpn3.ClientAPI_Event
@ -147,45 +149,34 @@ class OpenVPNThreadv3(var service: VPNService): ClientAPI_OpenVPNClient(), Runna
override fun tun_builder_establish(): Int { override fun tun_builder_establish(): Int {
Log.v(tag, "tun_builder_establish") Log.v(tag, "tun_builder_establish")
val Fd = mService.establish()!!.detachFd()
val jsonVpnConfig = mService.getVpnConfig() val jsonVpnConfig = mService.getVpnConfig()
val splitTunnelType = jsonVpnConfig.getInt("splitTunnelType") val splitTunnelType = jsonVpnConfig.getInt("splitTunnelType")
val splitTunnelSites = jsonVpnConfig.getJSONArray("splitTunnelSites") val splitTunnelSites = jsonVpnConfig.getJSONArray("splitTunnelSites")
if (splitTunnelType == 1) {
Log.e(tag, "splitTunnelSites $splitTunnelSites") for (i in 0 until splitTunnelSites.length()) {
for (i in 0 until splitTunnelSites.length()) { val site = splitTunnelSites.getString(i)
val site = splitTunnelSites.getString(i) val ipRange = IPRange(site)
if (site.contains("\\/")) { mService.addRoute(ipRange.getFrom().getHostAddress(), ipRange.getPrefix())
Log.e(tag, "site $site rawMask 32") Log.e(tag, "splitTunnelSites $ipRange")
mService.addRoute(site, 32)
} else {
var slash = site.lastIndexOf('/');
var maskString: String = ""
var rawMask = 32
var rawAddress: String = ""
if (slash >= 0) {
maskString = site.substring(slash + 1)
try {
rawMask = Integer.parseInt(maskString, 10)
} catch (e: Exception) {
}
rawAddress = site.substring(0, slash)
} else {
maskString = ""
rawMask = 32
rawAddress = site
}
Log.e(tag, "rawAddress $rawAddress rawMask $rawMask")
mService.addRoute(rawAddress, rawMask)
//val internet = InetNetwork.parse(site)
//peerBuilder.addAllowedIp(internet)
} }
Log.e(tag, "splitTunnelSites $site")
} }
if (splitTunnelType == 2) {
val ipRangeSet = IPRangeSet.fromString("0.0.0.0/0")
ipRangeSet.remove(IPRange("127.0.0.0/8"))
for (i in 0 until splitTunnelSites.length()) {
val site = splitTunnelSites.getString(i)
ipRangeSet.remove(IPRange(site))
}
ipRangeSet.subnets().forEach {
mService.addRoute(it.getFrom().getHostAddress(), it.getPrefix())
Thread.sleep(100)
Log.e(tag, "splitTunnelSites $it")
}
mService.addRoute("2000::", 3)
}
val Fd = mService.establish()!!.detachFd()
return Fd return Fd
} }

9
client/android/src/org/amnezia/vpn/VPNService.kt
View file

@ -612,13 +612,8 @@ class VPNService : BaseVpnService(), LocalDnsService.Interface {
for (i in 0 until splitTunnelSites.length()) { for (i in 0 until splitTunnelSites.length()) {
val site = splitTunnelSites.getString(i) val site = splitTunnelSites.getString(i)
Log.e(tag, "splitTunnelSites $site") Log.e(tag, "splitTunnelSites $site")
if (site.contains("\\/")) { val internet = InetNetwork.parse(site)
val internet = InetNetwork.parse(site + "\\32") peerBuilder.addAllowedIp(internet)
peerBuilder.addAllowedIp(internet)
} else {
val internet = InetNetwork.parse(site)
peerBuilder.addAllowedIp(internet)
}
} }
} }
if (splitTunnelType == 2) { if (splitTunnelType == 2) {

6
client/configurators/openvpn_configurator.cpp
View file

@ -125,8 +125,6 @@ QString OpenVpnConfigurator::processConfigWithLocalSettings(QString jsonConfig)
config.replace(regex, ""); config.replace(regex, "");
if (m_settings->routeMode() == Settings::VpnAllSites) { if (m_settings->routeMode() == Settings::VpnAllSites) {
qDebug() << "Settings::VpnAllSites";
config.append("\nredirect-gateway def1 ipv6 bypass-dhcp\n"); config.append("\nredirect-gateway def1 ipv6 bypass-dhcp\n");
// Prevent ipv6 leak // Prevent ipv6 leak
config.append("ifconfig-ipv6 fd15:53b6:dead::2/64 fd15:53b6:dead::1\n"); config.append("ifconfig-ipv6 fd15:53b6:dead::2/64 fd15:53b6:dead::1\n");
@ -138,9 +136,9 @@ QString OpenVpnConfigurator::processConfigWithLocalSettings(QString jsonConfig)
// no redirect-gateway // no redirect-gateway
} }
if (m_settings->routeMode() == Settings::VpnAllExceptSites) { if (m_settings->routeMode() == Settings::VpnAllExceptSites) {
qDebug() << "Settings::VpnAllExceptSites"; #ifndef Q_OS_ANDROID
config.append("\nredirect-gateway ipv6 !ipv4 bypass-dhcp\n"); config.append("\nredirect-gateway ipv6 !ipv4 bypass-dhcp\n");
#endif
// Prevent ipv6 leak // Prevent ipv6 leak
config.append("ifconfig-ipv6 fd15:53b6:dead::2/64 fd15:53b6:dead::1\n"); config.append("ifconfig-ipv6 fd15:53b6:dead::2/64 fd15:53b6:dead::1\n");
config.append("block-ipv6\n"); config.append("block-ipv6\n");