diff --git a/client/3rd-prebuilt b/client/3rd-prebuilt index 0f3748ef..a72a1aed 160000 --- a/client/3rd-prebuilt +++ b/client/3rd-prebuilt @@ -1 +1 @@ -Subproject commit 0f3748efd7cc04e0c914304b68931f925bed1259 +Subproject commit a72a1aeddfb041eaebcf9e7e09ad8adc0c3afbee diff --git a/client/platforms/ios/PacketTunnelProvider+OpenVPN.swift b/client/platforms/ios/PacketTunnelProvider+OpenVPN.swift index 3e0a4a07..4652e2b2 100644 --- a/client/platforms/ios/PacketTunnelProvider+OpenVPN.swift +++ b/client/platforms/ios/PacketTunnelProvider+OpenVPN.swift @@ -169,8 +169,20 @@ extension PacketTunnelProvider: OpenVPNAdapterDelegate { networkSettings?.ipv6Settings?.includedRoutes = ipv6IncludedRoutes networkSettings?.ipv4Settings?.excludedRoutes = ipv4ExcludedRoutes } - } + if splitTunnelType == 0 || splitTunnelType == nil { + // Full tunnel: send all traffic via VPN + if let ipv4Settings = networkSettings?.ipv4Settings { + ipv4Settings.includedRoutes = [NEIPv4Route.default()] + NSLog("[Route] Added default IPv4 route (0.0.0.0/0)") + } + if let ipv6Settings = networkSettings?.ipv6Settings { + let ipv6DefaultRoute = NEIPv6Route(destinationAddress: "::", networkPrefixLength: 0) + ipv6Settings.includedRoutes = [ipv6DefaultRoute] + NSLog("[Route] Added default IPv6 route (::/0)") + } + } + } // Set the network settings for the current tunneling session. setTunnelNetworkSettings(networkSettings, completionHandler: completionHandler) } diff --git a/client/platforms/ios/ios_controller.mm b/client/platforms/ios/ios_controller.mm index 85fb50b7..197d74ac 100644 --- a/client/platforms/ios/ios_controller.mm +++ b/client/platforms/ios/ios_controller.mm @@ -126,6 +126,39 @@ bool IosController::connectVpn(amnezia::Proto proto, const QJsonObject& configur m_rawConfig = configuration; m_serverAddress = configuration.value(config_key::hostName).toString().toNSString(); + if (proto == amnezia::Proto::OpenVpn) { + QJsonObject ovpn = configuration["openvpn_config_data"].toObject(); + QString ovpnConfig = ovpn["config"].toString(); + QStringList unsupportedDirectives = { + "resolv-retry", + "persist-key", + "persist-tun", + "block-ipv6", + "redirect-gateway" + }; + + QStringList lines = ovpnConfig.split('\n'); + QStringList filteredLines; + for (const QString &line : lines) { + QString trimmedLine = line.trimmed(); + + bool shouldIgnore = false; + for (const QString &bad : unsupportedDirectives) { + if (trimmedLine.startsWith(bad)) { + shouldIgnore = true; + break; + } + } + + if (!shouldIgnore) { + filteredLines.append(line); + } + } + ovpnConfig = filteredLines.join("\n"); + ovpn["config"] = ovpnConfig; + m_rawConfig["openvpn_config_data"] = ovpn; + } + QString tunnelName; if (configuration.value(config_key::description).toString().isEmpty()) { tunnelName = QString("%1 %2") diff --git a/deploy/build_ios.sh b/deploy/build_ios.sh index 5dc11ff1..e91c9b79 100755 --- a/deploy/build_ios.sh +++ b/deploy/build_ios.sh @@ -34,66 +34,23 @@ clang -v # Generate XCodeProj $QT_BIN_DIR/qt-cmake . -B $BUILD_DIR -GXcode -DQT_HOST_PATH=$QT_MACOS_ROOT_DIR -KEYCHAIN=amnezia.build.ios.keychain -KEYCHAIN_FILE=$HOME/Library/Keychains/${KEYCHAIN}-db -# Setup keychain -if [ "${IOS_SIGNING_CERT_BASE64+x}" ]; then - echo "Import certificate" +cd $BUILD_DIR +xcodebuild archive \ + -project AmneziaVPN.xcodeproj \ + -scheme AmneziaVPN \ + -configuration Release \ + -archivePath ./build/AmneziaVPN.xcarchive \ + CODE_SIGNING_ALLOWED=NO \ + CODE_SIGN_IDENTITY="" \ + CODE_SIGNING_REQUIRED=NO - TRUST_CERT_CER=$BUILD_DIR/trust-cert.cer - SIGNING_CERT_P12=$BUILD_DIR/signing-cert.p12 +mkdir -p Payload - echo $IOS_TRUST_CERT_BASE64 | base64 --decode > $TRUST_CERT_CER - echo $IOS_SIGNING_CERT_BASE64 | base64 --decode > $SIGNING_CERT_P12 +cp -R ./build/AmneziaVPN.xcarchive/Products/Applications/AmneziaVPN.app Payload/ - shasum -a 256 $TRUST_CERT_CER - shasum -a 256 $SIGNING_CERT_P12 +zip -r AmneziaVPN_unsigned.ipa Payload - KEYCHAIN_PASS=$IOS_SIGNING_CERT_PASSWORD +rm -rf Payload - security create-keychain -p $KEYCHAIN_PASS $KEYCHAIN || true - security default-keychain -s $KEYCHAIN - security unlock-keychain -p $KEYCHAIN_PASS $KEYCHAIN - - security default-keychain - security list-keychains - - security import $TRUST_CERT_CER -k $KEYCHAIN -P "" -T /usr/bin/codesign - security import $SIGNING_CERT_P12 -k $KEYCHAIN -P $IOS_SIGNING_CERT_PASSWORD -T /usr/bin/codesign - - security set-key-partition-list -S "apple-tool:,apple:,codesign:" -s -k $KEYCHAIN_PASS $KEYCHAIN - security find-identity -p codesigning - security set-keychain-settings $KEYCHAIN_FILE - security set-keychain-settings -t 3600 $KEYCHAIN_FILE - security unlock-keychain -p $KEYCHAIN_PASS $KEYCHAIN_FILE - - # Copy provisioning prifiles - mkdir -p "$HOME/Library/MobileDevice/Provisioning Profiles/" - - echo $IOS_APP_PROVISIONING_PROFILE | base64 --decode > ~/Library/MobileDevice/Provisioning\ Profiles/app.mobileprovision - echo $IOS_NE_PROVISIONING_PROFILE | base64 --decode > ~/Library/MobileDevice/Provisioning\ Profiles/ne.mobileprovision - - shasum -a 256 ~/Library/MobileDevice/Provisioning\ Profiles/app.mobileprovision - shasum -a 256 ~/Library/MobileDevice/Provisioning\ Profiles/ne.mobileprovision - - profile_uuid=`grep UUID -A1 -a ~/Library/MobileDevice/Provisioning\ Profiles/app.mobileprovision | grep -io "[-A-F0-9]\{36\}"` - profile_ne_uuid=`grep UUID -A1 -a ~/Library/MobileDevice/Provisioning\ Profiles/ne.mobileprovision | grep -io "[-A-F0-9]\{36\}"` - - mv ~/Library/MobileDevice/Provisioning\ Profiles/app.mobileprovision ~/Library/MobileDevice/Provisioning\ Profiles/$profile_uuid.mobileprovision - mv ~/Library/MobileDevice/Provisioning\ Profiles/ne.mobileprovision ~/Library/MobileDevice/Provisioning\ Profiles/$profile_ne_uuid.mobileprovision -else - echo "Failed to import certificate, aborting..." - exit 1 -fi - -# Build project -xcodebuild \ -"OTHER_CODE_SIGN_FLAGS=--keychain '$KEYCHAIN_FILE'" \ --configuration Release \ --scheme AmneziaVPN \ --destination "generic/platform=iOS,name=Any iOS'" \ --project $BUILD_DIR/AmneziaVPN.xcodeproj - -# restore keychain -security default-keychain -s login.keychain +echo " Build setup completed successfully."