Merge branch 'develop'

ivpn · Nov 16, 2023 · f27c4fa · f27c4fa
2 parents 54709ad + 2a255a0
commit f27c4fa
Show file tree

Hide file tree

Showing 62 changed files with 2,101 additions and 420 deletions.
diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md
@@ -22,7 +22,7 @@ As a contributor, here are the guidelines we would like you to follow:
 ## Creating an Issue
 
 * If you want to report a security problem **DO NOT CREATE AN ISSUE**, please read our [Security Policy](/.github/SECURITY.md) on how to submit a security vulnerability.
-* When creating a new issue, chose a "Bug report" or "Feature request" template and fill the required information.
+* When creating a new issue, choose a "Bug report" or "Feature request" template and fill the required information.
 * Please describe the steps necessary to reproduce the issue you are running into.
 
 <a name="pr"></a>

diff --git a/.gitignore b/.gitignore
@@ -1,10 +1,13 @@
 ## Build generated
 build/
 DerivedData/
+Frameworks/
+
+## Source / dependencies
+submodules/
 
 ## Static libraries
-IVPNClient/liboqs/liboqs-iphoneos.a
-IVPNClient/liboqs/liboqs-iphonesimulator.a
+IVPNClient/liboqs/*.a
 
 ## Various settings
 *.pbxuser
@@ -69,4 +72,4 @@ OpenVPNConf.swift
 # Fastlane
 fastlane/test_output
 fastlane/report.xml
-fastlane/Appfile
+fastlane/Appfile
diff --git a/.swiftlint.yml b/.swiftlint.yml
@@ -27,5 +27,5 @@ file_length:
     ignore_comment_only_lines: true
 cyclomatic_complexity:
     warning: 15
-    error: 35
+    error: 45
 reporter: "xcode"
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,13 @@
 
 All notable changes to this project will be documented in this file.
 
+## 2.11.0 - 2023-11-16  
+
+[NEW] Obfuscation with V2Ray for WireGuard connections  
+[IMPROVED] Update WireGuard to the latest version  
+[IMPROVED] Update packages/dependencies to the latest version  
+[FIXED] Repeatedly connecting and disconnecting when Network Protection is enabled  
+
 ## 2.10.1 - 2023-09-04  
 
 [NEW] Option to disable LAN traffic when connected to VPN  

diff --git a/IVPNClient.xcodeproj/project.pbxproj b/IVPNClient.xcodeproj/project.pbxproj
diff --git a/IVPNClient/Config/Config.swift b/IVPNClient/Config/Config.swift
@@ -80,6 +80,11 @@ struct Config {
     static let wgKeyExpirationDays = 30
     static let wgKeyRegenerationRate = 1
 
+    // MARK: V2Ray
+
+    static let v2rayHost = "127.0.0.1"
+    static let v2rayPort = 16661
+
     // MARK: ENV variables
 
     static var Environment: String {

diff --git a/IVPNClient/Enums/AddressType.swift b/IVPNClient/Enums/AddressType.swift
@@ -21,24 +21,22 @@
 //  along with the IVPN iOS app. If not, see <https://www.gnu.org/licenses/>.
 //
 
+import Network
+
 enum AddressType {
 
     case IPv6
     case IPv4
     case other
 
-    static func validateIpAddress(ipToValidate: String) -> AddressType {
-        var sin = sockaddr_in()
-        if ipToValidate.withCString({ cstring in inet_pton(AF_INET, cstring, &sin.sin_addr) }) == 1 {
+    static func validateIpAddress(_ address: String) -> AddressType {
+        if let _ = IPv4Address(address) {
             return .IPv4
-        }
-
-        var sin6 = sockaddr_in6()
-        if ipToValidate.withCString({ cstring in inet_pton(AF_INET6, cstring, &sin6.sin6_addr) }) == 1 {
+        } else if let _ = IPv6Address(address) {
             return .IPv6
+        } else {
+            return .other
         }
-
-        return .other
     }
 
 }
diff --git a/IVPNClient/Enums/ConnectionSettings.swift b/IVPNClient/Enums/ConnectionSettings.swift
@@ -45,7 +45,7 @@ enum ConnectionSettings {
                 return "OpenVPN, UDP \(port)"
            }
         case .wireguard(_, let port):
-            return "WireGuard, UDP \(port)"
+            return "WireGuard, \(wireguardProtocol()) \(port)"
         }
     }
 
@@ -60,8 +60,12 @@ enum ConnectionSettings {
             case .udp:
                 return "OpenVPN, UDP"
            }
-        case .wireguard:
-            return "WireGuard, UDP"
+        case .wireguard(_, let port):
+            if UserDefaults.shared.isV2ray {
+                return "WireGuard, \(wireguardProtocol()) \(port)"
+            }
+
+            return "WireGuard, \(wireguardProtocol())"
         }
     }
 
@@ -104,7 +108,27 @@ enum ConnectionSettings {
                 return "UDP \(port)"
             }
         case .wireguard(_, let port):
-            return "UDP \(port)"
+            return "\(wireguardProtocol()) \(port)"
+        }
+    }
+
+    func formatProtocolMultiHop() -> String {
+        switch self {
+        case .ipsec:
+            return "IKEv2"
+        case .openvpn(let proto, _):
+            switch proto {
+            case .tcp:
+                return "TCP"
+            case .udp:
+                return "UDP"
+            }
+        case .wireguard(_, let port):
+            if UserDefaults.shared.isV2ray {
+                return "\(wireguardProtocol()) \(port)"
+            }
+
+            return "\(wireguardProtocol())"
         }
     }
 
@@ -227,8 +251,16 @@ enum ConnectionSettings {
                 return "UDP"
             }
         case .wireguard:
-            return "UDP"
+            return wireguardProtocol()
+        }
+    }
+
+    func wireguardProtocol() -> String {
+        if UserDefaults.shared.isV2ray && UserDefaults.shared.v2rayProtocol == "tcp" {
+            return "TCP"
         }
+
+        return "UDP"
     }
 
     static func == (lhs: ConnectionSettings, rhs: ConnectionSettings) -> Bool {

diff --git a/IVPNClient/IVPNClient-Bridging-Header.h b/IVPNClient/IVPNClient-Bridging-Header.h
@@ -1,3 +1,2 @@
-#include "../WireGuardKitC/WireGuardKitC.h"
 #include "Utilities/Logging/ringlogger.h"
 #include "liboqs/include/oqs/oqs.h"
diff --git a/IVPNClient/IVPNClient.entitlements b/IVPNClient/IVPNClient.entitlements
@@ -10,6 +10,8 @@
 	<string>NSFileProtectionCompleteUntilFirstUserAuthentication</string>
 	<key>com.apple.developer.networking.networkextension</key>
 	<array>
+		<string>app-proxy-provider</string>
+		<string>content-filter-provider</string>
 		<string>packet-tunnel-provider</string>
 	</array>
 	<key>com.apple.developer.networking.vpn.api</key>

diff --git a/IVPNClient/Info.plist b/IVPNClient/Info.plist
@@ -74,5 +74,67 @@
 		<string>UIInterfaceOrientationLandscapeLeft</string>
 		<string>UIInterfaceOrientationLandscapeRight</string>
 	</array>
+	<key>NSAppTransportSecurity</key>
+	<dict>
+		<key>NSExceptionDomains</key>
+		<dict>
+			<key>198.50.177.220</key>
+			<dict>
+				<key>NSExceptionAllowsInsecureHTTPLoads</key>
+				<true/>
+				<key>NSExceptionMinimumTLSVersion</key>
+				<string>TLSv1.2</string>
+			</dict>
+			<key>149.56.162.156</key>
+			<dict>
+				<key>NSExceptionAllowsInsecureHTTPLoads</key>
+				<true/>
+				<key>NSExceptionMinimumTLSVersion</key>
+				<string>TLSv1.2</string>
+			</dict>
+			<key>198.50.177.222</key>
+			<dict>
+				<key>NSExceptionAllowsInsecureHTTPLoads</key>
+				<true/>
+				<key>NSExceptionMinimumTLSVersion</key>
+				<string>TLSv1.2</string>
+			</dict>
+			<key>149.56.162.159</key>
+			<dict>
+				<key>NSExceptionAllowsInsecureHTTPLoads</key>
+				<true/>
+				<key>NSExceptionMinimumTLSVersion</key>
+				<string>TLSv1.2</string>
+			</dict>
+			<key>198.50.177.223</key>
+			<dict>
+				<key>NSExceptionAllowsInsecureHTTPLoads</key>
+				<true/>
+				<key>NSExceptionMinimumTLSVersion</key>
+				<string>TLSv1.2</string>
+			</dict> 
+			<key>2607:5300:203:1735::8888</key>
+			<dict>
+				<key>NSExceptionAllowsInsecureHTTPLoads</key>
+				<true/>
+				<key>NSExceptionMinimumTLSVersion</key>
+				<string>TLSv1.2</string>
+			</dict> 
+			<key>2607:5300:203:1735::8</key>
+			<dict>
+				<key>NSExceptionAllowsInsecureHTTPLoads</key>
+				<true/>
+				<key>NSExceptionMinimumTLSVersion</key>
+				<string>TLSv1.2</string>
+			</dict> 
+			<key>2607:5300:203:1735:6580:7300:0:aaaa</key>
+			<dict>
+				<key>NSExceptionAllowsInsecureHTTPLoads</key>
+				<true/>
+				<key>NSExceptionMinimumTLSVersion</key>
+				<string>TLSv1.2</string>
+			</dict> 
+		</dict>  
+	</dict>
 </dict>
 </plist>
diff --git a/IVPNClient/Managers/APIClient.swift b/IVPNClient/Managers/APIClient.swift
@@ -98,7 +98,15 @@ class APIClient: NSObject {
     private var hostName = UserDefaults.shared.apiHostName
 
     private var baseURL: URL {
-        return URL(string: "https://\(hostName)")!
+        if let url = URL(string: "https://\(hostName)") {
+            return url
+        }
+
+        if let url = URL(string: "https://[\(hostName)]") {
+            return url
+        }
+
+        return URL(string: "https://\(Config.ApiHostName)")!
     }
 
     private var userAgent: String {

diff --git a/IVPNClient/Managers/ConnectionManager.swift b/IVPNClient/Managers/ConnectionManager.swift
@@ -100,6 +100,14 @@ class ConnectionManager {
                         self.evaluateCloseApp()
                     }
                 }
+                DispatchQueue.delay(2.5) {
+                    if UserDefaults.shared.isV2ray && !V2RayCore.shared.reconnectWithV2ray {
+                        V2RayCore.shared.reconnectWithV2ray = true
+                        self.reconnect()
+                    } else {
+                        V2RayCore.shared.reconnectWithV2ray = false
+                    }
+                }
             } else {
                 self.connected = false
             }
@@ -247,6 +255,17 @@ class ConnectionManager {
                 return
             }
 
+            if UserDefaults.shared.isV2ray && V2RayCore.shared.reconnectWithV2ray {
+                DispatchQueue.global(qos: .userInitiated).async {
+                    let error = V2RayCore.shared.start()
+                    if error != nil {
+                        log(.error, message: error?.localizedDescription ?? "")
+                    } else {
+                        log(.info, message: "V2Ray start OK")
+                    }
+                }
+            }
+
             self.vpnManager.connect(tunnelType: self.settings.connectionProtocol.tunnelType())
         }
     }
@@ -263,6 +282,17 @@ class ConnectionManager {
                 }
             }
         }
+
+        if UserDefaults.shared.isV2ray {
+            DispatchQueue.global(qos: .userInitiated).async {
+                let error = V2RayCore.shared.close()
+                if error != nil {
+                    log(.error, message: error?.localizedDescription ?? "")
+                } else {
+                    log(.info, message: "V2Ray stop OK")
+                }
+            }
+        }
     }
 
     func installOnDemandRules() {

diff --git a/IVPNClient/Managers/StorageManager.swift b/IVPNClient/Managers/StorageManager.swift
@@ -300,21 +300,35 @@ extension StorageManager {
         return nil
     }
 
+    private static func probeURL() -> URL? {
+        let isNetworkProtection = UserDefaults.shared.networkProtectionEnabled
+        let probeURL = URL(string: "https://\(Config.ApiHostName)\(Config.apiServersFile)")
+        return isNetworkProtection ? probeURL : nil
+    }
+
     private static func getDefaultOnDemandRule(status: NEVPNStatus) -> NEOnDemandRule? {
         let defaultTrust = getDefaultTrust()
 
         if defaultTrust == NetworkTrust.Untrusted.rawValue {
-            return NEOnDemandRuleConnect()
+            let onDemandRule = NEOnDemandRuleConnect()
+            onDemandRule.probeURL = probeURL()
+            return onDemandRule
         }
         if defaultTrust == NetworkTrust.Trusted.rawValue {
-            return NEOnDemandRuleDisconnect()
+            let onDemandRule = NEOnDemandRuleDisconnect()
+            onDemandRule.probeURL = probeURL()
+            return onDemandRule
         }
 
         switch status {
         case .connected:
-            return NEOnDemandRuleConnect()
+            let onDemandRule = NEOnDemandRuleConnect()
+            onDemandRule.probeURL = probeURL()
+            return onDemandRule
         case .disconnected, .invalid:
-            return NEOnDemandRuleDisconnect()
+            let onDemandRule = NEOnDemandRuleDisconnect()
+            onDemandRule.probeURL = probeURL()
+            return onDemandRule
         default:
             return nil
         }