summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorcyBerta <cyberta@riseup.net>2022-06-27 23:06:09 +0200
committercyBerta <cyberta@riseup.net>2022-07-19 00:03:57 +0200
commit5afdb3d3ed61efd547b3756e5c1c4f119e126500 (patch)
tree17e6ca73945645b3206b7ecb61c93a9eb9284803
parent38e9d4afbd408b25d569e5c80cd0b288a28acd07 (diff)
allow to pin a custom obfs4 bridge during compile time
-rw-r--r--app/build.gradle2
-rw-r--r--app/src/main/java/de/blinkt/openvpn/core/connection/Obfs4Connection.java5
-rw-r--r--app/src/main/java/se/leap/bitmaskclient/eip/VpnConfigGenerator.java21
-rw-r--r--app/src/main/java/se/leap/bitmaskclient/pluggableTransports/Obfs4Options.java1
4 files changed, 23 insertions, 6 deletions
diff --git a/app/build.gradle b/app/build.gradle
index 73dfcc0c..3e4f4ee2 100644
--- a/app/build.gradle
+++ b/app/build.gradle
@@ -50,6 +50,7 @@ android {
buildConfigField "String", "obfsvpn_port", '""'
buildConfigField "String", "obfsvpn_ip", '""'
buildConfigField "String", "obfsvpn_cert", '""'
+ buildConfigField 'boolean', 'obfsvpn_use_kcp', 'false'
// static update url pointing to the latest stable release apk
buildConfigField "String", "update_apk_url", '"https://dl.bitmask.net/client/android/Bitmask-Android-latest.apk"'
@@ -147,6 +148,7 @@ android {
buildConfigField "String", "obfsvpn_port", '""'
buildConfigField "String", "obfsvpn_ip", '""'
buildConfigField "String", "obfsvpn_cert", '""'
+ buildConfigField 'boolean', 'obfsvpn_use_kcp', 'false'
//Build Config Fields for automatic apk update checks
diff --git a/app/src/main/java/de/blinkt/openvpn/core/connection/Obfs4Connection.java b/app/src/main/java/de/blinkt/openvpn/core/connection/Obfs4Connection.java
index 393afd94..7cfe4988 100644
--- a/app/src/main/java/de/blinkt/openvpn/core/connection/Obfs4Connection.java
+++ b/app/src/main/java/de/blinkt/openvpn/core/connection/Obfs4Connection.java
@@ -19,20 +19,21 @@ public class Obfs4Connection extends Connection {
public Obfs4Connection(Obfs4Options options) {
if (BuildConfig.use_obfsvpn) {
- setUseUdp(options.udp);
setServerName(options.remoteIP);
setServerPort(options.remotePort);
setProxyName(ObfsVpnClient.SOCKS_IP);
setProxyPort(ObfsVpnClient.SOCKS_PORT);
setProxyType(ProxyType.SOCKS5);
} else {
- setUseUdp(false);
setServerName(DISPATCHER_IP);
setServerPort(DISPATCHER_PORT);
setProxyName("");
setProxyPort("");
setProxyType(ProxyType.NONE);
}
+ // while udp/kcp might be used on the wire,
+ // we don't use udp for openvpn in case of a obfs4 connection
+ setUseUdp(false);
setProxyAuthUser(null);
setProxyAuthPassword(null);
setUseProxyAuth(false);
diff --git a/app/src/main/java/se/leap/bitmaskclient/eip/VpnConfigGenerator.java b/app/src/main/java/se/leap/bitmaskclient/eip/VpnConfigGenerator.java
index 061c1aa3..695e3b50 100644
--- a/app/src/main/java/se/leap/bitmaskclient/eip/VpnConfigGenerator.java
+++ b/app/src/main/java/se/leap/bitmaskclient/eip/VpnConfigGenerator.java
@@ -56,6 +56,8 @@ import static se.leap.bitmaskclient.pluggableTransports.ObfsVpnClient.SOCKS_PORT
import static se.leap.bitmaskclient.pluggableTransports.Shapeshifter.DISPATCHER_IP;
import static se.leap.bitmaskclient.pluggableTransports.Shapeshifter.DISPATCHER_PORT;
+import android.os.Build;
+
public class VpnConfigGenerator {
private JSONObject generalConfiguration;
private JSONObject gateway;
@@ -144,7 +146,15 @@ public class VpnConfigGenerator {
String cert = transportOptions.getString("cert");
String port = obfs4Transport.getJSONArray(PORTS).getString(0);
String ip = gateway.getString(IP_ADDRESS);
- return new Obfs4Options(ip, port, cert, iatMode, false);
+ boolean udp = false;
+
+ if (BuildConfig.obfsvpn_pinning) {
+ cert = BuildConfig.obfsvpn_cert;
+ port = BuildConfig.obfsvpn_port;
+ ip = BuildConfig.obfsvpn_port;
+ udp = BuildConfig.obfsvpn_use_kcp;
+ }
+ return new Obfs4Options(ip, port, cert, iatMode, udp);
}
private String generalConfiguration() {
@@ -334,10 +344,13 @@ public class VpnConfigGenerator {
String route = "route " + ipAddress + " 255.255.255.255 net_gateway" + newLine;
stringBuilder.append(route);
if (BuildConfig.use_obfsvpn) {
- String proxy = SOCKS_PROXY + " " + SOCKS_IP + " " + SOCKS_PORT + newLine;
- stringBuilder.append(proxy);
+ String remote;
+ if (BuildConfig.obfsvpn_pinning) {
+ remote = REMOTE + " " + BuildConfig.obfsvpn_ip + " " + BuildConfig.obfsvpn_port + newLine;
+ } else {
+ remote = REMOTE + " " + ipAddress + " " + ports.getString(0) + newLine;
+ }
- String remote = REMOTE + " " + ipAddress + " " + ports.getString(0) + newLine;
stringBuilder.append(remote);
} else {
String remote = REMOTE + " " + DISPATCHER_IP + " " + DISPATCHER_PORT + " tcp" + newLine;
diff --git a/app/src/main/java/se/leap/bitmaskclient/pluggableTransports/Obfs4Options.java b/app/src/main/java/se/leap/bitmaskclient/pluggableTransports/Obfs4Options.java
index ab6ea445..b96f88ca 100644
--- a/app/src/main/java/se/leap/bitmaskclient/pluggableTransports/Obfs4Options.java
+++ b/app/src/main/java/se/leap/bitmaskclient/pluggableTransports/Obfs4Options.java
@@ -7,6 +7,7 @@ public class Obfs4Options implements Serializable {
public String iatMode;
public String remoteIP;
public String remotePort;
+ // openvpn is still using tcp, obfs4 is wrapped in kcp, if udp == true
public boolean udp;
public Obfs4Options(String remoteIP, String remotePort, String cert, String iatMode, boolean udp) {