summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorcyBerta <cyberta@riseup.net>2022-08-05 18:33:26 +0200
committercyBerta <cyberta@riseup.net>2022-08-05 18:33:26 +0200
commit69ee8926dbdebd97cf0f8a9232050677730415a5 (patch)
treeafdf116631285f26dcc628e952ef48365b6056e7
parentb2336a5dc626cbaaaa12b27629c50c44e1d76353 (diff)
let a gateway have only one transport if obfuscation proxy pinning is enabled
-rw-r--r--app/src/main/java/se/leap/bitmaskclient/eip/VpnConfigGenerator.java69
1 files changed, 34 insertions, 35 deletions
diff --git a/app/src/main/java/se/leap/bitmaskclient/eip/VpnConfigGenerator.java b/app/src/main/java/se/leap/bitmaskclient/eip/VpnConfigGenerator.java
index 8864822a..f60d89ce 100644
--- a/app/src/main/java/se/leap/bitmaskclient/eip/VpnConfigGenerator.java
+++ b/app/src/main/java/se/leap/bitmaskclient/eip/VpnConfigGenerator.java
@@ -123,10 +123,10 @@ public class VpnConfigGenerator {
JSONObject transport = supportedTransports.getJSONObject(i);
if (transport.getString(TYPE).equals(OBFS4.toString())) {
obfs4Transport = transport;
- if (!experimentalTransports) {
+ if (!experimentalTransports && !obfuscationPinningKCP) {
break;
}
- } else if (experimentalTransports && transport.getString(TYPE).equals(OBFS4_KCP.toString())) {
+ } else if ((experimentalTransports || obfuscationPinningKCP) && transport.getString(TYPE).equals(OBFS4_KCP.toString())) {
obfs4TKcpTransport = transport;
}
}
@@ -139,11 +139,15 @@ public class VpnConfigGenerator {
public HashMap<TransportType, VpnProfile> generateVpnProfiles() throws
ConfigParser.ConfigParseError,
- NumberFormatException,
- JSONException,
- IOException {
+ NumberFormatException {
HashMap<Connection.TransportType, VpnProfile> profiles = new HashMap<>();
- profiles.put(OPENVPN, createProfile(OPENVPN));
+ if (supportsOpenvpn()) {
+ try {
+ profiles.put(OPENVPN, createProfile(OPENVPN));
+ } catch (ConfigParser.ConfigParseError | NumberFormatException | JSONException | IOException e) {
+ e.printStackTrace();
+ }
+ }
if (supportsObfs4()) {
try {
profiles.put(OBFS4, createProfile(OBFS4));
@@ -158,15 +162,21 @@ public class VpnConfigGenerator {
e.printStackTrace();
}
}
+ if (profiles.isEmpty()) {
+ throw new ConfigParser.ConfigParseError("No supported transports detected.");
+ }
return profiles;
}
+ private boolean supportsOpenvpn() {
+ return !useObfuscationPinning && !gatewayConfiguration(OPENVPN).isEmpty();
+ }
private boolean supportsObfs4(){
- return obfs4Transport != null;
+ return obfs4Transport != null && !(useObfuscationPinning && obfuscationPinningKCP);
}
private boolean supportsObfs4Kcp() {
- return obfs4TKcpTransport != null;
+ return obfs4TKcpTransport != null && !(useObfuscationPinning && !obfuscationPinningKCP);
}
private String getConfigurationString(TransportType transportType) {
@@ -365,22 +375,8 @@ public class VpnConfigGenerator {
}
private void ptGatewayConfigMinApiv3(StringBuilder stringBuilder, String[] ipAddresses, TransportType transportType, JSONArray transports) throws JSONException {
- if (useObfuscationPinning) {
- JSONArray pinnedTransports = new JSONArray();
- for (int i = 0; i < transports.length(); i++) {
- if (OPENVPN.toString().equals(transports.getJSONObject(i).get(TYPE))) {
- pinnedTransports.put(transports.getJSONObject(i));
- break;
- }
- }
- pinnedTransports.put(supportsObfs4() ? obfs4Transport : obfs4TKcpTransport);
- transports = pinnedTransports;
- }
-
JSONObject ptTransport = getTransport(transports, transportType);
JSONArray ptProtocols = ptTransport.getJSONArray(PROTOCOLS);
- JSONObject openvpnTransport = getTransport(transports, OPENVPN);
- JSONArray gatewayProtocols = openvpnTransport.getJSONArray(PROTOCOLS);
//for now only use ipv4 gateway the syntax route remote_host 255.255.255.255 net_gateway is not yet working
// https://community.openvpn.net/openvpn/ticket/1161
@@ -408,20 +404,23 @@ public class VpnConfigGenerator {
return;
}
- // check if at least one openvpn protocol is TCP, openvpn in UDP is currently not supported for obfs4,
- // however on the wire UDP might be used
- boolean hasOpenvpnTcp = false;
- for (int i = 0; i < gatewayProtocols.length(); i++) {
- String protocol = gatewayProtocols.getString(i);
- if (protocol.contains("tcp")) {
- hasOpenvpnTcp = true;
- break;
+ if (!useObfuscationPinning) {
+ // check if at least one openvpn protocol is TCP, openvpn in UDP is currently not supported for obfs4,
+ // however on the wire UDP might be used
+ boolean hasOpenvpnTcp = false;
+ JSONObject openvpnTransport = getTransport(transports, OPENVPN);
+ JSONArray gatewayProtocols = openvpnTransport.getJSONArray(PROTOCOLS);
+ for (int i = 0; i < gatewayProtocols.length(); i++) {
+ String protocol = gatewayProtocols.getString(i);
+ if (protocol.contains("tcp")) {
+ hasOpenvpnTcp = true;
+ break;
+ }
+ }
+ if (!hasOpenvpnTcp) {
+ VpnStatus.logError("obfs4 currently only allows openvpn in TCP mode! Skipping obfs4 config for ip " + ipAddress);
+ return;
}
- }
-
- if (!hasOpenvpnTcp) {
- VpnStatus.logError("obfs4 currently only allows openvpn in TCP mode! Skipping obfs4 config for ip " + ipAddress);
- return;
}
boolean hasAllowedPTProtocol = false;