summaryrefslogtreecommitdiff
path: root/app/src
diff options
context:
space:
mode:
authorcyBerta <cyberta@riseup.net>2021-11-14 18:34:04 +0100
committercyBerta <cyberta@riseup.net>2021-11-14 18:34:04 +0100
commitf18a85e4cd95f938c9ed78b31b8d27b2a02994c7 (patch)
tree94e2dfa2f6c4d82a82ef24df6be5ccd219b4e69b /app/src
parenta48c6c1c719247e4663d946e4ee56bfada98b5e6 (diff)
skip obfs4 connections using either ipv6 addresses or UDP
Diffstat (limited to 'app/src')
-rw-r--r--app/src/main/java/se/leap/bitmaskclient/eip/VpnConfigGenerator.java42
-rw-r--r--app/src/test/java/se/leap/bitmaskclient/eip/VpnConfigGeneratorTest.java42
-rw-r--r--app/src/test/resources/ptdemo_misconfigured_ipv4ipv6.json65
-rw-r--r--app/src/test/resources/ptdemo_misconfigured_udp.json65
-rw-r--r--app/src/test/resources/ptdemo_misconfigured_udptcp.json66
5 files changed, 277 insertions, 3 deletions
diff --git a/app/src/main/java/se/leap/bitmaskclient/eip/VpnConfigGenerator.java b/app/src/main/java/se/leap/bitmaskclient/eip/VpnConfigGenerator.java
index 245c7b8b..d72f0936 100644
--- a/app/src/main/java/se/leap/bitmaskclient/eip/VpnConfigGenerator.java
+++ b/app/src/main/java/se/leap/bitmaskclient/eip/VpnConfigGenerator.java
@@ -29,8 +29,10 @@ import java.util.Iterator;
import de.blinkt.openvpn.VpnProfile;
import de.blinkt.openvpn.core.ConfigParser;
+import de.blinkt.openvpn.core.VpnStatus;
import de.blinkt.openvpn.core.connection.Connection;
import se.leap.bitmaskclient.base.models.Provider;
+import se.leap.bitmaskclient.base.utils.ConfigHelper;
import se.leap.bitmaskclient.pluggableTransports.Obfs4Options;
import static de.blinkt.openvpn.core.connection.Connection.TransportType.OBFS4;
@@ -95,7 +97,11 @@ public class VpnConfigGenerator {
HashMap<Connection.TransportType, VpnProfile> profiles = new HashMap<>();
profiles.put(OPENVPN, createProfile(OPENVPN));
if (supportsObfs4()) {
- profiles.put(OBFS4, createProfile(OBFS4));
+ try {
+ profiles.put(OBFS4, createProfile(OBFS4));
+ } catch (ConfigParser.ConfigParseError | NumberFormatException | JSONException | IOException e) {
+ e.printStackTrace();
+ }
}
return profiles;
}
@@ -191,6 +197,7 @@ public class VpnConfigGenerator {
if (remotes.endsWith(newLine)) {
remotes = remotes.substring(0, remotes.lastIndexOf(newLine));
}
+
return remotes;
}
@@ -249,6 +256,7 @@ public class VpnConfigGenerator {
private void obfs4GatewayConfigMinApiv3(StringBuilder stringBuilder, String[] ipAddresses, JSONArray transports) throws JSONException {
JSONObject obfs4Transport = getTransport(transports, OBFS4);
+ JSONArray protocols = obfs4Transport.getJSONArray(PROTOCOLS);
//for now only use ipv4 gateway the syntax route remote_host 255.255.255.255 net_gateway is not yet working
// https://community.openvpn.net/openvpn/ticket/1161
/*for (String ipAddress : ipAddresses) {
@@ -260,10 +268,38 @@ public class VpnConfigGenerator {
return;
}
- String ipAddress = ipAddresses[ipAddresses.length - 1];
+ // check if at least one address is IPv4, IPv6 is currently not supported for obfs4
+ String ipAddress = null;
+ for (String address : ipAddresses) {
+ if (ConfigHelper.isIPv4(address)) {
+ ipAddress = address;
+ break;
+ }
+ VpnStatus.logWarning("Skipping IP address " + address + " while configuring obfs4.");
+ }
+
+ if (ipAddress == null) {
+ VpnStatus.logError("No matching IPv4 address found to configure obfs4.");
+ return;
+ }
+
+ // check if at least one protocol is TCP, UDP is currently not supported for obfs4
+ boolean hasTcp = false;
+ for (int i = 0; i < protocols.length(); i++) {
+ String protocol = protocols.getString(i);
+ if (protocol.contains("tcp")) {
+ hasTcp = true;
+ }
+ }
+
+ if (!hasTcp) {
+ VpnStatus.logError("obfs4 currently only allows TCP! Skipping obfs4 config for ip " + ipAddress);
+ return;
+ }
+
String route = "route " + ipAddress + " 255.255.255.255 net_gateway" + newLine;
stringBuilder.append(route);
- String remote = REMOTE + " " + DISPATCHER_IP + " " + DISPATCHER_PORT + " " + obfs4Transport.getJSONArray(PROTOCOLS).getString(0) + newLine;
+ String remote = REMOTE + " " + DISPATCHER_IP + " " + DISPATCHER_PORT + " tcp" + newLine;
stringBuilder.append(remote);
}
diff --git a/app/src/test/java/se/leap/bitmaskclient/eip/VpnConfigGeneratorTest.java b/app/src/test/java/se/leap/bitmaskclient/eip/VpnConfigGeneratorTest.java
index 2f2266cb..56575556 100644
--- a/app/src/test/java/se/leap/bitmaskclient/eip/VpnConfigGeneratorTest.java
+++ b/app/src/test/java/se/leap/bitmaskclient/eip/VpnConfigGeneratorTest.java
@@ -1149,5 +1149,47 @@ public class VpnConfigGeneratorTest {
assertTrue(vpnProfiles.containsKey(OPENVPN));
}
+ @Test
+ public void testGenerateVpnProfile_v3_obfs4IPv6_skip() throws Exception {
+ gateway = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("ptdemo_misconfigured_ipv6.json"))).getJSONArray("gateways").getJSONObject(0);
+ generalConfig = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("ptdemo_misconfigured_ipv6.json"))).getJSONObject(OPENVPN_CONFIGURATION);
+ vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, 3);
+ HashMap<Connection.TransportType, VpnProfile> vpnProfiles = vpnConfigGenerator.generateVpnProfiles();
+ assertFalse(vpnProfiles.containsKey(OBFS4));
+ }
+
+ @Test
+ public void testGenerateVpnProfile_v3_obfs4IPv4AndIPv6_skipIPv6() throws Exception {
+ gateway = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("ptdemo_misconfigured_ipv4ipv6.json"))).getJSONArray("gateways").getJSONObject(0);
+ generalConfig = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("ptdemo_misconfigured_ipv4ipv6.json"))).getJSONObject(OPENVPN_CONFIGURATION);
+ vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, 3);
+ HashMap<Connection.TransportType, VpnProfile> vpnProfiles = vpnConfigGenerator.generateVpnProfiles();
+ assertTrue(vpnProfiles.containsKey(OBFS4));
+ assertTrue(vpnProfiles.containsKey(OPENVPN));
+ assertEquals(1, vpnProfiles.get(OBFS4).mConnections.length);
+ assertEquals("37.218.247.60/32", vpnProfiles.get(OBFS4).mExcludedRoutes.trim());
+ }
+
+ @Test
+ public void testGenerateVpnProfile_v3_obfs4udp_skip() throws Exception {
+ gateway = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("ptdemo_misconfigured_udp.json"))).getJSONArray("gateways").getJSONObject(0);
+ generalConfig = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("ptdemo_misconfigured_udp.json"))).getJSONObject(OPENVPN_CONFIGURATION);
+ vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, 3);
+ HashMap<Connection.TransportType, VpnProfile> vpnProfiles = vpnConfigGenerator.generateVpnProfiles();
+ assertFalse(vpnProfiles.containsKey(OBFS4));
+ assertTrue(vpnProfiles.containsKey(OPENVPN));
+ }
+
+ @Test
+ public void testGenerateVpnProfile_v3_obfs4UDPAndTCP_skipUDP() throws Exception {
+ gateway = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("ptdemo_misconfigured_udptcp.json"))).getJSONArray("gateways").getJSONObject(0);
+ generalConfig = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("ptdemo_misconfigured_udptcp.json"))).getJSONObject(OPENVPN_CONFIGURATION);
+ vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, 3);
+ HashMap<Connection.TransportType, VpnProfile> vpnProfiles = vpnConfigGenerator.generateVpnProfiles();
+ assertTrue(vpnProfiles.containsKey(OBFS4));
+ assertTrue(vpnProfiles.containsKey(OPENVPN));
+ assertEquals(1, vpnProfiles.get(OBFS4).mConnections.length);
+ assertFalse(vpnProfiles.get(OBFS4).mConnections[0].isUseUdp());
+ }
} \ No newline at end of file
diff --git a/app/src/test/resources/ptdemo_misconfigured_ipv4ipv6.json b/app/src/test/resources/ptdemo_misconfigured_ipv4ipv6.json
new file mode 100644
index 00000000..5c913c14
--- /dev/null
+++ b/app/src/test/resources/ptdemo_misconfigured_ipv4ipv6.json
@@ -0,0 +1,65 @@
+{
+ "gateways":[
+ {
+ "capabilities":{
+ "adblock":false,
+ "filter_dns":false,
+ "limited":false,
+ "transport":[
+ {
+ "type":"obfs4",
+ "protocols":[
+ "tcp"
+ ],
+ "ports":[
+ "23049"
+ ],
+ "options": {
+ "cert": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
+ "iatMode": "0"
+ }
+ },
+ {
+ "type":"openvpn",
+ "protocols":[
+ "tcp"
+ ],
+ "ports":[
+ "1195"
+ ]
+ }
+ ],
+ "user_ips":false
+ },
+ "host":"pt.demo.bitmask.net",
+ "ip_address6":"2001:db8:123::1058",
+ "ip_address":"37.218.247.60",
+ "location":"Amsterdam"
+ }
+ ],
+ "locations":{
+ "Amsterdam":{
+ "country_code":"NL",
+ "hemisphere":"N",
+ "name":"Amsterdam",
+ "timezone":"-1"
+ }
+ },
+ "openvpn_configuration":{
+ "auth":"SHA1",
+ "cipher":"AES-256-CBC",
+ "keepalive":"10 30",
+ "tls-cipher":"DHE-RSA-AES128-SHA",
+ "tun-ipv6":true,
+ "dev" : "tun",
+ "sndbuf" : "0",
+ "rcvbuf" : "0",
+ "nobind" : true,
+ "persist-key" : true,
+ "comp-lzo" : true,
+ "key-direction" : "1",
+ "verb" : "3"
+ },
+ "serial":2,
+ "version":3
+} \ No newline at end of file
diff --git a/app/src/test/resources/ptdemo_misconfigured_udp.json b/app/src/test/resources/ptdemo_misconfigured_udp.json
new file mode 100644
index 00000000..aa9a0d33
--- /dev/null
+++ b/app/src/test/resources/ptdemo_misconfigured_udp.json
@@ -0,0 +1,65 @@
+{
+ "gateways":[
+ {
+ "capabilities":{
+ "adblock":false,
+ "filter_dns":false,
+ "limited":false,
+ "transport":[
+ {
+ "type":"obfs4",
+ "protocols":[
+ "udp"
+ ],
+ "ports":[
+ "23049"
+ ],
+ "options": {
+ "cert": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
+ "iatMode": "0"
+ }
+ },
+ {
+ "type":"openvpn",
+ "protocols":[
+ "tcp"
+ ],
+ "ports":[
+ "1195"
+ ]
+ }
+ ],
+ "user_ips":false
+ },
+ "host":"pt.demo.bitmask.net",
+ "ip_address6":"2001:db8:123::1058",
+ "ip_address":"37.218.247.60",
+ "location":"Amsterdam"
+ }
+ ],
+ "locations":{
+ "Amsterdam":{
+ "country_code":"NL",
+ "hemisphere":"N",
+ "name":"Amsterdam",
+ "timezone":"-1"
+ }
+ },
+ "openvpn_configuration":{
+ "auth":"SHA1",
+ "cipher":"AES-256-CBC",
+ "keepalive":"10 30",
+ "tls-cipher":"DHE-RSA-AES128-SHA",
+ "tun-ipv6":true,
+ "dev" : "tun",
+ "sndbuf" : "0",
+ "rcvbuf" : "0",
+ "nobind" : true,
+ "persist-key" : true,
+ "comp-lzo" : true,
+ "key-direction" : "1",
+ "verb" : "3"
+ },
+ "serial":2,
+ "version":3
+} \ No newline at end of file
diff --git a/app/src/test/resources/ptdemo_misconfigured_udptcp.json b/app/src/test/resources/ptdemo_misconfigured_udptcp.json
new file mode 100644
index 00000000..42d55de9
--- /dev/null
+++ b/app/src/test/resources/ptdemo_misconfigured_udptcp.json
@@ -0,0 +1,66 @@
+{
+ "gateways":[
+ {
+ "capabilities":{
+ "adblock":false,
+ "filter_dns":false,
+ "limited":false,
+ "transport":[
+ {
+ "type":"obfs4",
+ "protocols":[
+ "udp",
+ "tcp"
+ ],
+ "ports":[
+ "23049"
+ ],
+ "options": {
+ "cert": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
+ "iatMode": "0"
+ }
+ },
+ {
+ "type":"openvpn",
+ "protocols":[
+ "tcp"
+ ],
+ "ports":[
+ "1195"
+ ]
+ }
+ ],
+ "user_ips":false
+ },
+ "host":"pt.demo.bitmask.net",
+ "ip_address6":"2001:db8:123::1058",
+ "ip_address":"37.218.247.60",
+ "location":"Amsterdam"
+ }
+ ],
+ "locations":{
+ "Amsterdam":{
+ "country_code":"NL",
+ "hemisphere":"N",
+ "name":"Amsterdam",
+ "timezone":"-1"
+ }
+ },
+ "openvpn_configuration":{
+ "auth":"SHA1",
+ "cipher":"AES-256-CBC",
+ "keepalive":"10 30",
+ "tls-cipher":"DHE-RSA-AES128-SHA",
+ "tun-ipv6":true,
+ "dev" : "tun",
+ "sndbuf" : "0",
+ "rcvbuf" : "0",
+ "nobind" : true,
+ "persist-key" : true,
+ "comp-lzo" : true,
+ "key-direction" : "1",
+ "verb" : "3"
+ },
+ "serial":2,
+ "version":3
+} \ No newline at end of file
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-29 11:59:04 +0000