diff options
Diffstat (limited to 'app/src/main/java')
8 files changed, 144 insertions, 150 deletions
diff --git a/app/src/main/java/de/blinkt/openvpn/LaunchVPN.java b/app/src/main/java/de/blinkt/openvpn/LaunchVPN.java index a39e780a..3f80eef0 100644 --- a/app/src/main/java/de/blinkt/openvpn/LaunchVPN.java +++ b/app/src/main/java/de/blinkt/openvpn/LaunchVPN.java @@ -4,8 +4,6 @@ import se.leap.bitmaskclient.R; import se.leap.bitmaskclient.R; -import java.io.IOException; - import android.app.Activity; import android.app.AlertDialog; import android.content.ActivityNotFoundException; @@ -20,13 +18,17 @@ import android.text.InputType; import android.text.TextUtils; import android.text.method.PasswordTransformationMethod; import android.view.View; -import android.widget.*; +import android.widget.CheckBox; +import android.widget.CompoundButton; +import android.widget.EditText; + +import java.io.IOException; import de.blinkt.openvpn.activities.LogWindow; -import de.blinkt.openvpn.core.VpnStatus; -import de.blinkt.openvpn.core.VpnStatus.ConnectionStatus; import de.blinkt.openvpn.core.ProfileManager; import de.blinkt.openvpn.core.VPNLaunchHelper; +import de.blinkt.openvpn.core.VpnStatus; +import de.blinkt.openvpn.core.VpnStatus.ConnectionStatus; /** * This Activity actually handles two stages of a launcher shortcut's life cycle. @@ -111,7 +113,6 @@ public class LaunchVPN extends Activity { } } - @Override protected void onActivityResult (int requestCode, int resultCode, Intent data) { super.onActivityResult(requestCode, resultCode, data); diff --git a/app/src/main/java/de/blinkt/openvpn/VpnProfile.java b/app/src/main/java/de/blinkt/openvpn/VpnProfile.java index 0166eb98..d44d0f5a 100644 --- a/app/src/main/java/de/blinkt/openvpn/VpnProfile.java +++ b/app/src/main/java/de/blinkt/openvpn/VpnProfile.java @@ -4,6 +4,7 @@ import se.leap.bitmaskclient.R; import se.leap.bitmaskclient.R; +import android.annotation.SuppressLint; import android.content.Context; import android.content.Intent; import android.content.SharedPreferences; @@ -14,6 +15,7 @@ import android.os.Build; import android.preference.PreferenceManager; import android.security.KeyChain; import android.security.KeyChainException; +import android.text.TextUtils; import android.util.Base64; import org.spongycastle.util.io.pem.PemObject; @@ -115,8 +117,8 @@ public class VpnProfile implements Serializable { public boolean mUseDefaultRoute = true; public boolean mUsePull = true; public String mCustomRoutes; - public boolean mCheckRemoteCN = false; - public boolean mExpectTLSCert = true; + public boolean mCheckRemoteCN = true; + public boolean mExpectTLSCert = false; public String mRemoteCN = ""; public String mPassword = ""; public String mUsername = ""; @@ -181,6 +183,7 @@ public class VpnProfile implements Serializable { mUseDefaultRoute = false; mUseDefaultRoutev6 = false; mExpectTLSCert = false; + mCheckRemoteCN = false; mPersistTun = false; mAllowLocalLAN = true; } @@ -199,10 +202,7 @@ public class VpnProfile implements Serializable { public void upgradeProfile(){ if(mProfileVersion< 2) { /* default to the behaviour the OS used */ - if (Build.VERSION.SDK_INT < Build.VERSION_CODES.KITKAT) - mAllowLocalLAN = true; - else - mAllowLocalLAN = false; + mAllowLocalLAN = Build.VERSION.SDK_INT < Build.VERSION_CODES.KITKAT; } mProfileVersion= CURRENT_PROFILE_VERSION; @@ -213,7 +213,7 @@ public class VpnProfile implements Serializable { File cacheDir = context.getCacheDir(); String cfg = ""; - // Enable managment interface + // Enable management interface cfg += "# Enables connection to GUI\n"; cfg += "management "; @@ -230,6 +230,9 @@ public class VpnProfile implements Serializable { cfg += "machine-readable-output\n"; + // Users are confused by warnings that are misleading... + cfg += "ifconfig-nowarn\n"; + boolean useTLSClient = (mAuthenticationType != TYPE_STATICKEYS); @@ -327,7 +330,7 @@ public class VpnProfile implements Serializable { else cfg += insertFileData("tls-auth", mTLSAuthFilename); - if (nonNull(mTLSAuthDirection)) { + if (!TextUtils.isEmpty(mTLSAuthDirection)) { cfg += "key-direction "; cfg += mTLSAuthDirection; cfg += "\n"; @@ -336,10 +339,10 @@ public class VpnProfile implements Serializable { } if (!mUsePull) { - if (nonNull(mIPv4Address)) + if (!TextUtils.isEmpty(mIPv4Address)) cfg += "ifconfig " + cidrToIPAndNetmask(mIPv4Address) + "\n"; - if (nonNull(mIPv6Address)) + if (!TextUtils.isEmpty(mIPv6Address)) cfg += "ifconfig-ipv6 " + mIPv6Address + "\n"; } @@ -377,11 +380,11 @@ public class VpnProfile implements Serializable { cfg += routes; if (mOverrideDNS || !mUsePull) { - if (nonNull(mDNS1)) + if (!TextUtils.isEmpty(mDNS1)) cfg += "dhcp-option DNS " + mDNS1 + "\n"; - if (nonNull(mDNS2)) + if (!TextUtils.isEmpty(mDNS2)) cfg += "dhcp-option DNS " + mDNS2 + "\n"; - if (nonNull(mSearchDomain)) + if (!TextUtils.isEmpty(mSearchDomain)) cfg += "dhcp-option DOMAIN " + mSearchDomain + "\n"; } @@ -422,11 +425,11 @@ public class VpnProfile implements Serializable { cfg += "remote-cert-tls server\n"; } - if (nonNull(mCipher)) { + if (!TextUtils.isEmpty(mCipher)) { cfg += "cipher " + mCipher + "\n"; } - if (nonNull(mAuth)) { + if (!TextUtils.isEmpty(mAuth)) { cfg += "auth " + mAuth + "\n"; } @@ -488,13 +491,6 @@ public class VpnProfile implements Serializable { } } - private boolean nonNull(String val) { - if (val == null || val.equals("")) - return false; - else - return true; - } - private Collection<String> getCustomRoutes(String routes) { Vector<String> cidrRoutes = new Vector<String>(); if (routes == null) { @@ -636,8 +632,8 @@ public class VpnProfile implements Serializable { synchronized String[] getKeyStoreCertificates(Context context,int tries) { PrivateKey privateKey = null; - X509Certificate[] cachain; - Exception exp=null; + X509Certificate[] caChain; + Exception exp; try { privateKey = KeyChain.getPrivateKey(context, mAlias); mPrivateKey = privateKey; @@ -645,18 +641,18 @@ public class VpnProfile implements Serializable { String keystoreChain = null; - cachain = KeyChain.getCertificateChain(context, mAlias); - if(cachain == null) + caChain = KeyChain.getCertificateChain(context, mAlias); + if(caChain == null) throw new NoCertReturnedException("No certificate returned from Keystore"); - if (cachain.length <= 1 && !nonNull(mCaFilename)) { + if (caChain.length <= 1 && TextUtils.isEmpty(mCaFilename)) { VpnStatus.logMessage(VpnStatus.LogLevel.ERROR, "", context.getString(R.string.keychain_nocacert)); } else { StringWriter ksStringWriter = new StringWriter(); PemWriter pw = new PemWriter(ksStringWriter); - for (int i = 1; i < cachain.length; i++) { - X509Certificate cert = cachain[i]; + for (int i = 1; i < caChain.length; i++) { + X509Certificate cert = caChain[i]; pw.writeObject(new PemObject("CERTIFICATE", cert.getEncoded())); } pw.close(); @@ -665,7 +661,7 @@ public class VpnProfile implements Serializable { String caout = null; - if (nonNull(mCaFilename)) { + if (!TextUtils.isEmpty(mCaFilename)) { try { Certificate cacert = X509Utils.getCertificateFromFile(mCaFilename); StringWriter caoutWriter = new StringWriter(); @@ -684,8 +680,8 @@ public class VpnProfile implements Serializable { StringWriter certout = new StringWriter(); - if (cachain.length >= 1) { - X509Certificate usercert = cachain[0]; + if (caChain.length >= 1) { + X509Certificate usercert = caChain[0]; PemWriter upw = new PemWriter(certout); upw.writeObject(new PemObject("CERTIFICATE", usercert.getEncoded())); @@ -730,15 +726,14 @@ public class VpnProfile implements Serializable { } return getKeyStoreCertificates(context, tries-1); } - if (exp != null) { - exp.printStackTrace(); - VpnStatus.logError(R.string.keyChainAccessError, exp.getLocalizedMessage()); - VpnStatus.logError(R.string.keychain_access); - if (Build.VERSION.SDK_INT == Build.VERSION_CODES.JELLY_BEAN) { - if (!mAlias.matches("^[a-zA-Z0-9]$")) { - VpnStatus.logError(R.string.jelly_keystore_alphanumeric_bug); - } + exp.printStackTrace(); + VpnStatus.logError(R.string.keyChainAccessError, exp.getLocalizedMessage()); + + VpnStatus.logError(R.string.keychain_access); + if (Build.VERSION.SDK_INT == Build.VERSION_CODES.JELLY_BEAN) { + if (!mAlias.matches("^[a-zA-Z0-9]$")) { + VpnStatus.logError(R.string.jelly_keystore_alphanumeric_bug); } } return null; @@ -801,7 +796,7 @@ public class VpnProfile implements Serializable { } public boolean requireTLSKeyPassword() { - if (!nonNull(mClientKeyFilename)) + if (TextUtils.isEmpty(mClientKeyFilename)) return false; String data = ""; @@ -842,13 +837,13 @@ public class VpnProfile implements Serializable { } if (mAuthenticationType == TYPE_CERTIFICATES || mAuthenticationType == TYPE_USERPASS_CERTIFICATES) { - if (requireTLSKeyPassword() && !nonNull(mKeyPassword)) + if (requireTLSKeyPassword() && TextUtils.isEmpty(mKeyPassword)) if (mTransientPCKS12PW == null) { return R.string.private_key_password; } } - if (isUserPWAuth() && !(nonNull(mUsername) && (nonNull(mPassword) || mTransientPW != null))) { + if (isUserPWAuth() && !(!TextUtils.isEmpty(mUsername) && (!TextUtils.isEmpty(mPassword) || mTransientPW != null))) { return R.string.password; } return 0; @@ -893,12 +888,15 @@ public class VpnProfile implements Serializable { try { + /* ECB is perfectly fine in this special case, since we are using it for + the public/private part in the TLS exchange + */ + @SuppressLint("GetInstance") + Cipher rsaSigner = Cipher.getInstance("RSA/ECB/PKCS1PADDING"); - Cipher rsasinger = Cipher.getInstance("RSA/ECB/PKCS1PADDING"); - - rsasinger.init(Cipher.ENCRYPT_MODE, privkey); + rsaSigner.init(Cipher.ENCRYPT_MODE, privkey); - byte[] signed_bytes = rsasinger.doFinal(data); + byte[] signed_bytes = rsaSigner.doFinal(data); return Base64.encodeToString(signed_bytes, Base64.NO_WRAP); } catch (NoSuchAlgorithmException e) { diff --git a/app/src/main/java/de/blinkt/openvpn/activities/DisconnectVPN.java b/app/src/main/java/de/blinkt/openvpn/activities/DisconnectVPN.java index da011c98..8e418053 100644 --- a/app/src/main/java/de/blinkt/openvpn/activities/DisconnectVPN.java +++ b/app/src/main/java/de/blinkt/openvpn/activities/DisconnectVPN.java @@ -43,8 +43,8 @@ public class DisconnectVPN extends Activity implements DialogInterface.OnClickLi } @Override - protected void onStop() { - super.onStop(); + protected void onPause() { + super.onPause(); unbindService(mConnection); } diff --git a/app/src/main/java/de/blinkt/openvpn/core/ConfigParser.java b/app/src/main/java/de/blinkt/openvpn/core/ConfigParser.java index 378b6b92..d23b521f 100644 --- a/app/src/main/java/de/blinkt/openvpn/core/ConfigParser.java +++ b/app/src/main/java/de/blinkt/openvpn/core/ConfigParser.java @@ -1,7 +1,5 @@ package de.blinkt.openvpn.core; -import de.blinkt.openvpn.VpnProfile; - import java.io.BufferedReader; import java.io.IOException; import java.io.Reader; @@ -10,6 +8,8 @@ import java.util.HashMap; import java.util.Locale; import java.util.Vector; +import de.blinkt.openvpn.VpnProfile; + //! Openvpn Config FIle Parser, probably not 100% accurate but close enough // And remember, this is valid :) @@ -31,11 +31,17 @@ public class ConfigParser { BufferedReader br =new BufferedReader(reader); + int lineno=0; while (true){ String line = br.readLine(); + lineno++; if(line==null) break; + if (lineno==1 && (line.startsWith("PK\003\004") + || (line.startsWith("PK\007\008")))) + throw new ConfigParseError("Input looks like a ZIP Archive. Import is only possible for OpenVPN config files (.ovpn/.conf)"); + // Check for OpenVPN Access Server Meta information if (line.startsWith("# OVPN_ACCESS_SERVER_")) { Vector<String> metaarg = parsemeta(line); @@ -440,8 +446,8 @@ public class ConfigParser { } Vector<String> rport = getOption("rport", 1,1); - if(port!=null){ - np.mServerPort = port.get(1); + if(rport!=null){ + np.mServerPort = rport.get(1); } Vector<String> proto = getOption("proto", 1,1); diff --git a/app/src/main/java/de/blinkt/openvpn/core/NetworkSpace.java b/app/src/main/java/de/blinkt/openvpn/core/NetworkSpace.java index 990e70d8..81a17ef9 100644 --- a/app/src/main/java/de/blinkt/openvpn/core/NetworkSpace.java +++ b/app/src/main/java/de/blinkt/openvpn/core/NetworkSpace.java @@ -5,6 +5,8 @@ import android.text.TextUtils; import junit.framework.Assert; +import org.jetbrains.annotations.NotNull; + import java.math.BigInteger; import java.net.Inet6Address; import java.util.*; @@ -23,13 +25,18 @@ public class NetworkSpace { private BigInteger lastAddress; + /** + * sorts the networks with following criteria: + * 1. compares first 1 of the network + * 2. smaller networks are returned as smaller + */ @Override - public int compareTo(ipAddress another) { + public int compareTo(@NotNull ipAddress another) { int comp = getFirstAddress().compareTo(another.getFirstAddress()); if (comp != 0) return comp; - // bigger mask means smaller address block + if (networkMask > another.networkMask) return -1; else if (another.networkMask == networkMask) @@ -38,6 +45,22 @@ public class NetworkSpace { return 1; } + /** + * Warning ignores the included integer + * + * @param o + * the object to compare this instance with. + */ + @Override + public boolean equals(Object o) { + if (!(o instanceof ipAddress)) + return super.equals(o); + + + ipAddress on = (ipAddress) o; + return (networkMask == on.networkMask) && on.getFirstAddress().equals(getFirstAddress()); + } + public ipAddress(CIDRIP ip, boolean include) { included = include; netAddress = BigInteger.valueOf(ip.getInt()); @@ -110,10 +133,10 @@ public class NetworkSpace { public ipAddress[] split() { - ipAddress firsthalf = new ipAddress(getFirstAddress(), networkMask + 1, included, isV4); - ipAddress secondhalf = new ipAddress(firsthalf.getLastAddress().add(BigInteger.ONE), networkMask + 1, included, isV4); - if (BuildConfig.DEBUG) Assert.assertTrue(secondhalf.getLastAddress().equals(getLastAddress())); - return new ipAddress[]{firsthalf, secondhalf}; + ipAddress firstHalf = new ipAddress(getFirstAddress(), networkMask + 1, included, isV4); + ipAddress secondHalf = new ipAddress(firstHalf.getLastAddress().add(BigInteger.ONE), networkMask + 1, included, isV4); + if (BuildConfig.DEBUG) Assert.assertTrue(secondHalf.getLastAddress().equals(getLastAddress())); + return new ipAddress[]{firstHalf, secondHalf}; } String getIPv4Address() { @@ -185,7 +208,7 @@ public class NetworkSpace { return ipsDone; while (currentNet!=null) { - // Check if it and the next of it are compatbile + // Check if it and the next of it are compatible ipAddress nextNet = networks.poll(); if (BuildConfig.DEBUG) Assert.assertNotNull(currentNet); @@ -202,9 +225,12 @@ public class NetworkSpace { // Simply forget our current network currentNet=nextNet; } else { - // our currentnet is included in next and types differ. Need to split the next network + // our currentNet is included in next and types differ. Need to split the next network ipAddress[] newNets = nextNet.split(); + + // TODO: The contains method of the Priority is stupid linear search + // First add the second half to keep the order in networks if (!networks.contains(newNets[1])) networks.add(newNets[1]); @@ -226,6 +252,7 @@ public class NetworkSpace { } // This network is bigger than the next and last ip of current >= next + //noinspection StatementWithEmptyBody if (currentNet.included == nextNet.included) { // Next network is in included in our network with the same type, // simply ignore the next and move on @@ -238,7 +265,7 @@ public class NetworkSpace { if (BuildConfig.DEBUG) { Assert.assertTrue (newNets[1].getFirstAddress().equals(nextNet.getFirstAddress())); Assert.assertTrue (newNets[1].getLastAddress().equals(currentNet.getLastAddress())); - // Splitted second equal the next network, do not add it + // split second equal the next network, do not add it } networks.add(nextNet); } else { diff --git a/app/src/main/java/de/blinkt/openvpn/core/OpenVPNThread.java b/app/src/main/java/de/blinkt/openvpn/core/OpenVPNThread.java index 0de54ed7..67c05e7d 100644 --- a/app/src/main/java/de/blinkt/openvpn/core/OpenVPNThread.java +++ b/app/src/main/java/de/blinkt/openvpn/core/OpenVPNThread.java @@ -48,8 +48,6 @@ public class OpenVPNThread implements Runnable { public void stopProcess() { mProcess.destroy(); } - - @Override public void run() { diff --git a/app/src/main/java/de/blinkt/openvpn/core/OpenVpnManagementThread.java b/app/src/main/java/de/blinkt/openvpn/core/OpenVpnManagementThread.java index 4cba4f5f..e6e5be25 100644 --- a/app/src/main/java/de/blinkt/openvpn/core/OpenVpnManagementThread.java +++ b/app/src/main/java/de/blinkt/openvpn/core/OpenVpnManagementThread.java @@ -9,11 +9,9 @@ import android.os.ParcelFileDescriptor; import android.preference.PreferenceManager; import android.util.Log; -import org.jetbrains.annotations.NotNull; +import junit.framework.Assert; -import se.leap.bitmaskclient.R; -import de.blinkt.openvpn.VpnProfile; -import de.blinkt.openvpn.core.VpnStatus.ConnectionStatus; +import org.jetbrains.annotations.NotNull; import java.io.FileDescriptor; import java.io.IOException; @@ -22,7 +20,16 @@ import java.lang.reflect.InvocationTargetException; import java.lang.reflect.Method; import java.net.InetSocketAddress; import java.net.SocketAddress; -import java.util.*; +import java.util.Arrays; +import java.util.Collections; +import java.util.LinkedList; +import java.util.Locale; +import java.util.Vector; + +import se.leap.bitmaskclient.BuildConfig; +import se.leap.bitmaskclient.R; +import de.blinkt.openvpn.VpnProfile; +import de.blinkt.openvpn.core.VpnStatus.ConnectionStatus; public class OpenVpnManagementThread implements Runnable, OpenVPNManagement { @@ -391,7 +398,7 @@ public class OpenVpnManagementThread implements Runnable, OpenVPNManagement { */ if(routeparts.length==5) { - assert(routeparts[3].equals("dev")); + if (BuildConfig.DEBUG) Assert.assertEquals("dev", routeparts[3]); mOpenVPNService.addRoute(routeparts[0], routeparts[1], routeparts[2], routeparts[4]); } else if (routeparts.length >= 3) { mOpenVPNService.addRoute(routeparts[0], routeparts[1], routeparts[2], null); diff --git a/app/src/main/java/de/blinkt/openvpn/core/OpenVpnService.java b/app/src/main/java/de/blinkt/openvpn/core/OpenVpnService.java index 43b27212..9d61247a 100644 --- a/app/src/main/java/de/blinkt/openvpn/core/OpenVpnService.java +++ b/app/src/main/java/de/blinkt/openvpn/core/OpenVpnService.java @@ -72,6 +72,7 @@ public class OpenVpnService extends VpnService implements StateListener, Callbac private OpenVPNManagement mManagement; private String mLastTunCfg; private String mRemoteGW; + private Object mProcessLock = new Object(); // From: http://stackoverflow.com/questions/3758606/how-to-convert-byte-size-into-human-readable-format-in-java public static String humanReadableByteCount(long bytes, boolean mbit) { @@ -110,7 +111,9 @@ public class OpenVpnService extends VpnService implements StateListener, Callbac } private void endVpnService() { - mProcessThread = null; + synchronized (mProcessLock) { + mProcessThread = null; + } VpnStatus.removeByteCountListener(this); unregisterDeviceStateReceiver(); ProfileManager.setConntectedVpnProfileDisconnected(this); @@ -124,46 +127,6 @@ public class OpenVpnService extends VpnService implements StateListener, Callbac } } - private void showNotification(String msg, String tickerText, boolean lowpriority, long when, ConnectionStatus status) { - String ns = Context.NOTIFICATION_SERVICE; - NotificationManager mNotificationManager = (NotificationManager) getSystemService(ns); - - - int icon = getIconByConnectionStatus(status); - - android.app.Notification.Builder nbuilder = new Notification.Builder(this); - - if (mProfile != null) - nbuilder.setContentTitle(getString(R.string.notifcation_title, mProfile.mName)); - else - nbuilder.setContentTitle(getString(R.string.notifcation_title_notconnect)); - - nbuilder.setContentText(msg); - nbuilder.setOnlyAlertOnce(true); - nbuilder.setOngoing(true); - nbuilder.setContentIntent(getLogPendingIntent()); - nbuilder.setSmallIcon(icon); - - - if (when != 0) - nbuilder.setWhen(when); - - - // Try to set the priority available since API 16 (Jellybean) - if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN) - jbNotificationExtras(lowpriority, nbuilder); - - if (tickerText != null && !tickerText.equals("")) - nbuilder.setTicker(tickerText); - - @SuppressWarnings("deprecation") - Notification notification = nbuilder.getNotification(); - - - mNotificationManager.notify(OPENVPN_STATUS, notification); - startForeground(OPENVPN_STATUS, notification); - } - private int getIconByConnectionStatus(ConnectionStatus level) { switch (level) { case LEVEL_CONNECTED: @@ -314,11 +277,6 @@ public class OpenVpnService extends VpnService implements StateListener, Callbac mProfile = ProfileManager.get(this, profileUUID); - String startTitle = getString(R.string.start_vpn_title, mProfile.mName); - String startTicker = getString(R.string.start_vpn_ticker, mProfile.mName); - showNotification(startTitle, startTicker, - false, 0, LEVEL_CONNECTING_NO_SERVER_REPLY_YET); - // Set a flag that we are starting a new VPN mStarting = true; // Stop the previous session by interrupting the thread. @@ -330,13 +288,14 @@ public class OpenVpnService extends VpnService implements StateListener, Callbac //ignore } - - if (mProcessThread != null) { - mProcessThread.interrupt(); - try { - Thread.sleep(1000); - } catch (InterruptedException e) { - //ignore + synchronized (mProcessLock) { + if (mProcessThread != null) { + mProcessThread.interrupt(); + try { + Thread.sleep(1000); + } catch (InterruptedException e) { + //ignore + } } } // An old running VPN should now be exited @@ -380,9 +339,10 @@ public class OpenVpnService extends VpnService implements StateListener, Callbac processThread = new OpenVPNThread(this, argv, env, nativelibdir); } - mProcessThread = new Thread(processThread, "OpenVPNProcessThread"); - mProcessThread.start(); - + synchronized (mProcessLock) { + mProcessThread = new Thread(processThread, "OpenVPNProcessThread"); + mProcessThread.start(); + } if (mDeviceStateReceiver != null) unregisterDeviceStateReceiver(); @@ -416,11 +376,12 @@ public class OpenVpnService extends VpnService implements StateListener, Callbac @Override public void onDestroy() { - if (mProcessThread != null) { - mManagement.stopVPN(); - - mProcessThread.interrupt(); + synchronized (mProcessLock) { + if (mProcessThread != null) { + mManagement.stopVPN(); + } } + if (mDeviceStateReceiver != null) { this.unregisterReceiver(mDeviceStateReceiver); } @@ -639,10 +600,10 @@ public class OpenVpnService extends VpnService implements StateListener, Callbac mMtu = mtu; mRemoteGW=null; + long netMaskAsInt = CIDRIP.getInt(netmask); if (mLocalIP.len == 32 && !netmask.equals("255.255.255.255")) { // get the netmask as IP - long netMaskAsInt = CIDRIP.getInt(netmask); int masklen; if ("net30".equals(mode)) @@ -655,11 +616,18 @@ public class OpenVpnService extends VpnService implements StateListener, Callbac if ((netMaskAsInt & mask) == (mLocalIP.getInt() & mask )) { mLocalIP.len = masklen; } else { + mLocalIP.len = 32; if (!"p2p".equals(mode)) VpnStatus.logWarning(R.string.ip_not_cidr, local, netmask, mode); - mRemoteGW=netmask; } } + if (("p2p".equals(mode)) && mLocalIP.len < 32 || "net30".equals("net30") && mLocalIP.len < 30) { + VpnStatus.logWarning(R.string.ip_looks_like_subnet, local, netmask, mode); + } + + + // Configurations are sometimes really broken... + mRemoteGW=netmask; } public void setLocalIPv6(String ipv6addr) { @@ -690,14 +658,6 @@ public class OpenVpnService extends VpnService implements StateListener, Callbac mDisplayBytecount = false; } - // Other notifications are shown, - // This also mean we are no longer connected, ignore bytecount messages until next - // CONNECTED - // Does not work :( - String msg = getString(resid); - String ticker = msg; - showNotification(msg + " " + logmessage, ticker, lowpriority , 0, level); - } } @@ -717,9 +677,6 @@ public class OpenVpnService extends VpnService implements StateListener, Callbac humanReadableByteCount(diffIn / OpenVPNManagement.mBytecountInterval, true), humanReadableByteCount(out, false), humanReadableByteCount(diffOut / OpenVPNManagement.mBytecountInterval, true)); - - boolean lowpriority = !mNotificationAlwaysVisible; - showNotification(netstat, null, lowpriority, mConnecttime, LEVEL_CONNECTED); } } @@ -746,7 +703,7 @@ public class OpenVpnService extends VpnService implements StateListener, Callbac } else { String release = Build.VERSION.RELEASE; if (Build.VERSION.SDK_INT == Build.VERSION_CODES.KITKAT && !release.startsWith("4.4.3") - && !release.startsWith("4.4.4") && !release.startsWith("4.4.5")) + && !release.startsWith("4.4.4") && !release.startsWith("4.4.5") && !release.startsWith("4.4.6")) // There will be probably no 4.4.4 or 4.4.5 version, so don't waste effort to do parsing here return "OPEN_AFTER_CLOSE"; else |