From 5afdb3d3ed61efd547b3756e5c1c4f119e126500 Mon Sep 17 00:00:00 2001 From: cyBerta Date: Mon, 27 Jun 2022 23:06:09 +0200 Subject: allow to pin a custom obfs4 bridge during compile time --- app/build.gradle | 2 ++ .../openvpn/core/connection/Obfs4Connection.java | 5 +++-- .../leap/bitmaskclient/eip/VpnConfigGenerator.java | 21 +++++++++++++++++---- .../pluggableTransports/Obfs4Options.java | 1 + 4 files changed, 23 insertions(+), 6 deletions(-) diff --git a/app/build.gradle b/app/build.gradle index 73dfcc0c..3e4f4ee2 100644 --- a/app/build.gradle +++ b/app/build.gradle @@ -50,6 +50,7 @@ android { buildConfigField "String", "obfsvpn_port", '""' buildConfigField "String", "obfsvpn_ip", '""' buildConfigField "String", "obfsvpn_cert", '""' + buildConfigField 'boolean', 'obfsvpn_use_kcp', 'false' // static update url pointing to the latest stable release apk buildConfigField "String", "update_apk_url", '"https://dl.bitmask.net/client/android/Bitmask-Android-latest.apk"' @@ -147,6 +148,7 @@ android { buildConfigField "String", "obfsvpn_port", '""' buildConfigField "String", "obfsvpn_ip", '""' buildConfigField "String", "obfsvpn_cert", '""' + buildConfigField 'boolean', 'obfsvpn_use_kcp', 'false' //Build Config Fields for automatic apk update checks diff --git a/app/src/main/java/de/blinkt/openvpn/core/connection/Obfs4Connection.java b/app/src/main/java/de/blinkt/openvpn/core/connection/Obfs4Connection.java index 393afd94..7cfe4988 100644 --- a/app/src/main/java/de/blinkt/openvpn/core/connection/Obfs4Connection.java +++ b/app/src/main/java/de/blinkt/openvpn/core/connection/Obfs4Connection.java @@ -19,20 +19,21 @@ public class Obfs4Connection extends Connection { public Obfs4Connection(Obfs4Options options) { if (BuildConfig.use_obfsvpn) { - setUseUdp(options.udp); setServerName(options.remoteIP); setServerPort(options.remotePort); setProxyName(ObfsVpnClient.SOCKS_IP); setProxyPort(ObfsVpnClient.SOCKS_PORT); setProxyType(ProxyType.SOCKS5); } else { - setUseUdp(false); setServerName(DISPATCHER_IP); setServerPort(DISPATCHER_PORT); setProxyName(""); setProxyPort(""); setProxyType(ProxyType.NONE); } + // while udp/kcp might be used on the wire, + // we don't use udp for openvpn in case of a obfs4 connection + setUseUdp(false); setProxyAuthUser(null); setProxyAuthPassword(null); setUseProxyAuth(false); diff --git a/app/src/main/java/se/leap/bitmaskclient/eip/VpnConfigGenerator.java b/app/src/main/java/se/leap/bitmaskclient/eip/VpnConfigGenerator.java index 061c1aa3..695e3b50 100644 --- a/app/src/main/java/se/leap/bitmaskclient/eip/VpnConfigGenerator.java +++ b/app/src/main/java/se/leap/bitmaskclient/eip/VpnConfigGenerator.java @@ -56,6 +56,8 @@ import static se.leap.bitmaskclient.pluggableTransports.ObfsVpnClient.SOCKS_PORT import static se.leap.bitmaskclient.pluggableTransports.Shapeshifter.DISPATCHER_IP; import static se.leap.bitmaskclient.pluggableTransports.Shapeshifter.DISPATCHER_PORT; +import android.os.Build; + public class VpnConfigGenerator { private JSONObject generalConfiguration; private JSONObject gateway; @@ -144,7 +146,15 @@ public class VpnConfigGenerator { String cert = transportOptions.getString("cert"); String port = obfs4Transport.getJSONArray(PORTS).getString(0); String ip = gateway.getString(IP_ADDRESS); - return new Obfs4Options(ip, port, cert, iatMode, false); + boolean udp = false; + + if (BuildConfig.obfsvpn_pinning) { + cert = BuildConfig.obfsvpn_cert; + port = BuildConfig.obfsvpn_port; + ip = BuildConfig.obfsvpn_port; + udp = BuildConfig.obfsvpn_use_kcp; + } + return new Obfs4Options(ip, port, cert, iatMode, udp); } private String generalConfiguration() { @@ -334,10 +344,13 @@ public class VpnConfigGenerator { String route = "route " + ipAddress + " 255.255.255.255 net_gateway" + newLine; stringBuilder.append(route); if (BuildConfig.use_obfsvpn) { - String proxy = SOCKS_PROXY + " " + SOCKS_IP + " " + SOCKS_PORT + newLine; - stringBuilder.append(proxy); + String remote; + if (BuildConfig.obfsvpn_pinning) { + remote = REMOTE + " " + BuildConfig.obfsvpn_ip + " " + BuildConfig.obfsvpn_port + newLine; + } else { + remote = REMOTE + " " + ipAddress + " " + ports.getString(0) + newLine; + } - String remote = REMOTE + " " + ipAddress + " " + ports.getString(0) + newLine; stringBuilder.append(remote); } else { String remote = REMOTE + " " + DISPATCHER_IP + " " + DISPATCHER_PORT + " tcp" + newLine; diff --git a/app/src/main/java/se/leap/bitmaskclient/pluggableTransports/Obfs4Options.java b/app/src/main/java/se/leap/bitmaskclient/pluggableTransports/Obfs4Options.java index ab6ea445..b96f88ca 100644 --- a/app/src/main/java/se/leap/bitmaskclient/pluggableTransports/Obfs4Options.java +++ b/app/src/main/java/se/leap/bitmaskclient/pluggableTransports/Obfs4Options.java @@ -7,6 +7,7 @@ public class Obfs4Options implements Serializable { public String iatMode; public String remoteIP; public String remotePort; + // openvpn is still using tcp, obfs4 is wrapped in kcp, if udp == true public boolean udp; public Obfs4Options(String remoteIP, String remotePort, String cert, String iatMode, boolean udp) { -- cgit v1.2.3