From 5304543ebd60778ad46123cd63142e27627fa150 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Parm=C3=A9nides=20GV?= Date: Tue, 4 Nov 2014 20:45:42 +0100 Subject: Update ics-openvpn to rev 906. --- app/jni/Application.mk | 2 +- app/misc/build-native.bat | 17 +- app/misc/build-native.sh | 2 +- app/misc/fetchtranslations.sh | 44 ++-- app/misc/genFAQ.py | 2 +- app/openvpn/config-version.h | 2 +- app/openvpn/config.h | 2 + app/openvpn/configure.ac | 27 ++- app/openvpn/contrib/OCSP_check/OCSP_check.sh | 13 +- app/openvpn/distro/systemd/openvpn@.service | 19 ++ app/openvpn/doc/android.txt | 24 +- app/openvpn/src/openvpn/Makefile.am | 1 + app/openvpn/src/openvpn/base64.c | 2 +- app/openvpn/src/openvpn/console.c | 16 +- app/openvpn/src/openvpn/crypto.c | 80 +++---- app/openvpn/src/openvpn/crypto_backend.h | 4 +- app/openvpn/src/openvpn/forward.c | 9 + app/openvpn/src/openvpn/init.c | 12 +- app/openvpn/src/openvpn/misc.c | 21 +- app/openvpn/src/openvpn/mudp.c | 37 ++- app/openvpn/src/openvpn/multi.c | 26 +- app/openvpn/src/openvpn/options.c | 22 +- app/openvpn/src/openvpn/options.h | 4 + app/openvpn/src/openvpn/plugin.c | 2 +- app/openvpn/src/openvpn/push.c | 14 +- app/openvpn/src/openvpn/route.c | 24 +- app/openvpn/src/openvpn/sig.c | 2 +- app/openvpn/src/openvpn/socket.c | 4 +- app/openvpn/src/openvpn/ssl.c | 13 +- app/openvpn/src/openvpn/ssl.h | 2 +- app/openvpn/src/openvpn/ssl_common.h | 4 +- app/openvpn/src/openvpn/ssl_polarssl.c | 32 +-- app/openvpn/src/openvpn/ssl_verify_openssl.c | 6 +- app/openvpn/src/openvpn/tun.h | 19 ++ app/src/main/java/de/blinkt/openvpn/LaunchVPN.java | 39 +-- .../main/java/de/blinkt/openvpn/VpnProfile.java | 62 ++++- .../blinkt/openvpn/activities/DisconnectVPN.java | 5 + .../de/blinkt/openvpn/activities/LogWindow.java | 5 + .../main/java/de/blinkt/openvpn/core/CIDRIP.java | 5 + .../java/de/blinkt/openvpn/core/ConfigParser.java | 12 +- .../blinkt/openvpn/core/DeviceStateReceiver.java | 5 + .../blinkt/openvpn/core/ICSOpenVPNApplication.java | 5 + .../java/de/blinkt/openvpn/core/NativeUtils.java | 5 + .../java/de/blinkt/openvpn/core/NetworkSpace.java | 5 + .../de/blinkt/openvpn/core/OpenVPNManagement.java | 5 + .../de/blinkt/openvpn/core/OpenVPNService.java | 62 +++-- .../java/de/blinkt/openvpn/core/OpenVPNThread.java | 30 ++- .../openvpn/core/OpenVpnManagementThread.java | 5 + .../java/de/blinkt/openvpn/core/PRNGFixes.java | 5 + .../de/blinkt/openvpn/core/ProfileManager.java | 21 +- .../de/blinkt/openvpn/core/ProxyDetection.java | 5 + .../de/blinkt/openvpn/core/VPNLaunchHelper.java | 7 +- .../java/de/blinkt/openvpn/core/VpnStatus.java | 5 + .../java/de/blinkt/openvpn/core/X509Utils.java | 5 + .../de/blinkt/openvpn/fragments/LogFragment.java | 5 + .../java/de/blinkt/openvpn/views/SeekBarTicks.java | 5 + .../main/res/layout-sw600dp-port/log_fragment.xml | 5 + app/src/main/res/layout-sw600dp/log_fragment.xml | 5 + app/src/main/res/layout/log_fragment.xml | 5 + app/src/main/res/layout/log_silders.xml | 5 + app/src/main/res/layout/log_window.xml | 5 + app/src/main/res/layout/vpnstatus.xml | 5 + app/src/main/res/menu/logmenu.xml | 5 + app/src/main/res/values-ca/strings-icsopenvpn.xml | 4 + app/src/main/res/values-cs/strings-icsopenvpn.xml | 11 +- app/src/main/res/values-de/strings-icsopenvpn.xml | 9 + app/src/main/res/values-es/strings-icsopenvpn.xml | 8 + app/src/main/res/values-et/strings-icsopenvpn.xml | 11 +- app/src/main/res/values-fr/strings-icsopenvpn.xml | 5 +- app/src/main/res/values-hu/strings-icsopenvpn.xml | 6 +- app/src/main/res/values-in/strings-icsopenvpn.xml | 7 +- app/src/main/res/values-it/strings-icsopenvpn.xml | 19 +- app/src/main/res/values-ja/strings-icsopenvpn.xml | 27 ++- app/src/main/res/values-ko/strings-icsopenvpn.xml | 6 +- app/src/main/res/values-nl/strings-icsopenvpn.xml | 6 +- app/src/main/res/values-no/strings-icsopenvpn.xml | 29 ++- app/src/main/res/values-pl/strings-icsopenvpn.xml | 6 +- app/src/main/res/values-pt/strings-icsopenvpn.xml | 266 +++++++++++++++------ app/src/main/res/values-ro/strings-icsopenvpn.xml | 6 +- app/src/main/res/values-ru/strings-icsopenvpn.xml | 4 + app/src/main/res/values-sv/strings-icsopenvpn.xml | 6 +- app/src/main/res/values-tr/strings-icsopenvpn.xml | 7 +- app/src/main/res/values-uk/strings-icsopenvpn.xml | 6 +- .../main/res/values-zh-rCN/strings-icsopenvpn.xml | 12 +- .../main/res/values-zh-rTW/strings-icsopenvpn.xml | 57 +++-- app/src/main/res/values/dimens.xml | 5 + app/src/main/res/values/strings-icsopenvpn.xml | 7 +- app/src/main/res/values/styles.xml | 18 +- app/src/main/res/values/untranslatable.xml | 20 ++ 89 files changed, 1007 insertions(+), 414 deletions(-) create mode 100644 app/openvpn/distro/systemd/openvpn@.service (limited to 'app') diff --git a/app/jni/Application.mk b/app/jni/Application.mk index b7af50cd..21718248 100644 --- a/app/jni/Application.mk +++ b/app/jni/Application.mk @@ -8,4 +8,4 @@ APP_STL:=stlport_shared #LOCAL_ARM_MODE := arm -#NDK_TOOLCHAIN_VERSION=clang +#NDK_TOOLCHAIN_VERSION=clang \ No newline at end of file diff --git a/app/misc/build-native.bat b/app/misc/build-native.bat index 73a19a00..9885557a 100644 --- a/app/misc/build-native.bat +++ b/app/misc/build-native.bat @@ -1,22 +1,25 @@ @echo on -echo Currently broken, feel free to fix and send me a patch, see .sh file +echo Currently broken, feel free to fix and send me a patch, see the build-native.sh file how native libraries are build on UNIX exit 1 -call ndk-build APP_API=all -j 8 +call ndk-build APP_ABI=x86_64 -j 8 USE_BREAKPAD=0 cd libs -mkdir ..\assets -mkdir ..\build\ +mkdir ..\ovpnlibs +mkdir ..\ovpnlibs\assets for /D %%f in (*) do ( - copy %%f\minivpn ..\assets\minivpn.%%f + copy %%f\nopievpn ..\ovpnlibs\assets\nopievpn.%%f + copy %%f\pievpn ..\ovpnlibs\assets\pievpn.%%f + del %%f\libcrypto.so del %%f\libssl.so - mkdir ..\build\native-libs\%%f\ - copy %%f\*.so ..\build\native-libs\%%f\ + mkdir ..\ovpnlibs\jniLibs + mkdir ..\ovpnlibs\jniLibs\%%f\ + copy %%f\*.so ..\ovpnlibs\jniLibs\%%f\ ) cd .. diff --git a/app/misc/build-native.sh b/app/misc/build-native.sh index f27384cd..7382efc9 100755 --- a/app/misc/build-native.sh +++ b/app/misc/build-native.sh @@ -23,7 +23,7 @@ if [ -d openvpn/.git ]; then fi if [ "x$1" = "x" ]; then - ndk-build APP_API=all -j 8 + ndk-build -j 8 USE_BREAKPAD=0 else ndk-build $@ fi diff --git a/app/misc/fetchtranslations.sh b/app/misc/fetchtranslations.sh index 3529a646..356748d6 100755 --- a/app/misc/fetchtranslations.sh +++ b/app/misc/fetchtranslations.sh @@ -1,38 +1,36 @@ -#! /bin/sh - +#! /bin/zsh +set -o shwordsplit if [ "$ICSCROWDAPIKEY" != "" ] then echo "Generating new translation archives" - fetch -q -1 -o - http://api.crowdin.net/api/project/ics-openvpn/export?key=$ICSCROWDAPIKEY + fetch -q -1 -o - "http://api.crowdin.net/api/project/ics-openvpn/export?key=$ICSCROWDAPIKEY" fi echo "Fetch translation archive" fetch -q http://crowdin.net/download/project/ics-openvpn.zip -langtoinclude="ca cs de es et fr hu it ja ko no nl pl ro ru sv tr uk" - -for lang in $langtoinclude -do - tar -xvf ics-openvpn.zip -C src/main res/values-$lang/ -done # Chinese language require zh-CN and zh-TW -for lang in zh-CN zh-TW id +typeset -A langhash +langhash=(zh-CN zh-rCN zh-TW zh-rTW id-ID in ca-ES ca cs-CZ cs et-EE et ja-JP ja ko-KR ko sv-SE sv uk-UA uk) + +langtoinclude="de es fr hu it no nl pl pt ro ru tr" + +for lang in $langtoinclude ${(k)langhash} do - if [ $lang = "zh-CN" ] ; then - rlang="zh-rCN" - elif [ $lang = "zh-TW" ] ; then - rlang="zh-rTW" - elif [ $lang = "id" ] ; then - rlang="in" - fi - - echo "Fetch archive for $lang" - fetch http://crowdin.net/download/project/ics-openvpn/$lang.zip - tar -xv -C src/main/res/values-$rlang/ --strip-components 3 -f $lang.zip - rm $lang.zip + if (( ${+langhash[$lang]} )); then + alang=$lang + rlang=${langhash[$lang]} + else + alang=$lang-${lang:u} + rlang=$lang + fi + + mkdir -p src/main/res/values-$rlang/ + echo "$alang -> $rlang" + tar -xv -C src/main/res/values-$rlang/ --strip-components 2 -f ics-openvpn.zip res/values-$alang/ done -rm -v ics-openvpn.zip +rm ics-openvpn.zip diff --git a/app/misc/genFAQ.py b/app/misc/genFAQ.py index b1506420..09381caa 100755 --- a/app/misc/genFAQ.py +++ b/app/misc/genFAQ.py @@ -112,7 +112,7 @@ def checkFormatString(lang): int = tstr.find(f)==-1 if ino != int: - print "Mismatch",strid,f,ostr,tstr + print "Mismatch StringID(%s): " % lang,strid,"Original String:",ostr,"Translated String:",tstr if __name__=="__main__": main() diff --git a/app/openvpn/config-version.h b/app/openvpn/config-version.h index 762b9dc6..6e78aeaf 100644 --- a/app/openvpn/config-version.h +++ b/app/openvpn/config-version.h @@ -1,2 +1,2 @@ -#define CONFIGURE_GIT_REVISION "icsopenvpn_618-e63b88d330782d14" +#define CONFIGURE_GIT_REVISION "icsopenvpn_620-df00abd6979b7376" #define CONFIGURE_GIT_FLAGS "" diff --git a/app/openvpn/config.h b/app/openvpn/config.h index b825e2bd..6b699028 100644 --- a/app/openvpn/config.h +++ b/app/openvpn/config.h @@ -631,3 +631,5 @@ #define IPPROTO_IP IPPROTO_IP #define IPPROTO_TCP IPPROTO_TCP + +#define HAVE_AEAD_CIPHER_MODES 1 diff --git a/app/openvpn/configure.ac b/app/openvpn/configure.ac index ffba3749..608ab6d1 100644 --- a/app/openvpn/configure.ac +++ b/app/openvpn/configure.ac @@ -368,15 +368,18 @@ AC_ARG_VAR([IPROUTE], [full path to ip utility]) AC_ARG_VAR([NETSTAT], [path to netstat utility]) # tests AC_ARG_VAR([MAN2HTML], [path to man2html utility]) AC_ARG_VAR([GIT], [path to git utility]) +AC_ARG_VAR([SYSTEMD_ASK_PASSWORD], [path to systemd-ask-password utility]) AC_PATH_PROGS([IFCONFIG], [ifconfig],, [$PATH:/usr/local/sbin:/usr/sbin:/sbin]) AC_PATH_PROGS([ROUTE], [route],, [$PATH:/usr/local/sbin:/usr/sbin:/sbin]) AC_PATH_PROGS([IPROUTE], [ip],, [$PATH:/usr/local/sbin:/usr/sbin:/sbin]) +AC_PATH_PROGS([SYSTEMD_ASK_PASSWORD], [systemd-ask-password],, [$PATH:/usr/local/bin:/usr/bin:/bin]) AC_CHECK_PROGS([NETSTAT], [netstat], [netstat], [$PATH:/usr/local/sbin:/usr/sbin:/sbin:/etc]) # tests AC_CHECK_PROGS([MAN2HTML], [man2html]) AC_CHECK_PROGS([GIT], [git]) # optional AC_DEFINE_UNQUOTED([IFCONFIG_PATH], ["$IFCONFIG"], [Path to ifconfig tool]) AC_DEFINE_UNQUOTED([IPROUTE_PATH], ["$IPROUTE"], [Path to iproute tool]) AC_DEFINE_UNQUOTED([ROUTE_PATH], ["$ROUTE"], [Path to route tool]) +AC_DEFINE_UNQUOTED([SYSTEMD_ASK_PASSWORD_PATH], ["$SYSTEMD_ASK_PASSWORD"], [Path to systemd-ask-password tool]) # # Libtool @@ -994,6 +997,28 @@ if test "$enable_lz4" = "yes" && test "$enable_comp_stub" = "no"; then fi +dnl +dnl Check for systemd +dnl + +if test "$enable_systemd" = "yes" ; then + PKG_CHECK_MODULES([libsystemd], [systemd libsystemd], + [], + [PKG_CHECK_MODULES([libsystemd], [libsystemd-daemon])] + ) + AC_CHECK_HEADERS(systemd/sd-daemon.h, + , + [ + AC_MSG_ERROR([systemd development headers not found.]) + ]) + + saved_LIBS="${LIBS}" + LIBS="${LIBS} ${libsystemd_LIBS}" + AC_CHECK_FUNCS([sd_booted], [], [AC_MSG_ERROR([systemd library is missing sd_booted()])]) + OPTIONAL_SYSTEMD_LIBS="${libsystemd_LIBS}" + AC_DEFINE(ENABLE_SYSTEMD, 1, [Enable systemd integration]) + LIBS="${saved_LIBS}" +fi AC_MSG_CHECKING([git checkout]) @@ -1034,7 +1059,6 @@ test "${enable_def_auth}" = "yes" && AC_DEFINE([ENABLE_DEF_AUTH], [1], [Enable d test "${enable_pf}" = "yes" && AC_DEFINE([ENABLE_PF], [1], [Enable internal packet filter]) test "${enable_strict_options}" = "yes" && AC_DEFINE([ENABLE_STRICT_OPTIONS_CHECK], [1], [Enable strict options check between peers]) test "${enable_password_save}" = "yes" && AC_DEFINE([ENABLE_PASSWORD_SAVE], [1], [Allow --askpass and --auth-user-pass passwords to be read from a file]) -test "${enable_systemd}" = "yes" && AC_DEFINE([ENABLE_SYSTEMD], [1], [Enable systemd support]) case "${with_crypto_library}" in openssl) @@ -1167,6 +1191,7 @@ AC_SUBST([OPTIONAL_SNAPPY_CFLAGS]) AC_SUBST([OPTIONAL_SNAPPY_LIBS]) AC_SUBST([OPTIONAL_LZ4_CFLAGS]) AC_SUBST([OPTIONAL_LZ4_LIBS]) +AC_SUBST([OPTIONAL_SYSTEMD_LIBS]) AC_SUBST([OPTIONAL_PKCS11_HELPER_CFLAGS]) AC_SUBST([OPTIONAL_PKCS11_HELPER_LIBS]) diff --git a/app/openvpn/contrib/OCSP_check/OCSP_check.sh b/app/openvpn/contrib/OCSP_check/OCSP_check.sh index 553c3dce..6876c6d8 100644 --- a/app/openvpn/contrib/OCSP_check/OCSP_check.sh +++ b/app/openvpn/contrib/OCSP_check/OCSP_check.sh @@ -97,12 +97,19 @@ if [ $check_depth -eq -1 ] || [ $cur_depth -eq $check_depth ]; then "$nonce" \ -CAfile "$verify" \ -url "$ocsp_url" \ - -serial "${serial}" 2>/dev/null) + -serial "${serial}" 2>&1) if [ $? -eq 0 ]; then - # check that it's good + # check if ocsp didn't report any errors + if echo "$status" | grep -Eq "(error|fail)"; then + exit 1 + fi + # check that the reported status of certificate is ok if echo "$status" | grep -Fq "^${serial}: good"; then - exit 0 + # check if signature on the OCSP response verified correctly + if echo "$status" | grep -Fq "^Response verify OK"; then + exit 0 + fi fi fi fi diff --git a/app/openvpn/distro/systemd/openvpn@.service b/app/openvpn/distro/systemd/openvpn@.service new file mode 100644 index 00000000..7cd36c36 --- /dev/null +++ b/app/openvpn/distro/systemd/openvpn@.service @@ -0,0 +1,19 @@ +[Unit] +Description=OpenVPN tunnel for %I +After=syslog.target network.target +Documentation=man:openvpn(8) +Documentation=https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage +Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO + +[Service] +PrivateTmp=true +Type=forking +PIDFile=/var/run/openvpn/%i.pid +ExecStart=/usr/sbin/openvpn --daemon --writepid /var/run/openvpn/%i.pid --cd /etc/openvpn/ --config %i.conf +CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_READ_SEARCH +LimitNPROC=10 +DeviceAllow=/dev/null rw +DeviceAllow=/dev/net/tun rw + +[Install] +WantedBy=multi-user.target diff --git a/app/openvpn/doc/android.txt b/app/openvpn/doc/android.txt index cf8b3c79..137edfc5 100644 --- a/app/openvpn/doc/android.txt +++ b/app/openvpn/doc/android.txt @@ -55,6 +55,21 @@ To set the DNS server and search domain. The GUI will then respond with a "needok 'command' ok' or "needok 'command' cancel', e.g. "needok 'IFCONFIG' ok". +PERSIST_TUN_ACTION + +In Android 4.4-4.4.2 a bug exists that does not allow to open a new tun fd +while a tun fd is still open. When OpenVPN wants to open an fd it will do +this query. The UI should compare the last configuration of +the tun device with the current tun configuration and reply with either (or +always respond with OPEN_AFTER_BEFORE/OPEN_BEFORE_CLOSE) + +- NOACTION: Keep using the old fd +- OPEN_AFTER_CLOSE: First close the old fd and then open a new to workaround the bug +- OPEN_BEFORE_CLOSE: the normal behaviour when the VPN configuration changed + +For example the UI could respond with +needok 'PERSIST_TUN_ACTION' OPEN_AFTER_CLOSE + To protect a socket the OpenVPN will send a PROTECTFD to the UI. When sending the PROTECTFD command command to the UI it will send the fd of the socket as ancillary message over the UNIX socket. @@ -74,12 +89,3 @@ are not specific to Android but are rarely used on other platform. For example using SIGUSR1 and management-hold to restart, pause, continue the VPN on network changes or the external key management --management-external-key option and inline files. - -Due to a bug in Android 4.4-4.4.2 there the Android Control will also -query what action the daemon should take when opening the fd. The GUI -should compare the last configuration of the tun device with the current -tun configuration and reply with either - -- NOACTION: Keep using the old fd -- OPEN_AFTER_CLOSE: First close the old fd and then open a new to workaround the bug -- OPEN_BEFORE_CLOSE: the normal behaviour when the VPN configuration changed diff --git a/app/openvpn/src/openvpn/Makefile.am b/app/openvpn/src/openvpn/Makefile.am index fd593c57..d089f50f 100644 --- a/app/openvpn/src/openvpn/Makefile.am +++ b/app/openvpn/src/openvpn/Makefile.am @@ -126,6 +126,7 @@ openvpn_LDADD = \ $(OPTIONAL_PKCS11_HELPER_LIBS) \ $(OPTIONAL_CRYPTO_LIBS) \ $(OPTIONAL_SELINUX_LIBS) \ + $(OPTIONAL_SYSTEMD_LIBS) \ $(OPTIONAL_DL_LIBS) if WIN32 openvpn_SOURCES += openvpn_win32_resources.rc diff --git a/app/openvpn/src/openvpn/base64.c b/app/openvpn/src/openvpn/base64.c index 6dc8479f..258b258e 100644 --- a/app/openvpn/src/openvpn/base64.c +++ b/app/openvpn/src/openvpn/base64.c @@ -108,7 +108,7 @@ token_decode(const char *token) int i; unsigned int val = 0; int marker = 0; - if (strlen(token) < 4) + if (!token[0] || !token[1] || !token[2] || !token[3]) return DECODE_ERROR; for (i = 0; i < 4; i++) { val *= 64; diff --git a/app/openvpn/src/openvpn/console.c b/app/openvpn/src/openvpn/console.c index afda8ca3..d66d4087 100644 --- a/app/openvpn/src/openvpn/console.c +++ b/app/openvpn/src/openvpn/console.c @@ -34,6 +34,10 @@ #include "buffer.h" #include "misc.h" +#ifdef ENABLE_SYSTEMD +#include +#endif + #ifdef WIN32 #include "win32.h" @@ -143,14 +147,14 @@ close_tty (FILE *fp) static bool check_systemd_running () { - struct stat a, b; + struct stat c; /* We simply test whether the systemd cgroup hierarchy is - * mounted */ + * mounted, as well as the systemd-ask-password executable + * being available */ - return (lstat("/sys/fs/cgroup", &a) == 0) - && (lstat("/sys/fs/cgroup/systemd", &b) == 0) - && (a.st_dev != b.st_dev); + return (sd_booted() > 0) + && (stat(SYSTEMD_ASK_PASSWORD_PATH, &c) == 0); } @@ -162,7 +166,7 @@ get_console_input_systemd (const char *prompt, const bool echo, char *input, con struct argv argv; argv_init (&argv); - argv_printf (&argv, "/bin/systemd-ask-password"); + argv_printf (&argv, SYSTEMD_ASK_PASSWORD_PATH); argv_printf_cat (&argv, "%s", prompt); if ((std_out = openvpn_popen (&argv, NULL)) < 0) { diff --git a/app/openvpn/src/openvpn/crypto.c b/app/openvpn/src/openvpn/crypto.c index 62c4ab28..69df29de 100644 --- a/app/openvpn/src/openvpn/crypto.c +++ b/app/openvpn/src/openvpn/crypto.c @@ -223,6 +223,30 @@ err: return; } +int verify_hmac(struct buffer *buf, struct key_ctx *ctx, int offset) +{ + uint8_t local_hmac[MAX_HMAC_KEY_LENGTH]; /* HMAC of ciphertext computed locally */ + int hmac_len = 0; + + hmac_ctx_reset(ctx->hmac); + /* Assume the length of the input HMAC */ + hmac_len = hmac_ctx_size (ctx->hmac); + + /* Authentication fails if insufficient data in packet for HMAC */ + if (buf->len - offset < hmac_len) + return 0; + + hmac_ctx_update (ctx->hmac, BPTR (buf) + hmac_len + offset, + BLEN (buf) - hmac_len - offset); + hmac_ctx_final (ctx->hmac, local_hmac); + + /* Compare locally computed HMAC with packet HMAC */ + if (memcmp_constant_time (local_hmac, BPTR (buf) + offset, hmac_len) == 0) + return hmac_len; + + return 0; +} + /* * If (opt->flags & CO_USE_IV) is not NULL, we will read an IV from the packet. * @@ -249,25 +273,9 @@ openvpn_decrypt (struct buffer *buf, struct buffer work, /* Verify the HMAC */ if (ctx->hmac) { - int hmac_len; - uint8_t local_hmac[MAX_HMAC_KEY_LENGTH]; /* HMAC of ciphertext computed locally */ - - hmac_ctx_reset(ctx->hmac); - - /* Assume the length of the input HMAC */ - hmac_len = hmac_ctx_size (ctx->hmac); - - /* Authentication fails if insufficient data in packet for HMAC */ - if (buf->len < hmac_len) - CRYPT_ERROR ("missing authentication info"); - - hmac_ctx_update (ctx->hmac, BPTR (buf) + hmac_len, BLEN (buf) - hmac_len); - hmac_ctx_final (ctx->hmac, local_hmac); - - /* Compare locally computed HMAC with packet HMAC */ - if (memcmp_constant_time (local_hmac, BPTR (buf), hmac_len)) + int hmac_len = verify_hmac(buf, ctx, 0); + if (hmac_len == 0) CRYPT_ERROR ("packet HMAC authentication failed"); - ASSERT (buf_advance (buf, hmac_len)); } @@ -399,10 +407,6 @@ openvpn_decrypt (struct buffer *buf, struct buffer work, bool crypto_test_hmac (struct buffer *buf, const struct crypto_options *opt) { - struct gc_arena gc; - gc_init (&gc); - int offset = 4; /* 1 byte opcode + 3 bytes session-id */ - if (buf->len > 0 && opt->key_ctx_bi) { struct key_ctx *ctx = &opt->key_ctx_bi->decrypt; @@ -410,38 +414,10 @@ crypto_test_hmac (struct buffer *buf, const struct crypto_options *opt) /* Verify the HMAC */ if (ctx->hmac) { - int hmac_len; - uint8_t local_hmac[MAX_HMAC_KEY_LENGTH]; /* HMAC of ciphertext computed locally */ - - hmac_ctx_reset(ctx->hmac); - - /* Assume the length of the input HMAC */ - hmac_len = hmac_ctx_size (ctx->hmac); - - /* Authentication fails if insufficient data in packet for HMAC */ - if ((buf->len - offset) < hmac_len) - { - gc_free (&gc); - return false; - } - - hmac_ctx_update (ctx->hmac, BPTR (buf) + offset + hmac_len, - BLEN (buf) - offset - hmac_len); - hmac_ctx_final (ctx->hmac, local_hmac); - - /* Compare locally computed HMAC with packet HMAC */ - if (memcmp (local_hmac, BPTR (buf) + offset, hmac_len)) - { - gc_free (&gc); - return false; - } - - gc_free (&gc); - return true; + /* sizeof(uint32_t) comes from peer_id (3 bytes) and opcode (1 byte) */ + return verify_hmac(buf, ctx, sizeof(uint32_t)) != 0; } } - - gc_free (&gc); return false; } diff --git a/app/openvpn/src/openvpn/crypto_backend.h b/app/openvpn/src/openvpn/crypto_backend.h index a48ad6c5..bc067a7d 100644 --- a/app/openvpn/src/openvpn/crypto_backend.h +++ b/app/openvpn/src/openvpn/crypto_backend.h @@ -231,7 +231,7 @@ int cipher_kt_block_size (const cipher_kt_t *cipher_kt); int cipher_kt_mode (const cipher_kt_t *cipher_kt); /** - * Check of the supplied cipher is a supported CBC mode cipher. + * Check if the supplied cipher is a supported CBC mode cipher. * * @param cipher Static cipher parameters. May not be NULL. * @@ -241,7 +241,7 @@ bool cipher_kt_mode_cbc(const cipher_kt_t *cipher) __attribute__((nonnull)); /** - * Check of the supplied cipher is a supported OFB or CFB mode cipher. + * Check if the supplied cipher is a supported OFB or CFB mode cipher. * * @param cipher Static cipher parameters. May not be NULL. * diff --git a/app/openvpn/src/openvpn/forward.c b/app/openvpn/src/openvpn/forward.c index a43361b4..0bbdedb0 100644 --- a/app/openvpn/src/openvpn/forward.c +++ b/app/openvpn/src/openvpn/forward.c @@ -948,6 +948,15 @@ read_incoming_tun (struct context *c) return; } + /* Was TUN/TAP I/O operation aborted? */ + if (tuntap_abort(c->c2.buf.len)) + { + register_signal(c, SIGTERM, "tun-abort"); + msg(M_FATAL, "TUN/TAP I/O operation aborted, exiting"); + perf_pop(); + return; + } + /* Check the status return from read() */ check_status (c->c2.buf.len, "read from TUN/TAP", NULL, c->c1.tuntap); diff --git a/app/openvpn/src/openvpn/init.c b/app/openvpn/src/openvpn/init.c index 6137588d..7cec8d9b 100644 --- a/app/openvpn/src/openvpn/init.c +++ b/app/openvpn/src/openvpn/init.c @@ -1718,7 +1718,8 @@ pull_permission_mask (const struct context *c) | OPT_P_MESSAGES | OPT_P_EXPLICIT_NOTIFY | OPT_P_ECHO - | OPT_P_PULL_MODE; + | OPT_P_PULL_MODE + | OPT_P_PEER_ID; if (!c->options.route_nopull) flags |= (OPT_P_ROUTE | OPT_P_IPWIN32); @@ -1795,6 +1796,13 @@ do_deferred_options (struct context *c, const unsigned int found) msg (D_PUSH, "OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified"); if (found & OPT_P_SETENV) msg (D_PUSH, "OPTIONS IMPORT: environment modified"); + + if (found & OPT_P_PEER_ID) + { + msg (D_PUSH, "OPTIONS IMPORT: peer-id set"); + c->c2.tls_multi->use_peer_id = true; + c->c2.tls_multi->peer_id = c->options.peer_id; + } } /* @@ -3179,7 +3187,7 @@ managmenet_callback_network_change (void *arg) reestablishing the connection is required */ socketfd = c->c2.link_socket->sd; - if (!c->options.pull || c->c2.tls_multi->use_session_id) + if (!c->options.pull || c->c2.tls_multi->use_peer_id) return socketfd; else return -2; diff --git a/app/openvpn/src/openvpn/misc.c b/app/openvpn/src/openvpn/misc.c index 63b4c1cf..61bc523d 100644 --- a/app/openvpn/src/openvpn/misc.c +++ b/app/openvpn/src/openvpn/misc.c @@ -365,24 +365,29 @@ openvpn_popen (const struct argv *a, const struct env_set *es) pid = fork (); if (pid == (pid_t)0) /* child side */ { - close (pipe_stdout[0]); + close (pipe_stdout[0]); /* Close read end */ dup2 (pipe_stdout[1],1); execve (cmd, argv, envp); exit (127); } - else if (pid < (pid_t)0) /* fork failed */ + else if (pid > (pid_t)0) /* parent side */ { - msg (M_ERR, "openvpn_popen: unable to fork"); + int status = 0; + + close (pipe_stdout[1]); /* Close write end */ + waitpid(pid, &status, 0); + ret = pipe_stdout[0]; } - else /* parent side */ + else /* fork failed */ { - ret=pipe_stdout[0]; - close (pipe_stdout[1]); + close (pipe_stdout[0]); + close (pipe_stdout[1]); + msg (M_ERR, "openvpn_popen: unable to fork %s", cmd); } } else { - msg (M_WARN, "openvpn_popen: unable to create stdout pipe"); - ret = -1; + msg (M_WARN, "openvpn_popen: unable to create stdout pipe for %s", cmd); + ret = -1; } } else if (!warn_shown && (script_security < SSEC_SCRIPTS)) diff --git a/app/openvpn/src/openvpn/mudp.c b/app/openvpn/src/openvpn/mudp.c index f7ab6253..51227a90 100644 --- a/app/openvpn/src/openvpn/mudp.c +++ b/app/openvpn/src/openvpn/mudp.c @@ -105,29 +105,29 @@ multi_get_create_instance_udp (struct multi_context *m) struct hash_element *he; const uint32_t hv = hash_value (hash, &real); struct hash_bucket *bucket = hash_bucket (hash, hv); - uint8_t* ptr = BPTR(&m->top.c2.buf); + uint8_t* ptr = BPTR(&m->top.c2.buf); uint8_t op = ptr[0] >> P_OPCODE_SHIFT; - uint32_t sess_id; - bool session_forged = false; + uint32_t peer_id; + bool hmac_mismatch = false; if (op == P_DATA_V2) { - sess_id = (*(uint32_t*)ptr) >> 8; - if ((sess_id < m->max_clients) && (m->instances[sess_id])) + peer_id = ntohl((*(uint32_t*)ptr)) & 0xFFFFFF; + if ((peer_id < m->max_clients) && (m->instances[peer_id])) { - mi = m->instances[sess_id]; + mi = m->instances[peer_id]; if (!link_socket_actual_match(&mi->context.c2.from, &m->top.c2.from)) { - msg(D_MULTI_MEDIUM, "floating detected from %s to %s", - print_link_socket_actual (&mi->context.c2.from, &gc), print_link_socket_actual (&m->top.c2.from, &gc)); + msg(D_MULTI_MEDIUM, "float from %s to %s", + print_link_socket_actual (&mi->context.c2.from, &gc), print_link_socket_actual (&m->top.c2.from, &gc)); - /* session-id is not trusted, so check hmac */ - session_forged = !(crypto_test_hmac(&m->top.c2.buf, &mi->context.c2.crypto_options)); - if (session_forged) + /* peer-id is not trusted, so check hmac */ + hmac_mismatch = !(crypto_test_hmac(&m->top.c2.buf, &mi->context.c2.crypto_options)); + if (hmac_mismatch) { mi = NULL; - msg (D_MULTI_MEDIUM, "hmac verification failed, session forge detected!"); + msg (D_MULTI_MEDIUM, "HMAC mismatch for peer-id %d", peer_id); } else { @@ -144,7 +144,7 @@ multi_get_create_instance_udp (struct multi_context *m) mi = (struct multi_instance *) he->value; } } - if (!mi && !session_forged) + if (!mi && !hmac_mismatch) { if (!m->top.c2.tls_auth_standalone || tls_pre_decrypt_lite (m->top.c2.tls_auth_standalone, &m->top.c2.from, &m->top.c2.buf)) @@ -162,7 +162,7 @@ multi_get_create_instance_udp (struct multi_context *m) { if (!m->instances[i]) { - mi->context.c2.tls_multi->vpn_session_id = i; + mi->context.c2.tls_multi->peer_id = i; m->instances[i] = mi; break; } @@ -183,15 +183,6 @@ multi_get_create_instance_udp (struct multi_context *m) { const char *status = mi ? "[ok]" : "[failed]"; - /* - if (he && mi) - status = "[succeeded]"; - else if (!he && mi) - status = "[created]"; - else - status = "[failed]"; - */ - dmsg (D_MULTI_DEBUG, "GET INST BY REAL: %s %s", mroute_addr_print (&real, &gc), status); diff --git a/app/openvpn/src/openvpn/multi.c b/app/openvpn/src/openvpn/multi.c index a4289ac7..bd5948c8 100644 --- a/app/openvpn/src/openvpn/multi.c +++ b/app/openvpn/src/openvpn/multi.c @@ -303,7 +303,6 @@ multi_init (struct multi_context *m, struct context *t, bool tcp_mode, int threa cid_compare_function); #endif - /* * This is our scheduler, for time-based wakeup * events. @@ -374,12 +373,7 @@ multi_init (struct multi_context *m, struct context *t, bool tcp_mode, int threa */ m->max_clients = t->options.max_clients; - int i; - m->instances = malloc(sizeof(struct multi_instance*) * m->max_clients); - for (i = 0; i < m->max_clients; ++ i) - { - m->instances[i] = NULL; - } + m->instances = calloc(m->max_clients, sizeof(struct multi_instance*)); /* * Initialize multi-socket TCP I/O wait object @@ -561,7 +555,7 @@ multi_close_instance (struct multi_context *m, } #endif - m->instances[mi->context.c2.tls_multi->vpn_session_id] = NULL; + m->instances[mi->context.c2.tls_multi->peer_id] = NULL; schedule_remove_entry (m->schedule, (struct schedule_entry *) mi); @@ -664,6 +658,8 @@ multi_create_instance (struct multi_context *m, const struct mroute_addr *real) perf_push (PERF_MULTI_CREATE_INSTANCE); + msg (D_MULTI_MEDIUM, "MULTI: multi_create_instance called"); + ALLOC_OBJ_CLEAR (mi, struct multi_instance); mi->gc = gc_new (); @@ -1467,10 +1463,6 @@ multi_client_connect_post (struct multi_context *m, option_types_found, mi->context.c2.es); - if (!platform_unlink (dc_file)) - msg (D_MULTI_ERRORS, "MULTI: problem deleting temporary file: %s", - dc_file); - /* * If the --client-connect script generates a config file * with an --ifconfig-push directive, it will override any @@ -1713,6 +1705,11 @@ multi_connection_established (struct multi_context *m, struct multi_instance *mi multi_client_connect_post (m, mi, dc_file, option_permissions_mask, &option_types_found); ++cc_succeeded_count; } + + if (!platform_unlink (dc_file)) + msg (D_MULTI_ERRORS, "MULTI: problem deleting temporary file: %s", + dc_file); + script_depr_failed: argv_reset (&argv); } @@ -1766,6 +1763,11 @@ multi_connection_established (struct multi_context *m, struct multi_instance *mi } else cc_succeeded = false; + + if (!platform_unlink (dc_file)) + msg (D_MULTI_ERRORS, "MULTI: problem deleting temporary file: %s", + dc_file); + script_failed: argv_reset (&argv); } diff --git a/app/openvpn/src/openvpn/options.c b/app/openvpn/src/openvpn/options.c index 9ff2db5a..1ca4ad57 100644 --- a/app/openvpn/src/openvpn/options.c +++ b/app/openvpn/src/openvpn/options.c @@ -2926,8 +2926,8 @@ options_string (const struct options *o, o->ifconfig_ipv6_local, o->ifconfig_ipv6_netbits, o->ifconfig_ipv6_remote, - (in_addr_t)0, - (in_addr_t)0, + NULL, + NULL, false, NULL); if (tt) @@ -3913,17 +3913,7 @@ apply_push_options (struct options *options, ++line_num; if (parse_line (line, p, SIZE (p), file, line_num, msglevel, &options->gc)) { - if (streq(p[0], "session_id")) - { - /* Server supports P_DATA_V2 */ - tls_multi->vpn_session_id = atoi(p[1]); - tls_multi->use_session_id = true; - msg(D_PUSH, "session id: %d", tls_multi->vpn_session_id); - } - else - { - add_option (options, p, file, line_num, 0, msglevel, permission_mask, option_types_found, es); - } + add_option (options, p, file, line_num, 0, msglevel, permission_mask, option_types_found, es); } } return true; @@ -6986,6 +6976,12 @@ add_option (struct options *options, options->persist_mode = 1; } #endif + else if (streq (p[0], "peer-id")) + { + VERIFY_PERMISSION (OPT_P_PEER_ID); + options->use_peer_id = true; + options->peer_id = atoi(p[1]); + } else { int i; diff --git a/app/openvpn/src/openvpn/options.h b/app/openvpn/src/openvpn/options.h index 77c942ca..d5f7e95d 100644 --- a/app/openvpn/src/openvpn/options.h +++ b/app/openvpn/src/openvpn/options.h @@ -591,6 +591,9 @@ struct options bool show_net_up; int route_method; #endif + + bool use_peer_id; + uint32_t peer_id; }; #define streq(x, y) (!strcmp((x), (y))) @@ -626,6 +629,7 @@ struct options #define OPT_P_SOCKBUF (1<<25) #define OPT_P_SOCKFLAGS (1<<26) #define OPT_P_CONNECTION (1<<27) +#define OPT_P_PEER_ID (1<<28) #define OPT_P_DEFAULT (~(OPT_P_INSTANCE|OPT_P_PULL_MODE)) diff --git a/app/openvpn/src/openvpn/plugin.c b/app/openvpn/src/openvpn/plugin.c index 0948f238..54c5b52d 100644 --- a/app/openvpn/src/openvpn/plugin.c +++ b/app/openvpn/src/openvpn/plugin.c @@ -291,7 +291,7 @@ plugin_init_item (struct plugin *p, const struct plugin_option *o) static void plugin_vlog (openvpn_plugin_log_flags_t flags, const char *name, const char *format, va_list arglist) { - unsigned int msg_flags; + unsigned int msg_flags = 0; if (!format) return; diff --git a/app/openvpn/src/openvpn/push.c b/app/openvpn/src/openvpn/push.c index 028d838e..c7844499 100644 --- a/app/openvpn/src/openvpn/push.c +++ b/app/openvpn/src/openvpn/push.c @@ -303,9 +303,17 @@ send_push_reply (struct context *c) if (multi_push) buf_printf (&buf, ",push-continuation 1"); - /* Send session_id if client supports it */ - if (c->c2.tls_multi->peer_info && strstr(c->c2.tls_multi->peer_info, "IV_PROTO=2")) { - buf_printf(&buf, ",session_id %d", c->c2.tls_multi->vpn_session_id); + /* Send peer-id if client supports it */ + if (c->c2.tls_multi->peer_info) + { + const char* proto_str = strstr(c->c2.tls_multi->peer_info, "IV_PROTO="); + if (proto_str) + { + int proto = 0; + int r = sscanf(proto_str, "IV_PROTO=%d", &proto); + if ((r == 1) && (proto >= 2)) + buf_printf(&buf, ",peer-id %d", c->c2.tls_multi->peer_id); + } } if (BLEN (&buf) > sizeof(cmd)-1) diff --git a/app/openvpn/src/openvpn/route.c b/app/openvpn/src/openvpn/route.c index 562af9fe..c330169a 100644 --- a/app/openvpn/src/openvpn/route.c +++ b/app/openvpn/src/openvpn/route.c @@ -863,10 +863,12 @@ redirect_default_route_to_vpn (struct route_list *rl, const struct tuntap *tt, u { msg (M_WARN, "%s VPN gateway parameter (--route-gateway or --ifconfig) is missing", err); } +#ifndef TARGET_ANDROID else if (!(rl->rgi.flags & RGI_ADDR_DEFINED)) { msg (M_WARN, "%s Cannot read current default gateway from system", err); } +#endif else if (!(rl->spec.flags & RTSA_REMOTE_HOST)) { msg (M_WARN, "%s Cannot obtain current remote host address", err); @@ -913,6 +915,16 @@ redirect_default_route_to_vpn (struct route_list *rl, const struct tuntap *tt, u if (rl->flags & RG_REROUTE_GW) { +#ifdef TARGET_ANDROID + add_route3 (0, + 0, + rl->spec.remote_endpoint, + tt, + flags, + &rl->rgi, + es); + +#else if (rl->flags & RG_DEF1) { /* add new default route (1st component) */ @@ -953,6 +965,7 @@ redirect_default_route_to_vpn (struct route_list *rl, const struct tuntap *tt, u &rl->rgi, es); } +#endif } /* set a flag so we can undo later */ @@ -1338,15 +1351,18 @@ add_route (struct route_ipv4 *r, #if defined(TARGET_LINUX) #ifdef ENABLE_IPROUTE - /* FIXME -- add on-link support for ENABLE_IPROUTE */ - argv_printf (&argv, "%s route add %s/%d via %s", + argv_printf (&argv, "%s route add %s/%d", iproute_path, network, - count_netmask_bits(netmask), - gateway); + count_netmask_bits(netmask)); + if (r->flags & RT_METRIC_DEFINED) argv_printf_cat (&argv, "metric %d", r->metric); + if (is_on_link (is_local_route, flags, rgi)) + argv_printf_cat (&argv, "dev %s", rgi->iface); + else + argv_printf_cat (&argv, "via %s", gateway); #else argv_printf (&argv, "%s add -net %s netmask %s", ROUTE_PATH, diff --git a/app/openvpn/src/openvpn/sig.c b/app/openvpn/src/openvpn/sig.c index 90e39a42..a3d29de0 100644 --- a/app/openvpn/src/openvpn/sig.c +++ b/app/openvpn/src/openvpn/sig.c @@ -126,7 +126,7 @@ print_signal (const struct signal_info *si, const char *title, int msglevel) { const char *type = (si->signal_text ? si->signal_text : ""); const char *t = (title ? title : "process"); - const char *hs; + const char *hs = NULL; switch (si->source) { case SIG_SOURCE_SOFT: diff --git a/app/openvpn/src/openvpn/socket.c b/app/openvpn/src/openvpn/socket.c index 9e6bd10c..c649d627 100644 --- a/app/openvpn/src/openvpn/socket.c +++ b/app/openvpn/src/openvpn/socket.c @@ -2354,12 +2354,12 @@ print_sockaddr_ex (const struct sockaddr *sa, struct gc_arena *gc) { struct buffer out = alloc_buf_gc (128, gc); - bool addr_is_defined; + bool addr_is_defined = false; char hostaddr[NI_MAXHOST] = ""; char servname[NI_MAXSERV] = ""; int status; - socklen_t salen; + socklen_t salen = 0; switch(sa->sa_family) { case AF_INET: diff --git a/app/openvpn/src/openvpn/ssl.c b/app/openvpn/src/openvpn/ssl.c index 929f95fa..94b7b6d9 100644 --- a/app/openvpn/src/openvpn/ssl.c +++ b/app/openvpn/src/openvpn/ssl.c @@ -1056,7 +1056,7 @@ tls_multi_init (struct tls_options *tls_options) ret->key_scan[2] = &ret->session[TM_LAME_DUCK].key[KS_LAME_DUCK]; /* By default not use P_DATA_V2 */ - ret->use_session_id = false; + ret->use_peer_id = false; return ret; } @@ -2826,7 +2826,7 @@ tls_pre_decrypt (struct tls_multi *multi, opt->flags &= multi->opt.crypto_flags_and; opt->flags |= multi->opt.crypto_flags_or; - ASSERT (buf_advance (buf, op == P_DATA_V1 ? 1 : 4)); + ASSERT (buf_advance (buf, (op == P_DATA_V2) ? 4 : 1)); ++ks->n_packets; ks->n_bytes += buf->len; @@ -3324,7 +3324,6 @@ tls_pre_decrypt_lite (const struct tls_auth_standalone *tas, return ret; error: - tls_clear_error(); gc_free (&gc); return ret; @@ -3393,7 +3392,7 @@ tls_post_encrypt (struct tls_multi *multi, struct buffer *buf) { struct key_state *ks; uint8_t *op; - uint32_t sess; + uint32_t peer; ks = multi->save_ks; multi->save_ks = NULL; @@ -3401,10 +3400,10 @@ tls_post_encrypt (struct tls_multi *multi, struct buffer *buf) { ASSERT (ks); - if (!multi->opt.server && multi->use_session_id) + if (!multi->opt.server && multi->use_peer_id) { - sess = ((P_DATA_V2 << P_OPCODE_SHIFT) | ks->key_id) | (multi->vpn_session_id << 8); - ASSERT (buf_write_prepend (buf, &sess, 4)); + peer = htonl(((P_DATA_V2 << P_OPCODE_SHIFT) | ks->key_id) << 24 | (multi->peer_id & 0xFFFFFF)); + ASSERT (buf_write_prepend (buf, &peer, 4)); } else { diff --git a/app/openvpn/src/openvpn/ssl.h b/app/openvpn/src/openvpn/ssl.h index 9bdd641f..a338745e 100644 --- a/app/openvpn/src/openvpn/ssl.h +++ b/app/openvpn/src/openvpn/ssl.h @@ -60,7 +60,7 @@ #define P_CONTROL_V1 4 /* control channel packet (usually TLS ciphertext) */ #define P_ACK_V1 5 /* acknowledgement for packets received */ #define P_DATA_V1 6 /* data channel packet */ -#define P_DATA_V2 9 /* data channel packet with session_id */ +#define P_DATA_V2 9 /* data channel packet with peer-id */ /* indicates key_method >= 2 */ #define P_CONTROL_HARD_RESET_CLIENT_V2 7 /* initial key from client, forget previous state */ diff --git a/app/openvpn/src/openvpn/ssl_common.h b/app/openvpn/src/openvpn/ssl_common.h index 2fc72aa6..cb0ba628 100644 --- a/app/openvpn/src/openvpn/ssl_common.h +++ b/app/openvpn/src/openvpn/ssl_common.h @@ -496,8 +496,8 @@ struct tls_multi #endif /* For P_DATA_V2 */ - uint32_t vpn_session_id; - int use_session_id; + uint32_t peer_id; + bool use_peer_id; /* * Our session objects. diff --git a/app/openvpn/src/openvpn/ssl_polarssl.c b/app/openvpn/src/openvpn/ssl_polarssl.c index ddccf1d9..387e6369 100644 --- a/app/openvpn/src/openvpn/ssl_polarssl.c +++ b/app/openvpn/src/openvpn/ssl_polarssl.c @@ -40,6 +40,7 @@ #include "errlevel.h" #include "ssl_backend.h" +#include "base64.h" #include "buffer.h" #include "misc.h" #include "manage.h" @@ -49,8 +50,10 @@ #include "ssl_verify_polarssl.h" #include +#include #include #include +#include void tls_init_lib() @@ -210,12 +213,13 @@ tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers) void tls_ctx_load_dh_params (struct tls_root_ctx *ctx, const char *dh_file, - const char *dh_file_inline + const char *dh_inline ) { - if (!strcmp (dh_file, INLINE_FILE_TAG) && dh_file_inline) + if (!strcmp (dh_file, INLINE_FILE_TAG) && dh_inline) { - if (0 != dhm_parse_dhm(ctx->dhm_ctx, dh_file_inline, strlen(dh_file_inline))) + if (0 != dhm_parse_dhm(ctx->dhm_ctx, (const unsigned char *) dh_inline, + strlen(dh_inline))) msg (M_FATAL, "Cannot read inline DH parameters"); } else @@ -257,15 +261,15 @@ tls_ctx_load_cryptoapi(struct tls_root_ctx *ctx, const char *cryptoapi_cert) void tls_ctx_load_cert_file (struct tls_root_ctx *ctx, const char *cert_file, - const char *cert_file_inline + const char *cert_inline ) { ASSERT(NULL != ctx); - if (!strcmp (cert_file, INLINE_FILE_TAG) && cert_file_inline) + if (!strcmp (cert_file, INLINE_FILE_TAG) && cert_inline) { - if (0 != x509_crt_parse(ctx->crt_chain, cert_file_inline, - strlen(cert_file_inline))) + if (0 != x509_crt_parse(ctx->crt_chain, + (const unsigned char *) cert_inline, strlen(cert_inline))) msg (M_FATAL, "Cannot load inline certificate file"); } else @@ -282,31 +286,31 @@ tls_ctx_load_cert_file (struct tls_root_ctx *ctx, const char *cert_file, int tls_ctx_load_priv_file (struct tls_root_ctx *ctx, const char *priv_key_file, - const char *priv_key_file_inline + const char *priv_key_inline ) { int status; ASSERT(NULL != ctx); - if (!strcmp (priv_key_file, INLINE_FILE_TAG) && priv_key_file_inline) + if (!strcmp (priv_key_file, INLINE_FILE_TAG) && priv_key_inline) { status = pk_parse_key(ctx->priv_key, - priv_key_file_inline, strlen(priv_key_file_inline), + (const unsigned char *) priv_key_inline, strlen(priv_key_inline), NULL, 0); - if (POLARSSL_ERR_PEM_PASSWORD_REQUIRED == status) + if (POLARSSL_ERR_PK_PASSWORD_REQUIRED == status) { char passbuf[512] = {0}; pem_password_callback(passbuf, 512, 0, NULL); status = pk_parse_key(ctx->priv_key, - priv_key_file_inline, strlen(priv_key_file_inline), + (const unsigned char *) priv_key_inline, strlen(priv_key_inline), (unsigned char *) passbuf, strlen(passbuf)); } } else { status = pk_parse_keyfile(ctx->priv_key, priv_key_file, NULL); - if (POLARSSL_ERR_PEM_PASSWORD_REQUIRED == status) + if (POLARSSL_ERR_PK_PASSWORD_REQUIRED == status) { char passbuf[512] = {0}; pem_password_callback(passbuf, 512, 0, NULL); @@ -316,7 +320,7 @@ tls_ctx_load_priv_file (struct tls_root_ctx *ctx, const char *priv_key_file, if (0 != status) { #ifdef ENABLE_MANAGEMENT - if (management && (POLARSSL_ERR_PEM_PASSWORD_MISMATCH == status)) + if (management && (POLARSSL_ERR_PK_PASSWORD_MISMATCH == status)) management_auth_failure (management, UP_TYPE_PRIVATE_KEY, NULL); #endif msg (M_WARN, "Cannot load private key file %s", priv_key_file); diff --git a/app/openvpn/src/openvpn/ssl_verify_openssl.c b/app/openvpn/src/openvpn/ssl_verify_openssl.c index cbcff022..33cd757d 100644 --- a/app/openvpn/src/openvpn/ssl_verify_openssl.c +++ b/app/openvpn/src/openvpn/ssl_verify_openssl.c @@ -101,9 +101,7 @@ static bool extract_x509_extension(X509 *cert, char *fieldname, char *out, int size) { bool retval = false; - X509_EXTENSION *pExt; char *buf = 0; - int length = 0; GENERAL_NAMES *extensions; int nid = OBJ_txt2nid(fieldname); @@ -140,8 +138,8 @@ bool extract_x509_extension(X509 *cert, char *fieldname, char *out, int size) } break; default: - msg (D_TLS_ERRORS, "ASN1 ERROR: can not handle field type %i", - name->type); + msg (D_TLS_DEBUG, "%s: ignoring general name field type %i", + __func__, name->type); break; } } diff --git a/app/openvpn/src/openvpn/tun.h b/app/openvpn/src/openvpn/tun.h index 631b53c6..79e2d188 100644 --- a/app/openvpn/src/openvpn/tun.h +++ b/app/openvpn/src/openvpn/tun.h @@ -391,6 +391,19 @@ tuntap_stop (int status) return false; } +static inline bool +tuntap_abort(int status) +{ + /* + * Typically generated when driver is halted. + */ + if (status < 0) + { + return openvpn_errno() == ERROR_OPERATION_ABORTED; + } + return false; +} + static inline int tun_write_win32 (struct tuntap *tt, struct buffer *buf) { @@ -432,6 +445,12 @@ tuntap_stop (int status) return false; } +static inline bool +tuntap_abort(int status) +{ + return false; +} + static inline void tun_standby_init (struct tuntap *tt) { diff --git a/app/src/main/java/de/blinkt/openvpn/LaunchVPN.java b/app/src/main/java/de/blinkt/openvpn/LaunchVPN.java index a424a489..d7f3e110 100644 --- a/app/src/main/java/de/blinkt/openvpn/LaunchVPN.java +++ b/app/src/main/java/de/blinkt/openvpn/LaunchVPN.java @@ -1,3 +1,8 @@ +/* + * Copyright (c) 2012-2014 Arne Schwabe + * Distributed under the GNU GPL v2. For full terms see the file doc/LICENSE.txt + */ + package de.blinkt.openvpn; import se.leap.bitmaskclient.R; @@ -113,27 +118,25 @@ public class LaunchVPN extends Activity { } } - @Override protected void onActivityResult (int requestCode, int resultCode, Intent data) { - super.onActivityResult(requestCode, resultCode, data); - - if(requestCode==START_VPN_PROFILE) { - SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(this); - boolean showlogwindow = prefs.getBoolean("showlogwindow", true); - - if(!mhideLog && showlogwindow) - showLogWindow(); - new startOpenVpnThread().start(); - } else if (resultCode == Activity.RESULT_CANCELED) { - // User does not want us to start, so we just vanish - VpnStatus.updateStateString("USER_VPN_PERMISSION_CANCELLED", "", R.string.state_user_vpn_permission_cancelled, - ConnectionStatus.LEVEL_NOTCONNECTED); - - finish(); - } + super.onActivityResult(requestCode, resultCode, data); + + if(requestCode==START_VPN_PROFILE) { + SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(this); + boolean showLogWindow = prefs.getBoolean("showlogwindow", true); + + if(!mhideLog && showLogWindow) + showLogWindow(); + new startOpenVpnThread().start(); + } else if (resultCode == Activity.RESULT_CANCELED) { + // User does not want us to start, so we just vanish + VpnStatus.updateStateString("USER_VPN_PERMISSION_CANCELLED", "", R.string.state_user_vpn_permission_cancelled, + ConnectionStatus.LEVEL_NOTCONNECTED); + + finish(); + } } - void showLogWindow() { Intent startLW = new Intent(getBaseContext(),LogWindow.class); diff --git a/app/src/main/java/de/blinkt/openvpn/VpnProfile.java b/app/src/main/java/de/blinkt/openvpn/VpnProfile.java index 6fec5f46..65214c4f 100644 --- a/app/src/main/java/de/blinkt/openvpn/VpnProfile.java +++ b/app/src/main/java/de/blinkt/openvpn/VpnProfile.java @@ -1,3 +1,8 @@ +/* + * Copyright (c) 2012-2014 Arne Schwabe + * Distributed under the GNU GPL v2. For full terms see the file doc/LICENSE.txt + */ + package de.blinkt.openvpn; import se.leap.bitmaskclient.R; @@ -40,6 +45,7 @@ import java.util.Collection; import java.util.Locale; import java.util.UUID; import java.util.Vector; +import java.util.concurrent.Future; import javax.crypto.BadPaddingException; import javax.crypto.Cipher; @@ -166,6 +172,12 @@ public class VpnProfile implements Serializable { return VpnProfile.MININONPIEVPN; } + public static String[] replacePieWithNoPie(String[] mArgv) + { + mArgv[0] = mArgv[0].replace(MINIPIEVPN, MININONPIEVPN); + return mArgv; + } + public static String openVpnEscape(String unescaped) { if (unescaped == null) return null; @@ -174,7 +186,8 @@ public class VpnProfile implements Serializable { escapedString = escapedString.replace("\n", "\\n"); if (escapedString.equals(unescaped) && !escapedString.contains(" ") && - !escapedString.contains("#") && !escapedString.contains(";")) + !escapedString.contains("#") && !escapedString.contains(";") + && !escapedString.equals("")) return unescaped; else return '"' + escapedString + '"'; @@ -579,21 +592,15 @@ public class VpnProfile implements Serializable { - public Intent prepareIntent(Context context) { - String prefix = context.getPackageName(); + public Intent prepareStartService(Context context) { + Intent intent = getStartServiceIntent(context); - Intent intent = new Intent(context, OpenVPNService.class); if (mAuthenticationType == VpnProfile.TYPE_KEYSTORE || mAuthenticationType == VpnProfile.TYPE_USERPASS_KEYSTORE) { if (getKeyStoreCertificates(context) == null) return null; } - intent.putExtra(prefix + ".ARGV", buildOpenvpnArgv(context.getCacheDir())); - intent.putExtra(prefix + ".profileUUID", mUuid.toString()); - - ApplicationInfo info = context.getApplicationInfo(); - intent.putExtra(prefix + ".nativelib", info.nativeLibraryDir); try { FileWriter cfg = new FileWriter(context.getCacheDir().getAbsolutePath() + "/" + OVPNCONFIGFILE); @@ -607,6 +614,18 @@ public class VpnProfile implements Serializable { return intent; } + public Intent getStartServiceIntent(Context context) { + String prefix = context.getPackageName(); + + Intent intent = new Intent(context, OpenVPNService.class); + intent.putExtra(prefix + ".ARGV", buildOpenvpnArgv(context.getCacheDir())); + intent.putExtra(prefix + ".profileUUID", mUuid.toString()); + + ApplicationInfo info = context.getApplicationInfo(); + intent.putExtra(prefix + ".nativelib", info.nativeLibraryDir); + return intent; + } + public String[] getKeyStoreCertificates(Context context) { return getKeyStoreCertificates(context, 5); } @@ -635,6 +654,21 @@ public class VpnProfile implements Serializable { return false; } + public void checkForRestart(final Context context) { + /* This method is called when OpenVPNService is restarted */ + + if ((mAuthenticationType == VpnProfile.TYPE_KEYSTORE || mAuthenticationType == VpnProfile.TYPE_USERPASS_KEYSTORE) + && mPrivateKey==null) { + new Thread( new Runnable() { + @Override + public void run() { + getKeyStoreCertificates(context); + + } + }).start(); + } + } + class NoCertReturnedException extends Exception { public NoCertReturnedException (String msg) { @@ -841,21 +875,23 @@ public class VpnProfile implements Serializable { return false; } - public int needUserPWInput() { + public int needUserPWInput(boolean ignoreTransient) { if ((mAuthenticationType == TYPE_PKCS12 || mAuthenticationType == TYPE_USERPASS_PKCS12) && (mPKCS12Password == null || mPKCS12Password.equals(""))) { - if (mTransientPCKS12PW == null) + if (ignoreTransient || mTransientPCKS12PW == null) return R.string.pkcs12_file_encryption_key; } if (mAuthenticationType == TYPE_CERTIFICATES || mAuthenticationType == TYPE_USERPASS_CERTIFICATES) { if (requireTLSKeyPassword() && TextUtils.isEmpty(mKeyPassword)) - if (mTransientPCKS12PW == null) { + if (ignoreTransient || mTransientPCKS12PW == null) { return R.string.private_key_password; } } - if (isUserPWAuth() && !(!TextUtils.isEmpty(mUsername) && (!TextUtils.isEmpty(mPassword) || mTransientPW != null))) { + if (isUserPWAuth() && + (TextUtils.isEmpty(mUsername) || + (TextUtils.isEmpty(mPassword) && (mTransientPW == null || ignoreTransient)))) { return R.string.password; } return 0; diff --git a/app/src/main/java/de/blinkt/openvpn/activities/DisconnectVPN.java b/app/src/main/java/de/blinkt/openvpn/activities/DisconnectVPN.java index 5910173a..e6b73a48 100644 --- a/app/src/main/java/de/blinkt/openvpn/activities/DisconnectVPN.java +++ b/app/src/main/java/de/blinkt/openvpn/activities/DisconnectVPN.java @@ -1,3 +1,8 @@ +/* + * Copyright (c) 2012-2014 Arne Schwabe + * Distributed under the GNU GPL v2. For full terms see the file doc/LICENSE.txt + */ + package de.blinkt.openvpn.activities; import android.app.Activity; diff --git a/app/src/main/java/de/blinkt/openvpn/activities/LogWindow.java b/app/src/main/java/de/blinkt/openvpn/activities/LogWindow.java index 7ed09dd2..5e4f9517 100644 --- a/app/src/main/java/de/blinkt/openvpn/activities/LogWindow.java +++ b/app/src/main/java/de/blinkt/openvpn/activities/LogWindow.java @@ -1,3 +1,8 @@ +/* + * Copyright (c) 2012-2014 Arne Schwabe + * Distributed under the GNU GPL v2. For full terms see the file doc/LICENSE.txt + */ + package de.blinkt.openvpn.activities; import android.app.Activity; diff --git a/app/src/main/java/de/blinkt/openvpn/core/CIDRIP.java b/app/src/main/java/de/blinkt/openvpn/core/CIDRIP.java index 960e7d11..ac9a8ccb 100644 --- a/app/src/main/java/de/blinkt/openvpn/core/CIDRIP.java +++ b/app/src/main/java/de/blinkt/openvpn/core/CIDRIP.java @@ -1,3 +1,8 @@ +/* + * Copyright (c) 2012-2014 Arne Schwabe + * Distributed under the GNU GPL v2. For full terms see the file doc/LICENSE.txt + */ + package de.blinkt.openvpn.core; import java.util.Locale; diff --git a/app/src/main/java/de/blinkt/openvpn/core/ConfigParser.java b/app/src/main/java/de/blinkt/openvpn/core/ConfigParser.java index 9c3621e0..0d8230b7 100644 --- a/app/src/main/java/de/blinkt/openvpn/core/ConfigParser.java +++ b/app/src/main/java/de/blinkt/openvpn/core/ConfigParser.java @@ -1,3 +1,8 @@ +/* + * Copyright (c) 2012-2014 Arne Schwabe + * Distributed under the GNU GPL v2. For full terms see the file doc/LICENSE.txt + */ + package de.blinkt.openvpn.core; import java.io.BufferedReader; @@ -553,8 +558,13 @@ public class ConfigParser { noauthtypeset=false; } + Vector cryptoapicert = getOption("cryptoapicert",1,1); + if(cryptoapicert!=null) { + np.mAuthenticationType = VpnProfile.TYPE_KEYSTORE; + noauthtypeset=false; + } - Vector compatnames = getOption("compat-names",1,2); + Vector compatnames = getOption("compat-names",1,2); Vector nonameremapping = getOption("no-name-remapping",1,1); Vector tlsremote = getOption("tls-remote",1,1); if(tlsremote!=null){ diff --git a/app/src/main/java/de/blinkt/openvpn/core/DeviceStateReceiver.java b/app/src/main/java/de/blinkt/openvpn/core/DeviceStateReceiver.java index 0126d08e..0d75ae51 100644 --- a/app/src/main/java/de/blinkt/openvpn/core/DeviceStateReceiver.java +++ b/app/src/main/java/de/blinkt/openvpn/core/DeviceStateReceiver.java @@ -1,3 +1,8 @@ +/* + * Copyright (c) 2012-2014 Arne Schwabe + * Distributed under the GNU GPL v2. For full terms see the file doc/LICENSE.txt + */ + package de.blinkt.openvpn.core; import android.content.BroadcastReceiver; diff --git a/app/src/main/java/de/blinkt/openvpn/core/ICSOpenVPNApplication.java b/app/src/main/java/de/blinkt/openvpn/core/ICSOpenVPNApplication.java index 485e5369..83e760ca 100644 --- a/app/src/main/java/de/blinkt/openvpn/core/ICSOpenVPNApplication.java +++ b/app/src/main/java/de/blinkt/openvpn/core/ICSOpenVPNApplication.java @@ -1,3 +1,8 @@ +/* + * Copyright (c) 2012-2014 Arne Schwabe + * Distributed under the GNU GPL v2. For full terms see the file doc/LICENSE.txt + */ + package de.blinkt.openvpn.core; import android.app.Application; diff --git a/app/src/main/java/de/blinkt/openvpn/core/NativeUtils.java b/app/src/main/java/de/blinkt/openvpn/core/NativeUtils.java index a2c4796d..6d7ffdf2 100644 --- a/app/src/main/java/de/blinkt/openvpn/core/NativeUtils.java +++ b/app/src/main/java/de/blinkt/openvpn/core/NativeUtils.java @@ -1,3 +1,8 @@ +/* + * Copyright (c) 2012-2014 Arne Schwabe + * Distributed under the GNU GPL v2. For full terms see the file doc/LICENSE.txt + */ + package de.blinkt.openvpn.core; import java.security.InvalidKeyException; diff --git a/app/src/main/java/de/blinkt/openvpn/core/NetworkSpace.java b/app/src/main/java/de/blinkt/openvpn/core/NetworkSpace.java index 8c6cb1f5..35f46513 100644 --- a/app/src/main/java/de/blinkt/openvpn/core/NetworkSpace.java +++ b/app/src/main/java/de/blinkt/openvpn/core/NetworkSpace.java @@ -1,3 +1,8 @@ +/* + * Copyright (c) 2012-2014 Arne Schwabe + * Distributed under the GNU GPL v2. For full terms see the file doc/LICENSE.txt + */ + package de.blinkt.openvpn.core; import android.os.Build; diff --git a/app/src/main/java/de/blinkt/openvpn/core/OpenVPNManagement.java b/app/src/main/java/de/blinkt/openvpn/core/OpenVPNManagement.java index a5a3e9f4..e90c16d1 100644 --- a/app/src/main/java/de/blinkt/openvpn/core/OpenVPNManagement.java +++ b/app/src/main/java/de/blinkt/openvpn/core/OpenVPNManagement.java @@ -1,3 +1,8 @@ +/* + * Copyright (c) 2012-2014 Arne Schwabe + * Distributed under the GNU GPL v2. For full terms see the file doc/LICENSE.txt + */ + package de.blinkt.openvpn.core; public interface OpenVPNManagement { diff --git a/app/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java b/app/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java index 743e7cc5..ada065ba 100644 --- a/app/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java +++ b/app/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java @@ -1,3 +1,8 @@ +/* + * Copyright (c) 2012-2014 Arne Schwabe + * Distributed under the GNU GPL v2. For full terms see the file doc/LICENSE.txt + */ + package de.blinkt.openvpn.core; import android.Manifest.permission; @@ -19,6 +24,7 @@ import android.os.Message; import android.os.ParcelFileDescriptor; import android.preference.PreferenceManager; import android.text.TextUtils; +import android.util.Log; import java.lang.reflect.InvocationTargetException; import java.lang.reflect.Method; @@ -309,26 +315,32 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac return START_REDELIVER_INTENT; } - String UUID = "UUID"; + /* The intent is null when the service has been restarted */ if (intent == null) { - SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(this); - android.util.Log.d("bitmaskclient", "UUID is " + prefs.getString(UUID, "")); - mProfile = ProfileManager.get(this, prefs.getString(UUID, "")); - android.util.Log.d("bitmaskclient", "mProfile is null? " + (mProfile == null)); - if(mProfile != null) - intent = mProfile.prepareIntent(getBaseContext()); - else + mProfile = ProfileManager.getLastConnectedProfile(this, false); + + /* Got no profile, just stop */ + if (mProfile==null) { + Log.d("OpenVPN", "Got no last connected profile on null intent. Stopping"); + stopSelf(startId); return START_NOT_STICKY; - } - if(mProfile != null) - android.util.Log.d("bitmaskclient", "mProfile != null"); + } + /* Do the asynchronous keychain certificate stuff */ + mProfile.checkForRestart(this); + + /* Recreate the intent */ + intent = mProfile.getStartServiceIntent(this); + + } else { + String profileUUID = intent.getStringExtra(getPackageName() + ".profileUUID"); + mProfile = ProfileManager.get(this, profileUUID); + } + + // Extract information from the intent. String prefix = getPackageName(); String[] argv = intent.getStringArrayExtra(prefix + ".ARGV"); - String nativelibdir = intent.getStringExtra(prefix + ".nativelib"); - String profileUUID = intent.getStringExtra(prefix + ".profileUUID"); - - mProfile = ProfileManager.get(this, profileUUID); + String nativeLibraryDirectory = intent.getStringExtra(prefix + ".nativelib"); String startTitle = getString(R.string.start_vpn_title, mProfile.mName); String startTicker = getString(R.string.start_vpn_ticker, mProfile.mName); @@ -361,13 +373,12 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac // Start a new session by creating a new thread. SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(this); - + mOvpn3 = prefs.getBoolean("ovpn3", false); if (!"ovpn3".equals(BuildConfig.FLAVOR)) mOvpn3 = false; - prefs.edit().putString(UUID, profileUUID).commit(); // Open the Management Interface if (!mOvpn3) { @@ -395,7 +406,7 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac } else { HashMap env = new HashMap(); - processThread = new OpenVPNThread(this, argv, env, nativelibdir); + processThread = new OpenVPNThread(this, argv, env, nativeLibraryDirectory); } synchronized (mProcessLock) { @@ -409,11 +420,12 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac ProfileManager.setConnectedVpnProfile(this, mProfile); + /* TODO: At the moment we have no way to handle asynchronous PW input + * Fixing will also allow to handle challenge/responsee authentication */ + if (mProfile.needUserPWInput(true) != 0) + return START_NOT_STICKY; - if (mProfile.mPersistTun) - return START_STICKY; - else - return START_NOT_STICKY; + return START_STICKY; } private OpenVPNManagement instantiateOpenVPN3Core() { @@ -517,7 +529,7 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac if ((Build.VERSION.SDK_INT == Build.VERSION_CODES.KITKAT && !release.startsWith("4.4.3") && !release.startsWith("4.4.4") && !release.startsWith("4.4.5") && !release.startsWith("4.4.6")) && mMtu < 1280) { - VpnStatus.logInfo(String.format("Forcing MTU to 1280 instead of %d to workaround Android Bug #70916", mMtu)); + VpnStatus.logInfo(String.format(Locale.US, "Forcing MTU to 1280 instead of %d to workaround Android Bug #70916", mMtu)); builder.setMtu(1280); } else { builder.setMtu(mMtu); @@ -690,7 +702,7 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac VpnStatus.logWarning(R.string.ip_not_cidr, local, netmask, mode); } } - if (("p2p".equals(mode)) && mLocalIP.len < 32 || "net30".equals("net30") && mLocalIP.len < 30) { + if (("p2p".equals(mode) && mLocalIP.len < 32) || ("net30".equals(mode) && mLocalIP.len < 30)) { VpnStatus.logWarning(R.string.ip_looks_like_subnet, local, netmask, mode); } @@ -738,7 +750,7 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac String ticker = msg; showNotification(msg, ticker, lowpriority , 0, level); return; - } else { + } else { mDisplayBytecount = false; } diff --git a/app/src/main/java/de/blinkt/openvpn/core/OpenVPNThread.java b/app/src/main/java/de/blinkt/openvpn/core/OpenVPNThread.java index 5fa2ab9e..e3c60854 100644 --- a/app/src/main/java/de/blinkt/openvpn/core/OpenVPNThread.java +++ b/app/src/main/java/de/blinkt/openvpn/core/OpenVPNThread.java @@ -1,3 +1,8 @@ +/* + * Copyright (c) 2012-2014 Arne Schwabe + * Distributed under the GNU GPL v2. For full terms see the file doc/LICENSE.txt + */ + package de.blinkt.openvpn.core; import android.util.Log; @@ -25,6 +30,7 @@ import de.blinkt.openvpn.core.VpnStatus.LogItem; public class OpenVPNThread implements Runnable { private static final String DUMP_PATH_STRING = "Dump path: "; + private static final String BROKEN_PIE_SUPPORT = "/data/data/de.blinkt.openvpn/cache/pievpn[1]: syntax error:"; private static final String TAG = "OpenVPN"; public static final int M_FATAL = (1 << 4); public static final int M_NONFATAL = (1 << 5); @@ -36,8 +42,9 @@ public class OpenVPNThread implements Runnable { private OpenVPNService mService; private String mDumpPath; private Map mProcessEnv; + private boolean mBrokenPie=false; - public OpenVPNThread(OpenVPNService service,String[] argv, Map processEnv, String nativelibdir) + public OpenVPNThread(OpenVPNService service,String[] argv, Map processEnv, String nativelibdir) { mArgv = argv; mNativeDir = nativelibdir; @@ -68,8 +75,22 @@ public class OpenVPNThread implements Runnable { } catch (InterruptedException ie) { VpnStatus.logError("InterruptedException: " + ie.getLocalizedMessage()); } - if( exitvalue != 0) - VpnStatus.logError("Process exited with exit value " + exitvalue); + if( exitvalue != 0) { + VpnStatus.logError("Process exited with exit value " + exitvalue); + if (mBrokenPie) { + String[] noPieArgv = VpnProfile.replacePieWithNoPie(mArgv); + + // We are already noPIE, nothing to gain + if (!noPieArgv.equals(mArgv)) { + mArgv = noPieArgv; + VpnStatus.logInfo("PIE Version could not be executed. Trying no PIE version"); + run(); + return; + } + + } + + } VpnStatus.updateStateString("NOPROCESS", "No process running.", R.string.state_noprocess, ConnectionStatus.LEVEL_NOTCONNECTED); if(mDumpPath!=null) { @@ -123,6 +144,9 @@ public class OpenVPNThread implements Runnable { if (logline.startsWith(DUMP_PATH_STRING)) mDumpPath = logline.substring(DUMP_PATH_STRING.length()); + + if (logline.startsWith(BROKEN_PIE_SUPPORT)) + mBrokenPie = true; // 1380308330.240114 18000002 Send to HTTP proxy: 'X-Online-Host: bla.blabla.com' diff --git a/app/src/main/java/de/blinkt/openvpn/core/OpenVpnManagementThread.java b/app/src/main/java/de/blinkt/openvpn/core/OpenVpnManagementThread.java index e200f210..37094a1b 100644 --- a/app/src/main/java/de/blinkt/openvpn/core/OpenVpnManagementThread.java +++ b/app/src/main/java/de/blinkt/openvpn/core/OpenVpnManagementThread.java @@ -1,3 +1,8 @@ +/* + * Copyright (c) 2012-2014 Arne Schwabe + * Distributed under the GNU GPL v2. For full terms see the file doc/LICENSE.txt + */ + package de.blinkt.openvpn.core; import android.content.Context; diff --git a/app/src/main/java/de/blinkt/openvpn/core/PRNGFixes.java b/app/src/main/java/de/blinkt/openvpn/core/PRNGFixes.java index dd420371..bca0a4ab 100644 --- a/app/src/main/java/de/blinkt/openvpn/core/PRNGFixes.java +++ b/app/src/main/java/de/blinkt/openvpn/core/PRNGFixes.java @@ -1,3 +1,8 @@ +/* + * Copyright (c) 2012-2014 Arne Schwabe + * Distributed under the GNU GPL v2. For full terms see the file doc/LICENSE.txt + */ + package de.blinkt.openvpn.core;/* * This software is provided 'as-is', without any express or implied * warranty. In no event will Google be held liable for any damages diff --git a/app/src/main/java/de/blinkt/openvpn/core/ProfileManager.java b/app/src/main/java/de/blinkt/openvpn/core/ProfileManager.java index 4cfbcc8e..2a26152e 100644 --- a/app/src/main/java/de/blinkt/openvpn/core/ProfileManager.java +++ b/app/src/main/java/de/blinkt/openvpn/core/ProfileManager.java @@ -1,3 +1,8 @@ +/* + * Copyright (c) 2012-2014 Arne Schwabe + * Distributed under the GNU GPL v2. For full terms see the file doc/LICENSE.txt + */ + package de.blinkt.openvpn.core; import java.io.FileNotFoundException; @@ -23,7 +28,7 @@ public class ProfileManager { - private static final String ONBOOTPROFILE = "onBootProfile"; + private static final String LAST_CONNECTED_PROFILE = "lastConnectedProfile"; @@ -65,7 +70,7 @@ public class ProfileManager { public static void setConntectedVpnProfileDisconnected(Context c) { SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(c); Editor prefsedit = prefs.edit(); - prefsedit.putString(ONBOOTPROFILE, null); + prefsedit.putString(LAST_CONNECTED_PROFILE, null); prefsedit.apply(); } @@ -74,21 +79,23 @@ public class ProfileManager { SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(c); Editor prefsedit = prefs.edit(); - prefsedit.putString(ONBOOTPROFILE, connectedrofile.getUUIDString()); + prefsedit.putString(LAST_CONNECTED_PROFILE, connectedrofile.getUUIDString()); prefsedit.apply(); mLastConnectedVpn=connectedrofile; } - public static VpnProfile getOnBootProfile(Context c) { + public static VpnProfile getLastConnectedProfile(Context c, boolean onBoot) { SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(c); boolean useStartOnBoot = prefs.getBoolean("restartvpnonboot", false); + if (onBoot && !useStartOnBoot) + return null; - String mBootProfileUUID = prefs.getString(ONBOOTPROFILE,null); - if(useStartOnBoot && mBootProfileUUID!=null) - return get(c, mBootProfileUUID); + String lastConnectedProfile = prefs.getString(LAST_CONNECTED_PROFILE, null); + if(lastConnectedProfile!=null) + return get(c, lastConnectedProfile); else return null; } diff --git a/app/src/main/java/de/blinkt/openvpn/core/ProxyDetection.java b/app/src/main/java/de/blinkt/openvpn/core/ProxyDetection.java index 47d88279..cf953863 100644 --- a/app/src/main/java/de/blinkt/openvpn/core/ProxyDetection.java +++ b/app/src/main/java/de/blinkt/openvpn/core/ProxyDetection.java @@ -1,3 +1,8 @@ +/* + * Copyright (c) 2012-2014 Arne Schwabe + * Distributed under the GNU GPL v2. For full terms see the file doc/LICENSE.txt + */ + package de.blinkt.openvpn.core; import java.net.InetSocketAddress; diff --git a/app/src/main/java/de/blinkt/openvpn/core/VPNLaunchHelper.java b/app/src/main/java/de/blinkt/openvpn/core/VPNLaunchHelper.java index 57a94ee7..40f9742b 100644 --- a/app/src/main/java/de/blinkt/openvpn/core/VPNLaunchHelper.java +++ b/app/src/main/java/de/blinkt/openvpn/core/VPNLaunchHelper.java @@ -1,3 +1,8 @@ +/* + * Copyright (c) 2012-2014 Arne Schwabe + * Distributed under the GNU GPL v2. For full terms see the file doc/LICENSE.txt + */ + package de.blinkt.openvpn.core; import android.content.Context; @@ -70,7 +75,7 @@ public class VPNLaunchHelper { VpnStatus.logInfo(R.string.building_configration); - Intent startVPN = startprofile.prepareIntent(context); + Intent startVPN = startprofile.prepareStartService(context); if(startVPN!=null) context.startService(startVPN); diff --git a/app/src/main/java/de/blinkt/openvpn/core/VpnStatus.java b/app/src/main/java/de/blinkt/openvpn/core/VpnStatus.java index c19daeb0..25558f13 100644 --- a/app/src/main/java/de/blinkt/openvpn/core/VpnStatus.java +++ b/app/src/main/java/de/blinkt/openvpn/core/VpnStatus.java @@ -1,3 +1,8 @@ +/* + * Copyright (c) 2012-2014 Arne Schwabe + * Distributed under the GNU GPL v2. For full terms see the file doc/LICENSE.txt + */ + package de.blinkt.openvpn.core; import android.annotation.SuppressLint; diff --git a/app/src/main/java/de/blinkt/openvpn/core/X509Utils.java b/app/src/main/java/de/blinkt/openvpn/core/X509Utils.java index 35e53c08..ff383e0f 100644 --- a/app/src/main/java/de/blinkt/openvpn/core/X509Utils.java +++ b/app/src/main/java/de/blinkt/openvpn/core/X509Utils.java @@ -1,3 +1,8 @@ +/* + * Copyright (c) 2012-2014 Arne Schwabe + * Distributed under the GNU GPL v2. For full terms see the file doc/LICENSE.txt + */ + package de.blinkt.openvpn.core; import android.content.Context; diff --git a/app/src/main/java/de/blinkt/openvpn/fragments/LogFragment.java b/app/src/main/java/de/blinkt/openvpn/fragments/LogFragment.java index ca850533..77fc21e6 100644 --- a/app/src/main/java/de/blinkt/openvpn/fragments/LogFragment.java +++ b/app/src/main/java/de/blinkt/openvpn/fragments/LogFragment.java @@ -1,3 +1,8 @@ +/* + * Copyright (c) 2012-2014 Arne Schwabe + * Distributed under the GNU GPL v2. For full terms see the file doc/LICENSE.txt + */ + package de.blinkt.openvpn.fragments; import se.leap.bitmaskclient.R; diff --git a/app/src/main/java/de/blinkt/openvpn/views/SeekBarTicks.java b/app/src/main/java/de/blinkt/openvpn/views/SeekBarTicks.java index 88e8e164..e25c2859 100644 --- a/app/src/main/java/de/blinkt/openvpn/views/SeekBarTicks.java +++ b/app/src/main/java/de/blinkt/openvpn/views/SeekBarTicks.java @@ -1,3 +1,8 @@ +/* + * Copyright (c) 2012-2014 Arne Schwabe + * Distributed under the GNU GPL v2. For full terms see the file doc/LICENSE.txt + */ + package de.blinkt.openvpn.views; import android.content.Context; diff --git a/app/src/main/res/layout-sw600dp-port/log_fragment.xml b/app/src/main/res/layout-sw600dp-port/log_fragment.xml index ddf0506b..2f5c774d 100644 --- a/app/src/main/res/layout-sw600dp-port/log_fragment.xml +++ b/app/src/main/res/layout-sw600dp-port/log_fragment.xml @@ -1,4 +1,9 @@ + + + + + + + + + + + diff --git a/app/src/main/res/menu/logmenu.xml b/app/src/main/res/menu/logmenu.xml index c8c9e815..a1d2a7b5 100644 --- a/app/src/main/res/menu/logmenu.xml +++ b/app/src/main/res/menu/logmenu.xml @@ -1,4 +1,9 @@ + + diff --git a/app/src/main/res/values-ca/strings-icsopenvpn.xml b/app/src/main/res/values-ca/strings-icsopenvpn.xml index 7e74c198..b18766ca 100755 --- a/app/src/main/res/values-ca/strings-icsopenvpn.xml +++ b/app/src/main/res/values-ca/strings-icsopenvpn.xml @@ -1,5 +1,9 @@ + diff --git a/app/src/main/res/values-cs/strings-icsopenvpn.xml b/app/src/main/res/values-cs/strings-icsopenvpn.xml index b13bfcdd..6ae5a3f0 100755 --- a/app/src/main/res/values-cs/strings-icsopenvpn.xml +++ b/app/src/main/res/values-cs/strings-icsopenvpn.xml @@ -1,5 +1,9 @@ - + + @@ -319,4 +323,9 @@ Některé soubory nemohly být nalezeny. Prosím vyber profil, který chceš importovat: Pro používání této aplikace je potřeba VPN poskytovatel/brána, která podporuje OpenVPN (často je to zaměstnavatel). Pro více informací a návod na nastavení OpenVPN serveru navštiv http://community.openvpn.net/ Import logu: + Vpn topologie \"%3$s\" soecifikována, ale ifconfig %1$s %2$s vypadá spíše jako IP adresa se síťovou maskou. Předpokládám \"podsíťovou\" topologii. + mssfix hodnota musí být celé číslo mezi 0 a 9000 + Oznámit TCP sezením běžícím skrze tunel, že mají limitovat velikost odesílaných paketů tak, aby poté, co je OpenVPN zabalí, byla výsledná velikost UDP paketu, které OpenVPN posílá menší než tento počet bytů. (výchozí je 1450) + Přepsat hodnotu MSS pro TCP obsah + Nastavit MSS pro TCP obsah diff --git a/app/src/main/res/values-de/strings-icsopenvpn.xml b/app/src/main/res/values-de/strings-icsopenvpn.xml index 5ece9326..cebb9646 100755 --- a/app/src/main/res/values-de/strings-icsopenvpn.xml +++ b/app/src/main/res/values-de/strings-icsopenvpn.xml @@ -1,5 +1,9 @@ + @@ -319,4 +323,9 @@ Einige Dateien konnten nicht gefunden werden. Bitte wählen Sie diese manuell aus: Um diese Anwendung nutzen zu können brauchen Sie einen OpenVPN fähigen Server. Diese werden häufig von Ihrer Firma oder Universität bereitgestellt. Besuchen Sie http://community.openvpn.net/ um mehr über OpenVPN zu erfahren und wie Sie Ihren eigenen Server aufsetzen können. Import-Protokoll: + VPN-Topologie \"%3$s\" wurde angegeben, die Interface Konfiguration \'ifconfig %1$s %2$s sieht wie eine IP-Adresse mit einer Netzwerkmaske. Topologie \"subnet\" wird angenommen. + mssfix Wert muss eine Zahl zwischen 0 und 9000 sein + Ändere TCP-Verbindungen, die über den Tunnel laufen, so dass die resultierende UDP-Paketgröße nach der Enkapsulierung durch OpenVPN auf diesen Wert beschränkt bleibt. (Standardwert ist 1450) + Überschreiben des MSS-Wert von TCP-Nutzlast + Setze MSS von TCP-Nutzlast diff --git a/app/src/main/res/values-es/strings-icsopenvpn.xml b/app/src/main/res/values-es/strings-icsopenvpn.xml index 399392bf..92995c6f 100755 --- a/app/src/main/res/values-es/strings-icsopenvpn.xml +++ b/app/src/main/res/values-es/strings-icsopenvpn.xml @@ -1,5 +1,9 @@ + @@ -319,4 +323,8 @@ Algunos archivos no se pudo encontrar. Por favor, seleccione los archivos que desea importar el perfil: Para utilizar esta aplicación usted necesita un proveedor de servicio VPN / es un apoyo OpenVPN (a menudo proporcionados por su empleador). Echa un vistazo a http://community.openvpn.net/ para más información sobre OpenVPN y cómo configurar su propio servidor OpenVPN. Importar registros: + Topología de VPN \"%3$s\" especificado pero ifconfig %1$s %2$s se parece más a una dirección IP con una máscara de red. Asumiendo una topología de \"subred\". + El valor de mssfix debe ser un número entero entre 0 y 9000 + Reemplazar el valor MSS de la carga TCP + Establecer MSS de la carga TCP diff --git a/app/src/main/res/values-et/strings-icsopenvpn.xml b/app/src/main/res/values-et/strings-icsopenvpn.xml index 478483ec..7761726e 100755 --- a/app/src/main/res/values-et/strings-icsopenvpn.xml +++ b/app/src/main/res/values-et/strings-icsopenvpn.xml @@ -1,5 +1,9 @@ - + + @@ -319,4 +323,9 @@ Mõningaid faile ei leitud. Palun valige importimiseks profiili failid: Selle rakenduse kasutamiseks vajate OpenVPN toega VPN teenusepakkujat/VPN lüüsi (mida sageli pakub teie tööandja). Lisainfo saamiseks OpenVPN kohta ja oma isikliku OpenVPN serveri seadistamise kohta tutvuge veebilehega http://community.openvpn.net/ . Impordi logi: + Valitud on \"%3$s\" Vpn topoloogia, kuid ifconfig %1$s %2$s sarnaneb rohkem maskiga IP aadressile. Määratakse \"alamvõrgu\" topoloogia. + mssfix väärtus peab olema täisarv vahemikus 0 kuni 9000 + Informeeri tunneldatud TCP sessioone et nad piiraksid saadetavate pakettide suuruse nii, et peale OpenVPN kapseldatud paketi partnerile saatmist ei oleks saadud UDP pakett suurem kui ette antud baitide arv. (vaikeväärtus on 1450) + Ignoreeri TCP lasti MSS väärtust + Sea TCP lasti MSS väärtus diff --git a/app/src/main/res/values-fr/strings-icsopenvpn.xml b/app/src/main/res/values-fr/strings-icsopenvpn.xml index a26ce445..15bc7aa4 100755 --- a/app/src/main/res/values-fr/strings-icsopenvpn.xml +++ b/app/src/main/res/values-fr/strings-icsopenvpn.xml @@ -1,5 +1,9 @@ + @@ -216,7 +220,6 @@ Sur certaines images, cette notification joue un son.\nAndroid à introduit ces "Utilisez l\'icône <img src=\"ic_menu_archive\"/> pour importer un fichier profil (.opvpn ou .conf) de votre carte SD." "Veillez également à consulter la FAQ. Il s\'y trouve un guide de démarrage rapide." "Redirections / Configuration de l\'interface" - The Routing and interface configuration is not done via traditional ifconfig/route commands but by using the VPNService API. This results in a different routing configuration than on other OSes. The configuration for the VPN tunnel consists of the IP address and the networks that should be routed over this interface. Especially no peer partner address or gateway address is needed. Special routes to reach the VPN Server (for example added when using redirect-gateway) are not needed either. The application will consequently ignore these settings when importing a configuration. The app ensures with the VPNService API that the connection to the server is not routed through the VPN tunnel. Only specifying networks to be routed via tunnel is supported. The app tries to detect networks that should not be routed over tunnel (e.g. route x.x.x.x y.y.y.y net_gateway) and calculates a route set that excludes this routes to emulate the behaviour of other platforms. The log windows shows the configuration of the VPNService upon establishing a connection. Ne pas couper la connexion VPN lors de la reconnexion d\'OpenVPN. Persistance de l\'interface TUN Log OpenVPN diff --git a/app/src/main/res/values-hu/strings-icsopenvpn.xml b/app/src/main/res/values-hu/strings-icsopenvpn.xml index 99c5201f..504ab893 100755 --- a/app/src/main/res/values-hu/strings-icsopenvpn.xml +++ b/app/src/main/res/values-hu/strings-icsopenvpn.xml @@ -1,5 +1,9 @@ - + + diff --git a/app/src/main/res/values-in/strings-icsopenvpn.xml b/app/src/main/res/values-in/strings-icsopenvpn.xml index ccb60754..c111cbb5 100755 --- a/app/src/main/res/values-in/strings-icsopenvpn.xml +++ b/app/src/main/res/values-in/strings-icsopenvpn.xml @@ -1,5 +1,9 @@ - + + @@ -85,6 +89,7 @@ Gunakan rute standar Masukkan rute butan sendiri. Masukkan tujuan dalam format CIDR. \"10.0.0.0/8 2002:: / 16\" akan mengarahkan jaringan 10.0.0.0/8 dan 2002:: / 16 melalui jaringan VPN Rute buatan sendiri + Jaringan Dikecualikan Tingkat rincian catatan Ijinkan paket terotentifikasi dari semua IP Ijinkan server mengambang diff --git a/app/src/main/res/values-it/strings-icsopenvpn.xml b/app/src/main/res/values-it/strings-icsopenvpn.xml index 61d09818..29d48904 100755 --- a/app/src/main/res/values-it/strings-icsopenvpn.xml +++ b/app/src/main/res/values-it/strings-icsopenvpn.xml @@ -1,5 +1,9 @@ - + + @@ -86,6 +90,7 @@ Inserisci instradamenti personalizzati. Usare il formato CIDR. \"10.0.0.0/8 2002::/16\" reindirizza le reti 10.0.0.0/8 e 2002::/16 sulla VPN. Itinerari che dovrebbero non essere instradati su VPN. Utilizzare la stessa sintassi per quanto riguarda le rotte incluse. Routing personalizzati + Reti escluse Livello di dettaglio del registro Permette pacchetti autenticati da qualsiasi IP (consente che l\'IP del server possa cambiare) Modalità float @@ -99,6 +104,9 @@ Apertura interfaccia tun in corso: Indirizzi locali - IPv4: %1$s/%2$d IPv6: %3$s MTU: %4$d DNS Server: %1$s, Dominio: %2$s + Instradamenti: %1$s %2$s + Instradamenti esclusi: %1$s %2$s + Instradamenti VpnService installati: %1$s %2$s Ottenute le informazioni sulle interfacce %1$s e %2$s, assumendo che il secondo indirizzo sia il peer remoto. Utilizzata la maschera /32 per l\'IP locale. La modalità impostata da OpenVPN è \"%3$s\". Impossibile utilizzare %1$s e %2$s come reindirizzamenti IP con la maschera CIDR, è stata quindi usata la maschera /32. Instradamento %1$s/%2$s corretto con %3$s/%2$s @@ -213,6 +221,7 @@ Effettuata la lettura del file di configurazione Usa l\'icona <img src=\"ic_menu_archive\"/> per importare il profilo (.ovpn o .conf) dalla tua scheda SD. Si raccomanda di leggere anche le FAQ. C\'è anche una guida rapida. Configurazione dei reindirizzamenti e dell\'interfaccia + Il routing e la configurazione dell\'interfaccia non vengono fatti tramite i comandi ifconfig/route tradizionali ma utilizzando l\'API VPNService. Ciò si traduce in una configurazione di routing diversa rispetto ad altri sistemi operativi. La configurazione del tunnel VPN è composta dall\'indirizzo IP e dalle reti che devono essere instradate su tale interfaccia. Soprattutto non è necessario alcun indirizzo peer o gateway. Percorsi speciali per raggiungere il server VPN (ad esempio aggiunti quando si utilizza redirect-gateway) non sono neanche necessari. L\'applicazione pertanto ignorerà queste impostazioni durante l\'importazione di una configurazione. L\'applicazione garantisce con l\'API VPNService che la connessione al server non venga instradata attraverso il tunnel VPN. E\' supportato solo la specifica delle reti che devono essere instradate tramite il tunnel. L\'applicazione cerca di rilevare le reti che non devono essere instradate sul tunnel (ad esempio, route x.x.x.x y.y.y.y net_gateway) e calcola una serie di itinerari che escludono questi percorsi per emulare il comportamento di altre piattaforme. Le schermate del registro mostrano la configurazione del VPNService finché si stabilisce una connessione. Non passa allo stato di \"Nessuna connessione VPN\" quando OpenVPN sta eseguendo un tentativo di riconnessione. tun persistente Log di OpenVPN @@ -307,5 +316,13 @@ Effettuata la lettura del file di configurazione Visualizza opzioni Eccezione non gestita: %1$s\n\n%2$s %3$s: %1$s\n\n%2$s + Se il tuo dispositivo Android ha il root allora è possibile installare il <a href=\"http://xposed.info/\">framework Xposed</a> e il <a href=\"http://repo.xposed.info/module/de.blinkt.vpndialogxposed\">modulo di conferma VPN Dialog</a> a proprio rischio e pericolo\" Licenze complete + Le reti direttamente collegate alle interfacce locali non verranno instradate attraverso la VPN. Deselezionando questa opzione si inoltrerà tutto il traffico dalle reti locali alla VPN. + Ignora VPN per le reti locali + File nome utente/password + [Importato da: %s] + Alcuni file non possono essere trovati. Si prega di selezionare i file da importare nel profilo: + Per utilizzare questa applicazione è necessario un provider VPN/gateway VPN che supportino OpenVPN (spesso forniti dal datore di lavoro). Vai a http://community.openvpn.net/ per ulteriori informazioni su OpenVPN e come configurare il proprio server OpenVPN. + Registro importazione: diff --git a/app/src/main/res/values-ja/strings-icsopenvpn.xml b/app/src/main/res/values-ja/strings-icsopenvpn.xml index d537e3d8..79474f2d 100755 --- a/app/src/main/res/values-ja/strings-icsopenvpn.xml +++ b/app/src/main/res/values-ja/strings-icsopenvpn.xml @@ -1,5 +1,9 @@ + @@ -23,7 +27,7 @@ プロファイル 種別 PKCS12のパスワード - 選択 + 選択… ファイルを選択する必要があります。 TLS認証を使用します。 TLS Direction @@ -99,7 +103,7 @@ DNSサーバ: %1$s, ドメイン: %2$s 経路: %1$s %2$s 除外された経路: %1$s %2$s - インターフェース情報として[%1$s]と[%2$s]を取得しました。2つめのアドレスはリモート側のピアアドレスです。32ビットマスクをローカルIPに使用します。 OpenVPNのモードは[%3$s]です。 + インターフェース情報として %1$s と %2$s を取得しました。2つ目のアドレスはリモート側のピアアドレスです。32ビットマスクをローカルIPに使用します。 OpenVPNのモードは \"%3$s\" です。 %1$sと%2$sではCIDR形式のIP経路情報として意味をなしません。32ビットマスクを使用します。 経路情報%1$s/%2$sを%3$s/%2$sに修正しました。 Androidの証明書管理にアクセスできません。(ファームウェアの更新、アプリケーションまたはその設定のリストアによって発生する場合があります)。VPNの設定で証明書の選択を再度行ってください。 @@ -107,12 +111,11 @@ ログ ファイルを送信します。 送信 ICS OpenVPN ログ ファイル - クリップ ボードにコピーされたログ エントリ + ログ エントリをクリップボードにコピーしました TAPモード TAPモードは非root化環境では動作しません。よってこのアプリケーションではTAPをサポートできません。 またですか?TAPモードはサポートされていませんし、サポートされるかどうかメールを送ることは何の役にも立ちません。 - 3回目です。本当のところ、TUN上で動くレイヤ2エミュレータを書くことはできました。(送信時の情報追加と受信時の情報削除で)。しかしこのエミュレータはARPやおそらくはDHCPをも実装しなければならないでしょう。誰もこのことに気がついていません。もしあなたがこの機能を作る気になったのであれば、どうぞ私に連絡してください。 - + 3回目です。本当のところ、TUN上で動くレイヤ2エミュレータを書くことはできました。(送信時の情報追加と受信時の情報削除で)。しかしこのエミュレータはARPやおそらくはDHCPをも実装しなければならないでしょう。誰もこのことに気がついていません。もしあなたがこの機能を作る気になったのであれば、どうぞ私に連絡してください。 よくある質問 ログ エントリのコピー 1行のログエントリをコピーするには、そのエントリをタッチし続けます。コピー/送信するには「ログエントリを送信」を使用します。GUIで表示されない場合はハードウェアのメニューボタンを使用してください。 @@ -138,7 +141,7 @@ インポートされた構成ファイルに記載されたファイル %1$s が見つかりません。 構成ファイルを%1$sからインポートしています。 ユーザインターフェースにマッピングされていないいくつかの設定項目があります。それらの設定はカスタムオプションとして追加されます。カスタムオプションを以下に表示します。 - 構成ファイルの読み取り終了。 + 構成ファイルの読み込みを完了しました。 ローカル アドレスとポートにバインドを行いません。 ローカルバインドしない 構成ファイルのインポート @@ -200,8 +203,7 @@ Androidはあなた自身の安全性のために、これらを迂回できな <p>もしファイルが足りないというエラーが表示されたら、足りなかったファイルをSDカード上に格納してください。</p> <p>インポートされたVPN設定をリストに追加するには、保存アイコンをクリックします。</p> <p>VPNを接続するには、VPNの名称をクリックします。</p> -<p>もし警告やエラーがログエントリに表示されたら、それらを調べて解決してください。</p> - +<p>もし警告やエラーがログエントリに表示されたら、それらを調べて解決してください。</p> クイックスタート 接続の試行前にTUNデバイスモジュール(tun.ko)を読み込みます。デバイスのroot化が必要です。 TUNモジュールをロード @@ -217,8 +219,7 @@ Androidはあなた自身の安全性のために、これらを迂回できな 再起動 設定の変更はVPNの再起動後に反映されます。VPNを(再)起動しますか? 設定が変更されました - 編集されたため、最後に接続したプロファイルを確認できませんでした - + 編集されたため、最後に接続したプロファイルを確認できませんでした 重複した通知 もしAndroidがメモリ不足に陥った場合、その時点で必要とされないアプリケーションやサービスはアクティブなメモリから排除されます。 この処理に伴い、VPN接続は終了されます。 @@ -292,7 +293,7 @@ OpenVPNの接続を保証するためには、アプリケーションを高い 許可アプリ: %s 許可アプリの一覧をクリアしますか?\n現在の許可アプリ一覧:\n\n%s スクリーンがオフかつ60秒で64kB以下のデータ転送量の場合、VPN通信を中断します。「永続的なTUN」設定が有効な場合、VPN接続が中断されると通信ができなくなります。「永続的なTUN」を無効にすると、VPNによる接続保護は行われなくなります。 - 画面オフ後にVPN接続を中断する + 画面オフ後にVPN接続を中断 警告: このVPN接続には永続的なTUNが設定されていません。スクリーンオフ後の通信は通常のインターネット接続を使用します。 パスワードを保存 VPN一時停止 @@ -322,10 +323,10 @@ OpenVPNの接続を保証するためには、アプリケーションを高い 未処理の例外: %1$s\n\n%2$s %3$s: %1$s\n\n%2$s もしあなたがデバイスをroot化しているのであれば、 <a href=\"http://xposed.info/\">Xposed framework</a>と<a href=\"http://repo.xposed.info/module/de.blinkt.vpndialogxposed\">VPN Dialog confirm module</a> を自己責任においてインストールできます - フルライセンス + 完全なライセンス告知 ローカルインターフェイスに直接接続されているネットワークはVPNを経由しません。 このオプションを外すとローカルネットワーク宛のすべての通信をVPNにリダイレクトします。 - ローカルネットワークはVPNを経由しない + ローカルはVPNを経由しない ユーザー名/パスワードファイル [インポート元: %s] いくつかのファイルが見つかりませんでした。プロファイルをインポートするファイルを選択してください: diff --git a/app/src/main/res/values-ko/strings-icsopenvpn.xml b/app/src/main/res/values-ko/strings-icsopenvpn.xml index cd8bc176..b05e4f51 100755 --- a/app/src/main/res/values-ko/strings-icsopenvpn.xml +++ b/app/src/main/res/values-ko/strings-icsopenvpn.xml @@ -1,5 +1,9 @@ - + + diff --git a/app/src/main/res/values-nl/strings-icsopenvpn.xml b/app/src/main/res/values-nl/strings-icsopenvpn.xml index f553449b..2a000195 100755 --- a/app/src/main/res/values-nl/strings-icsopenvpn.xml +++ b/app/src/main/res/values-nl/strings-icsopenvpn.xml @@ -1,5 +1,9 @@ - + + diff --git a/app/src/main/res/values-no/strings-icsopenvpn.xml b/app/src/main/res/values-no/strings-icsopenvpn.xml index 7a7dd124..66391eb5 100755 --- a/app/src/main/res/values-no/strings-icsopenvpn.xml +++ b/app/src/main/res/values-no/strings-icsopenvpn.xml @@ -1,11 +1,16 @@ - + + Server adresse: Server port: Plassering + Kan ikke lese katalogen velg Avbryt Ingen Data @@ -15,32 +20,54 @@ Klientsertifikat nøkkel PKCS12 fil CA-sertifikat + Du må velge et sertifikat + Kildekode og problemsøkersporing er tilgjengelig på http://code.google.com/p/ics-openvpn/ + Dette programmet bruker følgende komponenter; se kildekoden for detaljer om lisensene Om + Profiler Type PKCS12 passord Velg… + Du må velge en fil Bruke TLS-godkjenning TLS-retning Angi IPv6-adresse/nettmaske i CIDR format (f.eks 2000:dd::23/64) Angi IPv6-adresse/nettmaske i CIDR format (f.eks 1.2.3.4/24) IPv4-adresse IPv6-adresse + Angi egendefinerte OpenVPN-alternativer. Bør brukes med forsiktighet. Vær også oppmerksom på at mange av de tun-relaterte OpenVPN-innstillingene ikke støttes i henhold til utformingen av VPNSettings. Hvis du tror at et viktig alternativ mangler kan du kontakte forfatteren Brukernavn Passord + For den statiske konfigurasjonen vil TLS Auth Keys-ene bli brukt som statiske nøkler Konfigurer VPN Legge til profil Angi et navn som identifiserer den nye profilen + Skriv inn et unikt profilnavn Profilnavn + Du må velge et brukersertifikat Ingen feil funnet Feil i konfigurasjonen + Feil ved analyse av IPv4-adressen + Feil ved analyse av egendefinerte ruter + (La stå tomt for å søke på forespørsel) OpenVPN snarvei Koble til VPN + Profilen som er angitt i snarveien ble ikke funnet Tilfeldig vert prefiks + Legger til 6 tilfeldige tegn foran vertsnavn Aktiver egendefinerte valg + Angi egendefinerte alternativer. Brukes med forsiktighet! + Route avvist av Android Koble fra + Koble fra VPN Tøm logg Avbryt bekreftelse + Koble fra tilkoblet VPN-forbindelse / avbryt oppkoblingsforsøket ? Fjern VPN + Kontrollerer om tjeneren bruker et sertifikat med TLS-servertillegg (--remote-cert-TLS-server) + Forvent TLS-serversertifikat + Kontrollerer eksternt tjenersertifikatemne DN + Sjekk av vertsnavn i sertifikat TLS-Auth-fil DNS Bruk din egen DNS-server diff --git a/app/src/main/res/values-pl/strings-icsopenvpn.xml b/app/src/main/res/values-pl/strings-icsopenvpn.xml index d628da6c..495eb00e 100755 --- a/app/src/main/res/values-pl/strings-icsopenvpn.xml +++ b/app/src/main/res/values-pl/strings-icsopenvpn.xml @@ -1,5 +1,9 @@ - + + diff --git a/app/src/main/res/values-pt/strings-icsopenvpn.xml b/app/src/main/res/values-pt/strings-icsopenvpn.xml index 30bf569e..d0058c68 100755 --- a/app/src/main/res/values-pt/strings-icsopenvpn.xml +++ b/app/src/main/res/values-pt/strings-icsopenvpn.xml @@ -1,139 +1,255 @@ + Endereço do Servidor: - Porta: + Porta do Servidor: Localização - Não foi possível ler o diretório + Não é possível ler o diretório Selecionar Cancelar Não há dados Compressão LZO - Sem Certificado - Certificado do Cliente - Chave do Certificado do Cliente - Arquivo PKCS12 - Certificado CA - Você deve selecionar um certificado - O código fonte e o rastreamento de incidentes estão disponíveis em http://code.google.com/p/ics-openvpn/ - Este programa utiliza os seguintes componentes; veja o código fonte para mais detalhes das licenças + Nenhum certificado + Certificado de cliente + Chave de certificado de cliente + Ficheiro PKCS12 + Certificado de CA + Deve selecionar um certificado + Código fonte e controlo de problemas disponível em http://code.google.com/p/ics-openvpn/ + Este programa utiliza os seguintes componentes; Para mais detalhes sobre as licenças consultar o código-fonte Sobre Perfis Tipo - Senha do PKCS12 + Password PKCS12 Selecionar… - Você deve selecionar um arquivo - Utilizar Autenticação TLS + É necessário selecionar um ficheiro + Usar autenticação TLS Direção TLS - Entre o Endereço IPv6/CIDR (ex: 2000:dd::23/64) - Entre o endereço IPv4/CIDR (ex: 1.2.3.4/24) + Digite o endereço de IPv6/máscara de rede no formato CIDR (por exemplo, 2000:dd::23 / 64) + Digite o endereço de IPv4/máscara de rede no formato CIDR (por exemplo, 1.2.3.4/24) Endereço IPv4 Endereço IPv6 - Insira as opções personalizadas para o OpenVPN. Utilize com cuidado. Observe também que muitas das opções relacionadas ao tun do OpenVPN não podem ser suportadas pelo design do VPNSettings. Contate o autor se você acha que uma opção importante está faltando. - Usuário - Senha - Para a configuração estática as chaves de autenticação de TLS serão utilizadas como chaves estáticas - Configurar VPN - Adicionar Perfil - Digite um nome que identifica o novo perfil - Por favor, digite um nome de perfil único + Insira opções personalizadas para a ligação OpenVPN. Este opções devem ser usadas com precaução. Note-se também que muitas das opções para OpenVPN relacionados com tun não não suportadas propositadamente. Se achar que uma opção importante está falta entre em contato com o autor + Utilizador + Password + Para a configuração estática as chaves de autenticação TLS serão usadas como chaves estáticas + Configurar a VPN + Adicionar perfil + Digite um nome que identifique o novo perfil + Por favor, digite um nome de perfil que não esteja já em uso Nome do perfil - Você deve selecionar um certificado de usuário + Tem de selecionar um certificado de utilizador Nenhum erro encontrado Erro na configuração Erro ao analisar o endereço IPv4 Erro ao analisar as rotas personalizadas - (deixe em branco para consulta sob demanda) + (deixe em branco para consulta a pedido) Atalho do OpenVPN - Conectar a VPN - O perfil especificado no atalho não foi encontrado + Ligar à VPN + Perfil especificado no atalho não encontrado Prefixo de Host aleatório - Adiciona 6 caracteres aleatórios na frente do hostname - Habilitar opções personalizadas - Opções personalizadas. Use com cuidado! + Adiciona 6 caracteres aleatórios ao nome do host + Ativar opções personalizadas + Especifique as opções personalizadas. Use com cuidado! Rota rejeitada pelo Android Desconectar Desconectar VPN - limpar log - Cancelar confirmação - Desconectar a VPN conectada/cancelar a tentativa de conexão? + Limpar registo + Cancelar Confirmação Remover VPN - Verifica se o servidor usa um certificado com as extensões de servidor TLS (- servidor remoto-cert-TLS) Esperar certificado do servidor TLS - Verifica o DN Subject do certificado do servidor remoto - Verificar o Hostname do Certificado - Especificar a conta usada para verificar o certificado remoto DN (por exemplo, C = DE, L = Paderborn, UO = aviária operadoras IP, CN=openvpn.blinkt.de)\n\Especificar o DN completo ou o RDN (openvpn.blinkt.de no exemplo) ou um prefixo RDN para verification.\n\nWhen usando o prefixo RDN \"Servidor\" corresponde a \"Server-1\" e \"Server-2\" \n\nDeixando vazio, o campo de texto irá verificar o RDN contra o servidor hostname.\n\nPara mais detalhes consulte a página principal do 2.3.1+ OpenVPN sob — verificar-X509-nome - Subject do certificado remoto - Permite a Autenticação de Chave TLS - Arquivo de Auth TLS - Solicitações de endereços de IP, rotas e opções de sincronização do servidor. - Nenhuma informação é solicitada do servidor. Configurações precisam ser especificadas abaixo. + Verificar nome de host do certificado + Assunto do certificado remoto + Ativa a autenticação de chave TLS + Ficheiro de autenticação TLS + Solicita endereços IP, rotas e tempo do servidor. Obter Configurações DNS - Substituir as configurações de DNS pelo servidor - Use seus próprios servidores de DNS + Substituir configurações de DNS pelo servidor + Use seus próprios servidores DNS Domínio de pesquisa - Servidor DNS a ser usado. + Servidor de DNS a utilizar. Servidor DNS Servidor DNS secundário utilizado caso o servidor primário esteja inacessível. Servidor DNS alternativo - Ignorar rotas empurradas - Ignorar rota empurrada pelo servidor. Redireccionar todo o tráfego pela VPN Usar rota padrão - Digite rotas personalizadas. Apenas indique destino em formato CIDR. \"10.0.0.0 / 8 2002 :: / 16\" iria dirigir as redes 10.0.0.0 / 8 e 2002 :: / 16 sobre a VPN. - As rotas que não devem ser encaminhados pelo VPN. Use a mesma sintaxe para rotas incluídas. Rotas personalizadas Redes excluídas - Nível de complexidade do log - Permite pacotes autenticados a partir de qualquer IP + Nível de verbosidade do log Permitir servidor flutuante Opções personalizadas - Editar configurações de VPN - Remover o perfil VPN \'%s\'? - Em algumas imagens ICS personalizado a permissão em / dev / tun pode estar errada, ou o módulo tun pode estar faltando completamente. Para imagens CM9 tente a opção correção propriedade sobre as configurações gerais - Falha ao abrir a interface de tun - "Erro:" - Claro - Abrindo a interface tun: - Local IPv4: %1$s/%2$d IPv6:%3$s MTU:%4$d - Servidor DNS: %1$s, domínio: %2$s + Editar definições VPN + Remova o perfil VPN \'%s\'? + Falha ao abrir a interface tun + "Erro: " + Limpar + A abrir a interface tun: + Local IPv4: %1$s/%2$d IPv6: %3$s MTU: %4$d + Servidor DNS: %1$s, Dominio: %2$s Rotas: %1$s %2$s Rotas excluídas: %1$s %2$s - Rotas VpnService instaladas: %1$s %2$s + Rotas VpnService instaladas: %1$s %2$s Existem múltiplas informações de interface, %1$s e %2$s, a aplicação assume que o segundo endereço é um endereço \'peer\' do endereço remoto. Será usada uma máscara de rede /32 para o IP local. O modo estabelecido pela OpenVPN é \"%3$s\". - Não consigo entender %1$s e %2$s como uma rota IP com máscara de rede CIDR, usando /32 como máscara de rede. + não é possível fazer sentido de %1$s e %2$s como rotas de IP, com máscara de rede CIDR, será usada uma máscara de rede /32. A rota %1$s/%2$s foi corrigida para %3$s/%2$s - Não é possível aceder aos certificados \'Keychain Android\'. Isso pode ter sido causado por uma atualização de firmware ou uma restauração das configurações da app/app. Será necessário editar o perfil VPN e selecionar novamente o certificado nas configurações básicas para recriar a permissão e possibilitar o acesso ao certificado. + Não é possível aceder aos certificados \'Keychain Android\'. Isto pode ser causado por uma atualização de firmware ou um restauro das configurações da app/app. Será necessário editar o perfil VPN e selecionar novamente o certificado nas configurações básicas para recriar a permissão e possibilitar o acesso ao certificado. %1$s %2$s - Enviar arquivo de log + Enviar o ficheiro de registo Enviar Ficheiro de registo do ICS OpenVPN Entrada de registo copiada para a área de transferência - Entrada de registo copiada para a área de transferência + Modo Tap A API VPN não permite o modo Tap em dispositivos sem acesso root. Desta forma não é possível oferecer suporte Tap nesta aplicação - Novamente? Você está brincando? Não, o modo tap não é suportado de maneira nenhuma e enviar mais emails a perguntar se eventualmente será, não irá ajudar. - Perguntas frequentes + Novamente? Estamos a brincar? Não, o modo tap não é suportado de maneira nenhuma e enviar mais emails a perguntar se eventualmente será, não ai ajudar a que seja. + Uma terceira vez? Na verdade, se poderia escrever um um emulador de torneira baseado no tun que adicionar layer2 informações sobre envio e tira informações layer2 em receber. Mas este emulador de torneira também teria que implementar ARP e, possivelmente, um cliente DHCP. Eu não conheço ninguém fazer nenhum trabalho nesse sentido. Contacte-me se você deseja iniciar a codificação sobre isso. Mas este emulador tap também teria que implementar ARP e, possivelmente, um cliente DHCP. Eu não conheço ninguém a fazer nenhum trabalho nesse sentido. Contacte-me se conhece alguém ou deseja a escrever código nesse sentido. + Perguntas Frequentes + Copia entradas de registo + Para copiar uma única entrada do registo selecione e mantenha seleciona a respetiva entrada. Para copiar/enviar o registo completo use a opção enviar registo. Use o botão de menu do equipamento caso não esteja visível no GUI. + Atalho para iniciar + A imagem não suporta a API VPNService, lamentamos :( Encriptação + Digite o método de encriptação + Autenticação/encriptação + Explorador de ficheiros + Ficheiro embutido + Erro ao importar ficheiro + Não foi possível importar o ficheiro + [[Dados do ficheiro embutido]] + Impossível abrir dispositivo tun sem informações de IP + Importar Perfil a partir de um ficheiro ovpn Importar + Não foi possível ler o perfil a importação + Erro ao ler o ficheiro de configuração + Adicionar perfil + Não foi possível encontrar o ficheiro %1$s mencionado no ficheiro de configuração importado + A importar ficheiro configuração a partir de %1$s + Terminou a leitura do ficheiro de configuração. + Não ligar a endereço e porta local + Não permitir ligações \'locais\' + Importar o ficheiro de configuração + Considerações de segurança + "Como OpenVPN é segurança sensíveis algumas notas sobre segurança são sensatas. Todos os dados no sdcard é inerentemente inseguro. Cada aplicativo pode lê-lo (por exemplo, este programa não requer direitos especiais cartão SD). Os dados desta aplicação só pode ser lido pelo próprio aplicativo. Ao usar a opção de importação para cacert / cert / chave no diálogo os dados do arquivo é armazenado no perfil de VPN. Os perfis de VPN são acessíveis apenas por esta aplicação. (Não se esqueça de apagar as cópias no sd cartão depois). Mesmo com acesso apenas por este aplicativo os dados ainda não é criptografado. torcendo por telefone ou outros exploits pode ser possível recuperar os dados. senhas salvas são armazenadas em texto simples assim. Para arquivos PKCS12 é altamente recomendável que você importá-los para o armazenamento de chaves android. " Importar IPv4 IPv6 + A esperar mensagem de estado... + perfil importado + Perfil importado %d + Imagens quebradas + Senha de chave privada Senha + ícone de ficheiro + Autenticação TLS + Config gerado Configurações + Corrija a propriedade de /dev/tun + A editar \"%s\" + A preparar a configuração... + Volte a ligar na mudança de rede + Estado da rede: %s + Selecione + Mostrar a janela de log + Aviso de ligação e som de notificação + IP e DNS + Básico + Encaminhamento Avançado + Início Rápido + A utilizar proxy %1$s %2$d + Usar a proxy do sistema + Volte a ligar na reinicialização Ignorar Reiniciar - Conectando + As alterações de configuração são aplicadas depois de reiniciar a VPN. Reiniciar a VPN agora? + Configuração alterada + Notificações duplicadas + Não há perfis de VPN definidos. + Use o < img src = \"ic_menu_add\" / > ícone para adicionar uma nova VPN + Use o < img src = \"ic_menu_archive\" / > ícone para importar um perfil existente (ovpn ou conf) do seu sdcard. + Configuração de roteamento/Interface + Tun Persistente + OpenVPN Log + Importar configuração OpenVPN + Consumo de bateria + VPN e Tethering + Tentativas de ligação + Configurações de religação + Segundos entre ligações + Enviar Minidump para desenvolvedor + OpenVPN - %s + %1$s - %2$s + %1$s - %3$s, %2$s + A ligar + A esperar pela resposta do servidor Autenticando - Conectado - Add - Pausa VPN + A obter a configuração do cliente + Atribuindo endereços IP + Adicionando rotas + Ligado + Desligado + A religar + A sair + Parado + A resolver nomes de host + A ligar (TCP) + Falha na autenticação + A aguardar rede utilizável + ↓%2$s/s %1$s - ↑%4$s/s %3$s + Não ligado + A ligar a VPN %s + A ligar a VPN %s + Cifra de encriptação + Autenticação de pacotes + Selecione o método de autenticação de pacotes + Feito por %s + compilação de debug + compilação oficial + Copiar para o perfil + Crashdump + Adicionar + Enviar ficheiro de configuração + DN completo + RDN (nome comum) + Prefixo RDN + TLS-remoto (obsoleto) + Pode ajudar a traduzir, visite http://crowdin.net/project/ics-openvpn/invite + %1$s tenta controlar %2$s + Confio nesta aplicação. + Nenhuma app pode usar a API externa + Aplicações permitidas:%s + Guardar senha + Pausar VPN Retomar VPN - Upload - Download - Vpn Status - Ver opções + VPN pausado por solicitação do utilizador + Não é possível mostrar as informações de certificado + Comportamento da aplicação + Comportamento VPN + Permitir alterações aos perfis de VPN + Como alternativa, pode enviar uma doação pela Play Store: + Obrigado por doar %s! + Log limpo. + Mostrar a senha + Erro de acesso às chaves: %s + Curto + ISO + Carimbos de hora + Nenhum + Fazer upload + Transferir + Estado da VPN + Opções de visualização + Unhandled exception: %1$s\n\n%2$s + %3$s: %1$s\n\n%2$s + Licenças completas + Ignorar VPN para redes locais + Ficheiro de utilizador/senha + [Importado de: %s] + Log de importação: diff --git a/app/src/main/res/values-ro/strings-icsopenvpn.xml b/app/src/main/res/values-ro/strings-icsopenvpn.xml index 8ae2770e..ef4e3a75 100755 --- a/app/src/main/res/values-ro/strings-icsopenvpn.xml +++ b/app/src/main/res/values-ro/strings-icsopenvpn.xml @@ -1,5 +1,9 @@ - + + diff --git a/app/src/main/res/values-ru/strings-icsopenvpn.xml b/app/src/main/res/values-ru/strings-icsopenvpn.xml index 400269ec..e2bc930c 100755 --- a/app/src/main/res/values-ru/strings-icsopenvpn.xml +++ b/app/src/main/res/values-ru/strings-icsopenvpn.xml @@ -1,5 +1,9 @@ + diff --git a/app/src/main/res/values-sv/strings-icsopenvpn.xml b/app/src/main/res/values-sv/strings-icsopenvpn.xml index 1e4f3635..9b974522 100755 --- a/app/src/main/res/values-sv/strings-icsopenvpn.xml +++ b/app/src/main/res/values-sv/strings-icsopenvpn.xml @@ -1,5 +1,9 @@ - + + diff --git a/app/src/main/res/values-tr/strings-icsopenvpn.xml b/app/src/main/res/values-tr/strings-icsopenvpn.xml index a40df5bf..90ad068d 100755 --- a/app/src/main/res/values-tr/strings-icsopenvpn.xml +++ b/app/src/main/res/values-tr/strings-icsopenvpn.xml @@ -1,5 +1,9 @@ - + + @@ -86,6 +90,7 @@ Varsayılan Yolu kullan Özel yolları girin. CIDR biçimde tek hedef girin. \"10.0.0.0 / 8 2002 :: / 16\" ağlar VPN üzerinden 10.0.0.0 / 8 ve 2002 :: / 16 doğrudan. Özel Yollar + Dışlanan Ağlar Ayrıntı düzeyi Log Herhangi bir IP kimlik doğrulaması paketlerini sağlar Herhangi bir IP kimlik doğrulaması paketlerini sağlar diff --git a/app/src/main/res/values-uk/strings-icsopenvpn.xml b/app/src/main/res/values-uk/strings-icsopenvpn.xml index 97a1e9a4..92637b74 100755 --- a/app/src/main/res/values-uk/strings-icsopenvpn.xml +++ b/app/src/main/res/values-uk/strings-icsopenvpn.xml @@ -1,5 +1,9 @@ - + + diff --git a/app/src/main/res/values-zh-rCN/strings-icsopenvpn.xml b/app/src/main/res/values-zh-rCN/strings-icsopenvpn.xml index e49a2240..93e0cbb1 100755 --- a/app/src/main/res/values-zh-rCN/strings-icsopenvpn.xml +++ b/app/src/main/res/values-zh-rCN/strings-icsopenvpn.xml @@ -1,5 +1,9 @@ - + + @@ -23,7 +27,7 @@ 配置文件 类型 PKCS12 密码 - 请选择... + 请选择… 您必须选择一个文件 使用 TLS 身份验证 TLS 方向 @@ -85,7 +89,6 @@ 使用默认路由 输入自定义路由。输入 CIDR 格式地址。 自定义路由 - just 日志详细级别 允许来自任何 IP 的认证数据包 允许浮服务器 @@ -100,7 +103,6 @@ 本地 IPv4: %1$s/%2$d IPv6: %3$s MTU: %4$d DNS 服务器: %1$s, 域名: %2$s 排除的路由: %1$s %2$s - China 已获得接口信息 %1$s 以及 %2$s,将第二个地址作为远程地址。使用 /32 作为本地掩码。OpenVPN 给出的模式是 \"%3$s\"。 无法将 %1$s 和 %2$s 作为 CIDR 形式的路由,将使用 /32 的子网掩码。 纠正路由 %1$s/%2$s 为 %3$s/%2$s @@ -292,7 +294,7 @@ 感谢捐赠 %s! 日志已清除。 显示密码 - 钥匙串访问错误: %s + 钥匙串访问错误: %s ISO 时间戳 diff --git a/app/src/main/res/values-zh-rTW/strings-icsopenvpn.xml b/app/src/main/res/values-zh-rTW/strings-icsopenvpn.xml index e467dd5b..bd155362 100755 --- a/app/src/main/res/values-zh-rTW/strings-icsopenvpn.xml +++ b/app/src/main/res/values-zh-rTW/strings-icsopenvpn.xml @@ -1,5 +1,10 @@ - + + + 伺服器地址: @@ -19,9 +24,10 @@ 取得原始碼與個案追蹤,可上 http://code.google.com/p/ics-openvpn/ 本程序使用了以下元件,其作者和授權資訊如下 關於 + 設定檔 類型 PKCS12 密碼 - 選擇… + 選擇… 你必須選擇一個檔案 使用傳輸層防火牆(TLS-Auth) TLS方向 @@ -43,19 +49,22 @@ 解析IPv4地址時發生錯誤 解析自訂路由時發生錯誤 OpenVPN捷徑 - 連接到VPN + 連線到VPN 在快捷方式找不到指定的設定檔 隨機主機名稱字首 在主機名稱前加入6個隨機字符 啟用自訂選項 自訂選項,使用時請小心! 路由被Android拒絕 - 斷線 + 中斷連線 + 中斷VPN連線 清除記錄檔 確認取消 + 中斷已連接的VPN/取消正在嘗試的連線? 移除VPN - 檢查對方出示的是否TLS伺服器憑證 - 預期對方出示TLS伺服器憑證 + 預計TLS服務器證書 + 檢查遠程服務器證書的主題DN + 證書的主機名檢查 啟用傳輸層防火牆(TLS-Auth) TLS驗證檔 向伺服器請求IP地址, 路由和時間資訊 @@ -117,7 +126,9 @@ 匯入 IPv4 IPv6 - 等待狀態訊息… + 等待狀態訊息… + 匯入設定檔 + 匯入設定檔%d PKCS12檔加密金鑰 私密金鑰密碼 密碼 @@ -128,45 +139,55 @@ 修正 /dev/tun 的擁有者 顯示本程序生成的設定檔 正在編輯\"%s\" - 正在生成設定檔… - 當網絡狀況變更時強制重新連接(例如從WiFi變成手機網絡,反之亦然) - 網絡異動時重新連接 + 正在生成設定檔… + 若切換此選項當網絡狀況變更時將強制重新連線(例如從WiFi變成手機網絡,反之亦然) + 網絡異動時重新連線 網絡狀態: %s 選擇 + 連接時顯示記錄檔視窗。記錄檔視窗可以隨時從通知欄中進入。 顯示記錄視窗 於 %1$s (%2$s) %3$s 上運行, Android API 版本: %4$d 連線警告和通知時發出音效 - 繁體中文 由 羊羊@自由網絡研究中心 <sora8964@gmail.com> 翻譯 + 繁體中文 IP和DNS 基本 路由 鮮為人知的OpenVPN設定,一般情況下不需要派上用場。 進階 ICS Openvpn 設定 - 沒有任何DNS伺服器可用,可能無法進行網域名稱解析。請考慮設置自訂的DNS伺服器 快速入門 在連線前嘗試載入Tun模組,需要Root。 載入Tun模組 取得代理伺服器資訊時發生錯誤: %s 使用代理伺服器 %1$s %2$d 使用系統代理 - 使用系統配置的 HTTP/HTTPS 代理伺服器進行連接。 + 使用系統配置的 HTTP/HTTPS 代理伺服器進行連線。 你可以透過 <a href=\"https://www.paypal.com/cgi-bin/webscr?hosted_button_id=R2M6ZP9AF25LS&amp;cmd=_s-xclick\">PayPal</a> 提供捐助 - 如果在重新開機或關機前正連接VPN,開機時自動重新連接。在使用這個選項之前請先閱讀連線警告FAQ。 - 開機時重新連接 + 如果在重新開機或關機前正連線VPN,開機時自動重新連線。在使用這個選項之前請先閱讀連線警告FAQ。 + 開機時重新連線 忽略 重置 配置變更只會在重新啟動VPN時才生效,現在要(重新)啟動VPN嗎? 設定已變更 + 無法判斷最後一次連線使用的設定檔,因此無法編輯設定檔。 重複的通知 路由/網絡介面 設定 OpenVPN 運作記錄 匯入 OpenVPN 配置 電池消耗 VPN與可攜式無線基地台 - 連線重試次數 - 嘗試重新連線之間的等待秒數 - 重新連接間隔時間 + 重新連線次數 + 重新連線設定 + 嘗試重新連線之間的等待秒數。 + 重新連線的間隔時間 OpenVPN非預期地崩潰,你或者會考慮在主選單下傳送Minidump給開發人員。 向開發人員傳送Minidump + 連線中 + 已連線 + 中斷連線 + 正在重新連線 + 連線中 (TCP) + 未連線 + 正在連接至 VPN %s + 正在連接至 VPN %s diff --git a/app/src/main/res/values/dimens.xml b/app/src/main/res/values/dimens.xml index 4f325078..9a53fe4c 100644 --- a/app/src/main/res/values/dimens.xml +++ b/app/src/main/res/values/dimens.xml @@ -1,4 +1,9 @@ + + 20dp 8dp diff --git a/app/src/main/res/values/strings-icsopenvpn.xml b/app/src/main/res/values/strings-icsopenvpn.xml index aadbff32..15bf8142 100755 --- a/app/src/main/res/values/strings-icsopenvpn.xml +++ b/app/src/main/res/values/strings-icsopenvpn.xml @@ -1,4 +1,7 @@ - + @@ -323,5 +326,7 @@ Announce to TCP sessions running over the tunnel that they should limit their send packet sizes such that after OpenVPN has encapsulated them, the resulting UDP packet size that OpenVPN sends to its peer will not exceed this number of bytes. (default is 1450) Override MSS value of TCP payload Set MSS of TCP payload + Client behaviour + Clear allowed external apps diff --git a/app/src/main/res/values/styles.xml b/app/src/main/res/values/styles.xml index 95e709b3..7b26a4a7 100644 --- a/app/src/main/res/values/styles.xml +++ b/app/src/main/res/values/styles.xml @@ -1,20 +1,8 @@ + ~ Copyright (c) 2012-2014 Arne Schwabe + ~ Distributed under the GNU GPL v2. For full terms see the file doc/LICENSE.txt + --> diff --git a/app/src/main/res/values/untranslatable.xml b/app/src/main/res/values/untranslatable.xml index b45d5ae7..619a550f 100644 --- a/app/src/main/res/values/untranslatable.xml +++ b/app/src/main/res/values/untranslatable.xml @@ -2429,6 +2429,26 @@ + + + + + + + + + + + + + + + + + + + + -- cgit v1.2.3