From b173dcaa17cac3b25ff4ef7771a44a79e0d1e713 Mon Sep 17 00:00:00 2001 From: Mykola Baibuz Date: Mon, 27 Jan 2025 22:39:18 +0200 Subject: [PATCH 1/7] Enable PFS for Windows IKEv2 --- client/protocols/ikev2_vpn_protocol_windows.cpp | 2 +- client/server_scripts/ipsec/configure_container.sh | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/client/protocols/ikev2_vpn_protocol_windows.cpp b/client/protocols/ikev2_vpn_protocol_windows.cpp index e2e4ca902..b4110f034 100644 --- a/client/protocols/ikev2_vpn_protocol_windows.cpp +++ b/client/protocols/ikev2_vpn_protocol_windows.cpp @@ -238,7 +238,7 @@ ErrorCode Ikev2Protocol::start() "-CipherTransformConstants GCMAES128 " "-EncryptionMethod AES256 " "-IntegrityCheckMethod SHA256 " - "-PfsGroup None " + "-PfsGroup PFS2048 " "-DHGroup Group14 " "-PassThru -Force\"") .arg(tunnelName()); diff --git a/client/server_scripts/ipsec/configure_container.sh b/client/server_scripts/ipsec/configure_container.sh index 76c4dfafc..1f0a45cb3 100644 --- a/client/server_scripts/ipsec/configure_container.sh +++ b/client/server_scripts/ipsec/configure_container.sh @@ -33,14 +33,14 @@ conn shared right=%any encapsulation=yes authby=secret - pfs=no + pfs=yes rekey=no keyingtries=5 dpddelay=30 dpdtimeout=120 dpdaction=clear ikev2=never - ike=aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1,aes256-sha2;modp1024,aes128-sha1;modp1024 + ike=aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1,aes256-sha2;modp2048,aes128-sha1;modp2048 phase2alg=aes_gcm-null,aes128-sha1,aes256-sha1,aes256-sha2_512,aes128-sha2,aes256-sha2 ikelifetime=24h salifetime=24h @@ -244,9 +244,9 @@ conn ikev2-cp auto=add ikev2=insist rekey=no - pfs=no - ike=aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1 - phase2alg=aes_gcm-null,aes128-sha1,aes256-sha1,aes128-sha2,aes256-sha2 + pfs=yes + ike=aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1,aes256-sha2;modp2048,aes128-sha1;modp2048 + phase2alg=aes_gcm-null,aes128-sha1,aes256-sha1,aes256-sha2_512,aes128-sha2,aes256-sha2 ikelifetime=24h salifetime=24h encapsulation=yes From 3b49d5ca59c611ad5a1be55ce84b071701c96011 Mon Sep 17 00:00:00 2001 From: Pokamest Nikak Date: Tue, 4 Feb 2025 15:53:40 +0000 Subject: [PATCH 2/7] Update VPN protocol descriptions --- client/containers/containers_defs.cpp | 94 +++++++++----------- client/ui/models/apiServicesModel.cpp | 13 ++- client/ui/qml/Pages2/PageSetupWizardEasy.qml | 5 +- 3 files changed, 50 insertions(+), 62 deletions(-) diff --git a/client/containers/containers_defs.cpp b/client/containers/containers_defs.cpp index ce673a85f..b6a235a4e 100644 --- a/client/containers/containers_defs.cpp +++ b/client/containers/containers_defs.cpp @@ -110,22 +110,20 @@ QMap ContainerProps::containerDescriptions() QObject::tr("OpenVPN is the most popular VPN protocol, with flexible configuration options. It uses its " "own security protocol with SSL/TLS for key exchange.") }, { DockerContainer::ShadowSocks, - QObject::tr("Shadowsocks - masks VPN traffic, making it similar to normal web traffic, but it " - "may be recognized by analysis systems in some highly censored regions.") }, + QObject::tr("Shadowsocks masks VPN traffic, making it resemble normal web traffic, but it may still be detected by certain analysis systems.") }, { DockerContainer::Cloak, QObject::tr("OpenVPN over Cloak - OpenVPN with VPN masquerading as web traffic and protection against " - "active-probing detection. Ideal for bypassing blocking in regions with the highest levels " - "of censorship.") }, + "active-probing detection. It is very resistant to detection and blockages, but offers low speed.") }, { DockerContainer::WireGuard, - QObject::tr("WireGuard - New popular VPN protocol with high performance, high speed and low power " - "consumption. Recommended for regions with low levels of censorship.") }, + QObject::tr("WireGuard - popular VPN protocol with high performance, high speed and low power " + "consumption.") }, { DockerContainer::Awg, - QObject::tr("AmneziaWG - Special protocol from Amnezia, based on WireGuard. It's fast like WireGuard, " - "but very resistant to blockages. " - "Recommended for regions with high levels of censorship.") }, + QObject::tr("AmneziaWG is a special protocol from Amnezia based on WireGuard. " + "It is as fast as WireGuard but highly resistant to blocking. " + "Recommended for most cases.") }, { DockerContainer::Xray, - QObject::tr("XRay with REALITY - Suitable for countries with the highest level of internet censorship. " - "Traffic masking as web traffic at the TLS level, and protection against detection by active probing methods.") }, + QObject::tr("XRay with REALITY masks VPN traffic as web traffic and protects against active probing. " + "It is highly resistant to DPI detection and offers high speed.") }, { DockerContainer::Ipsec, QObject::tr("IKEv2/IPsec - Modern stable protocol, a bit faster than others, restores connection after " "signal loss. It has native support on the latest versions of Android and iOS.") }, @@ -144,20 +142,20 @@ QMap ContainerProps::containerDetailedDescriptions() return { { DockerContainer::OpenVpn, QObject::tr( - "OpenVPN stands as one of the most popular and time-tested VPN protocols available.\n" - "It employs its unique security protocol, " - "leveraging the strength of SSL/TLS for encryption and key exchange. " - "Furthermore, OpenVPN's support for a multitude of authentication methods makes it versatile and adaptable, " - "catering to a wide range of devices and operating systems. " - "Due to its open-source nature, OpenVPN benefits from extensive scrutiny by the global community, " - "which continually reinforces its security. " - "With a strong balance of performance, security, and compatibility, " - "OpenVPN remains a top choice for privacy-conscious individuals and businesses alike.\n\n" - "* Available in the AmneziaVPN across all platforms\n" - "* Normal power consumption on mobile devices\n" - "* Flexible customisation to suit user needs to work with different operating systems and devices\n" - "* Recognised by DPI analysis systems and therefore susceptible to blocking\n" - "* Can operate over both TCP and UDP network protocols.") }, + "OpenVPN stands as one of the most popular and time-tested VPN protocols available.\n" + "It employs its unique security protocol, " + "leveraging the strength of SSL/TLS for encryption and key exchange. " + "Furthermore, OpenVPN's support for a multitude of authentication methods makes it versatile and adaptable, " + "catering to a wide range of devices and operating systems. " + "Due to its open-source nature, OpenVPN benefits from extensive scrutiny by the global community, " + "which continually reinforces its security. " + "With a strong balance of performance, security, and compatibility, " + "OpenVPN remains a top choice for privacy-conscious individuals and businesses alike.\n\n" + "* Available in the AmneziaVPN across all platforms\n" + "* Normal power consumption on mobile devices\n" + "* Flexible customisation to suit user needs to work with different operating systems and devices\n" + "* Recognised by DPI analysis systems and therefore susceptible to blocking\n" + "* Can operate over both TCP and UDP network protocols.") }, { DockerContainer::ShadowSocks, QObject::tr("Shadowsocks, inspired by the SOCKS5 protocol, safeguards the connection using the AEAD cipher. " "Although Shadowsocks is designed to be discreet and challenging to identify, it isn't identical to a standard HTTPS connection." @@ -169,7 +167,7 @@ QMap ContainerProps::containerDetailedDescriptions() "* Works over TCP network protocol.") }, { DockerContainer::Cloak, QObject::tr("This is a combination of the OpenVPN protocol and the Cloak plugin designed specifically for " - "protecting against blocking.\n\n" + "protecting against detection.\n\n" "OpenVPN provides a secure VPN connection by encrypting all internet traffic between the client " "and the server.\n\n" "Cloak protects OpenVPN from detection and blocking. \n\n" @@ -179,8 +177,6 @@ QMap ContainerProps::containerDetailedDescriptions() "Immediately after receiving the first data packet, Cloak authenticates the incoming connection. " "If authentication fails, the plugin masks the server as a fake website and your VPN becomes " "invisible to analysis systems.\n\n" - "If there is a extreme level of Internet censorship in your region, we advise you to use only " - "OpenVPN over Cloak from the first connection\n\n" "* Available in the AmneziaVPN across all platforms\n" "* High power consumption on mobile devices\n" "* Flexible settings\n" @@ -190,7 +186,7 @@ QMap ContainerProps::containerDetailedDescriptions() QObject::tr("A relatively new popular VPN protocol with a simplified architecture.\n" "WireGuard provides stable VPN connection and high performance on all devices. It uses hard-coded encryption " "settings. WireGuard compared to OpenVPN has lower latency and better data transfer throughput.\n" - "WireGuard is very susceptible to blocking due to its distinct packet signatures. " + "WireGuard is very susceptible to detection and blocking due to its distinct packet signatures. " "Unlike some other VPN protocols that employ obfuscation techniques, " "the consistent signature patterns of WireGuard packets can be more easily identified and " "thus blocked by advanced Deep Packet Inspection (DPI) systems and other network monitoring tools.\n\n" @@ -216,15 +212,15 @@ QMap ContainerProps::containerDetailedDescriptions() "* Not recognised by DPI analysis systems, resistant to blocking\n" "* Works over UDP network protocol.") }, { DockerContainer::Xray, - QObject::tr("The REALITY protocol, a pioneering development by the creators of XRay, " - "is specifically designed to counteract the highest levels of internet censorship through its novel approach to evasion.\n" - "It uniquely identifies censors during the TLS handshake phase, seamlessly operating as a proxy for legitimate clients while diverting censors to genuine websites like google.com, " - "thus presenting an authentic TLS certificate and data. \n" - "This advanced capability differentiates REALITY from similar technologies by its ability to disguise web traffic as coming from random, " - "legitimate sites without the need for specific configurations. \n" - "Unlike older protocols such as VMess, VLESS, and the XTLS-Vision transport, " - "REALITY's innovative \"friend or foe\" recognition at the TLS handshake enhances security and circumvents detection by sophisticated DPI systems employing active probing techniques. " - "This makes REALITY a robust solution for maintaining internet freedom in environments with stringent censorship.") + QObject::tr("The REALITY protocol, a pioneering development by the creators of XRay, " + "is designed to provide the highest level of protection against detection through its innovative approach to security and privacy.\n" + "It uniquely identifies attackers during the TLS handshake phase, seamlessly operating as a proxy for legitimate clients while diverting attackers to genuine websites, " + "thus presenting an authentic TLS certificate and data. \n" + "This advanced capability differentiates REALITY from similar technologies by its ability to disguise web traffic as coming from random, " + "legitimate sites without the need for specific configurations. \n" + "Unlike older protocols such as VMess, VLESS, and the XTLS-Vision transport, " + "REALITY's innovative \"friend or foe\" recognition at the TLS handshake enhances security and circumvents detection by sophisticated DPI systems employing active probing techniques. " + "This makes REALITY a robust solution for maintaining internet freedom.") }, { DockerContainer::Ipsec, QObject::tr("IKEv2, paired with the IPSec encryption layer, stands as a modern and stable VPN protocol.\n" @@ -332,9 +328,7 @@ QStringList ContainerProps::fixedPortsForContainer(DockerContainer c) bool ContainerProps::isEasySetupContainer(DockerContainer container) { switch (container) { - case DockerContainer::WireGuard: return true; case DockerContainer::Awg: return true; - // case DockerContainer::Cloak: return true; default: return false; } } @@ -342,9 +336,7 @@ bool ContainerProps::isEasySetupContainer(DockerContainer container) QString ContainerProps::easySetupHeader(DockerContainer container) { switch (container) { - case DockerContainer::WireGuard: return tr("Low"); - case DockerContainer::Awg: return tr("High"); - // case DockerContainer::Cloak: return tr("Extreme"); + case DockerContainer::Awg: return tr("Automatic"); default: return ""; } } @@ -352,10 +344,8 @@ QString ContainerProps::easySetupHeader(DockerContainer container) QString ContainerProps::easySetupDescription(DockerContainer container) { switch (container) { - case DockerContainer::WireGuard: return tr("I just want to increase the level of my privacy."); - case DockerContainer::Awg: return tr("I want to bypass censorship. This option recommended in most cases."); - // case DockerContainer::Cloak: - // return tr("Most VPN protocols are blocked. Recommended if other options are not working."); + case DockerContainer::Awg: return tr("AmneziaWG protocol will be installed. Special protocol from Amnezia, based on WireGuard. It's fast like WireGuard, " + "but very resistant to blockages."); default: return ""; } } @@ -363,9 +353,7 @@ QString ContainerProps::easySetupDescription(DockerContainer container) int ContainerProps::easySetupOrder(DockerContainer container) { switch (container) { - case DockerContainer::WireGuard: return 3; - case DockerContainer::Awg: return 2; - // case DockerContainer::Cloak: return 1; + case DockerContainer::Awg: return 1; default: return 0; } } @@ -384,9 +372,9 @@ bool ContainerProps::isShareable(DockerContainer container) QJsonObject ContainerProps::getProtocolConfigFromContainer(const Proto protocol, const QJsonObject &containerConfig) { QString protocolConfigString = containerConfig.value(ProtocolProps::protoToString(protocol)) - .toObject() - .value(config_key::last_config) - .toString(); + .toObject() + .value(config_key::last_config) + .toString(); return QJsonDocument::fromJson(protocolConfigString.toUtf8()).object(); } diff --git a/client/ui/models/apiServicesModel.cpp b/client/ui/models/apiServicesModel.cpp index 316086309..f1880e4de 100644 --- a/client/ui/models/apiServicesModel.cpp +++ b/client/ui/models/apiServicesModel.cpp @@ -65,11 +65,11 @@ QVariant ApiServicesModel::data(const QModelIndex &index, int role) const case CardDescriptionRole: { auto speed = apiServiceData.serviceInfo.speed; if (serviceType == serviceType::amneziaPremium) { - return tr("Classic VPN for comfortable work, downloading large files and watching videos. " - "Works for any sites. Speed up to %1 MBit/s") + return tr("Amnezia Premium is VPN for comfortable work, downloading large files and watching videos in 8K resolution. " + "Works for any sites with no restrictions. Speed up to %1 MBit/s. Unlimited traffic.") .arg(speed); } else if (serviceType == serviceType::amneziaFree) { - QString description = tr("VPN to access blocked sites in regions with high levels of Internet censorship. "); + QString description = tr("AmneziaFree provides free unlimited access to a basic set of web sites, such as Facebook, Instagram, Twitter (X), Discord, Telegram, and others. YouTube is not included in the free plan."); if (!isServiceAvailable) { description += tr("

Not available in your region. If you have VPN enabled, disable it, " "return to the previous screen, and try again."); @@ -79,11 +79,10 @@ QVariant ApiServicesModel::data(const QModelIndex &index, int role) const } case ServiceDescriptionRole: { if (serviceType == serviceType::amneziaPremium) { - return tr("Amnezia Premium - A classic VPN for comfortable work, downloading large files, and watching videos in high " - "resolution. " - "It works for all websites, even in countries with the highest level of internet censorship."); + return tr("Amnezia Premium is VPN for comfortable work, downloading large files and watching videos in 8K resolution. " + "Works for any sites with no restrictions."); } else { - return tr("Amnezia Free is a free VPN to bypass blocking in countries with high levels of internet censorship"); + return tr("AmneziaFree provides free unlimited access to a basic set of web sites, such as Facebook, Instagram, Twitter (X), Discord, Telegram, and others. YouTube is not included in the free plan."); } } case IsServiceAvailableRole: { diff --git a/client/ui/qml/Pages2/PageSetupWizardEasy.qml b/client/ui/qml/Pages2/PageSetupWizardEasy.qml index eb6000c23..353eeb32b 100644 --- a/client/ui/qml/Pages2/PageSetupWizardEasy.qml +++ b/client/ui/qml/Pages2/PageSetupWizardEasy.qml @@ -65,7 +65,7 @@ PageType { implicitWidth: parent.width headerTextMaximumLineCount: 10 - headerText: qsTr("What is the level of internet control in your region?") + headerText: qsTr("Choose Installation Type") } ButtonGroup { @@ -139,7 +139,8 @@ PageType { CardType { implicitWidth: parent.width - headerText: qsTr("Choose a VPN protocol") + headerText: qsTr("Manual") + bodyText: qsTr("Choose a VPN protocol") ButtonGroup.group: buttonGroup From f163f0fc1da93dd4b690a11ec273bf653c549450 Mon Sep 17 00:00:00 2001 From: Pokamest Nikak Date: Wed, 5 Feb 2025 23:11:21 +0000 Subject: [PATCH 3/7] Update VPN description texts --- client/containers/containers_defs.cpp | 21 ++++++++++----------- client/ui/models/languageModel.cpp | 2 +- 2 files changed, 11 insertions(+), 12 deletions(-) diff --git a/client/containers/containers_defs.cpp b/client/containers/containers_defs.cpp index b6a235a4e..52b148c0f 100644 --- a/client/containers/containers_defs.cpp +++ b/client/containers/containers_defs.cpp @@ -113,17 +113,16 @@ QMap ContainerProps::containerDescriptions() QObject::tr("Shadowsocks masks VPN traffic, making it resemble normal web traffic, but it may still be detected by certain analysis systems.") }, { DockerContainer::Cloak, QObject::tr("OpenVPN over Cloak - OpenVPN with VPN masquerading as web traffic and protection against " - "active-probing detection. It is very resistant to detection and blockages, but offers low speed.") }, + "active-probing detection. It is very resistant to detection, but offers low speed.") }, { DockerContainer::WireGuard, QObject::tr("WireGuard - popular VPN protocol with high performance, high speed and low power " "consumption.") }, { DockerContainer::Awg, QObject::tr("AmneziaWG is a special protocol from Amnezia based on WireGuard. " - "It is as fast as WireGuard but highly resistant to blocking. " - "Recommended for most cases.") }, + "It provides high connection speed and ensures stable operation even in the most challenging network conditions.") }, { DockerContainer::Xray, QObject::tr("XRay with REALITY masks VPN traffic as web traffic and protects against active probing. " - "It is highly resistant to DPI detection and offers high speed.") }, + "It is highly resistant to detection and offers high speed.") }, { DockerContainer::Ipsec, QObject::tr("IKEv2/IPsec - Modern stable protocol, a bit faster than others, restores connection after " "signal loss. It has native support on the latest versions of Android and iOS.") }, @@ -154,7 +153,7 @@ QMap ContainerProps::containerDetailedDescriptions() "* Available in the AmneziaVPN across all platforms\n" "* Normal power consumption on mobile devices\n" "* Flexible customisation to suit user needs to work with different operating systems and devices\n" - "* Recognised by DPI analysis systems and therefore susceptible to blocking\n" + "* Recognised by DPI systems and therefore susceptible to blocking\n" "* Can operate over both TCP and UDP network protocols.") }, { DockerContainer::ShadowSocks, QObject::tr("Shadowsocks, inspired by the SOCKS5 protocol, safeguards the connection using the AEAD cipher. " @@ -170,7 +169,7 @@ QMap ContainerProps::containerDetailedDescriptions() "protecting against detection.\n\n" "OpenVPN provides a secure VPN connection by encrypting all internet traffic between the client " "and the server.\n\n" - "Cloak protects OpenVPN from detection and blocking. \n\n" + "Cloak protects OpenVPN from detection. \n\n" "Cloak can modify packet metadata so that it completely masks VPN traffic as normal web traffic, " "and also protects the VPN from detection by Active Probing. This makes it very resistant to " "being detected\n\n" @@ -180,7 +179,7 @@ QMap ContainerProps::containerDetailedDescriptions() "* Available in the AmneziaVPN across all platforms\n" "* High power consumption on mobile devices\n" "* Flexible settings\n" - "* Not recognised by DPI analysis systems\n" + "* Not recognised by detection systems\n" "* Works over TCP network protocol, 443 port.\n") }, { DockerContainer::WireGuard, QObject::tr("A relatively new popular VPN protocol with a simplified architecture.\n" @@ -209,7 +208,7 @@ QMap ContainerProps::containerDetailedDescriptions() "* Available in the AmneziaVPN across all platforms\n" "* Low power consumption\n" "* Minimum number of settings\n" - "* Not recognised by DPI analysis systems, resistant to blocking\n" + "* Not recognised by traffic analysis systems\n" "* Works over UDP network protocol.") }, { DockerContainer::Xray, QObject::tr("The REALITY protocol, a pioneering development by the creators of XRay, " @@ -219,7 +218,7 @@ QMap ContainerProps::containerDetailedDescriptions() "This advanced capability differentiates REALITY from similar technologies by its ability to disguise web traffic as coming from random, " "legitimate sites without the need for specific configurations. \n" "Unlike older protocols such as VMess, VLESS, and the XTLS-Vision transport, " - "REALITY's innovative \"friend or foe\" recognition at the TLS handshake enhances security and circumvents detection by sophisticated DPI systems employing active probing techniques. " + "REALITY's innovative \"friend or foe\" recognition at the TLS handshake enhances security. " "This makes REALITY a robust solution for maintaining internet freedom.") }, { DockerContainer::Ipsec, @@ -344,8 +343,8 @@ QString ContainerProps::easySetupHeader(DockerContainer container) QString ContainerProps::easySetupDescription(DockerContainer container) { switch (container) { - case DockerContainer::Awg: return tr("AmneziaWG protocol will be installed. Special protocol from Amnezia, based on WireGuard. It's fast like WireGuard, " - "but very resistant to blockages."); + case DockerContainer::Awg: return tr("AmneziaWG protocol will be installed. " + "It provides high connection speed and ensures stable operation even in the most challenging network conditions."); default: return ""; } } diff --git a/client/ui/models/languageModel.cpp b/client/ui/models/languageModel.cpp index fe6f7a6c1..0041fdd09 100644 --- a/client/ui/models/languageModel.cpp +++ b/client/ui/models/languageModel.cpp @@ -108,7 +108,7 @@ QString LanguageModel::getCurrentSiteUrl() { auto language = static_cast(getCurrentLanguageIndex()); switch (language) { - case LanguageSettings::AvailableLanguageEnum::Russian: return "https://storage.googleapis.com/kldscp/amnezia.org"; + case LanguageSettings::AvailableLanguageEnum::Russian: return "https://storage.googleapis.com/amnezia/amnezia.org"; default: return "https://amnezia.org"; } } From e091020692aa646303c302b781fad548efda75f6 Mon Sep 17 00:00:00 2001 From: Yaroslav Yashin Date: Mon, 10 Feb 2025 19:14:14 +0100 Subject: [PATCH 4/7] refactor: update ios build configuration to use automatic code signing and prebuilt OpenVPNAdapter framework --- client/cmake/ios.cmake | 6 +----- client/ios/networkextension/CMakeLists.txt | 7 +------ client/platforms/ios/HevSocksTunnel.swift | 1 + 3 files changed, 3 insertions(+), 11 deletions(-) diff --git a/client/cmake/ios.cmake b/client/cmake/ios.cmake index 5fda35061..6507ed974 100644 --- a/client/cmake/ios.cmake +++ b/client/cmake/ios.cmake @@ -76,11 +76,7 @@ set_target_properties(${PROJECT} PROPERTIES XCODE_LINK_BUILD_PHASE_MODE KNOWN_LOCATION XCODE_ATTRIBUTE_LD_RUNPATH_SEARCH_PATHS "@executable_path/Frameworks" XCODE_EMBED_APP_EXTENSIONS networkextension - XCODE_ATTRIBUTE_CODE_SIGN_IDENTITY "Apple Distribution" - XCODE_ATTRIBUTE_CODE_SIGN_IDENTITY[variant=Debug] "Apple Development" - XCODE_ATTRIBUTE_CODE_SIGN_STYLE Manual - XCODE_ATTRIBUTE_PROVISIONING_PROFILE_SPECIFIER "match AppStore org.amnezia.AmneziaVPN" - XCODE_ATTRIBUTE_PROVISIONING_PROFILE_SPECIFIER[variant=Debug] "match Development org.amnezia.AmneziaVPN" + XCODE_ATTRIBUTE_CODE_SIGN_STYLE Automatic ) set_target_properties(${PROJECT} PROPERTIES XCODE_ATTRIBUTE_SWIFT_VERSION "5.0" diff --git a/client/ios/networkextension/CMakeLists.txt b/client/ios/networkextension/CMakeLists.txt index c448ed08d..dde03b3b1 100644 --- a/client/ios/networkextension/CMakeLists.txt +++ b/client/ios/networkextension/CMakeLists.txt @@ -27,12 +27,7 @@ set_target_properties(networkextension PROPERTIES XCODE_ATTRIBUTE_LD_RUNPATH_SEARCH_PATHS "@executable_path/../../Frameworks" - XCODE_ATTRIBUTE_CODE_SIGN_IDENTITY "Apple Distribution" - XCODE_ATTRIBUTE_CODE_SIGN_IDENTITY[variant=Debug] "Apple Development" - - XCODE_ATTRIBUTE_CODE_SIGN_STYLE Manual - XCODE_ATTRIBUTE_PROVISIONING_PROFILE_SPECIFIER "match AppStore org.amnezia.AmneziaVPN.network-extension" - XCODE_ATTRIBUTE_PROVISIONING_PROFILE_SPECIFIER[variant=Debug] "match Development org.amnezia.AmneziaVPN.network-extension" + XCODE_ATTRIBUTE_CODE_SIGN_STYLE Automatic ) set_target_properties(networkextension PROPERTIES diff --git a/client/platforms/ios/HevSocksTunnel.swift b/client/platforms/ios/HevSocksTunnel.swift index a86a07587..87d995e8d 100644 --- a/client/platforms/ios/HevSocksTunnel.swift +++ b/client/platforms/ios/HevSocksTunnel.swift @@ -1,4 +1,5 @@ import HevSocks5Tunnel +import NetworkExtension public enum Socks5Tunnel { From 48b43ee1028732784176355000c1ad6cdbd81ffd Mon Sep 17 00:00:00 2001 From: Yaroslav Yashin Date: Mon, 10 Feb 2025 18:17:19 +0100 Subject: [PATCH 5/7] feat: remove OpenVPNAdapter submodule --- .gitmodules | 3 --- client/3rd-prebuilt | 2 +- client/3rd/OpenVPNAdapter | 1 - client/cmake/ios.cmake | 6 +++--- 4 files changed, 4 insertions(+), 8 deletions(-) delete mode 160000 client/3rd/OpenVPNAdapter diff --git a/.gitmodules b/.gitmodules index 3ceaa56e2..decab9b71 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,6 +1,3 @@ -[submodule "client/3rd/OpenVPNAdapter"] - path = client/3rd/OpenVPNAdapter - url = https://github.com/amnezia-vpn/OpenVPNAdapter.git [submodule "client/3rd/qtkeychain"] path = client/3rd/qtkeychain url = https://github.com/frankosterfeld/qtkeychain.git diff --git a/client/3rd-prebuilt b/client/3rd-prebuilt index ba580dc5b..b714700ad 160000 --- a/client/3rd-prebuilt +++ b/client/3rd-prebuilt @@ -1 +1 @@ -Subproject commit ba580dc5bd7784f7b1e110ff0365f3286e549a61 +Subproject commit b714700addf0c6e773367b13f2211f63110171a1 diff --git a/client/3rd/OpenVPNAdapter b/client/3rd/OpenVPNAdapter deleted file mode 160000 index 7c821a8d5..000000000 --- a/client/3rd/OpenVPNAdapter +++ /dev/null @@ -1 +0,0 @@ -Subproject commit 7c821a8d5c1ad5ad94e0763b4f25a875b5a6fe1b diff --git a/client/cmake/ios.cmake b/client/cmake/ios.cmake index 6507ed974..581922371 100644 --- a/client/cmake/ios.cmake +++ b/client/cmake/ios.cmake @@ -122,9 +122,9 @@ add_subdirectory(ios/networkextension) add_dependencies(${PROJECT} networkextension) set_property(TARGET ${PROJECT} PROPERTY XCODE_EMBED_FRAMEWORKS - "${CMAKE_CURRENT_SOURCE_DIR}/3rd/OpenVPNAdapter/build/Release-iphoneos/OpenVPNAdapter.framework" + "${CMAKE_CURRENT_SOURCE_DIR}/3rd-prebuilt/3rd-prebuilt/openvpn/apple/OpenVPNAdapter-ios/OpenVPNAdapter.framework" ) -set(CMAKE_XCODE_ATTRIBUTE_FRAMEWORK_SEARCH_PATHS ${CMAKE_CURRENT_SOURCE_DIR}/3rd/OpenVPNAdapter/build/Release-iphoneos) -target_link_libraries("networkextension" PRIVATE "${CMAKE_CURRENT_SOURCE_DIR}/3rd/OpenVPNAdapter/build/Release-iphoneos/OpenVPNAdapter.framework") +set(CMAKE_XCODE_ATTRIBUTE_FRAMEWORK_SEARCH_PATHS ${CMAKE_CURRENT_SOURCE_DIR}/3rd-prebuilt/3rd-prebuilt/openvpn/apple/OpenVPNAdapter-ios/) +target_link_libraries("networkextension" PRIVATE "${CMAKE_CURRENT_SOURCE_DIR}/3rd-prebuilt/3rd-prebuilt/openvpn/apple/OpenVPNAdapter-ios/OpenVPNAdapter.framework") From fc6fc26148947a7888084d39803b694261b5e576 Mon Sep 17 00:00:00 2001 From: Yaroslav Yashin Date: Mon, 10 Feb 2025 18:19:42 +0100 Subject: [PATCH 6/7] feat: remove ios openvpn script and associated cmake configuration --- client/CMakeLists.txt | 5 ----- client/ios/scripts/openvpn.sh | 19 ------------------- 2 files changed, 24 deletions(-) delete mode 100755 client/ios/scripts/openvpn.sh diff --git a/client/CMakeLists.txt b/client/CMakeLists.txt index 3ef923854..5871cbca7 100644 --- a/client/CMakeLists.txt +++ b/client/CMakeLists.txt @@ -96,11 +96,6 @@ configure_file(${CMAKE_CURRENT_LIST_DIR}/translations/translations.qrc.in ${CMAK qt6_add_resources(QRC ${I18NQRC} ${CMAKE_CURRENT_BINARY_DIR}/translations.qrc) # -- i18n end -if(IOS) - execute_process(COMMAND bash ${CMAKE_CURRENT_LIST_DIR}/ios/scripts/openvpn.sh args - WORKING_DIRECTORY ${CMAKE_CURRENT_LIST_DIR}) -endif() - set(IS_CI ${CI}) if(IS_CI) message("Detected CI env") diff --git a/client/ios/scripts/openvpn.sh b/client/ios/scripts/openvpn.sh deleted file mode 100755 index 544b80781..000000000 --- a/client/ios/scripts/openvpn.sh +++ /dev/null @@ -1,19 +0,0 @@ -XCODEBUILD="/usr/bin/xcodebuild" -WORKINGDIR=`pwd` -PATCH="/usr/bin/patch" - - cat $WORKINGDIR/3rd/OpenVPNAdapter/Configuration/Project.xcconfig > $WORKINGDIR/3rd/OpenVPNAdapter/Configuration/amnezia.xcconfig - cat << EOF >> $WORKINGDIR/3rd/OpenVPNAdapter/Configuration/amnezia.xcconfig - PROJECT_TEMP_DIR = $WORKINGDIR/3rd/OpenVPNAdapter/build/OpenVPNAdapter.build - CONFIGURATION_BUILD_DIR = $WORKINGDIR/3rd/OpenVPNAdapter/build/Release-iphoneos - BUILT_PRODUCTS_DIR = $WORKINGDIR/3rd/OpenVPNAdapter/build/Release-iphoneos -EOF - - - cd 3rd/OpenVPNAdapter - if $XCODEBUILD -scheme OpenVPNAdapter -configuration Release -xcconfig Configuration/amnezia.xcconfig -sdk iphoneos -destination 'generic/platform=iOS' -project OpenVPNAdapter.xcodeproj ; then - echo "OpenVPNAdapter built successfully" - else - echo "OpenVPNAdapter build failed" - fi - cd ../../ From 101838404ee03c9120e66781eb34e813326866d6 Mon Sep 17 00:00:00 2001 From: "vladimir.kuznetsov" Date: Thu, 13 Feb 2025 22:47:13 +0700 Subject: [PATCH 7/7] bugfix: fixed possible crush on android --- CMakeLists.txt | 4 ++-- client/amnezia_application.cpp | 19 +++++++++++-------- client/core/controllers/apiController.cpp | 8 ++++---- 3 files changed, 17 insertions(+), 14 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 98397bbb1..22141c9dd 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -2,7 +2,7 @@ cmake_minimum_required(VERSION 3.25.0 FATAL_ERROR) set(PROJECT AmneziaVPN) -project(${PROJECT} VERSION 4.8.3.2 +project(${PROJECT} VERSION 4.8.3.3 DESCRIPTION "AmneziaVPN" HOMEPAGE_URL "https://amnezia.org/" ) @@ -11,7 +11,7 @@ string(TIMESTAMP CURRENT_DATE "%Y-%m-%d") set(RELEASE_DATE "${CURRENT_DATE}") set(APP_MAJOR_VERSION ${CMAKE_PROJECT_VERSION_MAJOR}.${CMAKE_PROJECT_VERSION_MINOR}.${CMAKE_PROJECT_VERSION_PATCH}) -set(APP_ANDROID_VERSION_CODE 2075) +set(APP_ANDROID_VERSION_CODE 2076) if(${CMAKE_SYSTEM_NAME} STREQUAL "Linux") set(MZ_PLATFORM_NAME "linux") diff --git a/client/amnezia_application.cpp b/client/amnezia_application.cpp index aeed439b6..8706be587 100644 --- a/client/amnezia_application.cpp +++ b/client/amnezia_application.cpp @@ -2,6 +2,8 @@ #include #include +#include +#include #include #include #include @@ -10,8 +12,6 @@ #include #include #include -#include -#include #include "logger.h" #include "ui/models/installedAppsModel.h" @@ -282,16 +282,17 @@ bool AmneziaApplication::parseCommands() } #if !defined(Q_OS_ANDROID) && !defined(Q_OS_IOS) -void AmneziaApplication::startLocalServer() { +void AmneziaApplication::startLocalServer() +{ const QString serverName("AmneziaVPNInstance"); QLocalServer::removeServer(serverName); - QLocalServer* server = new QLocalServer(this); + QLocalServer *server = new QLocalServer(this); server->listen(serverName); QObject::connect(server, &QLocalServer::newConnection, this, [server, this]() { if (server) { - QLocalSocket* clientConnection = server->nextPendingConnection(); + QLocalSocket *clientConnection = server->nextPendingConnection(); clientConnection->deleteLater(); } emit m_pageController->raiseMainWindow(); @@ -418,7 +419,9 @@ void AmneziaApplication::initControllers() &ConnectionController::onCurrentContainerUpdated); connect(m_installController.get(), &InstallController::updateServerFromApiFinished, this, [this]() { - disconnect(m_reloadConfigErrorOccurredConnection); + if (m_reloadConfigErrorOccurredConnection) { + disconnect(m_reloadConfigErrorOccurredConnection); + } emit m_connectionController->configFromApiUpdated(); }); @@ -426,7 +429,7 @@ void AmneziaApplication::initControllers() m_reloadConfigErrorOccurredConnection = connect( m_installController.get(), qOverload(&InstallController::installationErrorOccurred), this, [this]() { emit m_vpnConnection->connectionStateChanged(Vpn::ConnectionState::Disconnected); }, - static_cast(Qt::AutoConnection || Qt::SingleShotConnection)); + static_cast(Qt::AutoConnection | Qt::SingleShotConnection)); m_installController->updateServiceFromApi(m_serversModel->getDefaultServerIndex(), "", ""); }); @@ -434,7 +437,7 @@ void AmneziaApplication::initControllers() m_reloadConfigErrorOccurredConnection = connect( m_installController.get(), qOverload(&InstallController::installationErrorOccurred), this, [this]() { emit m_vpnConnection->connectionStateChanged(Vpn::ConnectionState::Disconnected); }, - static_cast(Qt::AutoConnection || Qt::SingleShotConnection)); + static_cast(Qt::AutoConnection | Qt::SingleShotConnection)); m_serversModel->removeApiConfig(m_serversModel->getDefaultServerIndex()); m_installController->updateServiceFromTelegram(m_serversModel->getDefaultServerIndex()); }); diff --git a/client/core/controllers/apiController.cpp b/client/core/controllers/apiController.cpp index 6562632a9..2b9f71d8d 100644 --- a/client/core/controllers/apiController.cpp +++ b/client/core/controllers/apiController.cpp @@ -308,6 +308,8 @@ void ApiController::updateServerConfigFromApi(const QString &installationUuid, c if (reply->error() == QNetworkReply::NetworkError::OperationCanceledError || reply->error() == QNetworkReply::NetworkError::TimeoutError) { emit errorOccurred(ErrorCode::ApiConfigTimeoutError); + } else if (reply->error() == QNetworkReply::NetworkError::SslHandshakeFailedError) { + emit errorOccurred(ErrorCode::ApiConfigSslError); } else { QString err = reply->errorString(); qDebug() << QString::fromUtf8(reply->readAll()); @@ -323,10 +325,8 @@ void ApiController::updateServerConfigFromApi(const QString &installationUuid, c QObject::connect(reply, &QNetworkReply::errorOccurred, [this, reply](QNetworkReply::NetworkError error) { qDebug() << reply->errorString() << error; }); - connect(reply, &QNetworkReply::sslErrors, [this, reply](const QList &errors) { - qDebug().noquote() << errors; - emit errorOccurred(ErrorCode::ApiConfigSslError); - }); + + connect(reply, &QNetworkReply::sslErrors, [this, reply](const QList &errors) { qDebug().noquote() << errors; }); } }