#include "vpnconnection.h" #include #include #include #include #include #include #include #include #include #include #include #include #include #include #ifdef AMNEZIA_DESKTOP #include "core/ipcclient.h" #include #endif #ifdef Q_OS_ANDROID #include "platforms/android/android_controller.h" #include #endif #if defined(Q_OS_IOS) || defined(MACOS_NE) #include "platforms/ios/ios_controller.h" #endif #include "core/networkUtilities.h" #include "vpnconnection.h" VpnConnection::VpnConnection(std::shared_ptr settings, QObject *parent) : QObject(parent), m_settings(settings), m_checkTimer(new QTimer(this)) { #if defined(Q_OS_IOS) || defined(MACOS_NE) m_checkTimer.setInterval(1000); connect(IosController::Instance(), &IosController::connectionStateChanged, this, &VpnConnection::setConnectionState); connect(IosController::Instance(), &IosController::bytesChanged, this, &VpnConnection::onBytesChanged); #endif } VpnConnection::~VpnConnection() { } void VpnConnection::onBytesChanged(quint64 receivedBytes, quint64 sentBytes) { emit bytesChanged(receivedBytes, sentBytes); } void VpnConnection::onKillSwitchModeChanged(bool enabled) { #ifdef AMNEZIA_DESKTOP IpcClient::withInterface([enabled](QSharedPointer iface){ QRemoteObjectPendingReply reply = iface->refreshKillSwitch(enabled); if (reply.waitForFinished() && reply.returnValue()) qDebug() << "VpnConnection::onKillSwitchModeChanged: Killswitch refreshed"; else qWarning() << "VpnConnection::onKillSwitchModeChanged: Failed to execute remote refreshKillSwitch call"; }); #endif } void VpnConnection::onConnectionStateChanged(Vpn::ConnectionState state) { #ifdef AMNEZIA_DESKTOP auto container = m_settings->defaultContainer(m_settings->defaultServerIndex()); IpcClient::withInterface([&](QSharedPointer iface) { switch (state) { case Vpn::ConnectionState::Connected: { iface->resetIpStack(); auto flushDns = iface->flushDns(); if (flushDns.waitForFinished() && flushDns.returnValue()) qDebug() << "VpnConnection::onConnectionStateChanged: Successfully flushed DNS"; else qWarning() << "VpnConnection::onConnectionStateChanged: Failed to clear saved routes"; if (!ContainerProps::isAwgContainer(container) && container != DockerContainer::WireGuard) { QString dns1 = m_vpnConfiguration.value(config_key::dns1).toString(); QString dns2 = m_vpnConfiguration.value(config_key::dns2).toString(); // TODO: add error code handling for all routeAddList (or rework the code below) iface->routeAddList(m_vpnProtocol->vpnGateway(), QStringList() << dns1 << dns2); if (m_settings->isSitesSplitTunnelingEnabled()) { iface->routeDeleteList(m_vpnProtocol->vpnGateway(), QStringList() << "0.0.0.0"); // qDebug() << "VpnConnection::onConnectionStateChanged :: adding custom routes, count:" << forwardIps.size(); if (m_settings->routeMode() == Settings::VpnOnlyForwardSites) { QTimer::singleShot(1000, m_vpnProtocol.data(), [this]() { addSitesRoutes(m_vpnProtocol->vpnGateway(), m_settings->routeMode()); }); } else if (m_settings->routeMode() == Settings::VpnAllExceptSites) { iface->routeAddList(m_vpnProtocol->vpnGateway(), QStringList() << "0.0.0.0/1"); iface->routeAddList(m_vpnProtocol->vpnGateway(), QStringList() << "128.0.0.0/1"); iface->routeAddList(m_vpnProtocol->routeGateway(), QStringList() << remoteAddress()); addSitesRoutes(m_vpnProtocol->routeGateway(), m_settings->routeMode()); } } } } break; case Vpn::ConnectionState::Disconnected: case Vpn::ConnectionState::Error: { auto flushDns = iface->flushDns(); if (flushDns.waitForFinished() && flushDns.returnValue()) qDebug() << "VpnConnection::onConnectionStateChanged: Successfully flushed DNS"; else qWarning() << "VpnConnection::onConnectionStateChanged: Failed to flush DNS"; auto clearSavedRoutes = iface->clearSavedRoutes(); if (clearSavedRoutes.waitForFinished() && clearSavedRoutes.returnValue()) qDebug() << "VpnConnection::onConnectionStateChanged: Successfully cleared saved routes"; else qWarning() << "VpnConnection::onConnectionStateChanged: Failed to clear saved routes"; } break; default: break; } }); #endif #if defined(Q_OS_IOS) || defined(MACOS_NE) if (state == Vpn::ConnectionState::Connected || state == Vpn::ConnectionState::Connecting || state == Vpn::ConnectionState::Reconnecting) { m_checkTimer.start(); } else { m_checkTimer.stop(); } #endif } const QString &VpnConnection::remoteAddress() const { return m_remoteAddress; } void VpnConnection::addSitesRoutes(const QString &gw, Settings::RouteMode mode) { #ifdef AMNEZIA_DESKTOP QStringList ips; QStringList sites; const QVariantMap &m = m_settings->vpnSites(mode); for (auto i = m.constBegin(); i != m.constEnd(); ++i) { if (NetworkUtilities::checkIpSubnetFormat(i.key())) { ips.append(i.key()); } else { if (NetworkUtilities::checkIpSubnetFormat(i.value().toString())) { ips.append(i.value().toString()); } sites.append(i.key()); } } ips.removeDuplicates(); IpcClient::withInterface([&](QSharedPointer iface) { iface->routeAddList(gw, ips); }); // re-resolve domains for (const QString &site : sites) { const auto &cbResolv = [this, site, gw, mode, ips](const QHostInfo &hostInfo) { const QList &addresses = hostInfo.addresses(); QString ipv4Addr; for (const QHostAddress &addr : hostInfo.addresses()) { if (addr.protocol() == QAbstractSocket::NetworkLayerProtocol::IPv4Protocol) { const QString &ip = addr.toString(); // qDebug() << "VpnConnection::addSitesRoutes updating site" << site << ip; if (!ips.contains(ip)) { IpcClient::withInterface([&gw, &ip](QSharedPointer iface) { iface->routeAddList(gw, QStringList() << ip); }); m_settings->addVpnSite(mode, site, ip); } IpcClient::withInterface([](QSharedPointer iface) { auto reply = iface->flushDns(); if (reply.waitForFinished() || !reply.returnValue()) qWarning() << "VpnConnection::addSitesRoutes: Failed to flush DNS"; }); break; } } }; QHostInfo::lookupHost(site, this, cbResolv); } #endif } QSharedPointer VpnConnection::vpnProtocol() const { return m_vpnProtocol; } void VpnConnection::disconnectSlots() { if (m_vpnProtocol) { m_vpnProtocol->disconnect(); } } ErrorCode VpnConnection::lastError() const { #ifdef Q_OS_ANDROID return ErrorCode::AndroidError; #endif if (m_vpnProtocol.isNull()) { return ErrorCode::InternalError; } return m_vpnProtocol.data()->lastError(); } void VpnConnection::connectToVpn(int serverIndex, const ServerCredentials &credentials, DockerContainer container, const QJsonObject &vpnConfiguration) { qDebug() << QString("Trying to connect to VPN, server index is %1, container is %2, route mode is") .arg(serverIndex) .arg(ContainerProps::containerToString(container)) << m_settings->routeMode(); m_remoteAddress = NetworkUtilities::getIPAddress(credentials.hostName); setConnectionState(Vpn::ConnectionState::Connecting); m_vpnConfiguration = vpnConfiguration; #ifdef AMNEZIA_DESKTOP if (m_vpnProtocol) { disconnect(m_vpnProtocol.data(), &VpnProtocol::protocolError, this, &VpnConnection::vpnProtocolError); m_vpnProtocol->stop(); m_vpnProtocol.reset(); } appendKillSwitchConfig(); #endif appendSplitTunnelingConfig(); #if !defined(Q_OS_ANDROID) && !defined(Q_OS_IOS) && !defined(MACOS_NE) m_vpnProtocol.reset(VpnProtocol::factory(container, m_vpnConfiguration)); if (!m_vpnProtocol) { setConnectionState(Vpn::ConnectionState::Error); return; } m_vpnProtocol->prepare(); #elif defined Q_OS_ANDROID androidVpnProtocol = createDefaultAndroidVpnProtocol(); createAndroidConnections(); m_vpnProtocol.reset(androidVpnProtocol); #elif defined Q_OS_IOS || defined(MACOS_NE) Proto proto = ContainerProps::defaultProtocol(container); IosController::Instance()->connectVpn(proto, m_vpnConfiguration); connect(&m_checkTimer, &QTimer::timeout, IosController::Instance(), &IosController::checkStatus); return; #endif createProtocolConnections(); if (ErrorCode err = m_vpnProtocol->start(); err != ErrorCode::NoError) { setConnectionState(Vpn::ConnectionState::Error); emit vpnProtocolError(err); } } void VpnConnection::createProtocolConnections() { connect(m_vpnProtocol.data(), &VpnProtocol::protocolError, this, &VpnConnection::vpnProtocolError); connect(m_vpnProtocol.data(), &VpnProtocol::connectionStateChanged, this, &VpnConnection::setConnectionState); connect(m_vpnProtocol.data(), SIGNAL(bytesChanged(quint64, quint64)), this, SLOT(onBytesChanged(quint64, quint64))); #ifdef AMNEZIA_DESKTOP IpcClient::withInterface([this](QSharedPointer rep) { connect(rep.data(), &IpcInterfaceReplica::networkChanged, this, &VpnConnection::reconnectToVpn, Qt::QueuedConnection); connect(rep.data(), &IpcInterfaceReplica::wakeup, this, &VpnConnection::reconnectToVpn, Qt::QueuedConnection); }); #endif } void VpnConnection::appendKillSwitchConfig() { m_vpnConfiguration.insert(config_key::killSwitchOption, QVariant(m_settings->isKillSwitchEnabled()).toString()); m_vpnConfiguration.insert(config_key::allowedDnsServers, QVariant(m_settings->allowedDnsServers()).toJsonValue()); } void VpnConnection::appendSplitTunnelingConfig() { bool allowSiteBasedSplitTunneling = true; // this block is for old native configs and for old self-hosted configs auto protocolName = m_vpnConfiguration.value(config_key::vpnproto).toString(); if (protocolName == ProtocolProps::protoToString(Proto::Awg) || protocolName == ProtocolProps::protoToString(Proto::WireGuard)) { allowSiteBasedSplitTunneling = false; auto configData = m_vpnConfiguration.value(protocolName + "_config_data").toObject(); if (configData.value(config_key::allowed_ips).isString()) { QJsonArray allowedIpsJsonArray = QJsonArray::fromStringList(configData.value(config_key::allowed_ips).toString().split(", ")); configData.insert(config_key::allowed_ips, allowedIpsJsonArray); m_vpnConfiguration.insert(protocolName + "_config_data", configData); } else if (configData.value(config_key::allowed_ips).isUndefined()) { auto nativeConfig = configData.value(config_key::config).toString(); auto nativeConfigLines = nativeConfig.split("\n"); for (auto &line : nativeConfigLines) { if (line.contains("AllowedIPs")) { auto allowedIpsString = line.split(" = "); if (allowedIpsString.size() < 1) { break; } QJsonArray allowedIpsJsonArray = QJsonArray::fromStringList(allowedIpsString.at(1).split(", ")); configData.insert(config_key::allowed_ips, allowedIpsJsonArray); m_vpnConfiguration.insert(protocolName + "_config_data", configData); break; } } } if (configData.value(config_key::persistent_keep_alive).isUndefined()) { auto nativeConfig = configData.value(config_key::config).toString(); auto nativeConfigLines = nativeConfig.split("\n"); for (auto &line : nativeConfigLines) { if (line.contains("PersistentKeepalive")) { auto persistentKeepaliveString = line.split(" = "); if (persistentKeepaliveString.size() < 1) { break; } configData.insert(config_key::persistent_keep_alive, persistentKeepaliveString.at(1)); m_vpnConfiguration.insert(protocolName + "_config_data", configData); break; } } } QJsonArray allowedIpsJsonArray = configData.value(config_key::allowed_ips).toArray(); if (allowedIpsJsonArray.contains("0.0.0.0/0") && allowedIpsJsonArray.contains("::/0")) { allowSiteBasedSplitTunneling = true; } } Settings::RouteMode routeMode = Settings::RouteMode::VpnAllSites; QJsonArray sitesJsonArray; if (m_settings->isSitesSplitTunnelingEnabled()) { routeMode = m_settings->routeMode(); if (allowSiteBasedSplitTunneling) { auto sites = m_settings->getVpnIps(routeMode); for (const auto &site : sites) { sitesJsonArray.append(site); } if (sitesJsonArray.isEmpty()) { routeMode = Settings::RouteMode::VpnAllSites; } else if (routeMode == Settings::VpnOnlyForwardSites) { // Allow traffic to Amnezia DNS sitesJsonArray.append(m_vpnConfiguration.value(config_key::dns1).toString()); sitesJsonArray.append(m_vpnConfiguration.value(config_key::dns2).toString()); } } } m_vpnConfiguration.insert(config_key::splitTunnelType, routeMode); m_vpnConfiguration.insert(config_key::splitTunnelSites, sitesJsonArray); Settings::AppsRouteMode appsRouteMode = Settings::AppsRouteMode::VpnAllApps; QJsonArray appsJsonArray; if (m_settings->isAppsSplitTunnelingEnabled()) { appsRouteMode = m_settings->getAppsRouteMode(); auto apps = m_settings->getVpnApps(appsRouteMode); for (const auto &app : apps) { appsJsonArray.append(app.appPath.isEmpty() ? app.packageName : app.appPath); } if (appsJsonArray.isEmpty()) { appsRouteMode = Settings::AppsRouteMode::VpnAllApps; } } m_vpnConfiguration.insert(config_key::appSplitTunnelType, appsRouteMode); m_vpnConfiguration.insert(config_key::splitTunnelApps, appsJsonArray); qDebug() << QString("Site split tunneling is %1, route mode is %2") .arg(m_settings->isSitesSplitTunnelingEnabled() ? "enabled" : "disabled") .arg(routeMode); qDebug() << QString("App split tunneling is %1, route mode is %2") .arg(m_settings->isAppsSplitTunnelingEnabled() ? "enabled" : "disabled") .arg(appsRouteMode); } #ifdef Q_OS_ANDROID void VpnConnection::restoreConnection() { createAndroidConnections(); m_vpnProtocol.reset(androidVpnProtocol); createProtocolConnections(); } void VpnConnection::createAndroidConnections() { androidVpnProtocol = createDefaultAndroidVpnProtocol(); connect(AndroidController::instance(), &AndroidController::connectionStateChanged, androidVpnProtocol, &AndroidVpnProtocol::setConnectionState); connect(AndroidController::instance(), &AndroidController::statisticsUpdated, androidVpnProtocol, &AndroidVpnProtocol::setBytesChanged); } AndroidVpnProtocol *VpnConnection::createDefaultAndroidVpnProtocol() { return new AndroidVpnProtocol(m_vpnConfiguration); } #endif QString VpnConnection::bytesPerSecToText(quint64 bytes) { double mbps = bytes * 8 / 1e6; return QString("%1 %2").arg(QString::number(mbps, 'f', 2)).arg(tr("Mbps")); // Mbit/s } void VpnConnection::reconnectToVpn() { if (m_vpnProtocol.isNull()) return; if (m_connectionState != Vpn::ConnectionState::Connected) { qWarning() << QString("Reconnect triggered on %1 during inappropriate state: %2; ignoring slot") .arg(QMetaEnum::fromType().valueToKey(m_connectionState)); return; } qDebug() << "Reconnect triggered. Reconnecting to the server"; setConnectionState(Vpn::ConnectionState::Reconnecting); m_vpnProtocol->stop(); if (ErrorCode err = m_vpnProtocol->start(); err != ErrorCode::NoError) { setConnectionState(Vpn::ConnectionState::Error); emit vpnProtocolError(err); } } void VpnConnection::disconnectFromVpn() { #if defined(Q_OS_IOS) || defined(MACOS_NE) // iOS/macOS NE use IosController directly; m_vpnProtocol is not set there. IosController::Instance()->disconnectVpn(); disconnect(&m_checkTimer, &QTimer::timeout, IosController::Instance(), &IosController::checkStatus); #endif if (m_vpnProtocol.isNull()) { setConnectionState(Vpn::ConnectionState::Disconnected); return; } setConnectionState(Vpn::ConnectionState::Disconnecting); #ifdef Q_OS_ANDROID auto *const connection = new QMetaObject::Connection; *connection = connect(AndroidController::instance(), &AndroidController::vpnStateChanged, this, [this, connection](AndroidController::ConnectionState state) { if (state == AndroidController::ConnectionState::DISCONNECTED) { setConnectionState(Vpn::ConnectionState::Disconnected); disconnect(*connection); delete connection; } }); #endif m_vpnProtocol->stop(); #if !defined(Q_OS_ANDROID) && !defined(AMNEZIA_DESKTOP) m_vpnProtocol->deleteLater(); #endif m_vpnProtocol = nullptr; } void VpnConnection::setConnectionState(Vpn::ConnectionState state) { onConnectionStateChanged(state); if (state == Vpn::Disconnected && m_connectionState == Vpn::Reconnecting) return; m_connectionState = state; emit connectionStateChanged(state); }