2012-08-24 23:13:42 +02:00
|
|
|
//
|
|
|
|
// ovpncli.cpp
|
|
|
|
// OpenVPN
|
|
|
|
//
|
|
|
|
// Copyright (c) 2012 OpenVPN Technologies, Inc. All rights reserved.
|
|
|
|
//
|
|
|
|
|
2013-01-30 21:17:30 +01:00
|
|
|
// Implementation file for OpenVPNClient API defined in ovpncli.hpp.
|
2012-02-11 15:02:51 +01:00
|
|
|
|
|
|
|
#include <iostream>
|
|
|
|
|
2012-07-01 17:37:46 +02:00
|
|
|
// Set up export of our public interface unless
|
2012-08-01 14:28:13 +02:00
|
|
|
// OPENVPN_CORE_API_VISIBILITY_HIDDEN is defined
|
2012-03-25 01:26:50 +01:00
|
|
|
#if defined(__GNUC__)
|
|
|
|
#define OPENVPN_CLIENT_EXPORT
|
2012-08-01 14:28:13 +02:00
|
|
|
#ifndef OPENVPN_CORE_API_VISIBILITY_HIDDEN
|
2012-03-25 01:26:50 +01:00
|
|
|
#pragma GCC visibility push(default)
|
2012-07-01 17:37:46 +02:00
|
|
|
#endif
|
2012-03-25 01:26:50 +01:00
|
|
|
#include "ovpncli.hpp" // public interface
|
2012-08-01 14:28:13 +02:00
|
|
|
#ifndef OPENVPN_CORE_API_VISIBILITY_HIDDEN
|
2012-03-25 01:26:50 +01:00
|
|
|
#pragma GCC visibility pop
|
2012-07-01 17:37:46 +02:00
|
|
|
#endif
|
2012-03-25 01:26:50 +01:00
|
|
|
#else
|
|
|
|
#error no public interface export defined for this compiler
|
|
|
|
#endif
|
2012-02-11 15:02:51 +01:00
|
|
|
|
2013-06-07 23:55:54 +02:00
|
|
|
// debug settings (production setting in parentheses)
|
2012-02-11 15:02:51 +01:00
|
|
|
|
2013-05-24 22:04:37 +02:00
|
|
|
#define OPENVPN_INSTRUMENTATION // include debug instrumentation for classes (define)
|
2013-06-08 18:10:35 +02:00
|
|
|
//#define OPENVPN_DUMP_CONFIG // dump parsed configuration (comment out)
|
2013-05-22 07:13:11 +02:00
|
|
|
//#define OPENVPN_DEBUG_CLIPROTO // shows packets in/out (comment out)
|
|
|
|
#define OPENVPN_DEBUG_PROTO 1 // increases low-level protocol verbosity (1)
|
|
|
|
//#define OPENVPN_DEBUG_VERBOSE_ERRORS // verbosely log Error::Type errors (comment out)
|
2013-06-14 02:34:49 +02:00
|
|
|
#define OPENVPN_SSL_DEBUG 0 // show verbose SSL debug info (0)
|
|
|
|
#define OPENVPN_DEBUG_TUN 2 // debug level for tun object (2)
|
|
|
|
#define OPENVPN_DEBUG_UDPLINK 2 // debug level for UDP link object (2)
|
|
|
|
#define OPENVPN_DEBUG_TCPLINK 2 // debug level for TCP link object (2)
|
|
|
|
#define OPENVPN_DEBUG_COMPRESS 1 // debug level for compression objects (1)
|
|
|
|
#define OPENVPN_DEBUG_REMOTELIST 0 // debug level for RemoteList object (0)
|
|
|
|
#define OPENVPN_DEBUG_TUN_BUILDER 0 // debug level for tun/builder/client.hpp (0)
|
2013-07-30 23:03:31 +02:00
|
|
|
//#define OPENVPN_SHOW_SESSION_TOKEN // show server-pushed auth-token (comment out)
|
2013-05-22 07:13:11 +02:00
|
|
|
|
|
|
|
// enable assertion checks (can safely be disabled in production)
|
2012-03-12 13:42:02 +01:00
|
|
|
//#define OPENVPN_ENABLE_ASSERT
|
2013-05-22 07:13:11 +02:00
|
|
|
|
|
|
|
// force null tun device (useful for testing)
|
2012-02-11 15:02:51 +01:00
|
|
|
//#define OPENVPN_FORCE_TUN_NULL
|
2013-05-22 07:13:11 +02:00
|
|
|
|
|
|
|
// log cleartext tunnel packets to file for debugging/analysis
|
2012-02-11 15:02:51 +01:00
|
|
|
//#define OPENVPN_PACKET_LOG "pkt.log"
|
|
|
|
|
|
|
|
// log thread settings
|
2012-03-01 09:11:00 +01:00
|
|
|
#define OPENVPN_LOG_CLASS openvpn::ClientAPI::OpenVPNClient
|
2012-02-11 15:02:51 +01:00
|
|
|
#define OPENVPN_LOG_INFO openvpn::ClientAPI::LogInfo
|
|
|
|
|
2012-03-11 13:09:25 +01:00
|
|
|
// log SSL handshake messages
|
|
|
|
#define OPENVPN_LOG_SSL(x) OPENVPN_LOG(x)
|
|
|
|
|
2012-07-01 17:37:46 +02:00
|
|
|
// on Android and iOS, use TunBuilderBase abstraction
|
2012-02-20 04:27:20 +01:00
|
|
|
#include <openvpn/common/platform.hpp>
|
2012-07-01 17:37:46 +02:00
|
|
|
#if (defined(OPENVPN_PLATFORM_ANDROID) || defined(OPENVPN_PLATFORM_IPHONE)) && !defined(OPENVPN_FORCE_TUN_NULL)
|
2012-02-19 20:06:44 +01:00
|
|
|
#define USE_TUN_BUILDER
|
|
|
|
#endif
|
|
|
|
|
2012-02-20 04:27:20 +01:00
|
|
|
#include <openvpn/log/logthread.hpp> // should be included early
|
2012-02-11 15:02:51 +01:00
|
|
|
|
|
|
|
#include <openvpn/init/initprocess.hpp>
|
|
|
|
#include <openvpn/common/types.hpp>
|
|
|
|
#include <openvpn/common/scoped_ptr.hpp>
|
|
|
|
#include <openvpn/client/cliconnect.hpp>
|
2012-11-26 02:51:24 +01:00
|
|
|
#include <openvpn/client/cliopthelper.hpp>
|
2012-10-18 14:24:14 +02:00
|
|
|
#include <openvpn/options/merge.hpp>
|
2012-11-16 05:13:48 +01:00
|
|
|
#include <openvpn/error/excode.hpp>
|
2013-06-14 02:34:49 +02:00
|
|
|
#include <openvpn/crypto/selftest.hpp>
|
2012-02-11 15:02:51 +01:00
|
|
|
|
2012-04-18 00:12:27 +02:00
|
|
|
// copyright
|
|
|
|
#include <openvpn/legal/copyright.hpp>
|
|
|
|
|
2012-02-11 15:02:51 +01:00
|
|
|
namespace openvpn {
|
|
|
|
namespace ClientAPI {
|
|
|
|
|
2012-03-10 05:55:32 +01:00
|
|
|
OPENVPN_SIMPLE_EXCEPTION(app_expired);
|
|
|
|
|
2012-02-11 15:02:51 +01:00
|
|
|
class MySessionStats : public SessionStats
|
|
|
|
{
|
|
|
|
public:
|
|
|
|
typedef boost::intrusive_ptr<MySessionStats> Ptr;
|
|
|
|
|
2012-03-01 09:11:00 +01:00
|
|
|
MySessionStats(OpenVPNClient* parent_arg)
|
2012-02-11 15:02:51 +01:00
|
|
|
: parent(parent_arg)
|
|
|
|
{
|
|
|
|
std::memset(errors, 0, sizeof(errors));
|
2013-05-22 07:13:11 +02:00
|
|
|
#ifdef OPENVPN_DEBUG_VERBOSE_ERRORS
|
|
|
|
session_stats_set_verbose(true);
|
|
|
|
#endif
|
2012-02-11 15:02:51 +01:00
|
|
|
}
|
|
|
|
|
2012-02-13 00:09:28 +01:00
|
|
|
static size_t combined_n()
|
|
|
|
{
|
|
|
|
return N_STATS + Error::N_ERRORS;
|
|
|
|
}
|
|
|
|
|
|
|
|
static std::string combined_name(const size_t index)
|
|
|
|
{
|
|
|
|
if (index < N_STATS + Error::N_ERRORS)
|
|
|
|
{
|
|
|
|
if (index < N_STATS)
|
|
|
|
return stat_name(index);
|
|
|
|
else
|
|
|
|
return Error::name(index - N_STATS);
|
|
|
|
}
|
|
|
|
else
|
|
|
|
return "";
|
|
|
|
}
|
|
|
|
|
|
|
|
count_t combined_value(const size_t index) const
|
|
|
|
{
|
|
|
|
if (index < N_STATS + Error::N_ERRORS)
|
|
|
|
{
|
|
|
|
if (index < N_STATS)
|
|
|
|
return get_stat(index);
|
|
|
|
else
|
|
|
|
return errors[index - N_STATS];
|
|
|
|
}
|
|
|
|
else
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2012-07-01 17:37:46 +02:00
|
|
|
count_t stat_count(const size_t index) const
|
|
|
|
{
|
|
|
|
return get_stat_fast(index);
|
|
|
|
}
|
|
|
|
|
|
|
|
count_t error_count(const size_t index) const
|
|
|
|
{
|
|
|
|
return errors[index];
|
|
|
|
}
|
|
|
|
|
2012-02-19 18:43:42 +01:00
|
|
|
void detach_from_parent()
|
|
|
|
{
|
|
|
|
parent = NULL;
|
|
|
|
}
|
|
|
|
|
2012-02-13 00:09:28 +01:00
|
|
|
virtual void error(const size_t err, const std::string* text=NULL)
|
2012-02-11 15:02:51 +01:00
|
|
|
{
|
|
|
|
if (err < Error::N_ERRORS)
|
2013-05-22 07:13:11 +02:00
|
|
|
{
|
|
|
|
#ifdef OPENVPN_DEBUG_VERBOSE_ERRORS
|
|
|
|
if (text)
|
|
|
|
OPENVPN_LOG("ERROR: " << Error::name(err) << " : " << *text);
|
|
|
|
else
|
|
|
|
OPENVPN_LOG("ERROR: " << Error::name(err));
|
|
|
|
#endif
|
|
|
|
++errors[err];
|
|
|
|
}
|
2012-02-11 15:02:51 +01:00
|
|
|
}
|
|
|
|
|
2012-03-07 12:21:09 +01:00
|
|
|
private:
|
2012-03-01 09:11:00 +01:00
|
|
|
OpenVPNClient* parent;
|
2012-02-11 15:02:51 +01:00
|
|
|
count_t errors[Error::N_ERRORS];
|
|
|
|
};
|
|
|
|
|
|
|
|
class MyClientEvents : public ClientEvent::Queue
|
|
|
|
{
|
|
|
|
public:
|
|
|
|
typedef boost::intrusive_ptr<MyClientEvents> Ptr;
|
|
|
|
|
2012-03-01 09:11:00 +01:00
|
|
|
MyClientEvents(OpenVPNClient* parent_arg) : parent(parent_arg) {}
|
2012-02-11 15:02:51 +01:00
|
|
|
|
|
|
|
virtual void add_event(const ClientEvent::Base::Ptr& event)
|
|
|
|
{
|
2012-02-19 18:43:42 +01:00
|
|
|
if (parent)
|
|
|
|
{
|
|
|
|
Event ev;
|
|
|
|
ev.name = event->name();
|
2012-11-14 03:35:50 +01:00
|
|
|
ev.info = Unicode::utf8_printable(event->render(), 256);
|
2012-02-19 18:43:42 +01:00
|
|
|
ev.error = event->is_error();
|
2012-07-02 22:52:58 +02:00
|
|
|
|
|
|
|
// save connected event
|
|
|
|
if (event->id() == ClientEvent::CONNECTED)
|
|
|
|
last_connected = event;
|
|
|
|
|
2012-02-19 18:43:42 +01:00
|
|
|
parent->event(ev);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2012-07-02 22:52:58 +02:00
|
|
|
void get_connection_info(ConnectionInfo& ci)
|
|
|
|
{
|
|
|
|
ClientEvent::Base::Ptr connected = last_connected;
|
|
|
|
if (connected)
|
|
|
|
{
|
|
|
|
const ClientEvent::Connected* c = connected->connected_cast();
|
|
|
|
if (c)
|
|
|
|
{
|
|
|
|
ci.user = c->user;
|
|
|
|
ci.serverHost = c->server_host;
|
|
|
|
ci.serverPort = c->server_port;
|
|
|
|
ci.serverProto = c->server_proto;
|
|
|
|
ci.serverIp = c->server_ip;
|
2012-10-03 11:03:02 +02:00
|
|
|
ci.vpnIp4 = c->vpn_ip4;
|
|
|
|
ci.vpnIp6 = c->vpn_ip6;
|
|
|
|
ci.clientIp = c->client_ip;
|
2012-07-02 22:52:58 +02:00
|
|
|
ci.tunName = c->tun_name;
|
|
|
|
ci.defined = true;
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
ci.defined = false;
|
|
|
|
}
|
|
|
|
|
2012-02-19 18:43:42 +01:00
|
|
|
void detach_from_parent()
|
|
|
|
{
|
|
|
|
parent = NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
private:
|
2012-03-01 09:11:00 +01:00
|
|
|
OpenVPNClient* parent;
|
2012-07-02 22:52:58 +02:00
|
|
|
ClientEvent::Base::Ptr last_connected;
|
2012-02-19 18:43:42 +01:00
|
|
|
};
|
|
|
|
|
|
|
|
class MySocketProtect : public SocketProtect
|
|
|
|
{
|
|
|
|
public:
|
|
|
|
MySocketProtect() : parent(NULL) {}
|
|
|
|
|
2012-03-01 09:11:00 +01:00
|
|
|
void set_parent(OpenVPNClient* parent_arg)
|
2012-02-19 18:43:42 +01:00
|
|
|
{
|
|
|
|
parent = parent_arg;
|
|
|
|
}
|
|
|
|
|
|
|
|
virtual bool socket_protect(int socket)
|
|
|
|
{
|
|
|
|
if (parent)
|
|
|
|
return parent->socket_protect(socket);
|
|
|
|
else
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
void detach_from_parent()
|
|
|
|
{
|
|
|
|
parent = NULL;
|
2012-02-11 15:02:51 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
private:
|
2012-03-01 09:11:00 +01:00
|
|
|
OpenVPNClient* parent;
|
2012-02-11 15:02:51 +01:00
|
|
|
};
|
|
|
|
|
2012-10-23 15:10:39 +02:00
|
|
|
class MyReconnectNotify : public ReconnectNotify
|
|
|
|
{
|
|
|
|
public:
|
|
|
|
MyReconnectNotify() : parent(NULL) {}
|
|
|
|
|
|
|
|
void set_parent(OpenVPNClient* parent_arg)
|
|
|
|
{
|
|
|
|
parent = parent_arg;
|
|
|
|
}
|
|
|
|
|
|
|
|
void detach_from_parent()
|
|
|
|
{
|
|
|
|
parent = NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
virtual bool pause_on_connection_timeout()
|
|
|
|
{
|
|
|
|
if (parent)
|
|
|
|
return parent->pause_on_connection_timeout();
|
|
|
|
else
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
private:
|
|
|
|
OpenVPNClient* parent;
|
|
|
|
};
|
|
|
|
|
2012-02-11 15:02:51 +01:00
|
|
|
namespace Private {
|
|
|
|
struct ClientState
|
|
|
|
{
|
2013-01-24 14:34:17 +01:00
|
|
|
ClientState() : conn_timeout(0), tun_persist(false),
|
2013-01-28 02:11:28 +01:00
|
|
|
google_dns_fallback(false), disable_client_cert(false),
|
2013-12-27 23:16:05 +01:00
|
|
|
default_key_direction(-1), force_aes_cbc_ciphersuites(false) {}
|
2012-03-07 12:21:09 +01:00
|
|
|
|
2012-02-11 15:02:51 +01:00
|
|
|
OptionList options;
|
2012-03-06 07:06:54 +01:00
|
|
|
EvalConfig eval;
|
2012-02-19 18:43:42 +01:00
|
|
|
MySocketProtect socket_protect;
|
2012-10-23 15:10:39 +02:00
|
|
|
MyReconnectNotify reconnect_notify;
|
2012-02-28 00:00:29 +01:00
|
|
|
ClientCreds::Ptr creds;
|
2012-02-11 15:02:51 +01:00
|
|
|
MySessionStats::Ptr stats;
|
|
|
|
MyClientEvents::Ptr events;
|
|
|
|
ClientConnect::Ptr session;
|
2012-03-03 12:09:05 +01:00
|
|
|
|
|
|
|
// extra settings submitted by API client
|
|
|
|
std::string server_override;
|
|
|
|
Protocol proto_override;
|
2012-03-07 12:21:09 +01:00
|
|
|
int conn_timeout;
|
2012-10-21 11:43:03 +02:00
|
|
|
bool tun_persist;
|
2012-10-24 14:37:24 +02:00
|
|
|
bool google_dns_fallback;
|
2012-11-15 23:48:13 +01:00
|
|
|
std::string private_key_password;
|
2012-03-06 07:06:54 +01:00
|
|
|
std::string external_pki_alias;
|
2013-01-24 14:34:17 +01:00
|
|
|
bool disable_client_cert;
|
2013-01-28 02:11:28 +01:00
|
|
|
int default_key_direction;
|
2013-12-27 23:16:05 +01:00
|
|
|
bool force_aes_cbc_ciphersuites;
|
2012-09-08 03:36:54 +02:00
|
|
|
ProtoContextOptions::Ptr proto_context_options;
|
2012-10-24 08:38:20 +02:00
|
|
|
HTTPProxyTransport::Options::Ptr http_proxy_options;
|
2012-02-11 15:02:51 +01:00
|
|
|
};
|
|
|
|
};
|
|
|
|
|
2012-07-01 17:37:46 +02:00
|
|
|
OPENVPN_CLIENT_EXPORT void OpenVPNClient::init_process()
|
2012-02-11 15:02:51 +01:00
|
|
|
{
|
|
|
|
InitProcess::init();
|
2012-07-01 17:37:46 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
OPENVPN_CLIENT_EXPORT OpenVPNClient::OpenVPNClient()
|
|
|
|
{
|
2012-10-20 08:05:51 +02:00
|
|
|
// We keep track of time as binary milliseconds since a time base, and
|
|
|
|
// this can wrap after ~48 days on 32 bit systems, so it's a good idea
|
|
|
|
// to periodically reinitialize the base.
|
|
|
|
Time::reset_base_conditional();
|
|
|
|
|
2012-02-11 15:02:51 +01:00
|
|
|
state = new Private::ClientState();
|
2012-09-08 03:36:54 +02:00
|
|
|
state->proto_context_options = new ProtoContextOptions();
|
2012-02-11 15:02:51 +01:00
|
|
|
}
|
|
|
|
|
2012-03-24 21:22:24 +01:00
|
|
|
OPENVPN_CLIENT_EXPORT void OpenVPNClient::parse_config(const Config& config, EvalConfig& eval, OptionList& options)
|
2012-02-11 15:02:51 +01:00
|
|
|
{
|
|
|
|
try {
|
2012-03-03 12:09:05 +01:00
|
|
|
// validate proto_override
|
|
|
|
if (!config.protoOverride.empty())
|
2013-01-19 04:40:40 +01:00
|
|
|
Protocol::parse(config.protoOverride, false);
|
2012-03-03 12:09:05 +01:00
|
|
|
|
2012-02-11 15:02:51 +01:00
|
|
|
// parse config
|
Initial Apple VPN-On-Demand implementation:
* VoD profiles can be defined using the iPhone Configuration utility:
1. Connection Type should be set to Custom SSL
2. Identifier should be set to net.openvpn.OpenVPN-Connect.vpnplugin
3. Server can be set to a hostname, or "DEFAULT" to use the
hostname(s) from the OpenVPN configuration.
4. User Authentication should be set to Certificate, and the client
certificate+key should be attached as a PKCS#12 file.
5. VPN On Demand should be enabled and match entries should be
defined.
In addition, the OpenVPN client configuration file may be defined
via key/value pairs:
1. VoD requires an autologin profile.
2. Define each OpenVPN directive as a key, with arguments
specified as the value.
3. For Access server meta-directives such as
OVPN_ACCESS_SERVER_USERNAME, remove the "OVPN_ACCESS_SERVER_"
prefix, giving USERNAME as the directive.
4. If no arguments are present, use "NOARGS" as the value.
5. If multiple instances of the same directive are present,
number the directives in the order they should be processed by
appending .<n> to the directive, where n is an integer,
such as remote.1 or remote.2
6. For multi-line directives such as <ca> and <tls-auth>, you must
convert the multi-line argument to a single line by specifying
line breaks as \n -- also note that because of
this escaping model, you must use \\ to pass backslash itself.
* VoD profiles are recognized and listed by the app.
* The app can disconnect but not connect a VoD profile.
* Most app-level functionality such as logging and preferences
work correctly for VoD profiles.
Core changes:
* Added support for key-direction parameter in core.
2012-11-06 18:50:30 +01:00
|
|
|
OptionList::KeyValueList kvl;
|
|
|
|
kvl.reserve(config.contentList.size());
|
|
|
|
for (size_t i = 0; i < config.contentList.size(); ++i)
|
|
|
|
{
|
|
|
|
const KeyValue& kv = config.contentList[i];
|
|
|
|
kvl.push_back(new OptionList::KeyValue(kv.key, kv.value));
|
|
|
|
}
|
|
|
|
const ParseClientConfig cc = ParseClientConfig::parse(config.content, &kvl, options);
|
2013-06-08 18:10:35 +02:00
|
|
|
#ifdef OPENVPN_DUMP_CONFIG
|
|
|
|
std::cout << "---------- ARGS ----------" << std::endl;
|
2013-06-10 02:42:19 +02:00
|
|
|
std::cout << options.render(Option::RENDER_PASS_FMT|Option::RENDER_NUMBER|Option::RENDER_BRACKET) << std::endl;
|
2013-06-08 18:10:35 +02:00
|
|
|
std::cout << "---------- MAP ----------" << std::endl;
|
|
|
|
std::cout << options.render_map() << std::endl;
|
|
|
|
#endif
|
2012-07-02 22:52:58 +02:00
|
|
|
eval.error = cc.error();
|
|
|
|
eval.message = cc.message();
|
|
|
|
eval.userlockedUsername = cc.userlockedUsername();
|
|
|
|
eval.profileName = cc.profileName();
|
|
|
|
eval.friendlyName = cc.friendlyName();
|
|
|
|
eval.autologin = cc.autologin();
|
|
|
|
eval.externalPki = cc.externalPki();
|
|
|
|
eval.staticChallenge = cc.staticChallenge();
|
|
|
|
eval.staticChallengeEcho = cc.staticChallengeEcho();
|
2012-11-15 23:48:13 +01:00
|
|
|
eval.privateKeyPasswordRequired = cc.privateKeyPasswordRequired();
|
2012-11-18 09:55:27 +01:00
|
|
|
eval.allowPasswordSave = cc.allowPasswordSave();
|
2012-07-02 22:52:58 +02:00
|
|
|
for (ParseClientConfig::ServerList::const_iterator i = cc.serverList().begin(); i != cc.serverList().end(); ++i)
|
|
|
|
{
|
|
|
|
ServerEntry se;
|
|
|
|
se.server = i->server;
|
|
|
|
se.friendlyName = i->friendlyName;
|
|
|
|
eval.serverList.push_back(se);
|
|
|
|
}
|
2012-02-11 15:02:51 +01:00
|
|
|
}
|
2012-02-17 20:28:44 +01:00
|
|
|
catch (const std::exception& e)
|
2012-02-11 15:02:51 +01:00
|
|
|
{
|
2012-02-15 15:45:55 +01:00
|
|
|
eval.error = true;
|
2012-11-14 03:35:50 +01:00
|
|
|
eval.message = Unicode::utf8_printable(e.what(), 256);
|
2012-02-11 15:02:51 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2012-03-24 21:22:24 +01:00
|
|
|
OPENVPN_CLIENT_EXPORT void OpenVPNClient::parse_extras(const Config& config, EvalConfig& eval)
|
2012-03-03 12:09:05 +01:00
|
|
|
{
|
|
|
|
try {
|
|
|
|
state->server_override = config.serverOverride;
|
2012-03-07 12:21:09 +01:00
|
|
|
state->conn_timeout = config.connTimeout;
|
2012-10-21 11:43:03 +02:00
|
|
|
state->tun_persist = config.tunPersist;
|
2012-10-24 14:37:24 +02:00
|
|
|
state->google_dns_fallback = config.googleDnsFallback;
|
2012-11-15 23:48:13 +01:00
|
|
|
state->private_key_password = config.privateKeyPassword;
|
2012-03-03 12:09:05 +01:00
|
|
|
if (!config.protoOverride.empty())
|
2013-01-19 04:40:40 +01:00
|
|
|
state->proto_override = Protocol::parse(config.protoOverride, false);
|
2012-09-08 03:36:54 +02:00
|
|
|
if (!config.compressionMode.empty())
|
|
|
|
state->proto_context_options->parse_compression_mode(config.compressionMode);
|
2012-03-06 07:06:54 +01:00
|
|
|
if (eval.externalPki)
|
|
|
|
state->external_pki_alias = config.externalPkiAlias;
|
2013-01-24 14:34:17 +01:00
|
|
|
state->disable_client_cert = config.disableClientCert;
|
2013-01-28 02:11:28 +01:00
|
|
|
state->default_key_direction = config.defaultKeyDirection;
|
2013-12-27 23:16:05 +01:00
|
|
|
state->force_aes_cbc_ciphersuites = config.forceAesCbcCiphersuites;
|
2012-10-24 08:38:20 +02:00
|
|
|
if (!config.proxyHost.empty())
|
|
|
|
{
|
|
|
|
HTTPProxyTransport::Options::Ptr ho(new HTTPProxyTransport::Options());
|
2013-03-12 20:20:37 +01:00
|
|
|
ho->set_proxy_server(config.proxyHost, config.proxyPort);
|
2012-10-24 08:38:20 +02:00
|
|
|
ho->username = config.proxyUsername;
|
|
|
|
ho->password = config.proxyPassword;
|
2012-10-28 11:07:32 +01:00
|
|
|
ho->allow_cleartext_auth = config.proxyAllowCleartextAuth;
|
2012-10-24 08:38:20 +02:00
|
|
|
state->http_proxy_options = ho;
|
|
|
|
}
|
2012-03-03 12:09:05 +01:00
|
|
|
}
|
|
|
|
catch (const std::exception& e)
|
|
|
|
{
|
|
|
|
eval.error = true;
|
2012-11-14 03:35:50 +01:00
|
|
|
eval.message = Unicode::utf8_printable(e.what(), 256);
|
2012-03-03 12:09:05 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2012-11-12 02:52:03 +01:00
|
|
|
OPENVPN_CLIENT_EXPORT long OpenVPNClient::max_profile_size()
|
|
|
|
{
|
|
|
|
return ProfileParseLimits::MAX_PROFILE_SIZE;
|
|
|
|
}
|
|
|
|
|
|
|
|
OPENVPN_CLIENT_EXPORT MergeConfig OpenVPNClient::merge_config_static(const std::string& path,
|
|
|
|
bool follow_references)
|
|
|
|
{
|
|
|
|
ProfileMerge pm(path, "", follow_references,
|
|
|
|
ProfileParseLimits::MAX_LINE_SIZE, ProfileParseLimits::MAX_PROFILE_SIZE);
|
|
|
|
return build_merge_config(pm);
|
|
|
|
}
|
|
|
|
|
|
|
|
OPENVPN_CLIENT_EXPORT MergeConfig OpenVPNClient::merge_config_string_static(const std::string& config_content)
|
|
|
|
{
|
|
|
|
ProfileMergeFromString pm(config_content, "", false,
|
|
|
|
ProfileParseLimits::MAX_LINE_SIZE, ProfileParseLimits::MAX_PROFILE_SIZE);
|
|
|
|
return build_merge_config(pm);
|
|
|
|
}
|
|
|
|
|
|
|
|
OPENVPN_CLIENT_EXPORT MergeConfig OpenVPNClient::build_merge_config(const ProfileMerge& pm)
|
2012-10-18 14:24:14 +02:00
|
|
|
{
|
|
|
|
MergeConfig ret;
|
|
|
|
ret.status = pm.status_string();
|
|
|
|
ret.basename = pm.basename();
|
|
|
|
if (pm.status() == ProfileMerge::MERGE_SUCCESS)
|
|
|
|
{
|
|
|
|
ret.refPathList = pm.ref_path_list();
|
|
|
|
ret.profileContent = pm.profile_content();
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
ret.errorText = pm.error();
|
|
|
|
}
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2012-03-24 21:22:24 +01:00
|
|
|
OPENVPN_CLIENT_EXPORT EvalConfig OpenVPNClient::eval_config_static(const Config& config)
|
2012-02-15 15:45:55 +01:00
|
|
|
{
|
|
|
|
EvalConfig eval;
|
|
|
|
OptionList options;
|
|
|
|
parse_config(config, eval, options);
|
|
|
|
return eval;
|
|
|
|
}
|
|
|
|
|
2012-03-03 12:09:05 +01:00
|
|
|
// API client submits the configuration here before calling connect()
|
2012-03-24 21:22:24 +01:00
|
|
|
OPENVPN_CLIENT_EXPORT EvalConfig OpenVPNClient::eval_config(const Config& config)
|
2012-02-15 15:45:55 +01:00
|
|
|
{
|
2012-03-03 12:09:05 +01:00
|
|
|
// parse and validate configuration file
|
2012-02-15 15:45:55 +01:00
|
|
|
EvalConfig eval;
|
|
|
|
parse_config(config, eval, state->options);
|
2012-03-03 12:09:05 +01:00
|
|
|
if (eval.error)
|
|
|
|
return eval;
|
|
|
|
|
|
|
|
// handle extra settings in config
|
|
|
|
parse_extras(config, eval);
|
2012-03-06 07:06:54 +01:00
|
|
|
state->eval = eval;
|
2012-02-15 15:45:55 +01:00
|
|
|
return eval;
|
|
|
|
}
|
|
|
|
|
2012-03-24 21:22:24 +01:00
|
|
|
OPENVPN_CLIENT_EXPORT Status OpenVPNClient::provide_creds(const ProvideCreds& creds)
|
2012-02-11 15:02:51 +01:00
|
|
|
{
|
2012-03-03 03:56:58 +01:00
|
|
|
Status ret;
|
|
|
|
try {
|
|
|
|
ClientCreds::Ptr cc = new ClientCreds();
|
|
|
|
cc->set_username(creds.username);
|
|
|
|
cc->set_password(creds.password);
|
|
|
|
cc->set_response(creds.response);
|
|
|
|
cc->set_dynamic_challenge_cookie(creds.dynamicChallengeCookie);
|
|
|
|
cc->set_replace_password_with_session_id(creds.replacePasswordWithSessionID);
|
2013-01-25 03:34:20 +01:00
|
|
|
cc->enable_password_cache(creds.cachePassword);
|
2012-03-03 03:56:58 +01:00
|
|
|
state->creds = cc;
|
|
|
|
}
|
|
|
|
catch (const std::exception& e)
|
|
|
|
{
|
|
|
|
ret.error = true;
|
2012-11-14 03:35:50 +01:00
|
|
|
ret.message = Unicode::utf8_printable(e.what(), 256);
|
2012-03-03 03:56:58 +01:00
|
|
|
}
|
|
|
|
return ret;
|
|
|
|
}
|
2012-03-01 23:50:57 +01:00
|
|
|
|
2012-03-24 21:22:24 +01:00
|
|
|
OPENVPN_CLIENT_EXPORT bool OpenVPNClient::parse_dynamic_challenge(const std::string& cookie, DynamicChallenge& dc)
|
2012-03-03 03:56:58 +01:00
|
|
|
{
|
|
|
|
try {
|
|
|
|
ChallengeResponse cr(cookie);
|
|
|
|
dc.challenge = cr.get_challenge_text();
|
|
|
|
dc.echo = cr.get_echo();
|
|
|
|
dc.responseRequired = cr.get_response_required();
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
catch (const std::exception&)
|
|
|
|
{
|
|
|
|
return false;
|
|
|
|
}
|
2012-02-11 15:02:51 +01:00
|
|
|
}
|
|
|
|
|
2012-10-19 12:29:12 +02:00
|
|
|
OPENVPN_CLIENT_EXPORT void OpenVPNClient::process_epki_cert_chain(const ExternalPKICertRequest& req)
|
|
|
|
{
|
|
|
|
// Get cert and add to options list
|
|
|
|
{
|
|
|
|
Option o;
|
|
|
|
o.push_back("cert");
|
|
|
|
o.push_back(req.cert);
|
|
|
|
state->options.add_item(o);
|
|
|
|
}
|
|
|
|
|
|
|
|
// Get the supporting chain, if it exists, and use
|
|
|
|
// it for ca (if ca isn't defined), or otherwise use
|
|
|
|
// it for extra-certs (if ca is defined but extra-certs
|
|
|
|
// is not).
|
|
|
|
if (!req.supportingChain.empty())
|
|
|
|
{
|
|
|
|
if (!state->options.exists("ca"))
|
|
|
|
{
|
|
|
|
Option o;
|
|
|
|
o.push_back("ca");
|
|
|
|
o.push_back(req.supportingChain);
|
|
|
|
state->options.add_item(o);
|
|
|
|
}
|
|
|
|
else if (!state->options.exists("extra-certs"))
|
|
|
|
{
|
|
|
|
Option o;
|
|
|
|
o.push_back("extra-certs");
|
|
|
|
o.push_back(req.supportingChain);
|
|
|
|
state->options.add_item(o);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2012-03-24 21:22:24 +01:00
|
|
|
OPENVPN_CLIENT_EXPORT Status OpenVPNClient::connect()
|
2012-02-11 15:02:51 +01:00
|
|
|
{
|
|
|
|
boost::asio::detail::signal_blocker signal_blocker; // signals should be handled by parent thread
|
|
|
|
Log::Context log_context(this);
|
|
|
|
Status ret;
|
|
|
|
bool in_run = false;
|
|
|
|
ScopedPtr<boost::asio::io_service> io_service;
|
|
|
|
|
2012-10-19 10:52:01 +02:00
|
|
|
// client stats
|
|
|
|
state->stats.reset(new MySessionStats(this));
|
|
|
|
|
|
|
|
// client events
|
|
|
|
state->events.reset(new MyClientEvents(this));
|
2012-02-11 15:02:51 +01:00
|
|
|
|
2012-10-19 10:52:01 +02:00
|
|
|
// socket protect
|
|
|
|
state->socket_protect.set_parent(this);
|
2012-02-11 15:02:51 +01:00
|
|
|
|
2012-10-23 15:10:39 +02:00
|
|
|
// reconnect notifications
|
|
|
|
state->reconnect_notify.set_parent(this);
|
|
|
|
|
2012-10-19 10:52:01 +02:00
|
|
|
// session
|
|
|
|
state->session.reset();
|
2012-02-19 18:43:42 +01:00
|
|
|
|
2012-10-19 10:52:01 +02:00
|
|
|
try {
|
2012-02-11 15:02:51 +01:00
|
|
|
// load options
|
2012-02-20 04:27:20 +01:00
|
|
|
ClientOptions::Config cc;
|
|
|
|
cc.cli_stats = state->stats;
|
|
|
|
cc.cli_events = state->events;
|
2012-03-03 12:09:05 +01:00
|
|
|
cc.server_override = state->server_override;
|
|
|
|
cc.proto_override = state->proto_override;
|
2012-03-07 12:21:09 +01:00
|
|
|
cc.conn_timeout = state->conn_timeout;
|
2012-10-21 11:43:03 +02:00
|
|
|
cc.tun_persist = state->tun_persist;
|
2012-10-24 14:37:24 +02:00
|
|
|
cc.google_dns_fallback = state->google_dns_fallback;
|
2012-09-08 03:36:54 +02:00
|
|
|
cc.proto_context_options = state->proto_context_options;
|
2012-10-24 08:38:20 +02:00
|
|
|
cc.http_proxy_options = state->http_proxy_options;
|
2012-10-23 15:10:39 +02:00
|
|
|
cc.reconnect_notify = &state->reconnect_notify;
|
2012-11-15 23:48:13 +01:00
|
|
|
cc.private_key_password = state->private_key_password;
|
2013-01-24 14:34:17 +01:00
|
|
|
cc.disable_client_cert = state->disable_client_cert;
|
2013-01-28 02:11:28 +01:00
|
|
|
cc.default_key_direction = state->default_key_direction;
|
2013-12-27 23:16:05 +01:00
|
|
|
cc.force_aes_cbc_ciphersuites = state->force_aes_cbc_ciphersuites;
|
2012-02-19 20:06:44 +01:00
|
|
|
#if defined(USE_TUN_BUILDER)
|
2012-02-25 08:37:31 +01:00
|
|
|
cc.socket_protect = &state->socket_protect;
|
2012-02-20 04:27:20 +01:00
|
|
|
cc.builder = this;
|
2012-02-19 20:06:44 +01:00
|
|
|
#endif
|
2012-03-06 07:06:54 +01:00
|
|
|
|
2013-01-25 03:34:20 +01:00
|
|
|
// force Session ID use and disable password cache if static challenge is enabled
|
2012-11-18 19:53:10 +01:00
|
|
|
if (state->creds
|
|
|
|
&& !state->creds->get_replace_password_with_session_id()
|
|
|
|
&& !state->eval.autologin
|
|
|
|
&& !state->eval.staticChallenge.empty())
|
2013-01-25 03:34:20 +01:00
|
|
|
{
|
|
|
|
state->creds->set_replace_password_with_session_id(true);
|
|
|
|
state->creds->enable_password_cache(false);
|
|
|
|
}
|
2012-11-18 19:53:10 +01:00
|
|
|
|
2012-03-06 07:06:54 +01:00
|
|
|
// external PKI
|
2012-05-23 15:50:41 +02:00
|
|
|
#if !defined(USE_APPLE_SSL)
|
2013-01-24 14:34:17 +01:00
|
|
|
if (state->eval.externalPki && !state->disable_client_cert)
|
2012-03-06 07:06:54 +01:00
|
|
|
{
|
|
|
|
if (!state->external_pki_alias.empty())
|
|
|
|
{
|
|
|
|
ExternalPKICertRequest req;
|
|
|
|
req.alias = state->external_pki_alias;
|
|
|
|
external_pki_cert_request(req);
|
|
|
|
if (!req.error)
|
|
|
|
{
|
|
|
|
cc.external_pki = this;
|
2012-10-19 12:29:12 +02:00
|
|
|
process_epki_cert_chain(req);
|
2012-03-06 07:06:54 +01:00
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
2012-03-07 12:21:09 +01:00
|
|
|
external_pki_error(req, Error::EPKI_CERT_ERROR);
|
2012-03-06 07:06:54 +01:00
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
ret.error = true;
|
|
|
|
ret.message = "Missing External PKI alias";
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
}
|
2012-05-23 15:50:41 +02:00
|
|
|
#endif
|
2012-03-06 07:06:54 +01:00
|
|
|
|
|
|
|
// build client options object
|
2012-02-20 04:27:20 +01:00
|
|
|
ClientOptions::Ptr client_options = new ClientOptions(state->options, cc);
|
2012-02-11 15:02:51 +01:00
|
|
|
|
2012-02-15 15:45:55 +01:00
|
|
|
// configure creds in options
|
2012-02-28 00:00:29 +01:00
|
|
|
client_options->submit_creds(state->creds);
|
2012-02-11 15:02:51 +01:00
|
|
|
|
|
|
|
// initialize the Asio io_service object
|
|
|
|
io_service.reset(new boost::asio::io_service(1)); // concurrency hint=1
|
|
|
|
|
|
|
|
// instantiate top-level client session
|
|
|
|
state->session.reset(new ClientConnect(*io_service, client_options));
|
|
|
|
|
2012-03-10 05:55:32 +01:00
|
|
|
// raise an exception if app has expired
|
|
|
|
check_app_expired();
|
|
|
|
|
2012-02-11 15:02:51 +01:00
|
|
|
// start VPN
|
|
|
|
state->session->start(); // queue parallel async reads
|
|
|
|
|
|
|
|
// run i/o reactor
|
|
|
|
in_run = true;
|
|
|
|
io_service->run();
|
|
|
|
}
|
2012-02-17 20:28:44 +01:00
|
|
|
catch (const std::exception& e)
|
2012-02-11 15:02:51 +01:00
|
|
|
{
|
|
|
|
if (in_run)
|
|
|
|
{
|
|
|
|
state->session->stop(); // On exception, stop client...
|
|
|
|
io_service->poll(); // and execute completion handlers.
|
|
|
|
}
|
|
|
|
ret.error = true;
|
2012-11-14 03:35:50 +01:00
|
|
|
ret.message = Unicode::utf8_printable(e.what(), 256);
|
2012-11-16 05:13:48 +01:00
|
|
|
|
|
|
|
// if exception is an ExceptionCode, translate the code
|
|
|
|
// to return status string
|
|
|
|
{
|
|
|
|
const ExceptionCode *ec = dynamic_cast<const ExceptionCode *>(&e);
|
|
|
|
if (ec && ec->code_defined())
|
|
|
|
ret.status = Error::name(ec->code());
|
|
|
|
}
|
2012-02-11 15:02:51 +01:00
|
|
|
}
|
2012-02-19 18:43:42 +01:00
|
|
|
state->socket_protect.detach_from_parent();
|
2012-10-23 15:10:39 +02:00
|
|
|
state->reconnect_notify.detach_from_parent();
|
2012-02-19 18:43:42 +01:00
|
|
|
state->stats->detach_from_parent();
|
|
|
|
state->events->detach_from_parent();
|
2012-10-19 10:52:01 +02:00
|
|
|
if (state->session)
|
|
|
|
state->session.reset();
|
2012-02-11 15:02:51 +01:00
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2012-07-02 22:52:58 +02:00
|
|
|
OPENVPN_CLIENT_EXPORT ConnectionInfo OpenVPNClient::connection_info()
|
|
|
|
{
|
|
|
|
ConnectionInfo ci;
|
|
|
|
MyClientEvents::Ptr events = state->events;
|
|
|
|
if (events)
|
|
|
|
events->get_connection_info(ci);
|
|
|
|
return ci;
|
|
|
|
}
|
|
|
|
|
2012-08-21 23:32:51 +02:00
|
|
|
OPENVPN_CLIENT_EXPORT bool OpenVPNClient::session_token(SessionToken& tok)
|
|
|
|
{
|
|
|
|
ClientCreds::Ptr cc = state->creds;
|
|
|
|
if (cc && cc->session_id_defined())
|
|
|
|
{
|
|
|
|
tok.username = cc->get_username();
|
|
|
|
tok.session_id = cc->get_password();
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
else
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2012-03-24 21:22:24 +01:00
|
|
|
OPENVPN_CLIENT_EXPORT void OpenVPNClient::external_pki_error(const ExternalPKIRequestBase& req, const size_t err_type)
|
2012-03-06 07:06:54 +01:00
|
|
|
{
|
|
|
|
if (req.error)
|
|
|
|
{
|
|
|
|
if (req.invalidAlias)
|
|
|
|
{
|
|
|
|
ClientEvent::Base::Ptr ev = new ClientEvent::EpkiInvalidAlias(req.alias);
|
|
|
|
state->events->add_event(ev);
|
|
|
|
}
|
2012-10-19 10:52:01 +02:00
|
|
|
|
|
|
|
ClientEvent::Base::Ptr ev = new ClientEvent::EpkiError(req.errorText);
|
|
|
|
state->events->add_event(ev);
|
|
|
|
|
2012-03-07 12:21:09 +01:00
|
|
|
state->stats->error(err_type);
|
2012-10-19 10:52:01 +02:00
|
|
|
if (state->session)
|
|
|
|
state->session->dont_restart();
|
2012-03-06 07:06:54 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2012-03-24 21:22:24 +01:00
|
|
|
OPENVPN_CLIENT_EXPORT bool OpenVPNClient::sign(const std::string& data, std::string& sig)
|
2012-03-06 07:06:54 +01:00
|
|
|
{
|
|
|
|
ExternalPKISignRequest req;
|
|
|
|
req.data = data;
|
|
|
|
req.alias = state->external_pki_alias;
|
|
|
|
external_pki_sign_request(req); // call out to derived class for RSA signature
|
|
|
|
if (!req.error)
|
|
|
|
{
|
|
|
|
sig = req.sig;
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
2012-03-07 12:21:09 +01:00
|
|
|
external_pki_error(req, Error::EPKI_SIGN_ERROR);
|
2012-03-06 07:06:54 +01:00
|
|
|
return false;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2012-03-24 21:22:24 +01:00
|
|
|
OPENVPN_CLIENT_EXPORT int OpenVPNClient::stats_n()
|
2012-02-13 00:09:28 +01:00
|
|
|
{
|
2013-11-11 20:33:35 +01:00
|
|
|
return (int)MySessionStats::combined_n();
|
2012-02-13 00:09:28 +01:00
|
|
|
}
|
|
|
|
|
2012-03-24 21:22:24 +01:00
|
|
|
OPENVPN_CLIENT_EXPORT std::string OpenVPNClient::stats_name(int index)
|
2012-02-13 00:09:28 +01:00
|
|
|
{
|
|
|
|
return MySessionStats::combined_name(index);
|
|
|
|
}
|
|
|
|
|
2012-03-24 21:22:24 +01:00
|
|
|
OPENVPN_CLIENT_EXPORT long long OpenVPNClient::stats_value(int index) const
|
2012-02-11 15:02:51 +01:00
|
|
|
{
|
|
|
|
MySessionStats::Ptr stats = state->stats;
|
|
|
|
if (stats)
|
2012-02-13 00:09:28 +01:00
|
|
|
return stats->combined_value(index);
|
|
|
|
else
|
|
|
|
return 0;
|
2012-02-11 15:02:51 +01:00
|
|
|
}
|
|
|
|
|
2012-03-24 21:22:24 +01:00
|
|
|
OPENVPN_CLIENT_EXPORT std::vector<long long> OpenVPNClient::stats_bundle() const
|
2012-03-07 12:21:09 +01:00
|
|
|
{
|
|
|
|
std::vector<long long> sv;
|
|
|
|
MySessionStats::Ptr stats = state->stats;
|
|
|
|
const size_t n = MySessionStats::combined_n();
|
|
|
|
sv.reserve(n);
|
|
|
|
for (size_t i = 0; i < n; ++i)
|
|
|
|
sv.push_back(stats ? stats->combined_value(i) : 0);
|
|
|
|
return sv;
|
|
|
|
}
|
|
|
|
|
2012-07-01 17:37:46 +02:00
|
|
|
OPENVPN_CLIENT_EXPORT InterfaceStats OpenVPNClient::tun_stats() const
|
|
|
|
{
|
|
|
|
MySessionStats::Ptr stats = state->stats;
|
|
|
|
InterfaceStats ret;
|
|
|
|
|
|
|
|
// The reason for the apparent inversion between in/out below is
|
|
|
|
// that TUN_*_OUT stats refer to data written to tun device,
|
|
|
|
// but from the perspective of tun interface, this is incoming
|
|
|
|
// data. Vice versa for TUN_*_IN.
|
2012-07-02 22:52:58 +02:00
|
|
|
if (stats)
|
|
|
|
{
|
2012-09-06 00:03:26 +02:00
|
|
|
ret.bytesOut = stats->stat_count(SessionStats::TUN_BYTES_IN);
|
|
|
|
ret.bytesIn = stats->stat_count(SessionStats::TUN_BYTES_OUT);
|
|
|
|
ret.packetsOut = stats->stat_count(SessionStats::TUN_PACKETS_IN);
|
|
|
|
ret.packetsIn = stats->stat_count(SessionStats::TUN_PACKETS_OUT);
|
|
|
|
ret.errorsOut = stats->error_count(Error::TUN_READ_ERROR);
|
|
|
|
ret.errorsIn = stats->error_count(Error::TUN_WRITE_ERROR);
|
2012-07-02 22:52:58 +02:00
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
2012-09-06 00:03:26 +02:00
|
|
|
ret.bytesOut = 0;
|
|
|
|
ret.bytesIn = 0;
|
|
|
|
ret.packetsOut = 0;
|
|
|
|
ret.packetsIn = 0;
|
|
|
|
ret.errorsOut = 0;
|
|
|
|
ret.errorsIn = 0;
|
2012-07-02 22:52:58 +02:00
|
|
|
}
|
2012-07-01 17:37:46 +02:00
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2012-07-24 11:16:43 +02:00
|
|
|
OPENVPN_CLIENT_EXPORT TransportStats OpenVPNClient::transport_stats() const
|
|
|
|
{
|
|
|
|
MySessionStats::Ptr stats = state->stats;
|
|
|
|
TransportStats ret;
|
|
|
|
|
2012-09-06 00:03:26 +02:00
|
|
|
ret.lastPacketReceived = -1; // undefined
|
2012-07-24 11:16:43 +02:00
|
|
|
if (stats)
|
|
|
|
{
|
2012-09-06 00:03:26 +02:00
|
|
|
ret.bytesOut = stats->stat_count(SessionStats::BYTES_OUT);
|
|
|
|
ret.bytesIn = stats->stat_count(SessionStats::BYTES_IN);
|
|
|
|
ret.packetsOut = stats->stat_count(SessionStats::PACKETS_OUT);
|
|
|
|
ret.packetsIn = stats->stat_count(SessionStats::PACKETS_IN);
|
|
|
|
|
|
|
|
// calculate time since last packet received
|
|
|
|
{
|
|
|
|
const Time& lpr = stats->last_packet_received();
|
|
|
|
if (lpr.defined())
|
|
|
|
{
|
|
|
|
const Time::Duration dur = Time::now() - lpr;
|
2013-11-11 20:33:35 +01:00
|
|
|
const unsigned int delta = (unsigned int)dur.to_binary_ms();
|
2012-09-06 00:03:26 +02:00
|
|
|
if (delta <= 60*60*24*1024) // only define for time periods <= 1 day
|
|
|
|
ret.lastPacketReceived = delta;
|
|
|
|
}
|
|
|
|
}
|
2012-07-24 11:16:43 +02:00
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
2012-09-06 00:03:26 +02:00
|
|
|
ret.bytesOut = 0;
|
|
|
|
ret.bytesIn = 0;
|
|
|
|
ret.packetsOut = 0;
|
|
|
|
ret.packetsIn = 0;
|
2012-07-24 11:16:43 +02:00
|
|
|
}
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2012-03-24 21:22:24 +01:00
|
|
|
OPENVPN_CLIENT_EXPORT void OpenVPNClient::stop()
|
2012-02-11 15:02:51 +01:00
|
|
|
{
|
|
|
|
ClientConnect::Ptr session = state->session;
|
|
|
|
if (session)
|
|
|
|
session->thread_safe_stop();
|
|
|
|
}
|
|
|
|
|
2012-03-24 21:22:24 +01:00
|
|
|
OPENVPN_CLIENT_EXPORT void OpenVPNClient::pause()
|
2012-02-27 06:11:22 +01:00
|
|
|
{
|
|
|
|
ClientConnect::Ptr session = state->session;
|
|
|
|
if (session)
|
|
|
|
session->thread_safe_pause();
|
|
|
|
}
|
|
|
|
|
2012-03-24 21:22:24 +01:00
|
|
|
OPENVPN_CLIENT_EXPORT void OpenVPNClient::resume()
|
2012-02-27 06:11:22 +01:00
|
|
|
{
|
|
|
|
ClientConnect::Ptr session = state->session;
|
|
|
|
if (session)
|
|
|
|
session->thread_safe_resume();
|
|
|
|
}
|
|
|
|
|
2012-03-24 21:22:24 +01:00
|
|
|
OPENVPN_CLIENT_EXPORT void OpenVPNClient::reconnect(int seconds)
|
2012-02-27 06:11:22 +01:00
|
|
|
{
|
|
|
|
ClientConnect::Ptr session = state->session;
|
|
|
|
if (session)
|
|
|
|
session->thread_safe_reconnect(seconds);
|
|
|
|
}
|
|
|
|
|
2013-06-14 02:34:49 +02:00
|
|
|
OPENVPN_CLIENT_EXPORT std::string OpenVPNClient::crypto_self_test()
|
|
|
|
{
|
|
|
|
return SelfTest::crypto_self_test();
|
|
|
|
}
|
|
|
|
|
2012-03-24 21:22:24 +01:00
|
|
|
OPENVPN_CLIENT_EXPORT int OpenVPNClient::app_expire()
|
2012-03-10 05:55:32 +01:00
|
|
|
{
|
|
|
|
#ifdef APP_EXPIRE_TIME
|
|
|
|
return APP_EXPIRE_TIME;
|
|
|
|
#else
|
|
|
|
return 0;
|
|
|
|
#endif
|
|
|
|
}
|
|
|
|
|
2012-03-24 21:22:24 +01:00
|
|
|
OPENVPN_CLIENT_EXPORT void OpenVPNClient::check_app_expired()
|
2012-03-10 05:55:32 +01:00
|
|
|
{
|
|
|
|
#ifdef APP_EXPIRE_TIME
|
|
|
|
if (Time::now().seconds_since_epoch() >= APP_EXPIRE_TIME)
|
|
|
|
throw app_expired();
|
|
|
|
#endif
|
|
|
|
}
|
|
|
|
|
2012-04-18 00:12:27 +02:00
|
|
|
OPENVPN_CLIENT_EXPORT std::string OpenVPNClient::copyright()
|
|
|
|
{
|
|
|
|
return openvpn_copyright;
|
|
|
|
}
|
|
|
|
|
2012-03-24 21:22:24 +01:00
|
|
|
OPENVPN_CLIENT_EXPORT OpenVPNClient::~OpenVPNClient()
|
2012-02-11 15:02:51 +01:00
|
|
|
{
|
|
|
|
delete state;
|
|
|
|
}
|
2012-03-24 21:22:24 +01:00
|
|
|
|
2012-11-14 03:35:50 +01:00
|
|
|
OPENVPN_CLIENT_EXPORT LogInfo::LogInfo(const std::string& str)
|
|
|
|
: text(Unicode::utf8_printable(str, 4096 | Unicode::UTF8_PASS_FMT)) {}
|
2012-02-11 15:02:51 +01:00
|
|
|
}
|
|
|
|
}
|