Commit 654f931c authored by Jose Blaya's avatar Jose Blaya

Connect DIP regions with OVPN and IPsec

parent d24f51d6
......@@ -54,5 +54,9 @@ protocol SecureStore: class {
func removeDIPTokens()
func setPassword(_ password: String?, forDipToken dip: String)
func passwordReference(forDipToken dip: String) -> Data?
func clear(for username: String)
}
......@@ -310,9 +310,9 @@ extension Server {
return nil
}
func dipPassword() -> String? {
if let _ = dipToken, let address = bestAddressForIKEv2() {
return address.ip
func dipPassword() -> Data? {
if let dipUsername = dipToken {
return Client.database.secure.passwordReference(forDipToken: dipUsername)
}
return nil
}
......
......@@ -135,5 +135,17 @@ extension KeychainStore {
func removeDIPTokens() {
try? backend.removeDIPTokens()
}
func setPassword(_ password: String?, forDipToken dip: String) {
if let password = password {
try? backend.set(password: password, for: dip)
} else {
backend.removePassword(for: dip)
}
}
func passwordReference(forDipToken dip: String) -> Data? {
return try? backend.passwordReference(for: dip)
}
}
......@@ -167,18 +167,14 @@ public class IKEv2Profile: NetworkExtensionProfile {
var iKEv2Username = ""
var iKEv2Password: Data?
if let username = Client.providers.accountProvider.token {
iKEv2Username = username
}
if let dipUsername = configuration.server.dipUsername() { //override the username if DIP
iKEv2Username = dipUsername
}
iKEv2Password = ikev2PasswordReference()
if let dipPassword = configuration.server.dipPassword() { //override the password if DIP
iKEv2Password = dipPassword.data(using: .utf8)
iKEv2Password = Client.database.secure.passwordReference(forDipToken: dipUsername)
} else {
if let username = Client.providers.accountProvider.token {
iKEv2Username = username
}
iKEv2Password = ikev2PasswordReference()
}
let cfg = NEVPNProtocolIKEv2()
......
......@@ -249,6 +249,7 @@ class PIAWebServices: WebServices, ConfigurationAccess {
dipRegions.append(dipRegion)
Client.database.secure.setDIPToken(dipServer.dipToken)
Client.database.secure.setPassword(ip, forDipToken: dipServer.dipToken)
}
}
......
......@@ -228,29 +228,31 @@ public class PIATunnelProfile: NetworkExtensionProfile {
/// :nodoc:
public func generatedProtocol(withConfiguration configuration: VPNConfiguration) -> NEVPNProtocol {
let cfg = NETunnelProviderProtocol()
cfg.disconnectOnSleep = configuration.disconnectsOnSleep
cfg.username = configuration.server.dipUsername() != nil ? configuration.server.dipUsername() : configuration.username
cfg.passwordReference = configuration.server.dipPassword() != nil ? configuration.server.dipPassword()?.data(using: .utf8) : configuration.passwordReference
cfg.serverAddress = configuration.server.hostname
cfg.providerBundleIdentifier = bundleIdentifier
var serverAddress = ""
var customCfg = configuration.customConfiguration
if let piaCfg = customCfg as? OpenVPNTunnelProvider.Configuration {
var builder = piaCfg.builder()
if let protocols = builder.sessionConfiguration.endpointProtocols, protocols.contains(where: {$0.socketType == .tcp }) {
if let bestAddress = configuration.server.openVPNAddressesForTCP?.first?.ip {
serverAddress = bestAddress
builder.resolvedAddresses = [bestAddress]
}
} else {
if let bestAddress = configuration.server.openVPNAddressesForUDP?.first?.ip {
if let bestAddress = configuration.server.openVPNAddressesForUDP?.first?.ip {
serverAddress = bestAddress
builder.resolvedAddresses = [bestAddress]
}
}
customCfg = builder.build()
}
let cfg = NETunnelProviderProtocol()
cfg.disconnectOnSleep = configuration.disconnectsOnSleep
cfg.username = configuration.server.dipUsername() != nil ? configuration.server.dipUsername() : configuration.username
cfg.passwordReference = configuration.server.dipUsername() != nil ? configuration.server.dipPassword() : configuration.passwordReference
cfg.serverAddress = serverAddress
cfg.providerBundleIdentifier = bundleIdentifier
cfg.providerConfiguration = customCfg?.serialized()
return cfg
}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment