2017-04-21 23:41:08 +08:00
|
|
|
//
|
|
|
|
|
// OpenVPNConfiguration.h
|
|
|
|
|
// OpenVPN Adapter
|
|
|
|
|
//
|
|
|
|
|
// Created by Sergey Abramchuk on 21.04.17.
|
|
|
|
|
//
|
|
|
|
|
//
|
|
|
|
|
|
|
|
|
|
#import <Foundation/Foundation.h>
|
|
|
|
|
|
2017-04-24 17:58:04 +08:00
|
|
|
/**
|
|
|
|
|
Transport protocol options
|
|
|
|
|
*/
|
2017-04-23 19:33:19 +08:00
|
|
|
typedef NS_ENUM(NSInteger, OpenVPNTransportProtocol) {
|
2017-04-24 17:58:04 +08:00
|
|
|
///
|
2017-04-23 19:33:19 +08:00
|
|
|
OpenVPNTransportProtocolUDP,
|
2017-04-24 17:58:04 +08:00
|
|
|
///
|
2017-04-23 19:33:19 +08:00
|
|
|
OpenVPNTransportProtocolTCP,
|
2017-04-24 17:58:04 +08:00
|
|
|
///
|
2017-04-23 19:33:19 +08:00
|
|
|
OpenVPNTransportProtocolAdaptive,
|
2017-04-24 17:58:04 +08:00
|
|
|
/// Use a transport protocol specified in the profile
|
2017-04-23 19:33:19 +08:00
|
|
|
OpenVPNTransportProtocolDefault
|
|
|
|
|
};
|
|
|
|
|
|
2017-04-23 18:35:34 +08:00
|
|
|
/**
|
|
|
|
|
IPv6 preference options
|
|
|
|
|
*/
|
2017-04-23 19:33:19 +08:00
|
|
|
typedef NS_ENUM(NSInteger, OpenVPNIPv6Preference) {
|
2017-04-23 18:54:54 +08:00
|
|
|
/// Request combined IPv4/IPv6 tunnel
|
2017-04-23 19:33:19 +08:00
|
|
|
OpenVPNIPv6PreferenceEnabled,
|
2017-04-23 18:54:54 +08:00
|
|
|
/// Disable IPv6, so tunnel will be IPv4-only
|
2017-04-23 19:33:19 +08:00
|
|
|
OpenVPNIPv6PreferenceDisabled,
|
2017-04-23 18:54:54 +08:00
|
|
|
/// Leave decision to server
|
2017-04-23 19:33:19 +08:00
|
|
|
OpenVPNIPv6PreferenceDefault
|
2017-04-23 18:35:34 +08:00
|
|
|
};
|
|
|
|
|
|
2017-04-24 17:58:04 +08:00
|
|
|
/**
|
|
|
|
|
Compression mode options
|
|
|
|
|
*/
|
|
|
|
|
typedef NS_ENUM(NSInteger, OpenVPNCompressionMode) {
|
|
|
|
|
/// Allow compression on both uplink and downlink
|
|
|
|
|
OpenVPNCompressionModeEnabled,
|
|
|
|
|
/// Support compression stubs only
|
|
|
|
|
OpenVPNCompressionModeDisabled,
|
|
|
|
|
/// Allow compression on downlink only (i.e. server -> client)
|
|
|
|
|
OpenVPNCompressionModeAsym,
|
|
|
|
|
/// Default behavior (support compression stubs only)
|
|
|
|
|
OpenVPNCompressionModeDefault
|
|
|
|
|
};
|
|
|
|
|
|
2017-04-24 18:34:50 +08:00
|
|
|
/**
|
|
|
|
|
Minimum TLS version options
|
|
|
|
|
*/
|
|
|
|
|
typedef NS_ENUM(NSInteger, OpenVPNMinTLSVersion) {
|
|
|
|
|
/// Don't specify a minimum, and disable any minimum specified in profile
|
|
|
|
|
OpenVPNMinTLSVersionDisabled,
|
|
|
|
|
/// Use TLS 1.0 minimum (overrides profile)
|
|
|
|
|
OpenVPNMinTLSVersion10,
|
|
|
|
|
/// Use TLS 1.1 minimum (overrides profile)
|
|
|
|
|
OpenVPNMinTLSVersion11,
|
|
|
|
|
/// Use TLS 1.2 minimum (overrides profile)
|
|
|
|
|
OpenVPNMinTLSVersion12,
|
|
|
|
|
/// Use profile minimum
|
|
|
|
|
OpenVPNMinTLSVersionDefault
|
|
|
|
|
};
|
|
|
|
|
|
2017-04-24 20:56:35 +08:00
|
|
|
/**
|
|
|
|
|
Options of the tls-cert-profile setting
|
|
|
|
|
*/
|
2017-04-24 19:44:54 +08:00
|
|
|
typedef NS_ENUM(NSInteger, OpenVPNTLSCertProfile) {
|
|
|
|
|
/// Allow 1024-bit RSA certs signed with SHA1
|
|
|
|
|
OpenVPNTLSCertProfileLegacy,
|
|
|
|
|
/// Require at least 2048-bit RSA certs signed with SHA256 or higher
|
|
|
|
|
OpenVPNTLSCertProfilePreferred,
|
|
|
|
|
/// Require NSA Suite-B
|
|
|
|
|
OpenVPNTLSCertProfileSuiteB,
|
|
|
|
|
/// Use legacy as the default if profile doesn't specify tls-cert-profile
|
|
|
|
|
OpenVPNTLSCertProfileLegacyDefault,
|
|
|
|
|
/// Use preferred as the default if profile doesn't specify tls-cert-profile
|
|
|
|
|
OpenVPNTLSCertProfilePreferredDefault,
|
|
|
|
|
/// Use profile default
|
|
|
|
|
OpenVPNTLSCertProfileDefault
|
|
|
|
|
};
|
|
|
|
|
|
2017-04-21 23:41:08 +08:00
|
|
|
@interface OpenVPNConfiguration : NSObject
|
|
|
|
|
|
2017-04-23 01:19:28 +08:00
|
|
|
/**
|
|
|
|
|
OpenVPN profile as a NSData
|
|
|
|
|
*/
|
2017-04-22 00:28:09 +08:00
|
|
|
@property (nullable, nonatomic) NSData *fileContent;
|
|
|
|
|
|
2017-04-23 01:19:28 +08:00
|
|
|
/**
|
|
|
|
|
OpenVPN profile as series of key/value pairs (may be provided exclusively
|
|
|
|
|
or in addition to file content).
|
|
|
|
|
*/
|
|
|
|
|
@property (nullable, nonatomic) NSDictionary<NSString *, NSString *> *settings;
|
|
|
|
|
|
2017-04-23 03:45:16 +08:00
|
|
|
/**
|
|
|
|
|
Set to identity OpenVPN GUI version.
|
|
|
|
|
Format should be "<gui_identifier><space><version>"
|
|
|
|
|
Passed to server as IV_GUI_VER.
|
|
|
|
|
*/
|
|
|
|
|
@property (nullable, nonatomic) NSString *guiVersion;
|
2017-04-23 01:19:28 +08:00
|
|
|
|
2017-04-23 18:07:08 +08:00
|
|
|
/**
|
|
|
|
|
Use a different server than that specified in "remote"
|
|
|
|
|
option of profile
|
|
|
|
|
*/
|
2017-04-23 19:33:19 +08:00
|
|
|
@property (nullable, nonatomic) NSString *server;
|
2017-04-23 18:07:08 +08:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
Force a given transport protocol
|
|
|
|
|
*/
|
2017-04-23 19:33:19 +08:00
|
|
|
@property (nonatomic) OpenVPNTransportProtocol proto;
|
2017-04-23 18:07:08 +08:00
|
|
|
|
2017-04-23 18:35:34 +08:00
|
|
|
/**
|
|
|
|
|
IPv6 preference
|
|
|
|
|
*/
|
2017-04-23 19:33:19 +08:00
|
|
|
@property (nonatomic) OpenVPNIPv6Preference ipv6;
|
2017-04-23 18:35:34 +08:00
|
|
|
|
2017-04-23 18:54:54 +08:00
|
|
|
/**
|
|
|
|
|
Connection timeout in seconds, or 0 to retry indefinitely
|
|
|
|
|
*/
|
|
|
|
|
@property (nonatomic) NSInteger connectionTimeout;
|
|
|
|
|
|
2017-04-23 19:02:55 +08:00
|
|
|
/**
|
|
|
|
|
Keep tun interface active during pauses or reconnections
|
|
|
|
|
*/
|
|
|
|
|
@property (nonatomic) BOOL tunPersist;
|
|
|
|
|
|
2017-04-23 19:10:40 +08:00
|
|
|
/**
|
|
|
|
|
If true and a redirect-gateway profile doesn't also define
|
|
|
|
|
DNS servers, use the standard Google DNS servers.
|
|
|
|
|
*/
|
|
|
|
|
@property (nonatomic) BOOL googleDNSFallback;
|
|
|
|
|
|
2017-04-23 19:33:19 +08:00
|
|
|
/**
|
|
|
|
|
Enable autologin sessions
|
|
|
|
|
*/
|
|
|
|
|
@property (nonatomic) BOOL autologinSessions;
|
|
|
|
|
|
2017-04-24 17:58:04 +08:00
|
|
|
/**
|
|
|
|
|
If YES, don't send client cert/key to peer
|
|
|
|
|
*/
|
|
|
|
|
@property (nonatomic) BOOL disableClientCert;
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
SSL library debug level
|
|
|
|
|
*/
|
|
|
|
|
@property (nonatomic) NSInteger sslDebugLevel;
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
Compression mode
|
|
|
|
|
*/
|
|
|
|
|
@property (nonatomic) OpenVPNCompressionMode compressionMode;
|
|
|
|
|
|
2017-04-24 18:11:25 +08:00
|
|
|
/**
|
|
|
|
|
Private key password
|
|
|
|
|
*/
|
|
|
|
|
@property (nullable, nonatomic) NSString *privateKeyPassword;
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
Default key direction parameter for tls-auth (0, 1,
|
|
|
|
|
or -1 (bidirectional -- default)) if no key-direction
|
|
|
|
|
parameter defined in profile
|
|
|
|
|
*/
|
|
|
|
|
@property (nonatomic) NSInteger keyDirection;
|
|
|
|
|
|
2017-04-24 18:34:50 +08:00
|
|
|
/**
|
|
|
|
|
If YES, force ciphersuite to be one of:
|
|
|
|
|
1. TLS_DHE_RSA_WITH_AES_256_CBC_SHA, or
|
|
|
|
|
2. TLS_DHE_RSA_WITH_AES_128_CBC_SHA
|
|
|
|
|
and disable setting TLS minimum version.
|
|
|
|
|
This is intended for compatibility with legacy systems.
|
|
|
|
|
*/
|
|
|
|
|
@property (nonatomic) BOOL forceCiphersuitesAESCBC;
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
Override the minimum TLS version
|
|
|
|
|
*/
|
|
|
|
|
@property (nonatomic) OpenVPNMinTLSVersion minTLSVersion;
|
|
|
|
|
|
2017-04-24 19:44:54 +08:00
|
|
|
/**
|
|
|
|
|
Override or default the tls-cert-profile setting
|
|
|
|
|
*/
|
|
|
|
|
@property (nonatomic) OpenVPNTLSCertProfile tlsCertProfile;
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
Pass custom key/value pairs to OpenVPN server
|
|
|
|
|
*/
|
|
|
|
|
@property (nullable, nonatomic) NSDictionary<NSString *, NSString *> *peerInfo;
|
|
|
|
|
|
2017-04-24 21:04:25 +08:00
|
|
|
/**
|
|
|
|
|
Pass through pushed "echo" directives via "ECHO" event
|
|
|
|
|
*/
|
|
|
|
|
@property (nonatomic) BOOL echo;
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
Pass through control channel INFO notifications via "INFO" event
|
|
|
|
|
*/
|
|
|
|
|
@property (nonatomic) BOOL info;
|
|
|
|
|
|
2017-04-21 23:41:08 +08:00
|
|
|
@end
|
