public IpAddresses ExtractDns()
{
IpAddresses result = new IpAddresses();
List <Directive> directives = GetDirectiveList("dhcp-option");
if (directives != null)
{
foreach (Directive d in directives)
{
string[] fields = d.Text.Split(' ');
if (fields.Length != 2)
{
continue;
}
if (fields[0] == "DNS")
{
result.Add(fields[1]);
}
if (fields[0] == "DNS6")
{
result.Add(fields[1]);
}
}
}
return(result);
}
public void Add(IpAddresses addresses)
{
foreach (IpAddress ip in addresses.IPs)
{
Add(ip);
}
}
public void Activation()
{
try
{
if (m_current != null)
{
throw new Exception(Messages.NetworkLockUnexpectedAlreadyActive);
}
NetworkLockPlugin nextCurrent = null;
string requestedMode = Engine.Instance.Storage.GetLower("netlock.mode");
if (requestedMode == "auto")
{
requestedMode = Platform.Instance.OnNetworkLockRecommendedMode();
}
if (requestedMode != "none")
{
foreach (NetworkLockPlugin plugin in Modes)
{
if (plugin.GetSupport())
{
if (requestedMode == plugin.GetCode())
{
nextCurrent = plugin;
break;
}
}
}
}
if (nextCurrent == null)
{
Engine.Instance.Logs.Log(LogType.Fatal, Messages.NetworkLockNoMode);
}
else
{
string message = Messages.NetworkLockActivation + " - " + nextCurrent.GetName();
Engine.Instance.WaitMessageSet(message, false);
Engine.Instance.Logs.Log(LogType.InfoImportant, message);
// This is not useless: resolve hostnames (available later as cache) before a possible lock of DNS server.
IpAddresses ips = nextCurrent.GetAllIps(true);
nextCurrent.Activation();
m_current = nextCurrent;
}
}
catch (Exception e)
{
Engine.Instance.Logs.Log(LogType.Fatal, e);
}
Recovery.Save();
}
public IpAddresses Clone()
{
IpAddresses n = new IpAddresses();
foreach (IpAddress ip in IPs)
{
n.Add(ip.Clone());
}
return(n);
}
public void Tests()
{
IpAddresses dns = DnsManager.ResolveDNS("dnstest.eddie.website", true);
Add("Test DNS IPv4", (dns.CountIPv4 == 2) ? Messages.Ok : Messages.Failed);
Add("Test DNS IPv6", (dns.CountIPv6 == 2) ? Messages.Ok : Messages.Failed);
Add("Test Ping IPv4", Platform.Instance.Ping(dns.OnlyIPv4.First, 5000).ToString() + " ms");
Add("Test Ping IPv6", Platform.Instance.Ping(dns.OnlyIPv6.First, 5000).ToString() + " ms");
Add("Test HTTP IPv4", TestUrl("http://" + "ipv4." + Constants.Domain + "/test/"));
Add("Test HTTP IPv6", TestUrl("http://" + "ipv6." + Constants.Domain + "/test/"));
Add("Test HTTPS", TestUrl("https://" + Constants.Domain + "/test/"));
}
public void Tests()
{
IpAddresses dns = DnsManager.ResolveDNS("dnstest.eddie.website", true);
Add("Test DNS IPv4", (dns.CountIPv4 == 2) ? LanguageManager.GetText("Ok") : LanguageManager.GetText("Failed"));
Add("Test DNS IPv6", (dns.CountIPv6 == 2) ? LanguageManager.GetText("Ok") : LanguageManager.GetText("Failed"));
Add("Test Ping IPv4", TestPing(Constants.WebSiteIPv4));
Add("Test Ping IPv6", TestPing(Constants.WebSiteIPv6));
Add("Test HTTP IPv4", TestUrl("http://" + Constants.WebSiteIPv4 + "/test/"));
Add("Test HTTP IPv6", TestUrl("http://[" + Constants.WebSiteIPv6 + "]/test/"));
Add("Test HTTPS", TestUrl("https://" + Constants.Domain + "/test/"));
}
public override bool Equals(object obj)
{
if (obj == null)
{
return(false);
}
if (obj is IpAddresses == false)
{
return(false);
}
IpAddresses two = obj as IpAddresses;
// Works because ToString sort items.
return(ToString() == two.ToString());
}
public void Tests()
{
IpAddresses dns = DnsManager.ResolveDNS("dnstest.eddie.website", true);
Add("Test DNS IPv4", (dns.CountIPv4 == 2) ? Messages.Ok : Messages.Failed);
Add("Test DNS IPv6", (dns.CountIPv6 == 2) ? Messages.Ok : Messages.Failed);
Add("Test HTTP", TestUrl("http://" + Constants.Domain + "/test/"));
Add("Test HTTPS", TestUrl("https://" + Constants.Domain + "/test/"));
/*
#if !EDDIENET20
* Add("JsonTest", Newtonsoft.Json.JsonConvert.SerializeObject(new IpAddress("8.8.8.8")));
#endif
*/
}
public override bool Equals(object obj)
{
if (obj == null)
{
return(false);
}
if (obj is IpAddresses == false)
{
return(false);
}
IpAddresses two = obj as IpAddresses;
// Note: return false if contains the same IPs but in different order // 2.19.5
return(ToString() == two.ToString());
}
public virtual IpAddresses ResolveDNS(string host)
{
IpAddresses result = new IpAddresses();
try
{
IPHostEntry entry = Dns.GetHostEntry(host);
foreach (IPAddress ip in entry.AddressList)
{
result.Add(ip.ToString());
}
}
catch (Exception)
{
}
return(result);
}
// Note: If cache is expired, but new query don't return IPs, old cache it's returned.
public static IpAddresses ResolveDNS(string host, bool nocache)
{
if (nocache)
{
return(Platform.Instance.ResolveDNS(host));
}
else
{
DnsManagerEntry entry = null;
lock (m_cache)
{
if (m_cache.ContainsKey(host))
{
entry = m_cache[host];
}
else
{
entry = new DnsManagerEntry();
}
}
Int64 now = Utils.UnixTimeStamp();
Int64 delay = now - entry.TimeStamp;
Int64 ttl = 3600;
if ((Engine.Instance != null) && (Engine.Instance.Storage != null))
{
ttl = Engine.Instance.Storage.GetInt("dns.cache.ttl");
}
if (delay >= ttl)
{
IpAddresses result = Platform.Instance.ResolveDNS(host);
if (result.Count != 0)
{
entry.Response = result;
entry.TimeStamp = now;
lock (m_cache)
{
m_cache[host] = entry;
}
}
}
return(entry.Response);
}
}
public IpAddresses ExtractGateway()
{
IpAddresses result = new IpAddresses();
if (ExistsDirective("route-gateway"))
{
string ip = GetOneDirectiveText("route-gateway");
result.Add(ip);
}
if (ExistsDirective("ifconfig-ipv6"))
{
string[] fields = GetOneDirectiveText("ifconfig-ipv6").Split(' ');
if (fields.Length == 2)
{
result.Add(fields[1]);
}
}
return(result);
}
public void Tests()
{
IpAddresses dns = DnsManager.ResolveDNS("dnstest.eddie.website", true);
Add("Test DNS IPv4", (dns.CountIPv4 == 2) ? LanguageManager.GetText("Ok") : LanguageManager.GetText("Failed"));
Add("Test DNS IPv6", (dns.CountIPv6 == 2) ? LanguageManager.GetText("Ok") : LanguageManager.GetText("Failed"));
/* Changed in 2.17.1
* Add("Test Ping IPv4", Platform.Instance.Ping(dns.OnlyIPv4.First, 5000).ToString() + " ms");
* Add("Test Ping IPv6", Platform.Instance.Ping(dns.OnlyIPv6.First, 5000).ToString() + " ms");
*
* Add("Test HTTP IPv4", TestUrl("http://" + "ipv4." + Constants.Domain + "/test/"));
* Add("Test HTTP IPv6", TestUrl("http://" + "ipv6." + Constants.Domain + "/test/"));
* Add("Test HTTPS", TestUrl("https://" + Constants.Domain + "/test/"));
*/
Add("Test Ping IPv4", Platform.Instance.Ping(new IpAddress(Constants.WebSiteIPv4), 5000).ToString() + " ms");
Add("Test Ping IPv6", Platform.Instance.Ping(new IpAddress(Constants.WebSiteIPv6), 5000).ToString() + " ms");
Add("Test HTTP IPv4", TestUrl("http://" + Constants.WebSiteIPv4 + "/test/"));
Add("Test HTTP IPv6", TestUrl("http://[" + Constants.WebSiteIPv6 + "]/test/"));
Add("Test HTTPS", TestUrl("https://" + Constants.Domain + "/test/"));
}
public IpAddresses GetIpsWhiteListIncoming()
{
IpAddresses result = new IpAddresses();
// Whitelist
{
string list = Engine.Instance.Storage.Get("netlock.whitelist.incoming.ips");
list = list.Replace("\u2028", ","); // macOS Hack // TOCLEAN
List <string> hosts = list.StringToList();
foreach (string host in hosts)
{
string host2 = host;
int posComment = host2.IndexOf("#");
if (posComment != -1)
{
host2 = host2.Substring(0, posComment).Trim();
}
result.Add(host2);
}
}
return(result);
}
public ConnectionActive BuildConnectionActive(bool preview)
{
// If preview, no physical additional files are created.
ConnectionActive connectionActive = new ConnectionActive();
Storage s = Engine.Instance.Storage;
connectionActive.OpenVpnProfileStartup = new OvpnBuilder();
OvpnBuilder ovpn = connectionActive.OpenVpnProfileStartup;
ovpn.AppendDirective("setenv", "IV_GUI_VER " + Constants.Name + Constants.VersionDesc, "Client level");
if (s.GetBool("openvpn.skip_defaults") == false)
{
ovpn.AppendDirectives(Engine.Instance.Storage.Get("openvpn.directives"), "Client level");
string directivesPath = Engine.Instance.Storage.Get("openvpn.directives.path");
if (directivesPath.Trim() != "")
{
try
{
if (Platform.Instance.FileExists(directivesPath))
{
string text = Platform.Instance.FileContentsReadText(directivesPath);
ovpn.AppendDirectives(text, "Client level");
}
else
{
Engine.Instance.Logs.Log(LogType.Warning, LanguageManager.GetText("FileNotFound", directivesPath));
}
}
catch (Exception ex)
{
Engine.Instance.Logs.Log(LogType.Warning, LanguageManager.GetText("FileErrorRead", directivesPath, ex.Message));
}
}
Provider.OnBuildOvpnDefaults(ovpn);
ovpn.AppendDirectives(OvpnDirectives, "Server level");
if (Path != "")
{
if (Platform.Instance.FileExists(Path))
{
string text = Platform.Instance.FileContentsReadText(Path);
ovpn.AppendDirectives(text, "Config file");
string dirPath = Platform.Instance.FileGetDirectoryPath(Path);
ovpn.NormalizeRelativePath(dirPath);
}
}
}
if (s.Get("openvpn.dev_node") != "")
{
ovpn.AppendDirective("dev-node", s.Get("openvpn.dev_node"), "");
}
if (s.Get("network.entry.iface") != "")
{
ovpn.AppendDirective("local", s.Get("network.entry.iface"), "");
ovpn.RemoveDirective("nobind");
}
else
{
ovpn.RemoveDirective("local");
ovpn.AppendDirective("nobind", "", "");
}
int rcvbuf = s.GetInt("openvpn.rcvbuf");
if (rcvbuf == -2)
{
rcvbuf = Platform.Instance.GetRecommendedRcvBufDirective();
}
if (rcvbuf == -2)
{
rcvbuf = -1;
}
if (rcvbuf != -1)
{
ovpn.AppendDirective("rcvbuf", rcvbuf.ToString(), "");
}
int sndbuf = s.GetInt("openvpn.sndbuf");
if (sndbuf == -2)
{
sndbuf = Platform.Instance.GetRecommendedSndBufDirective();
}
if (sndbuf == -2)
{
sndbuf = -1;
}
if (sndbuf != -1)
{
ovpn.AppendDirective("sndbuf", sndbuf.ToString(), "");
}
string proxyDirectiveName = "";
string proxyDirectiveArgs = "";
string proxyMode = s.GetLower("proxy.mode");
string proxyWhen = s.GetLower("proxy.when");
if ((proxyWhen == "none") || (proxyWhen == "web"))
{
proxyMode = "none";
}
if (proxyMode == "tor")
{
proxyDirectiveName = "socks-proxy";
}
else if (proxyMode == "http")
{
proxyDirectiveName = "http-proxy";
}
else if (proxyMode == "socks")
{
proxyDirectiveName = "socks-proxy";
}
if (proxyDirectiveName != "")
{
proxyDirectiveArgs += s.Get("proxy.host") + " " + s.Get("proxy.port");
if ((s.GetLower("proxy.mode") != "none") && (s.GetLower("proxy.mode") != "tor"))
{
if (s.Get("proxy.auth") != "None")
{
string fileNameAuthOvpn = "";
if (preview)
{
fileNameAuthOvpn = "dummy.ppw";
}
else
{
connectionActive.ProxyAuthFile = new TemporaryFile("ppw");
fileNameAuthOvpn = connectionActive.ProxyAuthFile.Path;
string fileNameData = s.Get("proxy.login") + "\n" + s.Get("proxy.password") + "\n";
Platform.Instance.FileContentsWriteText(connectionActive.ProxyAuthFile.Path, fileNameData, Encoding.Default); // TOFIX: Check if OpenVPN expect UTF-8
Platform.Instance.FileEnsurePermission(connectionActive.ProxyAuthFile.Path, "600");
}
proxyDirectiveArgs += " " + ovpn.EncodePath(fileNameAuthOvpn) + " " + s.Get("proxy.auth").ToLowerInvariant(); // 2.6 Auth Fix
}
}
ovpn.AppendDirective(proxyDirectiveName, proxyDirectiveArgs, "");
}
if (Constants.FeatureIPv6ControlOptions)
{
if (s.GetLower("network.ipv4.mode") == "in")
{
connectionActive.TunnelIPv4 = true;
}
else if (s.GetLower("network.ipv4.mode") == "in-out")
{
if (SupportIPv4)
{
connectionActive.TunnelIPv4 = true;
}
else
{
connectionActive.TunnelIPv4 = false;
}
}
else if (s.GetLower("network.ipv4.mode") == "in-block")
{
if (SupportIPv4)
{
connectionActive.TunnelIPv4 = true;
}
else
{
connectionActive.TunnelIPv4 = false; // Out, but doesn't matter, will be blocked.
}
}
else if (s.GetLower("network.ipv4.mode") == "out")
{
connectionActive.TunnelIPv4 = false;
}
else if (s.GetLower("network.ipv4.mode") == "block")
{
connectionActive.TunnelIPv4 = false; // Out, but doesn't matter, will be blocked.
}
if (Engine.Instance.GetNetworkIPv6Mode() == "in")
{
connectionActive.TunnelIPv6 = true;
}
else if (Engine.Instance.GetNetworkIPv6Mode() == "in-out")
{
if (SupportIPv6)
{
connectionActive.TunnelIPv6 = true;
}
else
{
connectionActive.TunnelIPv6 = false;
}
}
else if (Engine.Instance.GetNetworkIPv6Mode() == "in-block")
{
if (SupportIPv6)
{
connectionActive.TunnelIPv6 = true;
}
else
{
connectionActive.TunnelIPv6 = false;
}
}
else if (Engine.Instance.GetNetworkIPv6Mode() == "out")
{
connectionActive.TunnelIPv6 = false;
}
else if (Engine.Instance.GetNetworkIPv6Mode() == "block")
{
connectionActive.TunnelIPv6 = false;
}
if (Software.GetTool("openvpn").VersionAboveOrEqual("2.4"))
{
ovpn.RemoveDirective("redirect-gateway"); // Remove if exists
ovpn.AppendDirective("pull-filter", "ignore \"redirect-gateway\"", "Forced at client side");
if (connectionActive.TunnelIPv6 == false)
{
ovpn.AppendDirective("pull-filter", "ignore \"dhcp-option DNS6\"", "Client side");
ovpn.AppendDirective("pull-filter", "ignore \"tun-ipv6\"", "Client side");
ovpn.AppendDirective("pull-filter", "ignore \"ifconfig-ipv6\"", "Client side");
}
if ((connectionActive.TunnelIPv4 == false) && (connectionActive.TunnelIPv6 == false))
{
// no redirect-gateway
}
else if ((connectionActive.TunnelIPv4 == true) && (connectionActive.TunnelIPv6 == false))
{
ovpn.AppendDirective("redirect-gateway", "def1 bypass-dhcp", "");
}
else if ((connectionActive.TunnelIPv4 == false) && (connectionActive.TunnelIPv6 == true))
{
ovpn.AppendDirective("redirect-gateway", "ipv6 !ipv4 def1 bypass-dhcp", "");
}
else
{
ovpn.AppendDirective("redirect-gateway", "ipv6 def1 bypass-dhcp", "");
}
}
else
{
// OpenVPN <2.4, IPv6 not supported, IPv4 required.
connectionActive.TunnelIPv4 = true;
connectionActive.TunnelIPv6 = false;
if (connectionActive.TunnelIPv4)
{
ovpn.AppendDirective("redirect-gateway", "def1 bypass-dhcp", "");
}
else
{
ovpn.AppendDirective("route-nopull", "", "For Routes Out");
// 2.9, this is used by Linux resolv-conf DNS method. Need because route-nopull also filter pushed dhcp-option.
// Incorrect with other provider, but the right-approach (pull-filter based) require OpenVPN <2.4.
ovpn.AppendDirective("dhcp-option", "DNS " + Constants.DnsVpn, "");
}
}
}
else
{
string routesDefault = s.Get("routes.default");
connectionActive.TunnelIPv4 = (routesDefault == "in");
connectionActive.TunnelIPv6 = (routesDefault == "in");
if (routesDefault == "out")
{
if (Software.GetTool("openvpn").VersionAboveOrEqual("2.4"))
{
ovpn.RemoveDirective("redirect-gateway"); // Remove if exists
ovpn.AppendDirective("pull-filter", "ignore \"redirect-gateway\"", "For Routes Out");
}
else // Compatibility <2.4
{
ovpn.AppendDirective("route-nopull", "", "For Routes Out");
// For DNS
// < 2.9. route directive useless, and DNS are forced manually in every supported platform. // TOCLEAN
/*
* ovpn += "dhcp-option DNS " + Constants.DnsVpn + "\n"; // Manually because route-nopull skip it
* ovpn += "route 10.4.0.1 255.255.255.255 vpn_gateway # AirDNS\n";
* ovpn += "route 10.5.0.1 255.255.255.255 vpn_gateway # AirDNS\n";
* ovpn += "route 10.6.0.1 255.255.255.255 vpn_gateway # AirDNS\n";
* ovpn += "route 10.7.0.1 255.255.255.255 vpn_gateway # AirDNS\n";
* ovpn += "route 10.8.0.1 255.255.255.255 vpn_gateway # AirDNS\n";
* ovpn += "route 10.9.0.1 255.255.255.255 vpn_gateway # AirDNS\n";
* ovpn += "route 10.30.0.1 255.255.255.255 vpn_gateway # AirDNS\n";
* ovpn += "route 10.50.0.1 255.255.255.255 vpn_gateway # AirDNS\n";
*/
// 2.9, this is used by Linux resolv-conf DNS method. Need because route-nopull also filter pushed dhcp-option.
// Incorrect with other provider, but the right-approach (pull-filter based) require OpenVPN <2.4.
ovpn.AppendDirective("dhcp-option", "DNS " + Constants.DnsVpn, "");
}
}
}
// For Checking
foreach (IpAddress ip in IpsExit.IPs)
{
connectionActive.AddRoute(ip, "vpn_gateway", "For Checking Route");
}
string routes = s.Get("routes.custom");
string[] routes2 = routes.Split(';');
foreach (string route in routes2)
{
string[] routeEntries = route.Split(',');
if (routeEntries.Length != 3)
{
continue;
}
string ipCustomRoute = routeEntries[0];
IpAddresses ipsCustomRoute = new IpAddresses(ipCustomRoute);
if (ipsCustomRoute.Count == 0)
{
Engine.Instance.Logs.Log(LogType.Verbose, LanguageManager.GetText("CustomRouteInvalid", ipCustomRoute.ToString()));
}
else
{
string action = routeEntries[1];
string notes = routeEntries[2];
foreach (IpAddress ip in ipsCustomRoute.IPs)
{
bool layerIn = false;
if (ip.IsV4)
{
layerIn = connectionActive.TunnelIPv4;
}
else if (ip.IsV6)
{
layerIn = connectionActive.TunnelIPv6;
}
string gateway = "";
if ((layerIn == false) && (action == "in"))
{
gateway = "vpn_gateway";
}
if ((layerIn == true) && (action == "out"))
{
gateway = "net_gateway";
}
if (gateway != "")
{
connectionActive.AddRoute(ip, gateway, (notes != "") ? notes.Safe() : ipCustomRoute);
}
}
}
}
if (proxyMode == "tor")
{
if (preview == false)
{
TorControl.SendNEWNYM();
}
IpAddresses torNodeIps = TorControl.GetGuardIps((preview == false));
foreach (IpAddress torNodeIp in torNodeIps.IPs)
{
if (((connectionActive.TunnelIPv4) && (torNodeIp.IsV4)) ||
((connectionActive.TunnelIPv6) && (torNodeIp.IsV6)))
{
connectionActive.AddRoute(torNodeIp, "net_gateway", "Tor Guard");
}
}
}
{
string managementPasswordFile = "dummy.ppw";
if (preview == false)
{
connectionActive.ManagementPassword = RandomGenerator.GetHash();
connectionActive.ManagementPasswordFile = new TemporaryFile("ppw");
managementPasswordFile = connectionActive.ManagementPasswordFile.Path;
Platform.Instance.FileContentsWriteText(managementPasswordFile, connectionActive.ManagementPassword, Encoding.ASCII); // UTF8 not recognized by OpenVPN
Platform.Instance.FileEnsurePermission(managementPasswordFile, "600");
}
ovpn.AppendDirective("management", "127.0.0.1 " + Engine.Instance.Storage.Get("openvpn.management_port") + " " + ovpn.EncodePath(managementPasswordFile), "");
}
// Experimental - Allow identification as Public Network in Windows. Advanced Option?
// ovpn.Append("route-metric 512");
// ovpn.Append("route 0.0.0.0 0.0.0.0");
Provider.OnBuildConnectionActive(this, connectionActive);
Provider.OnBuildConnectionActiveAuth(connectionActive);
Platform.Instance.OnBuildOvpn(ovpn);
ovpn.AppendDirectives(Engine.Instance.Storage.Get("openvpn.custom"), "Custom level");
foreach (ConnectionActiveRoute route in connectionActive.Routes)
{
if ((route.Address.IsV6) || (Constants.FeatureAlwaysBypassOpenvpnRoute))
{
}
else
{
// We never find a better method to manage IPv6 route via OpenVPN, at least <2.4.4
ovpn.AppendDirective("route", route.Address.ToOpenVPN() + " " + route.Gateway, route.Notes.Safe());
}
}
ovpn.Normalize();
return(connectionActive);
}
public virtual bool OnDnsSwitchDo(ConnectionActive connectionActive, IpAddresses dns)
{
return(true);
}
public static IpAddresses GetGuardIps()
{
IpAddresses ips = new IpAddresses();
try
{
string controlHost = Engine.Instance.Storage.Get("proxy.host").ToLowerInvariant().Trim();
if ((controlHost != "127.0.0.1") && (controlHost.ToLowerInvariant() != "localhost"))
{
// Guard IPS are used to avoid routing loop, that occur only if the Tor host is the same machine when OpenVPN run.
return(ips);
}
TcpClient s = Connect();
Write(s, "getinfo circuit-status\n");
Flush(s);
string circuits = Read(s);
string[] circuitsLines = circuits.Split('\n');
foreach (string circuit in circuitsLines)
{
string[] circuitItems = circuit.Split(' ');
if (circuitItems.Length < 3)
{
continue;
}
if (circuitItems[1] != "BUILT")
{
continue;
}
string id = circuitItems[2];
id = id.Substring(1, id.IndexOf('~') - 1);
Write(s, "getinfo ns/id/" + id + "\n");
string nodeInfo = Read(s);
string[] nodeLines = nodeInfo.Split('\n');
foreach (string line in nodeLines)
{
string[] lineItems = line.Split(' ');
if (lineItems.Length < 7)
{
continue;
}
if (lineItems[0] != "r")
{
continue;
}
string ip = lineItems[6];
if (ips.Contains(ip) == false)
{
Engine.Instance.Logs.Log(LogType.Verbose, MessagesFormatter.Format(Messages.TorControlGuardIp, ip, id));
ips.Add(ip);
}
}
}
s.Close();
if (ips.Count == 0)
{
Engine.Instance.Logs.Log(LogType.Warning, Messages.TorControlNoIps);
//throw new Exception(Messages.TorControlNoIps);
}
}
catch (Exception e)
{
//throw new Exception(MessagesFormatter.Format(Messages.TorControlException, e.Message));
Engine.Instance.Logs.Log(LogType.Warning, MessagesFormatter.Format(Messages.TorControlException, e.Message));
}
return(ips);
}
public Json Compute(ConnectionActive connectionActive)
{
Json jRoute = new Json();
jRoute["address"].Value = Address.ToCIDR();
if (Gateway == "vpn_gateway")
{
jRoute["interface"].Value = connectionActive.Interface.Id;
IpAddresses vpnGateways = connectionActive.OpenVpnProfileWithPush.ExtractGateway();
if (Address.IsV4)
{
if (vpnGateways.OnlyIPv4.Count == 0)
{
Engine.Instance.Logs.LogWarning("Unable to compute route for " + Address.ToCIDR() + ": IPv4 VPN gateway not available.");
return(null);
}
else
{
jRoute["gateway"].Value = vpnGateways.OnlyIPv4.First.Address;
}
}
else if (Address.IsV6)
{
if (vpnGateways.OnlyIPv6.Count == 0)
{
Engine.Instance.Logs.LogVerbose("Unable to compute route for " + Address.ToCIDR() + ": IPv6 VPN gateway not available.");
return(null);
}
else
{
jRoute["gateway"].Value = vpnGateways.OnlyIPv6.First.Address;
}
}
else
{
return(null);
}
}
else if (Gateway == "net_gateway")
{
if (Address.IsV4)
{
IpAddress netGateway = Engine.Instance.GetDefaultGatewayIPv4();
if (netGateway == null)
{
Engine.Instance.Logs.LogWarning("Unable to compute route for " + Address.ToCIDR() + ": IPv4 Net gateway not available.");
return(null);
}
else
{
jRoute["gateway"].Value = netGateway.Address;
jRoute["interface"].Value = Engine.Instance.GetDefaultInterfaceIPv4();
}
}
else if (Address.IsV6)
{
IpAddress netGateway = Engine.Instance.GetDefaultGatewayIPv6();
if (netGateway == null)
{
Engine.Instance.Logs.LogVerbose("Unable to compute route for " + Address.ToCIDR() + ": IPv6 Net gateway not available.");
return(null);
}
else
{
jRoute["gateway"].Value = netGateway.Address;
jRoute["interface"].Value = Engine.Instance.GetDefaultInterfaceIPv6();
}
}
else
{
return(null);
}
}
else
{
// ClodoTemp: Unsupported on Windows for now, we need the interface.
IpAddress ip = new IpAddress(Gateway);
if (ip.Valid == false)
{
Engine.Instance.Logs.LogWarning("Gateway " + Gateway + " invalid.");
return(null);
}
else if ((Address.IsV4) && (ip.IsV6))
{
Engine.Instance.Logs.LogWarning("Gateway " + Gateway + " is IPv6 but used for IPv4 address.");
return(null);
}
else if ((Address.IsV6) && (ip.IsV4))
{
Engine.Instance.Logs.LogWarning("Gateway " + Gateway + " is IPv4 but used for IPv6 address.");
return(null);
}
else
{
jRoute["gateway"].Value = ip.Address;
}
}
return(jRoute);
}
public OvpnBuilder BuildOVPN(bool preview)
{
// If preview, no physical additional files are created.
Storage s = Engine.Instance.Storage;
OvpnBuilder ovpn = new OvpnBuilder();
if (s.GetBool("openvpn.skip_defaults") == false)
{
ovpn.AppendDirectives(Engine.Instance.Storage.Get("openvpn.directives"), "Client level");
string directivesPath = Engine.Instance.Storage.Get("openvpn.directives.path");
if (directivesPath.Trim() != "")
{
try
{
if (Platform.Instance.FileExists(directivesPath))
{
string text = Platform.Instance.FileContentsReadText(directivesPath);
ovpn.AppendDirectives(text, "Client level");
}
else
{
Engine.Instance.Logs.Log(LogType.Warning, MessagesFormatter.Format(Messages.FileNotFound, directivesPath));
}
}
catch (Exception ex)
{
Engine.Instance.Logs.Log(LogType.Warning, MessagesFormatter.Format(Messages.FileErrorRead, directivesPath, ex.Message));
}
}
Provider.OnBuildOvpnDefaults(ovpn);
ovpn.AppendDirectives(OvpnDirectives, "Server level");
if (Path != "")
{
if (Platform.Instance.FileExists(Path))
{
string text = Platform.Instance.FileContentsReadText(Path);
ovpn.AppendDirectives(text, "Config file");
string dirPath = Platform.Instance.FileGetDirectoryPath(Path);
ovpn.NormalizeRelativePath(dirPath);
}
}
}
if (s.Get("openvpn.dev_node") != "")
{
ovpn.AppendDirective("dev-node", s.Get("openvpn.dev_node"), "");
}
int rcvbuf = s.GetInt("openvpn.rcvbuf");
if (rcvbuf == -2)
{
rcvbuf = Platform.Instance.GetRecommendedRcvBufDirective();
}
if (rcvbuf == -2)
{
rcvbuf = -1;
}
if (rcvbuf != -1)
{
ovpn.AppendDirective("rcvbuf", rcvbuf.ToString(), "");
}
int sndbuf = s.GetInt("openvpn.sndbuf");
if (sndbuf == -2)
{
sndbuf = Platform.Instance.GetRecommendedSndBufDirective();
}
if (sndbuf == -2)
{
sndbuf = -1;
}
if (sndbuf != -1)
{
ovpn.AppendDirective("sndbuf", sndbuf.ToString(), "");
}
string proxyDirectiveName = "";
string proxyDirectiveArgs = "";
string proxyMode = s.GetLower("proxy.mode");
string proxyWhen = s.GetLower("proxy.when");
if ((proxyWhen == "none") || (proxyWhen == "web"))
{
proxyMode = "none";
}
if (proxyMode == "tor")
{
proxyDirectiveName = "socks-proxy";
}
else if (proxyMode == "http")
{
proxyDirectiveName = "http-proxy";
}
else if (proxyMode == "socks")
{
proxyDirectiveName = "socks-proxy";
}
if (proxyDirectiveName != "")
{
proxyDirectiveArgs += s.Get("proxy.host") + " " + s.Get("proxy.port");
if ((s.GetLower("proxy.mode") != "none") && (s.GetLower("proxy.mode") != "tor"))
{
if (s.Get("proxy.auth") != "None")
{
string fileNameAuthOvpn = "";
if (preview)
{
fileNameAuthOvpn = "dummy.ppw";
}
else
{
ovpn.FileProxyAuth = new TemporaryFile("ppw");
fileNameAuthOvpn = ovpn.FileProxyAuth.Path.Replace("\\", "\\\\"); // 2.6, Escaping for Windows
string fileNameData = s.Get("proxy.login") + "\n" + s.Get("proxy.password") + "\n";
Platform.Instance.FileContentsWriteText(ovpn.FileProxyAuth.Path, fileNameData);
Platform.Instance.FileEnsurePermission(ovpn.FileProxyAuth.Path, "600");
}
proxyDirectiveArgs += " \"" + fileNameAuthOvpn + "\" " + s.Get("proxy.auth").ToLowerInvariant(); // 2.6 Auth Fix
}
}
ovpn.AppendDirective(proxyDirectiveName, proxyDirectiveArgs, "");
}
if (Lib.Common.Constants.AlphaFeatures)
{
if (Software.GetTool("openvpn").VersionAboveOrEqual("2.4"))
{
// IP Layer routes
ovpn.AppendDirective("pull-filter", "ignore \"redirect-gateway\"", "Forced at client side");
bool ipv4In = true;
bool ipv6In = true;
if (s.GetLower("protocol.ipv4.route") == "in-always")
{
ipv4In = true;
}
else if (s.GetLower("protocol.ipv4.route") == "in-out")
{
if (SupportIPv4)
{
ipv4In = true;
}
else
{
ipv4In = false;
}
}
else if (s.GetLower("protocol.ipv4.route") == "in-block")
{
if (SupportIPv4)
{
ipv4In = true;
}
else
{
ipv4In = false; // Out, but doesn't matter, will be blocked.
}
}
else if (s.GetLower("protocol.ipv4.route") == "out")
{
ipv4In = false;
}
else if (s.GetLower("protocol.ipv4.route") == "block")
{
ipv4In = false; // Out, but doesn't matter, will be blocked.
}
if (s.GetLower("protocol.ipv6.route") == "in-always")
{
ipv6In = true;
}
else if (s.GetLower("protocol.ipv6.route") == "in-out")
{
if (SupportIPv4)
{
ipv6In = true;
}
else
{
ipv6In = false;
}
}
else if (s.GetLower("protocol.ipv6.route") == "in-block")
{
if (SupportIPv6)
{
ipv6In = true;
}
else
{
ipv6In = false; // Out, but doesn't matter, will be blocked.
}
}
else if (s.GetLower("protocol.ipv6.route") == "out")
{
ipv6In = false;
}
else if (s.GetLower("protocol.ipv6.route") == "block")
{
ipv6In = false; // Out, but doesn't matter, will be blocked.
}
if ((ipv4In == false) && (ipv6In == false))
{
// no redirect-gateway
}
else if ((ipv4In == true) && (ipv6In == false))
{
ovpn.AppendDirective("redirect-gateway", "def1 bypass-dhcp", "");
}
else if ((ipv4In == false) && (ipv6In == true))
{
ovpn.AppendDirective("redirect-gateway", "ipv6 !ipv4 def1 bypass-dhcp", "");
}
else
{
ovpn.AppendDirective("redirect-gateway", "ipv6 def1 bypass-dhcp", "");
}
}
else
{
// ClodoTemp: If <2.4 ? Ipv6 are anyway non managed well.
}
}
else
{
}
string routesDefault = s.Get("routes.default");
if (routesDefault == "out")
{
if (Software.GetTool("openvpn").VersionAboveOrEqual("2.4"))
{
ovpn.RemoveDirective("redirect-gateway"); // Remove if exists
ovpn.AppendDirective("pull-filter", "ignore \"redirect-gateway\"", "For Routes Out");
}
else // Compatibility <2.4
{
ovpn.AppendDirective("route-nopull", "", "For Routes Out");
// For DNS
// < 2.9. route directive useless, and DNS are forced manually in every supported platform. // TOCLEAN
/*
* ovpn += "dhcp-option DNS " + Constants.DnsVpn + "\n"; // Manually because route-nopull skip it
* ovpn += "route 10.4.0.1 255.255.255.255 vpn_gateway # AirDNS\n";
* ovpn += "route 10.5.0.1 255.255.255.255 vpn_gateway # AirDNS\n";
* ovpn += "route 10.6.0.1 255.255.255.255 vpn_gateway # AirDNS\n";
* ovpn += "route 10.7.0.1 255.255.255.255 vpn_gateway # AirDNS\n";
* ovpn += "route 10.8.0.1 255.255.255.255 vpn_gateway # AirDNS\n";
* ovpn += "route 10.9.0.1 255.255.255.255 vpn_gateway # AirDNS\n";
* ovpn += "route 10.30.0.1 255.255.255.255 vpn_gateway # AirDNS\n";
* ovpn += "route 10.50.0.1 255.255.255.255 vpn_gateway # AirDNS\n";
*/
// 2.9, Can be removed when resolv-conf method it's not binded anymore in up/down ovpn directive // TOFIX
ovpn.AppendDirective("dhcp-option", "DNS " + Lib.Common.Constants.DnsVpn, "");
}
// For Checking
foreach (IpAddress ip in IpsExit.IPs)
{
if (ip.IsV4) // TOFIX IPv6
{
ovpn.AppendDirective("route", ip.ToOpenVPN() + " vpn_gateway", "For Checking Route");
}
}
}
string routes = s.Get("routes.custom");
string[] routes2 = routes.Split(';');
foreach (string route in routes2)
{
string[] routeEntries = route.Split(',');
if (routeEntries.Length != 3)
{
continue;
}
string ipCustomRoute = routeEntries[0];
IpAddresses ipsCustomRoute = new IpAddresses(ipCustomRoute);
if (ipsCustomRoute.Count == 0)
{
Engine.Instance.Logs.Log(LogType.Verbose, MessagesFormatter.Format(Messages.CustomRouteInvalid, ipCustomRoute.ToString()));
}
else
{
string action = routeEntries[1];
string notes = routeEntries[2];
string gateway = "";
if ((routesDefault == "out") && (action == "in"))
{
gateway = "vpn_gateway";
}
if ((routesDefault == "in") && (action == "out"))
{
gateway = "net_gateway";
}
if (gateway != "")
{
foreach (IpAddress ip in ipsCustomRoute.IPs)
{
if (ip.IsV4)
{
ovpn.AppendDirective("route", ip.ToOpenVPN() + " " + gateway, (notes != "") ? Utils.StringSafe(notes) : ipCustomRoute);
}
// TOFIX IPv6
/*
* else if(ipCustomRoute.IsV6)
* ovpn.AppendDirective("route-ipv6", ipCustomRoute.ToOpenVPN() + " " + gateway + "_ipv6", Utils.StringSafe(notes));
*/
}
}
}
}
if (routesDefault == "in")
{
if (proxyMode == "tor")
{
IpAddresses torNodeIps = TorControl.GetGuardIps();
foreach (IpAddress torNodeIp in torNodeIps.IPs)
{
if (torNodeIp.IsV4)
{
ovpn.AppendDirective("route", torNodeIp.ToOpenVPN() + " net_gateway", "Tor Circuit");
}
// TOFIX IPv6
/*
* else if(torNodeIp.IsV6)
* ovpn.AppendDirective("route-ipv6", torNodeIp.ToOpenVPN() + " net_gateway_ipv6", "Tor Circuit");
*/
}
}
}
ovpn.AppendDirective("management", "127.0.0.1 " + Engine.Instance.Storage.Get("openvpn.management_port"), "");
ovpn.AppendDirectives(Engine.Instance.Storage.Get("openvpn.custom"), "Custom level");
// Experimental - Allow identification as Public Network in Windows. Advanced Option?
// ovpn.Append("route-metric 512");
// ovpn.Append("route 0.0.0.0 0.0.0.0");
Provider.OnBuildOvpn(this, ovpn);
Provider.OnBuildOvpnAuth(ovpn);
Platform.Instance.OnBuildOvpn(ovpn);
ovpn.Normalize();
string ovpnText = ovpn.Get();
Provider.OnBuildOvpnPost(ref ovpnText);
return(ovpn);
}
public virtual IpAddresses GetNetworkLockWhiteListOutgoingIPs()
{
IpAddresses list = new IpAddresses();
return(list);
}
public IpAddresses GetAllIps(bool includeIpUsedByClient)
{
IpAddresses result = new IpAddresses();
// Custom
{
string list = Engine.Instance.Storage.Get("netlock.allowed_ips");
list = list.Replace("\u2028", ","); // OS X Hack // TOCLEAN
List <string> hosts = Utils.StringToList(list);
foreach (string host in hosts)
{
string host2 = host;
int posComment = host2.IndexOf("#");
if (posComment != -1)
{
host2 = host2.Substring(0, posComment).Trim();
}
result.Add(host2);
}
}
// Routes Out
{
string routes = Engine.Instance.Storage.Get("routes.custom");
string[] routes2 = routes.Split(';');
foreach (string route in routes2)
{
string[] routeEntries = route.Split(',');
if (routeEntries.Length < 2)
{
continue;
}
string host = routeEntries[0];
string action = routeEntries[1];
if (action == "out")
{
result.Add(host);
}
}
}
// DNS
if (Engine.Instance.Storage.GetBool("netlock.allow_dns"))
{
result.Add(Platform.Instance.DetectDNS());
}
if (includeIpUsedByClient)
{
// Providers
foreach (Provider provider in Engine.Instance.ProvidersManager.Providers)
{
result.Add(provider.GetNetworkLockAllowedIps());
}
// Servers
lock (Engine.Instance.Connections)
{
Dictionary <string, ConnectionInfo> servers = new Dictionary <string, ConnectionInfo>(Engine.Instance.Connections);
foreach (ConnectionInfo infoServer in servers.Values)
{
result.Add(infoServer.IpsEntry);
}
}
}
return(result);
}
public virtual IpAddresses GetNetworkLockAllowedIps()
{
IpAddresses list = new IpAddresses();
return(list);
}
public virtual bool OnDnsSwitchDo(IpAddresses dns)
{
return(true);
}
public static IpAddresses GetGuardIps(bool force)
{
// This is called a lots of time.
Int64 now = Utils.UnixTimeStamp();
if ((force == false) && ((now - m_lastGuardTime < 60)))
{
return(m_lastGuardIps);
}
IpAddresses ips = new IpAddresses();
try
{
string controlHost = Engine.Instance.Storage.Get("proxy.host").ToLowerInvariant().Trim();
if ((controlHost != "127.0.0.1") && (controlHost.ToLowerInvariant() != "localhost"))
{
// Guard IPS are used to avoid routing loop, that occur only if the Tor host is the same machine when OpenVPN run.
return(ips);
}
List <string> ipsMessages = new List <string>();
using (TcpClient s = new TcpClient())
{
Connect(s);
Write(s, "getinfo circuit-status\n");
Flush(s);
string circuits = Read(s);
string[] circuitsLines = circuits.Split('\n');
foreach (string circuit in circuitsLines)
{
string id = circuit.ToLowerInvariant().RegExMatchOne("\\d+\\sbuilt\\s\\$([0-9a-f]+)");
if (id != "")
{
Write(s, "getinfo ns/id/" + id.ToUpperInvariant() + "\n");
string nodeInfo = Read(s);
string[] nodeLines = nodeInfo.Split('\n');
foreach (string line in nodeLines)
{
string ip = line.RegExMatchOne("r\\s.+?\\s.+?\\s.+?\\s.+?\\s.+?\\s(.+?)\\s");
if ((IpAddress.IsIP(ip)) && (!ips.Contains(ip)))
{
ips.Add(ip);
ipsMessages.Add(ip + " (circuit)");
}
}
}
}
Write(s, "getconf bridge\n");
Flush(s);
string bridges = Read(s);
if (bridges.IndexOf("meek") == -1) //Panic if we have meek enabled, don't yet know what to do :-(
{
string[] bridgeLines = bridges.Split('\n');
foreach (string bridge in bridgeLines)
{
List <string> matches = bridge.ToLowerInvariant().RegExMatchSingle("250.bridge=(.+?)\\s([0-9a-f\\.\\:]+?):\\d+\\s");
if ((matches != null) && (matches.Count == 2))
{
string bridgeType = matches[0];
string ip = matches[1];
if ((IpAddress.IsIP(ip)) && (!ips.Contains(ip)))
{
ips.Add(matches[1]);
ipsMessages.Add(matches[1] + " (" + bridgeType + ")");
}
}
}
}
else
{
Engine.Instance.Logs.Log(LogType.Warning, LanguageManager.GetText("TorControlMeekUnsupported"));
}
if (ips.Count == 0)
{
Engine.Instance.Logs.Log(LogType.Warning, LanguageManager.GetText("TorControlNoIps"));
//throw new Exception(Messages.TorControlNoIps);
}
else
{
string list = String.Join("; ", ipsMessages.ToArray());
Engine.Instance.Logs.Log(LogType.Verbose, LanguageManager.GetText("TorControlGuardIps", list));
}
}
}
catch (Exception e)
{
//throw new Exception(LanguageManager.GetText("TorControlException, e.Message));
Engine.Instance.Logs.Log(LogType.Warning, LanguageManager.GetText("TorControlException", e.Message));
}
m_lastGuardIps = ips;
m_lastGuardTime = now;
return(ips);
}
public virtual IpAddresses ResolveDNS(string host)
{
IpAddresses result = new IpAddresses();
try
{
IPHostEntry entry = Dns.GetHostEntry(host);
foreach (IPAddress ip in entry.AddressList)
{
result.Add(ip.ToString());
}
}
catch (Exception)
{
/*
* Fallback to nslookup.exe
* 2.14: Occur some cases (for example Check DNS on IPv6 server without IPv6 DNS (pull-ignore))
* when GetHostEntry throw "A non-recoverable error occurred during a database lookup" WSANO_RECOVERY
* but at the same time nslookup.exe give the correct answer without any error.
* 2.14: For the moment is useless this fallback, because the CheckDNS still works (probably parallel DNS)
* Search WSANO_RECOVERY in session.cs for more notes.
*/
/*
* if( (e is System.Net.Sockets.SocketException) && ((e as System.Net.Sockets.SocketException).ErrorCode == 11003)) // WSANO_RECOVERY
* {
* try
* {
* SystemShell s = new SystemShell();
* s.Path = LocateExecutable("nslookup.exe");
* s.Arguments.Add(SystemShell.EscapeHost(host));
* s.NoDebugLogTemp = true;
* s.Run();
*
* if (s.StdOut.StartsWith("DNS request timed out") == false)
* {
* int posAnswer = s.StdOut.IndexOf("\r\n\r\n");
* if (posAnswer != -1)
* {
* // Cleanup. Cannot find a better alternative: when WSANO_RECOVERY occur
* // Dns.GetHostEntry fail, also C getaddrinfo fail, only nslookup.exe works.
* string d = s.StdOut.Substring(posAnswer + host.Length);
* d = d.Replace("Name:", "");
* d = d.Replace("Aliases:", "");
* d = d.Replace("Address:", "");
* d = d.Replace("Addresses:", "");
* d = d.Replace("\t", " ");
* d = d.Replace("\r", " ");
* d = d.Replace("\n", " ");
* d = UtilsString.StringCleanSpace(d);
* foreach (string ip in d.Split(' '))
* {
* if (IpAddress.IsIP(ip))
* result.Add(ip);
* }
* }
* }
* }
* catch (Exception)
* {
*
* }
* }
*/
}
return(result);
}