/*
* Copyright (C) 2023 Relution GmbH
- * Copyright (C) 2012-2020 Tobias Brunner
+ * Copyright (C) 2012-2025 Tobias Brunner
* Copyright (C) 2012 Giuliano Grassi
* Copyright (C) 2012 Ralf Sager
*
private TextView mProfileId;
private EditText mDnsServers;
private TextInputLayoutHelper mDnsServersWrap;
+ private EditText mProxyHost;
+ private EditText mProxyPort;
+ private TextInputLayoutHelper mProxyPortWrap;
+ private EditText mProxyExclusions;
private final ActivityResultLauncher<Intent> mInstallPKCS12 = registerForActivityResult(
new ActivityResultContracts.StartActivityForResult(),
/* make the link clickable */
((TextView)findViewById(R.id.proposal_intro)).setMovementMethod(LinkMovementMethod.getInstance());
+ mProxyHost = findViewById(R.id.proxy_host);
+ mProxyPort = findViewById(R.id.proxy_port);
+ mProxyPortWrap = findViewById(R.id.proxy_port_wrap);
+ mProxyExclusions = findViewById(R.id.proxy_exclusions);
+
mProfileIdLabel = findViewById(R.id.profile_id_label);
mProfileId = findViewById(R.id.profile_id);
mProfile.getIncludedSubnets() != null || mProfile.getExcludedSubnets() != null ||
mProfile.getSelectedAppsHandling() != SelectedAppsHandling.SELECTED_APPS_DISABLE ||
mProfile.getIkeProposal() != null || mProfile.getEspProposal() != null ||
- mProfile.getDnsServers() != null || mProfile.getLocalId() != null;
+ mProfile.getDnsServers() != null || mProfile.getLocalId() != null ||
+ mProfile.getProxyHost() != null || mProfile.getProxyPort() != null ||
+ mProfile.getProxyExclusions() != null;
}
mShowAdvanced.setVisibility(!show ? View.VISIBLE : View.GONE);
mAdvancedSettings.setVisibility(show ? View.VISIBLE : View.GONE);
mDnsServersWrap.setError(getString(R.string.alert_text_no_ips));
valid = false;
}
+ if (!validateInteger(mProxyPort, 1, 65535))
+ {
+ mProxyPortWrap.setError(String.format(getString(R.string.alert_text_out_of_range), 1, 65535));
+ valid = false;
+ }
return valid;
}
mProfile.setIkeProposal(getString(mIkeProposal));
mProfile.setEspProposal(getString(mEspProposal));
mProfile.setDnsServers(getString(mDnsServers));
+ mProfile.setProxyHost(getString(mProxyHost));
+ mProfile.setProxyPort(getInteger(mProxyPort));
+ mProfile.setProxyExclusions(getString(mProxyExclusions));
}
/**
mIkeProposal.setText(mProfile.getIkeProposal());
mEspProposal.setText(mProfile.getEspProposal());
mDnsServers.setText(mProfile.getDnsServers());
+ mProxyHost.setText(mProfile.getProxyHost());
+ mProxyPort.setText(mProfile.getProxyPort() != null ? mProfile.getProxyPort().toString() : null);
+ mProxyExclusions.setText(mProfile.getProxyExclusions());
mProfileId.setText(mProfile.getUUID().toString());
flags = mProfile.getFlags();
useralias = mProfile.getUserCertificateAlias();
mIkeProposal.setEnabled(!readOnly);
mEspProposal.setEnabled(!readOnly);
mDnsServers.setEnabled(!readOnly);
+ mProxyHost.setEnabled(!readOnly);
+ mProxyPort.setEnabled(!readOnly);
+ mProxyExclusions.setEnabled(!readOnly);
mSelectVpnType.setEnabled(!readOnly);
mCertReq.setEnabled(!readOnly);
<?xml version="1.0" encoding="utf-8"?>
<!--
- Copyright (C) 2012-2019 Tobias Brunner
+ Copyright (C) 2012-2025 Tobias Brunner
Copyright (C) 2012 Giuliano Grassi
Copyright (C) 2012 Ralf Sager
</org.strongswan.android.ui.widget.TextInputLayoutHelper>
+ <TextView
+ android:layout_width="match_parent"
+ android:layout_height="wrap_content"
+ android:layout_marginStart="4dp"
+ android:layout_marginTop="10dp"
+ android:layout_marginBottom="10dp"
+ android:text="@string/profile_proxy_server_label"
+ android:textSize="20sp" />
+
+ <TextView
+ android:layout_width="match_parent"
+ android:layout_height="wrap_content"
+ android:layout_marginStart="4dp"
+ android:layout_marginTop="10dp"
+ android:layout_marginBottom="10dp"
+ android:text="@string/profile_proxy_server_intro"
+ android:textSize="12sp" />
+
+ <org.strongswan.android.ui.widget.TextInputLayoutHelper
+ android:id="@+id/proxy_host_wrap"
+ android:layout_width="match_parent"
+ android:layout_height="wrap_content"
+ android:hint="@string/profile_proxy_host_label"
+ app:helper_text="@string/profile_proxy_host_hint">
+
+ <com.google.android.material.textfield.TextInputEditText
+ android:id="@+id/proxy_host"
+ android:layout_width="match_parent"
+ android:layout_height="wrap_content"
+ android:inputType="textNoSuggestions"
+ android:singleLine="true" />
+
+ </org.strongswan.android.ui.widget.TextInputLayoutHelper>
+
+ <org.strongswan.android.ui.widget.TextInputLayoutHelper
+ android:id="@+id/proxy_port_wrap"
+ android:layout_width="match_parent"
+ android:layout_height="wrap_content"
+ android:hint="@string/profile_proxy_port_label"
+ app:helper_text="@string/profile_proxy_port_hint">
+
+ <com.google.android.material.textfield.TextInputEditText
+ android:id="@+id/proxy_port"
+ android:layout_width="match_parent"
+ android:layout_height="wrap_content"
+ android:inputType="number|textNoSuggestions"
+ android:singleLine="true" />
+
+ </org.strongswan.android.ui.widget.TextInputLayoutHelper>
+
+ <org.strongswan.android.ui.widget.TextInputLayoutHelper
+ android:id="@+id/proxy_exclusions_wrap"
+ android:layout_width="match_parent"
+ android:layout_height="wrap_content"
+ android:hint="@string/profile_proxy_exclusions_label"
+ app:helper_text="@string/profile_proxy_exclusions_hint">
+
+ <com.google.android.material.textfield.TextInputEditText
+ android:id="@+id/proxy_exclusions"
+ android:layout_width="match_parent"
+ android:layout_height="wrap_content"
+ android:inputType="textNoSuggestions"
+ android:singleLine="true" />
+
+ </org.strongswan.android.ui.widget.TextInputLayoutHelper>
+
<TextView
android:id="@+id/profile_id_label"
android:layout_width="match_parent"
<string name="profile_proposals_ike_hint">Für non-AEAD/klassische Verschlüsselungsalgorithmen wird ein Integritätsalgorithmus, eine pseudozufällige Funktion (PRF, optional, ansonsten wird eine auf dem Integritätsalgorithmus basierende verwendet) und eine Diffie-Hellman Gruppe benötigt (z.B. aes256-sha256-ecp256). Für kombinierte/AEAD Algorithmen wird der Integritätsalgorithmus weggelassen aber eine PRF wird benötigt (z.B. aes256gcm16-prfsha256-ecp256).</string>
<string name="profile_proposals_esp_label">IPsec/ESP Algorithmen</string>
<string name="profile_proposals_esp_hint">Für non-AEAD/klassische Verschlüsselungsalgorithmen wird ein Integritätsalgorithmus benötigt, eine Diffie-Hellman Gruppe ist optional (z.B. aes256-sha256 oder aes256-sha256-ecp256). Für kombinierte/AEAD Algorithmen wird der Integritätsalgorithmus weggelassen (z.B. aes256gcm16 oder aes256gcm16-ecp256). Falls eine DH Gruppe angegeben wird, kommt während dem IPsec SA Rekeying ein DH Schlüsselaustausch zur Anwendung. Beim initialen Verbindungsaufbau hat eine DH Gruppe hier keinen Einfluss, weil die Schlüssel dort von der IKE SA abgeleitet werden. Deshalb wird eine Fehlkonfiguration mit dem Server erst später während dem Rekeying zu einem Fehler führen.</string>
+ <string name="profile_proxy_server_label">HTTP Proxy-Server</string>
+ <string name="profile_proxy_server_intro">Optionaler HTTP Proxy-Server bei Verbindung zum VPN. Dies ist nur eine Empfehlung und kann von Apps ignoriert werden. Bitte beachten, dass Apps, die den Proxy verwenden, unabhängig vom Ziel alle HTTP-Ressourcen darüber abrufen, so dass Split-Tunneling-Einstellungen möglicherweise keine Auswirkungen haben. Um die Verwendung des Proxys für bestimmte Hosts zu vermeiden, kann die Ausschlussliste unten verwendet werden.</string>
+ <string name="profile_proxy_host_label">Proxy-Host</string>
+ <string name="profile_proxy_host_hint">IP-Adresse oder Hostname des HTTP Proxy-Servers, der bei Verbindung zum VPN verwendet werden soll</string>
+ <string name="profile_proxy_port_label">Proxy-Port</string>
+ <string name="profile_proxy_port_hint">Port um auf den HTTP Proxy-Server zuzugreifen, Standardwert ist 8080</string>
+ <string name="profile_proxy_exclusions_label">Proxy-Ausschlussliste</string>
+ <string name="profile_proxy_exclusions_hint">Optionale Liste von Hosts für die der HTTP Proxy-Server nicht verwendet werden soll (mit Leerzeichen getrennt und Platzhalter können verwendet werden, z.B. \"direct.example.net *.example.com\")</string>
<string name="profile_import">VPN Profil importieren</string>
<string name="profile_import_failed">VPN Profil-Import fehlgeschlagen</string>
<string name="profile_import_failed_detail">VPN Profil-Import fehlgeschlagen: %1$s</string>
<string name="profile_proposals_ike_hint">For non-AEAD/classic encryption algorithms, an integrity algorithm, a pseudo random function (optional, defaults to one based on the integrity algorithm) and a Diffie-Hellman group are required (e.g. aes256-sha256-ecp256). For combined-mode/AEAD algorithms, the integrity algorithm is omitted but a PRF is required (e.g. aes256gcm16-prfsha256-ecp256).</string>
<string name="profile_proposals_esp_label">IPsec/ESP Algorithms</string>
<string name="profile_proposals_esp_hint">For non-AEAD/classic encryption algorithms, an integrity algorithm is required, a Diffie-Hellman group is optional (e.g. aes256-sha256 or aes256-sha256-ecp256). For combined-mode/AEAD algorithms, the integrity algorithm is omitted (e.g. aes256gcm16 or aes256gcm16-ecp256). If a DH group is specified IPsec SA rekeying will use a DH key exchange. However, DH groups specified here are not used when the connection is established initially because the keys there are derived from the IKE SA key material. Therefore, any configuration mismatch with the server will only cause errors later during rekeying.</string>
+ <string name="profile_proxy_server_label">HTTP proxy server</string>
+ <string name="profile_proxy_server_intro">Optional HTTP proxy server to use when connected to the VPN. This is only a recommendation and may be ignored by apps. Note that apps using the proxy will access all HTTP resources through it regardless of the destination, so split-tunneling settings might not have any effect. To avoid using the proxy server for specific hosts, use the exclusion list below.</string>
+ <string name="profile_proxy_host_label">Proxy host</string>
+ <string name="profile_proxy_host_hint">IP address or hostname of the HTTP proxy server to use when connected to the VPN</string>
+ <string name="profile_proxy_port_label">Proxy port</string>
+ <string name="profile_proxy_port_hint">Port to access the HTTP proxy server, defaults to 8080</string>
+ <string name="profile_proxy_exclusions_label">Proxy exclusion list</string>
+ <string name="profile_proxy_exclusions_hint">Optional list of hosts for which the HTTP proxy server is not used (separated by spaces, and wildcards are possible, e.g. \"direct.example.net *.example.com\")</string>
<string name="profile_import">Import VPN profile</string>
<string name="profile_import_failed">Failed to import VPN profile</string>
<string name="profile_import_failed_detail">Failed to import VPN profile: %1$s</string>
<string name="profile_proposals_ike_hint">For non-AEAD/classic encryption algorithms, an integrity algorithm, a pseudo random function (optional, defaults to one based on the integrity algorithm) and a Diffie-Hellman group are required (e.g. aes256-sha256-ecp256). For combined-mode/AEAD algorithms, the integrity algorithm is omitted but a PRF is required (e.g. aes256gcm16-prfsha256-ecp256).</string>
<string name="profile_proposals_esp_label">IPsec/ESP Algorithms</string>
<string name="profile_proposals_esp_hint">For non-AEAD/classic encryption algorithms, an integrity algorithm is required, a Diffie-Hellman group is optional (e.g. aes256-sha256 or aes256-sha256-ecp256). For combined-mode/AEAD algorithms, the integrity algorithm is omitted (e.g. aes256gcm16 or aes256gcm16-ecp256). If a DH group is specified IPsec SA rekeying will use a DH key exchange. However, DH groups specified here are not used when the connection is established initially because the keys there are derived from the IKE SA key material. Therefore, any configuration mismatch with the server will only cause errors later during rekeying.</string>
+ <string name="profile_proxy_server_label">HTTP proxy server</string>
+ <string name="profile_proxy_server_intro">Optional HTTP proxy server to use when connected to the VPN. This is only a recommendation and may be ignored by apps. Note that apps using the proxy will access all HTTP resources through it regardless of the destination, so split-tunneling settings might not have any effect. To avoid using the proxy server for specific hosts, use the exclusion list below.</string>
+ <string name="profile_proxy_host_label">Proxy host</string>
+ <string name="profile_proxy_host_hint">IP address or hostname of the HTTP proxy server to use when connected to the VPN</string>
+ <string name="profile_proxy_port_label">Proxy port</string>
+ <string name="profile_proxy_port_hint">Port to access the HTTP proxy server, defaults to 8080</string>
+ <string name="profile_proxy_exclusions_label">Proxy exclusion list</string>
+ <string name="profile_proxy_exclusions_hint">Optional list of hosts for which the HTTP proxy server is not used (separated by spaces, and wildcards are possible, e.g. \"direct.example.net *.example.com\")</string>
<string name="profile_import">Import VPN profile</string>
<string name="profile_import_failed">Failed to import VPN profile</string>
<string name="profile_import_failed_detail">Failed to import VPN profile: %1$s</string>
<string name="profile_proposals_ike_hint">For non-AEAD/classic encryption algorithms, an integrity algorithm, a pseudo random function (optional, defaults to one based on the integrity algorithm) and a Diffie-Hellman group are required (e.g. aes256-sha256-ecp256). For combined-mode/AEAD algorithms, the integrity algorithm is omitted but a PRF is required (e.g. aes256gcm16-prfsha256-ecp256).</string>
<string name="profile_proposals_esp_label">IPsec/ESP Algorithms</string>
<string name="profile_proposals_esp_hint">For non-AEAD/classic encryption algorithms, an integrity algorithm is required, a Diffie-Hellman group is optional (e.g. aes256-sha256 or aes256-sha256-ecp256). For combined-mode/AEAD algorithms, the integrity algorithm is omitted (e.g. aes256gcm16 or aes256gcm16-ecp256). If a DH group is specified IPsec SA rekeying will use a DH key exchange. However, DH groups specified here are not used when the connection is established initially because the keys there are derived from the IKE SA key material. Therefore, any configuration mismatch with the server will only cause errors later during rekeying.</string>
+ <string name="profile_proxy_server_label">HTTP proxy server</string>
+ <string name="profile_proxy_server_intro">Optional HTTP proxy server to use when connected to the VPN. This is only a recommendation and may be ignored by apps. Note that apps using the proxy will access all HTTP resources through it regardless of the destination, so split-tunneling settings might not have any effect. To avoid using the proxy server for specific hosts, use the exclusion list below.</string>
+ <string name="profile_proxy_host_label">Proxy host</string>
+ <string name="profile_proxy_host_hint">IP address or hostname of the HTTP proxy server to use when connected to the VPN</string>
+ <string name="profile_proxy_port_label">Proxy port</string>
+ <string name="profile_proxy_port_hint">Port to access the HTTP proxy server, defaults to 8080</string>
+ <string name="profile_proxy_exclusions_label">Proxy exclusion list</string>
+ <string name="profile_proxy_exclusions_hint">Optional list of hosts for which the HTTP proxy server is not used (separated by spaces, and wildcards are possible, e.g. \"direct.example.net *.example.com\")</string>
<string name="profile_import">Import VPN profile</string>
<string name="profile_import_failed">Failed to import VPN profile</string>
<string name="profile_import_failed_detail">Failed to import VPN profile: %1$s</string>
<string name="profile_proposals_ike_hint">对于非AEAD/经典加密算法,需要完整性算法、伪随机函数(可选,默认为基于完整性算法的函数)和Diffie-Hellman组(例如aes256-sha256-ecp256)。对于组合模式/AEAD算法,省略完整性算法,但需要PRF(例如aes256gcm16-prfsha256-ecp256)。</string>
<string name="profile_proposals_esp_label">IPsec/ESP 算法</string>
<string name="profile_proposals_esp_hint">对于非AEAD/经典加密算法,需要完整性算法,Diffie-Hellman组是可选的(例如aes256-sha256或aes256-sha256-ecp256)。对于组合模式/AEAD算法,省略完整性算法(例如aes256gcm16或aes256gcm16-ecp256)。如果指定了DH组,IPsec SA密钥更新将使用DH密钥交换。但是,在最初建立连接时,不使用此处指定的DH组,因为其中的密钥来自IKE SA密钥材料。因此,与服务器的任何配置不匹配只会在稍后重新设置密钥时导致错误。</string>
+ <string name="profile_proxy_server_label">HTTP proxy server</string>
+ <string name="profile_proxy_server_intro">Optional HTTP proxy server to use when connected to the VPN. This is only a recommendation and may be ignored by apps. Note that apps using the proxy will access all HTTP resources through it regardless of the destination, so split-tunneling settings might not have any effect. To avoid using the proxy server for specific hosts, use the exclusion list below.</string>
+ <string name="profile_proxy_host_label">Proxy host</string>
+ <string name="profile_proxy_host_hint">IP address or hostname of the HTTP proxy server to use when connected to the VPN</string>
+ <string name="profile_proxy_port_label">Proxy port</string>
+ <string name="profile_proxy_port_hint">Port to access the HTTP proxy server, defaults to 8080</string>
+ <string name="profile_proxy_exclusions_label">Proxy exclusion list</string>
+ <string name="profile_proxy_exclusions_hint">Optional list of hosts for which the HTTP proxy server is not used (separated by spaces, and wildcards are possible, e.g. \"direct.example.net *.example.com\")</string>
<string name="profile_import">导入VPN配置</string>
<string name="profile_import_failed">导入VPN配置失败</string>
<string name="profile_import_failed_detail">导入VPN配置失败: %1$s</string>
<string name="profile_proposals_ike_hint">For non-AEAD/classic encryption algorithms, an integrity algorithm, a pseudo random function (optional, defaults to one based on the integrity algorithm) and a Diffie-Hellman group are required (e.g. aes256-sha256-ecp256). For combined-mode/AEAD algorithms, the integrity algorithm is omitted but a PRF is required (e.g. aes256gcm16-prfsha256-ecp256).</string>
<string name="profile_proposals_esp_label">IPsec/ESP Algorithms</string>
<string name="profile_proposals_esp_hint">For non-AEAD/classic encryption algorithms, an integrity algorithm is required, a Diffie-Hellman group is optional (e.g. aes256-sha256 or aes256-sha256-ecp256). For combined-mode/AEAD algorithms, the integrity algorithm is omitted (e.g. aes256gcm16 or aes256gcm16-ecp256). If a DH group is specified IPsec SA rekeying will use a DH key exchange. However, DH groups specified here are not used when the connection is established initially because the keys there are derived from the IKE SA key material. Therefore, any configuration mismatch with the server will only cause errors later during rekeying.</string>
+ <string name="profile_proxy_server_label">HTTP proxy server</string>
+ <string name="profile_proxy_server_intro">Optional HTTP proxy server to use when connected to the VPN. This is only a recommendation and may be ignored by apps. Note that apps using the proxy will access all HTTP resources through it regardless of the destination, so split-tunneling settings might not have any effect. To avoid using the proxy server for specific hosts, use the exclusion list below.</string>
+ <string name="profile_proxy_host_label">Proxy host</string>
+ <string name="profile_proxy_host_hint">IP address or hostname of the HTTP proxy server to use when connected to the VPN</string>
+ <string name="profile_proxy_port_label">Proxy port</string>
+ <string name="profile_proxy_port_hint">Port to access the HTTP proxy server, defaults to 8080</string>
+ <string name="profile_proxy_exclusions_label">Proxy exclusion list</string>
+ <string name="profile_proxy_exclusions_hint">Optional list of hosts for which the HTTP proxy server is not used (separated by spaces, and wildcards are possible, e.g. \"direct.example.net *.example.com\")</string>
<string name="profile_import">匯入VPN設定檔</string>
<string name="profile_import_failed">匯入VPN設定檔失敗</string>
<string name="profile_import_failed_detail">匯入VPN設定檔失敗: %1$s</string>
<string name="profile_proposals_ike_hint">For non-AEAD/classic encryption algorithms, an integrity algorithm, a pseudo random function (optional, defaults to one based on the integrity algorithm) and a Diffie-Hellman group are required (e.g. aes256-sha256-ecp256). For combined-mode/AEAD algorithms, the integrity algorithm is omitted but a PRF is required (e.g. aes256gcm16-prfsha256-ecp256).</string>
<string name="profile_proposals_esp_label">IPsec/ESP Algorithms</string>
<string name="profile_proposals_esp_hint">For non-AEAD/classic encryption algorithms, an integrity algorithm is required, a Diffie-Hellman group is optional (e.g. aes256-sha256 or aes256-sha256-ecp256). For combined-mode/AEAD algorithms, the integrity algorithm is omitted (e.g. aes256gcm16 or aes256gcm16-ecp256). If a DH group is specified IPsec SA rekeying will use a DH key exchange. However, DH groups specified here are not used when the connection is established initially because the keys there are derived from the IKE SA key material. Therefore, any configuration mismatch with the server will only cause errors later during rekeying.</string>
+ <string name="profile_proxy_server_label">HTTP proxy server</string>
+ <string name="profile_proxy_server_intro">Optional HTTP proxy server to use when connected to the VPN. This is only a recommendation and may be ignored by apps. Note that apps using the proxy will access all HTTP resources through it regardless of the destination, so split-tunneling settings might not have any effect. To avoid using the proxy server for specific hosts, use the exclusion list below.</string>
+ <string name="profile_proxy_host_label">Proxy host</string>
+ <string name="profile_proxy_host_hint">IP address or hostname of the HTTP proxy server to use when connected to the VPN</string>
+ <string name="profile_proxy_port_label">Proxy port</string>
+ <string name="profile_proxy_port_hint">Port to access the HTTP proxy server, defaults to 8080</string>
+ <string name="profile_proxy_exclusions_label">Proxy exclusion list</string>
+ <string name="profile_proxy_exclusions_hint">Optional list of hosts for which the HTTP proxy server is not used (separated by spaces, and wildcards are possible, e.g. \"direct.example.net *.example.com\")</string>
<string name="profile_import">Import VPN profile</string>
<string name="profile_import_failed">Failed to import VPN profile</string>
<string name="profile_import_failed_detail">Failed to import VPN profile: %1$s</string>
projects / thirdparty / strongswan.git / commitdiff
