import NetworkExtension
extension NETunnelProviderProtocol {
- convenience init?(tunnelConfiguration: TunnelConfiguration) {
+ convenience init?(tunnelConfiguration: TunnelConfiguration, isActivateOnDemandEnabled: Bool) {
assert(!tunnelConfiguration.interface.name.isEmpty)
guard let serializedTunnelConfiguration = try? JSONEncoder().encode(tunnelConfiguration) else { return nil }
providerBundleIdentifier = "\(appId).network-extension"
providerConfiguration = [
"tunnelConfiguration": serializedTunnelConfiguration,
- "tunnelConfigurationVersion": 1
+ "tunnelConfigurationVersion": 1,
+ "isActivateOnDemandEnabled": isActivateOnDemandEnabled
]
let endpoints = tunnelConfiguration.peers.compactMap {$0.endpoint}
guard let serializedTunnelConfiguration = providerConfiguration?["tunnelConfiguration"] as? Data else { return nil }
return try? JSONDecoder().decode(TunnelConfiguration.self, from: serializedTunnelConfiguration)
}
+
+ var isActivateOnDemandEnabled: Bool {
+ return (providerConfiguration?["isActivateOnDemandEnabled"] as? Bool) ?? false
+ }
}
}
let tunnelProviderManager = NETunnelProviderManager()
- tunnelProviderManager.protocolConfiguration = NETunnelProviderProtocol(tunnelConfiguration: tunnelConfiguration)
+ tunnelProviderManager.protocolConfiguration = NETunnelProviderProtocol(tunnelConfiguration: tunnelConfiguration, isActivateOnDemandEnabled: activateOnDemandSetting.isActivateOnDemandEnabled)
tunnelProviderManager.localizedDescription = tunnelName
tunnelProviderManager.isEnabled = true
}
tunnel.name = tunnelName
}
- tunnelProviderManager.protocolConfiguration = NETunnelProviderProtocol(tunnelConfiguration: tunnelConfiguration)
+ tunnelProviderManager.protocolConfiguration = NETunnelProviderProtocol(tunnelConfiguration: tunnelConfiguration, isActivateOnDemandEnabled: activateOnDemandSetting.isActivateOnDemandEnabled)
tunnelProviderManager.localizedDescription = tunnelName
tunnelProviderManager.isEnabled = true
switch error {
case .savedProtocolConfigurationIsInvalid:
return ("Activation failure", "Could not retrieve tunnel information from the saved configuration")
- case .dnsResolutionFailure:
- return ("DNS resolution failure", "One or more endpoint domains could not be resolved")
+ case .dnsResolutionFailure(let tunnelName, let isActivateOnDemandEnabled):
+ if isActivateOnDemandEnabled {
+ return ("DNS resolution failure", "This tunnel has Activate On Demand enabled, so activation might be retried. You may turn off Activate On Demand in the WireGuard app by navigating to: '\(tunnelName)' > Edit")
+ } else {
+ return ("DNS resolution failure", "One or more endpoint domains could not be resolved")
+ }
case .couldNotStartWireGuard:
return ("Activation failure", "WireGuard backend could not be started")
case .coultNotSetNetworkSettings:
enum PacketTunnelProviderError: Error {
case savedProtocolConfigurationIsInvalid
- case dnsResolutionFailure(hostnames: [String])
+ case dnsResolutionFailure(tunnelName: String, isActivateOnDemandEnabled: Bool)
case couldNotStartWireGuard
case coultNotSetNetworkSettings
}
configureLogger()
- wg_log(.info, message: "Starting tunnel '\(tunnelConfiguration.interface.name)'")
+ let tunnelName = tunnelConfiguration.interface.name
+ wg_log(.info, message: "Starting tunnel '\(tunnelName)'")
+
+ let isActivateOnDemandEnabled = tunnelProviderProtocol.isActivateOnDemandEnabled
+ if isActivateOnDemandEnabled {
+ wg_log(.info, staticMessage: "Tunnel has Activate On Demand enabled")
+ } else {
+ wg_log(.info, staticMessage: "Tunnel has Activate On Demand disabled")
+ }
let endpoints = tunnelConfiguration.peers.map { $0.endpoint }
- var resolvedEndpoints = [Endpoint?]()
- do {
- resolvedEndpoints = try DNSResolver.resolveSync(endpoints: endpoints)
- } catch DNSResolverError.dnsResolutionFailed(let hostnames) {
- wg_log(.error, staticMessage: "Starting tunnel failed: DNS resolution failure")
- wg_log(.error, message: "Hostnames for which DNS resolution failed: \(hostnames.joined(separator: ", "))")
- errorNotifier.notify(PacketTunnelProviderError.dnsResolutionFailure(hostnames: hostnames))
- startTunnelCompletionHandler(PacketTunnelProviderError.dnsResolutionFailure(hostnames: hostnames))
+ guard let resolvedEndpoints = resolveDomainNames(endpoints: endpoints, isActivateOnDemandEnabled: isActivateOnDemandEnabled) else {
+ let dnsError = PacketTunnelProviderError.dnsResolutionFailure(tunnelName: tunnelName, isActivateOnDemandEnabled: isActivateOnDemandEnabled)
+ errorNotifier.notify(dnsError)
+ startTunnelCompletionHandler(dnsError)
return
- } catch {
- // There can be no other errors from DNSResolver.resolveSync()
- fatalError()
}
assert(endpoints.count == resolvedEndpoints.count)
}
}
+ private func resolveDomainNames(endpoints: [Endpoint?], isActivateOnDemandEnabled: Bool) -> [Endpoint?]? {
+ var resolvedEndpoints = [Endpoint?]()
+ let dnsResolutionAttemptsCount = isActivateOnDemandEnabled ? 10 : 1
+ var isDNSResolved = false
+
+ for attemptIndex in 0 ..< dnsResolutionAttemptsCount {
+ do {
+ resolvedEndpoints = try DNSResolver.resolveSync(endpoints: endpoints)
+ isDNSResolved = true
+ } catch DNSResolverError.dnsResolutionFailed(let hostnames) {
+ wg_log(.error, staticMessage: "Starting tunnel failed: DNS resolution failure")
+ wg_log(.error, message: "Hostnames for which DNS resolution failed: \(hostnames.joined(separator: ", "))")
+ } catch {
+ // There can be no other errors from DNSResolver.resolveSync()
+ fatalError()
+ }
+ if isDNSResolved {
+ break
+ } else {
+ let isLastAttempt = attemptIndex == dnsResolutionAttemptsCount - 1
+ if !isLastAttempt {
+ Thread.sleep(forTimeInterval: 4 /* seconds */)
+ wg_log(.error, message: "Retrying DNS resolution (Attempt \(attemptIndex + 2))")
+ }
+ }
+ }
+
+ return isDNSResolved ? resolvedEndpoints : nil
+ }
+
private func connect(interfaceName: String, settings: String, fileDescriptor: Int32) -> Int32 {
return withStringsAsGoStrings(interfaceName, settings) { return wgTurnOn($0.0, $0.1, fileDescriptor) }
}
projects / thirdparty / wireguard-apple.git / commitdiff
