fix: xray stability and split-tunneling (#2187)

* fix: xray heap corruption * fix: use proper configuration for split-tunneled apps * chore: enable killswitch * chore: xray windows split-tunneling cleanup * chore: proper xray killswitch log * feat: add wait for the tun device * chore: update amnezia_xray deps for macos * fix: add nullptr check for split-tunnel on win * fix: modernize vpnAdapter grabbing function * fix: remove network watcher due to its fragileness * chore: xrayprotocol cleanup * fix: correct wrong iface index on win * chore: move tun2socks implementation to the client from the service * chore: xrayprotocol cleanup * chore: more xrayprotocol cleanup * fix: consistent tun device with GUID specified * chore: tun2socks logs * chore: PrivilegedProcess cleanup * better error handling in establishment phase * terminate&kill ops for remote process * fix: straighforward killing the process on windows * fix: finally remove GUID setting from tun2socks due to instability * fix: add sanitizer to ipc process * chore: do not collect sensitive info from tun2socks
2026-06-22 02:01:08 +07:00 · 2026-02-11 16:47:28 +01:00
parent b4f4184aa6
commit 911a999c64
30 changed files with 411 additions and 570 deletions
@@ -99,21 +99,7 @@ void VpnConnection::onConnectionStateChanged(Vpn::ConnectionState state)
                    }
                }
            }
-
-            if (container != DockerContainer::Ipsec) {
-                if (startNetworkCheckIfReady()) {
-                    m_pendingNetworkCheck = false;
-                } else {
-                    m_pendingNetworkCheck = true;
-                    qWarning() << "Deferring startNetworkCheck; missing gateway/local address"
-                               << m_vpnProtocol->vpnGateway() << m_vpnProtocol->vpnLocalAddress();
-                }
-            } else {
-                m_pendingNetworkCheck = false;
-            }
-
        } else if (state == Vpn::ConnectionState::Error) {
-            m_pendingNetworkCheck = false;
            iface->flushDns();

            if (m_settings->isSitesSplitTunnelingEnabled()) {
@@ -121,12 +107,6 @@ void VpnConnection::onConnectionStateChanged(Vpn::ConnectionState state)
                    iface->clearSavedRoutes();
                }
            }
-        } else if (state == Vpn::ConnectionState::Connecting) {
-
-        } else if (state == Vpn::ConnectionState::Disconnected) {
-            m_pendingNetworkCheck = false;
-            auto result = iface->stopNetworkCheck();
-            result.waitForFinished(3000);
        }
    });
 #endif
@@ -273,11 +253,7 @@ void VpnConnection::connectToVpn(int serverIndex, const ServerCredentials &crede
    m_remoteAddress = NetworkUtilities::getIPAddress(credentials.hostName);
    emit connectionStateChanged(Vpn::ConnectionState::Connecting);

-    m_pendingNetworkCheck = false;
    m_vpnConfiguration = vpnConfiguration;
-    m_serverIndex = serverIndex;
-    m_serverCredentials = credentials;
-    m_dockerContainer = container;

 #ifdef AMNEZIA_DESKTOP
    if (m_vpnProtocol) {
@@ -316,71 +292,12 @@ void VpnConnection::connectToVpn(int serverIndex, const ServerCredentials &crede
        emit connectionStateChanged(Vpn::ConnectionState::Error);
 }

-void VpnConnection::restartConnection()
-{
-    // Only reconnect if VPN was connected before sleep/network change
-    if (!m_wasConnectedBeforeSleep) {
-        qDebug() << "VPN was not connected before sleep/network change, skipping reconnection";
-        return;
-    }
-    
-    qDebug() << "VPN was connected before sleep/network change, attempting reconnection";
-    this->disconnectFromVpn();
-#ifdef Q_OS_LINUX
-    QThread::msleep(5000);
-#endif
-    this->connectToVpn(m_serverIndex, m_serverCredentials, m_dockerContainer, m_vpnConfiguration);
-    
-    // Reset the flag after reconnection attempt
-    m_wasConnectedBeforeSleep = false;
-}
-
 void VpnConnection::createProtocolConnections()
 {
    connect(m_vpnProtocol.data(), &VpnProtocol::protocolError, this, &VpnConnection::vpnProtocolError);
    connect(m_vpnProtocol.data(), SIGNAL(connectionStateChanged(Vpn::ConnectionState)), this,
            SLOT(onConnectionStateChanged(Vpn::ConnectionState)));
    connect(m_vpnProtocol.data(), SIGNAL(bytesChanged(quint64, quint64)), this, SLOT(onBytesChanged(quint64, quint64)));
-
-#ifdef AMNEZIA_DESKTOP
-    if (m_connectionLoseHandle)
-        disconnect(m_connectionLoseHandle);
-    if (m_networkChangeHandle)
-        disconnect(m_networkChangeHandle);
-    m_connectionLoseHandle = QMetaObject::Connection();
-    m_networkChangeHandle = QMetaObject::Connection();
-
-    // TODO: replace unsafe IpcClient::Interface() calls
-    m_connectionLoseHandle = connect(IpcClient::Interface().data(), &IpcInterfaceReplica::connectionLose,
-            this, [this]() {
-                qDebug() << "Connection Lose";
-                auto result = IpcClient::Interface()->stopNetworkCheck();
-                result.waitForFinished(3000);
-                // Track VPN state before connection loss
-                m_wasConnectedBeforeSleep = isConnected();
-                qDebug() << "VPN was connected before connection loss:" << m_wasConnectedBeforeSleep;
-                this->restartConnection();
-            });
-    m_networkChangeHandle = connect(IpcClient::Interface().data(), &IpcInterfaceReplica::networkChange,
-            this, [this]() {
-                qDebug() << "Network change";
-                // Track VPN state before network change (including sleep/wake)
-                m_wasConnectedBeforeSleep = isConnected();
-                qDebug() << "VPN was connected before network change:" << m_wasConnectedBeforeSleep;
-                this->restartConnection();
-            });
-    connect(m_vpnProtocol.data(), &VpnProtocol::tunnelAddressesUpdated,
-            this, [this](const QString& gateway, const QString& localAddress) {
-                Q_UNUSED(gateway)
-                Q_UNUSED(localAddress)
-                if (connectionState() != Vpn::ConnectionState::Connected) {
-                    return;
-                }
-                if (startNetworkCheckIfReady()) {
-                    m_pendingNetworkCheck = false;
-                }
-            });
-#endif
 }

 void VpnConnection::appendKillSwitchConfig()
@@ -491,28 +408,6 @@ void VpnConnection::appendSplitTunnelingConfig()
                        .arg(appsRouteMode);
 }

-bool VpnConnection::startNetworkCheckIfReady()
-{
-#ifdef AMNEZIA_DESKTOP
-    if (!m_vpnProtocol || m_dockerContainer == DockerContainer::Ipsec) {
-        return false;
-    }
-
-    const QString gateway = m_vpnProtocol->vpnGateway();
-    const QString localAddress = m_vpnProtocol->vpnLocalAddress();
-    if (gateway.isEmpty() || localAddress.isEmpty()) {
-        return false;
-    }
-
-    return IpcClient::withInterface([&](QSharedPointer<IpcInterfaceReplica> iface) {
-        QRemoteObjectPendingReply<bool> reply = iface->startNetworkCheck(gateway, localAddress);
-        return reply.waitForFinished(1000) && reply.returnValue();
-    });
-#else
-    return false;
-#endif
-}
-
 #ifdef Q_OS_ANDROID
 void VpnConnection::restoreConnection()
 {