Disable DHCP traffic after connect

client/android/utils/src/main/kotlin/net/NetworkUtils.kt

@@ -35,7 +35,7 @@ fun getLocalNetworks(context: Context, ipv6: Boolean): List<InetNetwork> {
     return emptyList()
 }
 
-fun parseInetAddress(address: String): InetAddress = InetAddress.getByName(address)
+fun parseInetAddress(address: String): InetAddress = parseNumericAddressCompat(address)
 
 private val parseNumericAddressCompat: (String) -> InetAddress =
     if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.Q) {

client/core/controllers/serverController.cpp

@@ -104,8 +104,7 @@ ErrorCode ServerController::runContainerScript(const ServerCredentials &credenti
     if (e)
         return e;
 
-    QString runner =
+    QString runner = QString("sudo docker exec -i $CONTAINER_NAME %2 %1 ").arg(fileName, (container == DockerContainer::Socks5Proxy ? "sh" : "bash"));
-            QString("sudo docker exec -i $CONTAINER_NAME %2 %1 ").arg(fileName, (container == DockerContainer::Socks5Proxy ? "sh" : "bash"));
     e = runScript(credentials, replaceVars(runner, genVarsForScript(credentials, container)), cbReadStdOut, cbReadStdErr);
 
     QString remover = QString("sudo docker exec -i $CONTAINER_NAME rm %1 ").arg(fileName);
@@ -425,7 +424,7 @@ ErrorCode ServerController::buildContainerWorker(const ServerCredentials &creden
     if (errorCode)
         return errorCode;
 
-    errorCode = uploadFileToHost(credentials, amnezia::scriptData(ProtocolScriptType::dockerfile, container).toUtf8(), dockerFilePath);
+    errorCode = uploadFileToHost(credentials, amnezia::scriptData(ProtocolScriptType::dockerfile, container).toUtf8(),dockerFilePath);
 
     if (errorCode)
         return errorCode;
@@ -436,10 +435,9 @@ ErrorCode ServerController::buildContainerWorker(const ServerCredentials &creden
         return ErrorCode::NoError;
     };
 
-    errorCode =
+    errorCode = runScript(credentials,
-            runScript(credentials,
+                  replaceVars(amnezia::scriptData(SharedScriptType::build_container), genVarsForScript(credentials, container, config)),
-                      replaceVars(amnezia::scriptData(SharedScriptType::build_container), genVarsForScript(credentials, container, config)),
+                  cbReadStdOut);
-                      cbReadStdOut);
     if (errorCode)
         return errorCode;
 
@@ -621,15 +619,13 @@ ServerController::Vars ServerController::genVarsForScript(const ServerCredential
 
     // Socks5 proxy vars
     vars.append({ { "$SOCKS5_PROXY_PORT", socks5ProxyConfig.value(config_key::port).toString(protocols::socks5Proxy::defaultPort) } });
-    auto username = socks5ProxyConfig.value(config_key::userName).toString();
+    auto username =  socks5ProxyConfig.value(config_key:: userName).toString();
     auto password = socks5ProxyConfig.value(config_key::password).toString();
     QString socks5user = (!username.isEmpty() && !password.isEmpty()) ? QString("users %1:CL:%2").arg(username, password) : "";
-    vars.append({ { "$SOCKS5_USER", socks5user } });
+    vars.append({ { "$SOCKS5_USER",  socks5user } });
-    vars.append({ { "$SOCKS5_AUTH_TYPE", socks5user.isEmpty() ? "none" : "strong" } });
+    vars.append({ { "$SOCKS5_AUTH_TYPE",  socks5user.isEmpty() ? "none" : "strong" } });
 
-    QString serverIp = (container != DockerContainer::Awg && container != DockerContainer::WireGuard && container != DockerContainer::Xray)
+    QString serverIp = NetworkUtilities::getIPAddress(credentials.hostName);
-            ? NetworkUtilities::getIPAddress(credentials.hostName)
-            : credentials.hostName;
     if (!serverIp.isEmpty()) {
         vars.append({ { "$SERVER_IP_ADDRESS", serverIp } });
     } else {
@@ -715,8 +711,7 @@ ErrorCode ServerController::isServerPortBusy(const ServerCredentials &credential
         udpProtoScript.append("' | grep -i udp");
         tcpProtoScript.append(" | grep LISTEN");
 
-        ErrorCode errorCode =
+        ErrorCode errorCode = runScript(credentials, replaceVars(tcpProtoScript, genVarsForScript(credentials, container)), cbReadStdOut, cbReadStdErr);
-                runScript(credentials, replaceVars(tcpProtoScript, genVarsForScript(credentials, container)), cbReadStdOut, cbReadStdErr);
         if (errorCode != ErrorCode::NoError) {
             return errorCode;
         }

client/core/controllers/vpnConfigurationController.cpp

@@ -100,8 +100,10 @@ QJsonObject VpnConfigurationsController::createVpnConfiguration(const QPair<QStr
         protocolConfigString = configurator->processConfigWithLocalSettings(dns, isApiConfig, protocolConfigString);
 
         QJsonObject vpnConfigData = QJsonDocument::fromJson(protocolConfigString.toUtf8()).object();
+        vpnConfigData = QJsonDocument::fromJson(protocolConfigString.toUtf8()).object();
+
+        // add mtu for old configs
         if (container == DockerContainer::Awg || container == DockerContainer::WireGuard) {
-            // add mtu for old configs
             if (vpnConfigData[config_key::mtu].toString().isEmpty()) {
                 vpnConfigData[config_key::mtu] = container == DockerContainer::Awg ? protocols::awg::defaultMtu : protocols::wireguard::defaultMtu;
             }

client/core/networkUtilities.cpp

@@ -109,10 +109,7 @@ QStringList NetworkUtilities::summarizeRoutes(const QStringList &ips, const QStr
 
 QString NetworkUtilities::getIPAddress(const QString &host)
 {
-    QHostAddress address(host);
+    if (ipAddressRegExp().match(host).hasMatch()) {
-    if (QAbstractSocket::IPv4Protocol == address.protocol()) {
-        return host;
-    } else if (QAbstractSocket::IPv6Protocol == address.protocol()) {
         return host;
     }
 

client/platforms/linux/daemon/linuxfirewall.cpp

@@ -264,12 +264,12 @@ void LinuxFirewall::install()
                                                         });
 
 
-    installAnchor(IPv4, QStringLiteral("290.allowDHCP"), {
+ //   installAnchor(IPv4, QStringLiteral("290.allowDHCP"), {
-                                                             QStringLiteral("-p udp -d 255.255.255.255 --sport 68 --dport 67 -j ACCEPT"),
+ //                                                            QStringLiteral("-p udp -d 255.255.255.255 --sport 68 --dport 67 -j ACCEPT"),
-                                                         });
+ //                                                        });
-    installAnchor(IPv6, QStringLiteral("290.allowDHCP"), {
+ //   installAnchor(IPv6, QStringLiteral("290.allowDHCP"), {
-                                                             QStringLiteral("-p udp -d ff00::/8 --sport 546 --dport 547 -j ACCEPT"),
+ //                                                            QStringLiteral("-p udp -d ff00::/8 --sport 546 --dport 547 -j ACCEPT"),
-                                                         });
+ //                                                        });
     installAnchor(IPv6, QStringLiteral("250.blockIPv6"), {
                                                              QStringLiteral("! -o lo+ -j REJECT"),
                                                          });
@@ -351,7 +351,7 @@ void LinuxFirewall::uninstall()
     uninstallAnchor(IPv4, QStringLiteral("320.allowDNS"));
     uninstallAnchor(Both, QStringLiteral("310.blockDNS"));
     uninstallAnchor(Both, QStringLiteral("300.allowLAN"));
-    uninstallAnchor(Both, QStringLiteral("290.allowDHCP"));
+  //  uninstallAnchor(Both, QStringLiteral("290.allowDHCP"));
     uninstallAnchor(IPv6, QStringLiteral("250.blockIPv6"));
     uninstallAnchor(Both, QStringLiteral("200.allowVPN"));
     uninstallAnchor(IPv4, QStringLiteral("120.blockNets"));

client/platforms/linux/daemon/wireguardutilslinux.cpp

@@ -314,7 +314,7 @@ void WireguardUtilsLinux::applyFirewallRules(FirewallParams& params)
     LinuxFirewall::updateBlockNets(params.blockAddrs);
     LinuxFirewall::setAnchorEnabled(LinuxFirewall::IPv4, QStringLiteral("200.allowVPN"), true);
     LinuxFirewall::setAnchorEnabled(LinuxFirewall::IPv6, QStringLiteral("250.blockIPv6"), true);
-    LinuxFirewall::setAnchorEnabled(LinuxFirewall::Both, QStringLiteral("290.allowDHCP"), true);
+ //   LinuxFirewall::setAnchorEnabled(LinuxFirewall::Both, QStringLiteral("290.allowDHCP"), true);
     LinuxFirewall::setAnchorEnabled(LinuxFirewall::Both, QStringLiteral("300.allowLAN"), true);
     LinuxFirewall::setAnchorEnabled(LinuxFirewall::IPv4, QStringLiteral("310.blockDNS"), true);
     LinuxFirewall::updateDNSServers(params.dnsServers);

client/platforms/macos/daemon/wireguardutilsmacos.cpp

@@ -365,7 +365,7 @@ void WireguardUtilsMacos::applyFirewallRules(FirewallParams& params)
 
   MacOSFirewall::setAnchorEnabled(QStringLiteral("200.allowVPN"), true);
   MacOSFirewall::setAnchorEnabled(QStringLiteral("250.blockIPv6"), true);
-  MacOSFirewall::setAnchorEnabled(QStringLiteral("290.allowDHCP"), true);
+//  MacOSFirewall::setAnchorEnabled(QStringLiteral("290.allowDHCP"), true);
   MacOSFirewall::setAnchorEnabled(QStringLiteral("300.allowLAN"), true);
   MacOSFirewall::setAnchorEnabled(QStringLiteral("310.blockDNS"), true);
   MacOSFirewall::setAnchorTable(QStringLiteral("310.blockDNS"), true, QStringLiteral("dnsaddr"), params.dnsServers);

client/platforms/windows/daemon/windowsfirewall.cpp

@@ -187,7 +187,7 @@ bool WindowsFirewall::enableKillSwitch(int vpnAdapterIndex) {
   logger.info() << "Enabling Killswitch Using Adapter:" << vpnAdapterIndex;
   FW_OK(allowTrafficOfAdapter(vpnAdapterIndex, MED_WEIGHT,
                               "Allow usage of VPN Adapter"));
-  FW_OK(allowDHCPTraffic(MED_WEIGHT, "Allow DHCP Traffic"));
+ // FW_OK(allowDHCPTraffic(MED_WEIGHT, "Allow DHCP Traffic"));
   FW_OK(allowHyperVTraffic(MED_WEIGHT, "Allow Hyper-V Traffic"));
   FW_OK(allowTrafficForAppOnAll(getCurrentPath(), MAX_WEIGHT,
                                 "Allow all for AmneziaVPN.exe"));

client/protocols/wireguardprotocol.cpp

@@ -4,8 +4,9 @@
 #include <QTcpSocket>
 #include <QThread>
 
+#include "logger.h"
+#include "utilities.h"
 #include "wireguardprotocol.h"
-#include "core/networkUtilities.h"
 
 #include "mozilla/localsocketcontroller.h"
 
@@ -36,12 +37,6 @@ void WireguardProtocol::stop()
 
 ErrorCode WireguardProtocol::startMzImpl()
 {
-    QString protocolName = m_rawConfig.value("protocol").toString();
-    QJsonObject vpnConfigData = m_rawConfig.value(protocolName + "_config_data").toObject();
-    vpnConfigData[config_key::hostName] = NetworkUtilities::getIPAddress(vpnConfigData.value(config_key::hostName).toString());
-    m_rawConfig.insert(protocolName + "_config_data", vpnConfigData);
-    m_rawConfig[config_key::hostName] = NetworkUtilities::getIPAddress(m_rawConfig[config_key::hostName].toString());
-
     m_impl->activate(m_rawConfig);
     return ErrorCode::NoError;
 }

client/protocols/xrayprotocol.cpp

@@ -43,9 +43,7 @@ ErrorCode XrayProtocol::start()
     m_xrayCfgFile.setAutoRemove(false);
 #endif
     m_xrayCfgFile.open();
-    QString config = QJsonDocument(m_xrayConfig).toJson();
+    m_xrayCfgFile.write(QJsonDocument(m_xrayConfig).toJson());
-    config.replace(m_remoteHost, m_remoteAddress);
-    m_xrayCfgFile.write(config.toUtf8());
     m_xrayCfgFile.close();
 
     QStringList args = QStringList() << "-c" << m_xrayCfgFile.fileName() << "-format=json";
@@ -240,8 +238,7 @@ void XrayProtocol::readXrayConfiguration(const QJsonObject &configuration)
     }
     m_xrayConfig = xrayConfiguration;
     m_localPort = QString(amnezia::protocols::xray::defaultLocalProxyPort).toInt();
-    m_remoteHost = configuration.value(amnezia::config_key::hostName).toString();
+    m_remoteAddress = configuration.value(amnezia::config_key::hostName).toString();
-    m_remoteAddress = NetworkUtilities::getIPAddress(m_remoteHost);
     m_routeMode = configuration.value(amnezia::config_key::splitTunnelType).toInt();
     m_primaryDNS = configuration.value(amnezia::config_key::dns1).toString();
     m_secondaryDNS = configuration.value(amnezia::config_key::dns2).toString();

client/protocols/xrayprotocol.h

@@ -26,7 +26,6 @@ private:
     static QString tun2SocksExecPath();
 private:
     int m_localPort;
-    QString m_remoteHost;
     QString m_remoteAddress;
     int m_routeMode;
     QJsonObject m_configData;

client/server_scripts/xray/run_container.sh

@@ -13,5 +13,5 @@ sudo docker network connect amnezia-dns-net $CONTAINER_NAME
 sudo docker exec -i $CONTAINER_NAME bash -c 'mkdir -p /dev/net; if [ ! -c /dev/net/tun ]; then mknod /dev/net/tun c 10 200; fi'
 
 # Prevent to route packets outside of the container in case if server behind of the NAT
-#sudo docker exec -i $CONTAINER_NAME sh -c "ifconfig eth0:0 $SERVER_IP_ADDRESS netmask 255.255.255.255 up"
+sudo docker exec -i $CONTAINER_NAME sh -c "ifconfig eth0:0 $SERVER_IP_ADDRESS netmask 255.255.255.255 up"
 

client/server_scripts/xray/start.sh

@@ -3,7 +3,7 @@
 # This scripts copied from Amnezia client to Docker container to /opt/amnezia and launched every time container starts
 
 echo "Container startup"
-#ifconfig eth0:0 $SERVER_IP_ADDRESS netmask 255.255.255.255 up
+ifconfig eth0:0 $SERVER_IP_ADDRESS netmask 255.255.255.255 up
 
 iptables -A INPUT -i lo -j ACCEPT
 iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

client/ui/controllers/importController.cpp

@@ -4,12 +4,12 @@
 #include <QFileInfo>
 #include <QQuickItem>
 #include <QRandomGenerator>
-#include <QStandardPaths>
 #include <QUrlQuery>
+#include <QStandardPaths>
 
-#include "core/errorstrings.h"
-#include "core/serialization/serialization.h"
 #include "utilities.h"
+#include "core/serialization/serialization.h"
+#include "core/errorstrings.h"
 
 #ifdef Q_OS_ANDROID
     #include "platforms/android/android_controller.h"
@@ -96,40 +96,36 @@ bool ImportController::extractConfigFromData(QString data)
 
     if (config.startsWith("vless://")) {
         m_configType = ConfigTypes::Xray;
-        m_config = extractXrayConfig(
+        m_config = extractXrayConfig(Utils::JsonToString(serialization::vless::Deserialize(config, &prefix, &errormsg),
-                Utils::JsonToString(serialization::vless::Deserialize(config, &prefix, &errormsg), QJsonDocument::JsonFormat::Compact),
+                                                         QJsonDocument::JsonFormat::Compact), prefix);
-                prefix);
         return m_config.empty() ? false : true;
     }
 
     if (config.startsWith("vmess://") && config.contains("@")) {
         m_configType = ConfigTypes::Xray;
-        m_config = extractXrayConfig(
+        m_config = extractXrayConfig(Utils::JsonToString(serialization::vmess_new::Deserialize(config, &prefix, &errormsg),
-                Utils::JsonToString(serialization::vmess_new::Deserialize(config, &prefix, &errormsg), QJsonDocument::JsonFormat::Compact),
+                                                         QJsonDocument::JsonFormat::Compact), prefix);
-                prefix);
         return m_config.empty() ? false : true;
     }
 
     if (config.startsWith("vmess://")) {
         m_configType = ConfigTypes::Xray;
-        m_config = extractXrayConfig(
+        m_config = extractXrayConfig(Utils::JsonToString(serialization::vmess::Deserialize(config, &prefix, &errormsg),
-                Utils::JsonToString(serialization::vmess::Deserialize(config, &prefix, &errormsg), QJsonDocument::JsonFormat::Compact),
+                                                         QJsonDocument::JsonFormat::Compact), prefix);
-                prefix);
         return m_config.empty() ? false : true;
     }
 
     if (config.startsWith("trojan://")) {
         m_configType = ConfigTypes::Xray;
-        m_config = extractXrayConfig(
+        m_config = extractXrayConfig(Utils::JsonToString(serialization::trojan::Deserialize(config, &prefix, &errormsg),
-                Utils::JsonToString(serialization::trojan::Deserialize(config, &prefix, &errormsg), QJsonDocument::JsonFormat::Compact),
+                                                         QJsonDocument::JsonFormat::Compact), prefix);
-                prefix);
         return m_config.empty() ? false : true;
     }
 
     if (config.startsWith("ss://") && !config.contains("plugin=")) {
         m_configType = ConfigTypes::ShadowSocks;
-        m_config = extractXrayConfig(
+        m_config = extractXrayConfig(Utils::JsonToString(serialization::ss::Deserialize(config, &prefix, &errormsg),
-                Utils::JsonToString(serialization::ss::Deserialize(config, &prefix, &errormsg), QJsonDocument::JsonFormat::Compact), prefix);
+                                                         QJsonDocument::JsonFormat::Compact), prefix);
         return m_config.empty() ? false : true;
     }
 
@@ -358,19 +354,20 @@ QJsonObject ImportController::extractWireGuardConfig(const QString &data)
     QJsonObject lastConfig;
     lastConfig[config_key::config] = data;
 
-    auto url { QUrl::fromUserInput(configMap.value("Endpoint")) };
+    const static QRegularExpression hostNameAndPortRegExp("Endpoint = (.*):([0-9]*)");
+    QRegularExpressionMatch hostNameAndPortMatch = hostNameAndPortRegExp.match(data);
     QString hostName;
     QString port;
-    if (!url.host().isEmpty()) {
+    if (hostNameAndPortMatch.hasCaptured(1)) {
-        hostName = url.host();
+        hostName = hostNameAndPortMatch.captured(1);
     } else {
-        qDebug() << "Key parameter 'Endpoint' is missing or has an invalid format";
+        qDebug() << "Key parameter 'Endpoint' is missing";
         emit importErrorOccurred(ErrorCode::ImportInvalidConfigError, false);
         return QJsonObject();
     }
 
-    if (url.port() != -1) {
+    if (hostNameAndPortMatch.hasCaptured(2)) {
-        port = QString::number(url.port());
+        port = hostNameAndPortMatch.captured(2);
     } else {
         port = protocols::wireguard::defaultPort;
     }
@@ -502,7 +499,7 @@ QJsonObject ImportController::extractXrayConfig(const QString &data, const QStri
     if (m_configType == ConfigTypes::ShadowSocks) {
         config[config_key::defaultContainer] = "amnezia-ssxray";
     } else {
-        config[config_key::defaultContainer] = "amnezia-xray";
+       config[config_key::defaultContainer] = "amnezia-xray";
     }
     if (description.isEmpty()) {
         config[config_key::description] = m_settings->nextAvailableServerName();

client/ui/qml/Pages2/PageSetupWizardCredentials.qml

@@ -60,6 +60,9 @@ PageType {
                 Layout.fillWidth: true
                 headerText: qsTr("Server IP address [:port]")
                 textFieldPlaceholderText: qsTr("255.255.255.255:22")
+                textField.validator: RegularExpressionValidator {
+                    regularExpression: InstallController.ipAddressPortRegExp()
+                }
 
                 textField.onFocusChanged: {
                     textField.text = textField.text.replace(/^\s+|\s+$/g, '')

client/vpnconnection.cpp

@@ -233,7 +233,7 @@ void VpnConnection::connectToVpn(int serverIndex, const ServerCredentials &crede
     }
 #endif
 
-    m_remoteAddress = NetworkUtilities::getIPAddress(credentials.hostName);
+    m_remoteAddress = credentials.hostName;
     emit connectionStateChanged(Vpn::ConnectionState::Connecting);
 
     m_vpnConfiguration = vpnConfiguration;

ipc/ipcserver.cpp

@@ -235,7 +235,7 @@ bool IpcServer::enableKillSwitch(const QJsonObject &configStr, int vpnAdapterInd
     LinuxFirewall::updateBlockNets(blocknets);
     LinuxFirewall::setAnchorEnabled(LinuxFirewall::IPv4, QStringLiteral("200.allowVPN"), true);
     LinuxFirewall::setAnchorEnabled(LinuxFirewall::IPv6, QStringLiteral("250.blockIPv6"), true);
-    LinuxFirewall::setAnchorEnabled(LinuxFirewall::Both, QStringLiteral("290.allowDHCP"), true);
+ //   LinuxFirewall::setAnchorEnabled(LinuxFirewall::Both, QStringLiteral("290.allowDHCP"), true);
     LinuxFirewall::setAnchorEnabled(LinuxFirewall::Both, QStringLiteral("300.allowLAN"), true);
     LinuxFirewall::setAnchorEnabled(LinuxFirewall::IPv4, QStringLiteral("310.blockDNS"), true);
     QStringList dnsServers;
@@ -265,7 +265,7 @@ bool IpcServer::enableKillSwitch(const QJsonObject &configStr, int vpnAdapterInd
     MacOSFirewall::setAnchorTable(QStringLiteral("120.blockNets"), blockNets, QStringLiteral("blocknets"), blocknets);
     MacOSFirewall::setAnchorEnabled(QStringLiteral("200.allowVPN"), true);
     MacOSFirewall::setAnchorEnabled(QStringLiteral("250.blockIPv6"), true);
-    MacOSFirewall::setAnchorEnabled(QStringLiteral("290.allowDHCP"), true);
+//    MacOSFirewall::setAnchorEnabled(QStringLiteral("290.allowDHCP"), true);
     MacOSFirewall::setAnchorEnabled(QStringLiteral("300.allowLAN"), true);
 
     QStringList dnsServers;