OpenVPN3 pluggable transport cloak for ios (#227)

OpenVPN3 pluggable transport cloak for ios

.github/workflows/deploy.yml

@@ -9,7 +9,7 @@ jobs:
     runs-on: ubuntu-latest
 
     env:
-      QT_VERSION: 6.4.1
+      QT_VERSION: 6.5.0
       QIF_VERSION: 4.5
 
     steps:
@@ -63,7 +63,7 @@ jobs:
     runs-on: windows-latest
 
     env:
-      QT_VERSION: 6.4.1
+      QT_VERSION: 6.5.0
       QIF_VERSION: 4.5
       BUILD_ARCH: 64
 
@@ -124,8 +124,7 @@ jobs:
     runs-on: macos-latest
 
     env:
-      QT_VERSION: 6.4.1
-      QIF_VERSION: 4.4
+      QT_VERSION: 6.5.0
 
     steps:
     - name: 'Setup xcode'
@@ -139,18 +138,18 @@ jobs:
         version: ${{ env.QT_VERSION }}
         host: 'mac'
         target: 'desktop'
+        modules: 'qtremoteobjects qt5compat qtshadertools qtmultimedia'
         arch: 'clang_64'
-        modules: 'qtremoteobjects qt5compat qtshadertools'
         dir: ${{ runner.temp }}
         set-env: 'true'
 
-    - name: 'Install ios Qt'
+    - name: 'Install iOS Qt'
       uses: jurplel/install-qt-action@v3
       with:
         version: ${{ env.QT_VERSION }}
         host: 'mac'
         target: 'ios'
-        modules: 'qtremoteobjects qt5compat qtshadertools'
+        modules: 'qtremoteobjects qt5compat qtshadertools qtmultimedia'
         dir: ${{ runner.temp }}
         setup-python: 'true'
         set-env: 'true'
@@ -200,7 +199,7 @@ jobs:
     runs-on: macos-latest
 
     env:
-      QT_VERSION: 6.4.1
+      QT_VERSION: 6.5.0
       QIF_VERSION: 4.5
 
     steps:
@@ -263,8 +262,7 @@ jobs:
         arch: ['android_x86_64', 'android_x86'] #, 'android_armv7', 'android_arm64_v8a']
 
     env:
-      QT_VERSION: 6.4.1
-      QIF_VERSION: 4.5
+      QT_VERSION: 6.5.0
 
     steps:
     - name: 'Install desktop Qt'
@@ -293,6 +291,11 @@ jobs:
         set-env: 'true'
         extra: '--external 7z'
 
+    - name: 'Install GO'
+      uses: actions/setup-go@v2
+      with:
+        go-version: 1.17
+
     - name: 'Get sources'
       uses: actions/checkout@v3
       with:

.gitignore

@@ -129,4 +129,4 @@ captures/
 client/3rd/ShadowSocks/ss_ios.xcconfig
 
 # UML generated pics
-out/
+out/

.gitmodules

@@ -1,6 +1,3 @@
-[submodule "3rd/QtSsh"]
-	path = 3rd/QtSsh
-	url = https://github.com/amnezia-vpn/QtSsh.git
 [submodule "client/3rd/wireguard-tools"]
 	path = client/3rd/wireguard-tools
 	url = https://github.com/WireGuard/wireguard-tools/
@@ -9,7 +6,7 @@
 	url = https://github.com/WireGuard/wireguard-apple
 [submodule "client/3rd/OpenVPNAdapter"]
 	path = client/3rd/OpenVPNAdapter
-	url = https://github.com/ss-abramchuk/OpenVPNAdapter.git
+	url = https://github.com/amnezia-vpn/OpenVPNAdapter.git
 [submodule "client/3rd/ShadowPath"]
 	path = client/3rd/ShadowPath
 	url = https://github.com/qman9501/ShadowPath
@@ -31,12 +28,33 @@
 [submodule "client/3rd/zlib"]
 	path = client/3rd/zlib
 	url = https://github.com/madler/zlib.git
-[submodule "deploy/amnezia-ios-certificates"]
-	path = deploy/amnezia-ios-certificates
-	url = https://github.com/amnezia-vpn/amnezia-ios-certificates.git
 [submodule "client/3rd/SortFilterProxyModel"]
 	path = client/3rd/SortFilterProxyModel
 	url = https://github.com/mitchcurtis/SortFilterProxyModel.git
+[submodule "client/android/cpp/openvpn3"]
+	path = client/android/cpp/openvpn3
+	url = https://github.com/amnezia-vpn/openvpn3.git
+[submodule "client/android/cpp/asio"]
+	path = client/android/cpp/asio
+	url = https://github.com/chriskohlhoff/asio
+[submodule "client/android/cpp/lz4"]
+	path = client/android/cpp/lz4
+	url = https://github.com/lz4/lz4.git
+[submodule "client/android/cpp/mbedtls"]
+	path = client/android/cpp/mbedtls
+	url = https://github.com/ARMmbed/mbedtls.git
+[submodule "client/android/cpp/openvpn"]
+	path = client/android/cpp/openvpn
+	url = https://github.com/schwabe/openvpn.git
+[submodule "client/android/cpp/openssl"]
+	path = client/android/cpp/openssl
+	url = https://github.com/schwabe/platform_external_openssl.git
+[submodule "client/android/cpp/cloak"]
+	path = client/android/cpp/cloak
+	url = https://github.com/amnezia-vpn/Cloak
+[submodule "client/android/cpp/lzo"]
+	path = client/android/cpp/lzo
+	url = https://github.com/amnezia-vpn/lzo.git
 [submodule "client/3rd/mbedtls"]
 	path = client/3rd/mbedtls
 	url = https://github.com/Mbed-TLS/mbedtls.git

AmneziaVPN.pro

@@ -1,6 +0,0 @@
-TEMPLATE = subdirs
-SUBDIRS = client
-
-!ios:!android {
-   SUBDIRS += service
-}

CMakeLists.txt

@@ -1,7 +1,13 @@
 cmake_minimum_required(VERSION 3.25.0 FATAL_ERROR)
 
 set(PROJECT AmneziaVPN)
-project(${PROJECT})
+
+project(${PROJECT} VERSION 3.0.7.2
+        DESCRIPTION "AmneziaVPN"
+        HOMEPAGE_URL "https://amnezia.org/"
+)
+set(RELEASE_DATE "2023-05-15")
+set(APP_MAJOR_VERSION ${CMAKE_PROJECT_VERSION_MAJOR}.${CMAKE_PROJECT_VERSION_MINOR}.${CMAKE_PROJECT_VERSION_PATCH})
 
 if(ANDROID)
     set(QT_ANDROID_BUILD_ALL_ABIS ON)
@@ -15,4 +21,6 @@ add_subdirectory(client)
 
 if(NOT IOS AND NOT ANDROID)
     add_subdirectory(service)
+
+    include(${CMAKE_SOURCE_DIR}/deploy/installer/config.cmake)
 endif()

README.md

@@ -7,10 +7,9 @@ Amnezia is a VPN client with the key feature of deploying your own VPN server on
 
 ## Features
 - Very easy to use - enter your ip address, ssh login and password, and Amnezia client will automatically install VPN docker containers to your server and connect to VPN.
-- OpenVPN and OpenVPN over ShadowSocks protocols support. 
-- Custom VPN routing mode support - add any sites to client to enable VPN only for them.
-- Windows and MacOS support.
-- Unsecure sharing connection profile for family use.
+- OpenVPN, ShadowSocks, WireGuard, IKEv2 protocols support.
+- Split tunneling support - add any sites to client to enable VPN only for them (only for desktops)
+- Windows, MacOS, Linux, Android, iOS releases.
 
 ## Tech
 
@@ -20,7 +19,7 @@ AmneziaVPN uses a number of open source projects to work:
 - [OpenVPN](https://openvpn.net/)
 - [ShadowSocks](https://shadowsocks.org/)
 - [Qt](https://www.qt.io/)
-- [QtSsh](https://github.com/jaredtao/QtSsh) - forked form Qt Creator
+- [LibSsh](https://libssh.org) - forked form Qt Creator
 - and more...
 
 ## Checking out the source code
@@ -36,39 +35,35 @@ git submodule update --init
 Want to contribute? Welcome!
 
 ### Building sources and deployment
-Easiest way to build your own executables - is to fork project and configure [Travis CI](https://travis-ci.com/)  
-Or you can build sources manually using Qt Creator. Qt >= 14.2 supported.  
-Look to the `build_macos.sh` and `build_windows.bat` scripts in `deploy` folder for details.
+Look deploy folder for build scripts. 
 
 ### How to build iOS app from source code on MacOS
 
-1. First, make sure you have [XCode](https://developer.apple.com/xcode/) installed, 
-at least version 12 or higher.
+1. First, make sure you have [XCode](https://developer.apple.com/xcode/) installed, at least version 14 or higher.
 
-2. We use `qmake` to generate the XCode project and then we "patch" it to add
-extra components such as the wireguard, the browser bridge and so on. We patch
-the XCode project using [xcodeproj](https://github.com/CocoaPods/Xcodeproj). To
-install it:
-```bash
-gem install xcodeproj # probably you want to run this command with `sudo`
-```
-3. You also need to install go >= v1.16. If you don't have it done already,
+2. We use QT to generate the XCode project. we need QT version 6.4. Install QT for macos in [here](https://doc.qt.io/qt-6/macos.html)
+
+3. Install cmake is require. We recommend cmake version 3.25. You can install cmake in [here](https://cmake.org/download/)
+
+4. You also need to install go >= v1.16. If you don't have it done already,
 download go from the [official website](https://golang.org/dl/) or use Homebrew. 
-Latest version is recommended.
-
-4. Navigate inside client folder and generate the XCode project using our script:
+Latest version is recommended. Install gomobile
 ```bash
-cd client
-./scripts/apple_compile.sh ios
+export PATH=$PATH:~/go/bin
+go install golang.org/x/mobile/cmd/gomobile@latest
+gomobile init
 ```
 
-If you have more than one version of Qt installed, you'll most likely get
-a "`qmake` cannot be found in your `$PATH`" error. In this case run this script 
-using QT\IOS\_BIN env to set the path for the Qt5 macos build bin folder.
-For example, the path could look like this:
+5. Build project
 ```bash
-QT_IOS_BIN="/Users/username/Qt/6.4.1/ios/bin" ./scripts/apple_compile.sh ios
+export QT_BIN_DIR="<PATH-TO-QT-FOLDER>/Qt/<QT-VERSION>/ios/bin"
+export QT_IOS_BIN=$QT_BIN_DIR
+export PATH=$PATH:~/go/bin
+mkdir build-ios
+$QT_IOS_BIN/qt-cmake . -B build-ios -GXcode -DQT_HOST_PATH=$QT_BIN_DIR
 ```
+Replace PATH-TO-QT-FOLDER and QT-VERSION to your environment
+
 
 If you get `gomobile: command not found` make sure to set PATH to the location 
 of the bin folder where gomobile was installed. Usually, it's in `GOPATH`.
@@ -76,7 +71,7 @@ of the bin folder where gomobile was installed. Usually, it's in `GOPATH`.
 export PATH=$(PATH):/path/to/GOPATH/bin
 ```
 
-5. Xcode should automatically open. You can then run/test/archive/ship the app.
+5. Open XCode project. You can then run/test/archive/ship the app.
 
 If build fails with the following error
 ```
@@ -87,7 +82,7 @@ Error 1
 Add a user defined variable to both AmneziaVPN and WireGuardNetworkExtension targets' build settings with
 key `PATH` and value `${PATH}/path/to/bin/folder/with/go/executable`, e.g. `${PATH}:/usr/local/go/bin`.
 
-if above error still persists on you M1 Mac, then most proably you need to install arch based cmake 
+if above error still persists on you M1 Mac, then most probably you need to install arch based cmake 
 ```
 arch -arm64 brew install cmake
 ```
@@ -112,15 +107,15 @@ In case you get errors regarding missing SDK or 'sdkmanager not running', you ca
 
 Double check that the right cmake version is configured:  Click on `QT Creator` -> `Preferences` and click on the side menu on `Kits`. Under the center content view's `Kits` tab you'll find an entry `CMake Tool`. If the default selected CMake version is lower than 3.25.0, install on your system CMake >= 3.25.0 and choose `System CMake at <path>` from the drop down list. If this entry is missing, you either have not installed CMake yet or QT Creator hasn't found the path to it. In that case click in the preferences window on the side menu item `CMake`, then on the tab `Tools`in the center content view and finally on the Button `Add` to set the path to your installed CMake. 
 
-Please make sure that you have selected Android Platform SDK 33 for your project: click in the main view's side menu on on `Projects`, on the left you'll see a section `Build & Run` showing different Android build targets. You can select any of them, Amnezia VPN's project setup is designed in a way that always all Android targets will be build. Click on the targets submenu item `Build` and scroll in the center content view to `Build Steps`. Click on `Details` at the end of the headline `Build Android APK` (The `Details` button might be hidden in case QT Creator Window is not running in full screen!). Here we are: choose `android-33` as `Android Build platfrom SDK`.
+Please make sure that you have selected Android Platform SDK 33 for your project: click in the main view's side menu on on `Projects`, on the left you'll see a section `Build & Run` showing different Android build targets. You can select any of them, Amnezia VPN's project setup is designed in a way that always all Android targets will be build. Click on the targets submenu item `Build` and scroll in the center content view to `Build Steps`. Click on `Details` at the end of the headline `Build Android APK` (The `Details` button might be hidden in case QT Creator Window is not running in full screen!). Here we are: choose `android-33` as `Android Build platform SDK`.
 
 That's it you should be ready to compile the project from QT Creator!
 
 ### Development flow
 After you've hit the build button, QT-Creator copies the whole project to a folder in the repositories parent directory. The folder should look something like `build-amnezia-client-Android_Qt_<version>_Clang_<architecture>-<BuildType>`.
-If you want to develop Amnezia VPNs Android components written in Kotlin, such as components using system APIs, you need to import the generated project in Android Studio with `build-amnezia-client-Android_Qt_<version>_Clang_<architecture>-<BuildType>/client/android-build` as the projects root directory. While you should be able to compile the generated project from Android Studio, you cannot work directly in the repository's Android project. So whenever you are confident with your work in the generated proejct, you'll need to copy and paste the affected files to the corresponding path in the repositories Android project so that you can add and commit your changes!
+If you want to develop Amnezia VPNs Android components written in Kotlin, such as components using system APIs, you need to import the generated project in Android Studio with `build-amnezia-client-Android_Qt_<version>_Clang_<architecture>-<BuildType>/client/android-build` as the projects root directory. While you should be able to compile the generated project from Android Studio, you cannot work directly in the repository's Android project. So whenever you are confident with your work in the generated project, you'll need to copy and paste the affected files to the corresponding path in the repositories Android project so that you can add and commit your changes!
 
-You may face compiling issues in QT Creator after you've worked in Android Studio on the generated project. Just do a `./gradlew clean` in the geneated project's root directory (`<path>/client/android-build/.`) and you should be good to continue.
+You may face compiling issues in QT Creator after you've worked in Android Studio on the generated project. Just do a `./gradlew clean` in the generated project's root directory (`<path>/client/android-build/.`) and you should be good to continue.
 
 ## License
 GPL v.3

client/AmneziaVPN-Swift.h

@@ -1,249 +0,0 @@
-#ifndef AmneziaVPN_Swift_h
-#define AmneziaVPN_Swift_h
-#pragma clang diagnostic push
-#pragma clang diagnostic ignored "-Wgcc-compat"
-
-#if !defined(__has_include)
-# define __has_include(x) 0
-#endif
-#if !defined(__has_attribute)
-# define __has_attribute(x) 0
-#endif
-#if !defined(__has_feature)
-# define __has_feature(x) 0
-#endif
-#if !defined(__has_warning)
-# define __has_warning(x) 0
-#endif
-
-#if __has_include(<swift/objc-prologue.h>)
-# include <swift/objc-prologue.h>
-#endif
-
-#pragma clang diagnostic ignored "-Wauto-import"
-#include <Foundation/Foundation.h>
-#include <stdint.h>
-#include <stddef.h>
-#include <stdbool.h>
-
-#if !defined(SWIFT_TYPEDEFS)
-# define SWIFT_TYPEDEFS 1
-# if __has_include(<uchar.h>)
-#  include <uchar.h>
-# elif !defined(__cplusplus)
-typedef uint_least16_t char16_t;
-typedef uint_least32_t char32_t;
-# endif
-typedef float swift_float2  __attribute__((__ext_vector_type__(2)));
-typedef float swift_float3  __attribute__((__ext_vector_type__(3)));
-typedef float swift_float4  __attribute__((__ext_vector_type__(4)));
-typedef double swift_double2  __attribute__((__ext_vector_type__(2)));
-typedef double swift_double3  __attribute__((__ext_vector_type__(3)));
-typedef double swift_double4  __attribute__((__ext_vector_type__(4)));
-typedef int swift_int2  __attribute__((__ext_vector_type__(2)));
-typedef int swift_int3  __attribute__((__ext_vector_type__(3)));
-typedef int swift_int4  __attribute__((__ext_vector_type__(4)));
-typedef unsigned int swift_uint2  __attribute__((__ext_vector_type__(2)));
-typedef unsigned int swift_uint3  __attribute__((__ext_vector_type__(3)));
-typedef unsigned int swift_uint4  __attribute__((__ext_vector_type__(4)));
-#endif
-
-#if !defined(SWIFT_PASTE)
-# define SWIFT_PASTE_HELPER(x, y) x##y
-# define SWIFT_PASTE(x, y) SWIFT_PASTE_HELPER(x, y)
-#endif
-#if !defined(SWIFT_METATYPE)
-# define SWIFT_METATYPE(X) Class
-#endif
-#if !defined(SWIFT_CLASS_PROPERTY)
-# if __has_feature(objc_class_property)
-#  define SWIFT_CLASS_PROPERTY(...) __VA_ARGS__
-# else
-#  define SWIFT_CLASS_PROPERTY(...)
-# endif
-#endif
-
-#if __has_attribute(objc_runtime_name)
-# define SWIFT_RUNTIME_NAME(X) __attribute__((objc_runtime_name(X)))
-#else
-# define SWIFT_RUNTIME_NAME(X)
-#endif
-#if __has_attribute(swift_name)
-# define SWIFT_COMPILE_NAME(X) __attribute__((swift_name(X)))
-#else
-# define SWIFT_COMPILE_NAME(X)
-#endif
-#if __has_attribute(objc_method_family)
-# define SWIFT_METHOD_FAMILY(X) __attribute__((objc_method_family(X)))
-#else
-# define SWIFT_METHOD_FAMILY(X)
-#endif
-#if __has_attribute(noescape)
-# define SWIFT_NOESCAPE __attribute__((noescape))
-#else
-# define SWIFT_NOESCAPE
-#endif
-#if __has_attribute(ns_consumed)
-# define SWIFT_RELEASES_ARGUMENT __attribute__((ns_consumed))
-#else
-# define SWIFT_RELEASES_ARGUMENT
-#endif
-#if __has_attribute(warn_unused_result)
-# define SWIFT_WARN_UNUSED_RESULT __attribute__((warn_unused_result))
-#else
-# define SWIFT_WARN_UNUSED_RESULT
-#endif
-#if __has_attribute(noreturn)
-# define SWIFT_NORETURN __attribute__((noreturn))
-#else
-# define SWIFT_NORETURN
-#endif
-#if !defined(SWIFT_CLASS_EXTRA)
-# define SWIFT_CLASS_EXTRA
-#endif
-#if !defined(SWIFT_PROTOCOL_EXTRA)
-# define SWIFT_PROTOCOL_EXTRA
-#endif
-#if !defined(SWIFT_ENUM_EXTRA)
-# define SWIFT_ENUM_EXTRA
-#endif
-#if !defined(SWIFT_CLASS)
-# if __has_attribute(objc_subclassing_restricted)
-#  define SWIFT_CLASS(SWIFT_NAME) SWIFT_RUNTIME_NAME(SWIFT_NAME) __attribute__((objc_subclassing_restricted)) SWIFT_CLASS_EXTRA
-#  define SWIFT_CLASS_NAMED(SWIFT_NAME) __attribute__((objc_subclassing_restricted)) SWIFT_COMPILE_NAME(SWIFT_NAME) SWIFT_CLASS_EXTRA
-# else
-#  define SWIFT_CLASS(SWIFT_NAME) SWIFT_RUNTIME_NAME(SWIFT_NAME) SWIFT_CLASS_EXTRA
-#  define SWIFT_CLASS_NAMED(SWIFT_NAME) SWIFT_COMPILE_NAME(SWIFT_NAME) SWIFT_CLASS_EXTRA
-# endif
-#endif
-#if !defined(SWIFT_RESILIENT_CLASS)
-# if __has_attribute(objc_class_stub)
-#  define SWIFT_RESILIENT_CLASS(SWIFT_NAME) SWIFT_CLASS(SWIFT_NAME) __attribute__((objc_class_stub))
-#  define SWIFT_RESILIENT_CLASS_NAMED(SWIFT_NAME) __attribute__((objc_class_stub)) SWIFT_CLASS_NAMED(SWIFT_NAME)
-# else
-#  define SWIFT_RESILIENT_CLASS(SWIFT_NAME) SWIFT_CLASS(SWIFT_NAME)
-#  define SWIFT_RESILIENT_CLASS_NAMED(SWIFT_NAME) SWIFT_CLASS_NAMED(SWIFT_NAME)
-# endif
-#endif
-
-#if !defined(SWIFT_PROTOCOL)
-# define SWIFT_PROTOCOL(SWIFT_NAME) SWIFT_RUNTIME_NAME(SWIFT_NAME) SWIFT_PROTOCOL_EXTRA
-# define SWIFT_PROTOCOL_NAMED(SWIFT_NAME) SWIFT_COMPILE_NAME(SWIFT_NAME) SWIFT_PROTOCOL_EXTRA
-#endif
-
-#if !defined(SWIFT_EXTENSION)
-# define SWIFT_EXTENSION(M) SWIFT_PASTE(M##_Swift_, __LINE__)
-#endif
-
-#if !defined(OBJC_DESIGNATED_INITIALIZER)
-# if __has_attribute(objc_designated_initializer)
-#  define OBJC_DESIGNATED_INITIALIZER __attribute__((objc_designated_initializer))
-# else
-#  define OBJC_DESIGNATED_INITIALIZER
-# endif
-#endif
-#if !defined(SWIFT_ENUM_ATTR)
-# if defined(__has_attribute) && __has_attribute(enum_extensibility)
-#  define SWIFT_ENUM_ATTR(_extensibility) __attribute__((enum_extensibility(_extensibility)))
-# else
-#  define SWIFT_ENUM_ATTR(_extensibility)
-# endif
-#endif
-#if !defined(SWIFT_ENUM)
-# define SWIFT_ENUM(_type, _name, _extensibility) enum _name : _type _name; enum SWIFT_ENUM_ATTR(_extensibility) SWIFT_ENUM_EXTRA _name : _type
-# if __has_feature(generalized_swift_name)
-#  define SWIFT_ENUM_NAMED(_type, _name, SWIFT_NAME, _extensibility) enum _name : _type _name SWIFT_COMPILE_NAME(SWIFT_NAME); enum SWIFT_COMPILE_NAME(SWIFT_NAME) SWIFT_ENUM_ATTR(_extensibility) SWIFT_ENUM_EXTRA _name : _type
-# else
-#  define SWIFT_ENUM_NAMED(_type, _name, SWIFT_NAME, _extensibility) SWIFT_ENUM(_type, _name, _extensibility)
-# endif
-#endif
-#if !defined(SWIFT_UNAVAILABLE)
-# define SWIFT_UNAVAILABLE __attribute__((unavailable))
-#endif
-#if !defined(SWIFT_UNAVAILABLE_MSG)
-# define SWIFT_UNAVAILABLE_MSG(msg) __attribute__((unavailable(msg)))
-#endif
-#if !defined(SWIFT_AVAILABILITY)
-# define SWIFT_AVAILABILITY(plat, ...) __attribute__((availability(plat, __VA_ARGS__)))
-#endif
-#if !defined(SWIFT_WEAK_IMPORT)
-# define SWIFT_WEAK_IMPORT __attribute__((weak_import))
-#endif
-#if !defined(SWIFT_DEPRECATED)
-# define SWIFT_DEPRECATED __attribute__((deprecated))
-#endif
-#if !defined(SWIFT_DEPRECATED_MSG)
-# define SWIFT_DEPRECATED_MSG(...) __attribute__((deprecated(__VA_ARGS__)))
-#endif
-#if __has_feature(attribute_diagnose_if_objc)
-# define SWIFT_DEPRECATED_OBJC(Msg) __attribute__((diagnose_if(1, Msg, "warning")))
-#else
-# define SWIFT_DEPRECATED_OBJC(Msg) SWIFT_DEPRECATED_MSG(Msg)
-#endif
-#if !defined(IBSegueAction)
-# define IBSegueAction
-#endif
-#if __has_feature(modules)
-#if __has_warning("-Watimport-in-framework-header")
-#pragma clang diagnostic ignored "-Watimport-in-framework-header"
-#endif
-@import Foundation;
-@import ObjectiveC;
-#endif
-
-#pragma clang diagnostic ignored "-Wproperty-attribute-mismatch"
-#pragma clang diagnostic ignored "-Wduplicate-method-arg"
-#if __has_warning("-Wpragma-clang-attribute")
-# pragma clang diagnostic ignored "-Wpragma-clang-attribute"
-#endif
-#pragma clang diagnostic ignored "-Wunknown-pragmas"
-#pragma clang diagnostic ignored "-Wnullability"
-
-#if __has_attribute(external_source_symbol)
-# pragma push_macro("any")
-# undef any
-# pragma clang attribute push(__attribute__((external_source_symbol(language="Swift", defined_in="AmneziaVPN",generated_declaration))), apply_to=any(function,enum,objc_interface,objc_category,objc_protocol))
-# pragma pop_macro("any")
-#endif
-
-
-@class NSString;
-@class NSData;
-enum ConnectionState : NSInteger;
-@class NSDate;
-@class NSNumber;
-@class VPNIPAddressRange;
-
-SWIFT_CLASS("_TtC10AmneziaVPN18IOSVpnProtocolImpl")
-@interface IOSVpnProtocolImpl : NSObject
-- (nonnull instancetype)initWithBundleID:(NSString * _Nonnull)bundleID privateKey:(NSData * _Nonnull)privateKey deviceIpv4Address:(NSString * _Nonnull)deviceIpv4Address deviceIpv6Address:(NSString * _Nonnull)deviceIpv6Address closure:(void (^ _Nonnull)(enum ConnectionState, NSDate * _Nullable))closure callback:(void (^ _Nonnull)(BOOL))callback OBJC_DESIGNATED_INITIALIZER;
-- (nonnull instancetype)initWithBundleID:(NSString * _Nonnull)bundleID config:(NSString * _Nonnull)config closure:(void (^ _Nonnull)(enum ConnectionState, NSDate * _Nullable))closure callback:(void (^ _Nonnull)(BOOL))callback;
-- (nonnull instancetype)initWithBundleID:(NSString * _Nonnull)bundleID tunnelConfig:(NSString * _Nonnull)tunnelConfig ssConfig:(NSString * _Nonnull)ssConfig closure:(void (^ _Nonnull)(enum ConnectionState, NSDate * _Nullable))closure callback:(void (^ _Nonnull)(BOOL))callback;
-- (void)connectWithDnsServer:(NSString * _Nonnull)dnsServer serverIpv6Gateway:(NSString * _Nonnull)serverIpv6Gateway serverPublicKey:(NSString * _Nonnull)serverPublicKey presharedKey:(NSString * _Nonnull)presharedKey serverIpv4AddrIn:(NSString * _Nonnull)serverIpv4AddrIn serverPort:(NSInteger)serverPort allowedIPAddressRanges:(NSArray<VPNIPAddressRange *> * _Nonnull)allowedIPAddressRanges ipv6Enabled:(Boolean)enabled reason:(NSInteger)reason failureCallback:(void (^ _Nonnull)(void))failureCallback;
-- (void)connectWithOvpnConfig:(NSString * _Nonnull)ovpnConfig failureCallback:(void (^ _Nonnull)(void))failureCallback;
-- (void)connectWithSsConfig:(NSString * _Nonnull)ssConfig ovpnConfig:(NSString * _Nonnull)ovpnConfig failureCallback:(void (^ _Nonnull)(void))failureCallback;
-- (void)disconnect;
-- (void)checkStatusWithCallback:(void (^ _Nonnull)(NSString * _Nonnull, NSString * _Nonnull, NSString * _Nonnull))callback;
-- (nonnull instancetype)init SWIFT_UNAVAILABLE;
-+ (nonnull instancetype)new SWIFT_UNAVAILABLE_MSG("-init is unavailable");
-@end
-
-typedef SWIFT_ENUM(NSInteger, ConnectionState, closed) {
-  ConnectionStateError = 0,
-  ConnectionStateConnected = 1,
-  ConnectionStateDisconnected = 2,
-};
-
-SWIFT_CLASS("_TtC10AmneziaVPN17VPNIPAddressRange")
-@interface VPNIPAddressRange : NSObject
-- (nonnull instancetype)initWithAddress:(NSString * _Nonnull)address networkPrefixLength:(uint8_t)networkPrefixLength isIpv6:(BOOL)isIpv6 OBJC_DESIGNATED_INITIALIZER;
-- (nonnull instancetype)init SWIFT_UNAVAILABLE;
-+ (nonnull instancetype)new SWIFT_UNAVAILABLE_MSG("-init is unavailable");
-@end
-
-#if __has_attribute(external_source_symbol)
-# pragma clang attribute pop
-#endif
-#pragma clang diagnostic pop
-#endif /* AmneziaVPN_Swift_h */
-

client/AmneziaVPN.entitlements

@@ -1,14 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
-<plist version="1.0">
-<dict>
-	<key>com.apple.security.application-groups</key>
-	<array>
-		<string>group.org.amnezia.AmneziaVPN</string>
-	</array>
-	<key>keychain-access-groups</key>
-	<array>
-		<string>$(AppIdentifierPrefix)group.org.amnezia.AmneziaVPN</string>
-	</array>
-</dict>
-</plist>

client/CMakeLists.txt

@@ -1,14 +1,11 @@
 cmake_minimum_required(VERSION 3.25.0 FATAL_ERROR)
 
 set(PROJECT AmneziaVPN)
-project(${PROJECT} VERSION 2.1.2)
-set(BUILD_ID 1)
-SET(QT_BUILD_TOOLS_WHEN_CROSS_COMPILING ON)
+project(${PROJECT})
+
+set(QT_BUILD_TOOLS_WHEN_CROSS_COMPILING ON)
 set(CMAKE_CXX_STANDARD 17)
 set(CMAKE_CXX_STANDARD_REQUIRED ON)
-if(${CMAKE_VERSION} VERSION_GREATER_EQUAL 3.17)
-    cmake_policy(SET CMP0099 OLD)
-endif()
 
 if(ANDROID)
     # For a some reason cmake do not applying GNU_SOURCE/BSD_SOURCE flags on Android platform.
@@ -16,34 +13,43 @@ if(ANDROID)
     add_definitions(-D_BSD_SOURCE)
 endif()
 
-if(CMAKE_XCODE_BUILD_SYSTEM VERSION_GREATER_EQUAL 12)
-  cmake_policy(SET CMP0114 NEW)
-endif()
-
-set(CMAKE_AUTOMOC ON)
-set(CMAKE_AUTORCC ON)
-set(CMAKE_AUTOUIC ON)
 set_property(GLOBAL PROPERTY USE_FOLDERS ON)
 set_property(GLOBAL PROPERTY AUTOGEN_TARGETS_FOLDER "Autogen")
 set_property(GLOBAL PROPERTY AUTOMOC_TARGETS_FOLDER "Autogen")
 set_property(GLOBAL PROPERTY PREDEFINED_TARGETS_FOLDER "Autogen")
 
-find_package(Qt6 REQUIRED COMPONENTS 
-    Widgets Core Gui Network Xml 
-    RemoteObjects Quick Svg QuickControls2 
-    Core5Compat Concurrent
+set(PACKAGES
+	Widgets Core Gui Network Xml
+	RemoteObjects Quick Svg QuickControls2
+	Core5Compat Concurrent
 )
+if(IOS)
+	set(PACKAGES
+		${PACKAGES}
+		Multimedia
+	)
+endif()
+
+find_package(Qt6 REQUIRED COMPONENTS ${PACKAGES})
+
 set(LIBS ${LIBS} 
     Qt6::Widgets Qt6::Core Qt6::Gui
     Qt6::Network Qt6::Xml Qt6::RemoteObjects
     Qt6::Quick Qt6::Svg Qt6::QuickControls2
     Qt6::Core5Compat Qt6::Concurrent
 )
+if(IOS)
+	set(LIBS
+		${LIBS}
+		Qt6::Multimedia
+	)
+endif()
 
 qt_standard_project_setup()
 
 if(IOS)
-    execute_process(COMMAND bash ${CMAKE_CURRENT_LIST_DIR}/scripts/openvpn.sh args
+    #execute_process(COMMAND bash ${CMAKE_CURRENT_LIST_DIR}/scripts/run-build-cloak.sh)
+    execute_process(COMMAND bash ${CMAKE_CURRENT_LIST_DIR}/ios/scripts/openvpn.sh args
         WORKING_DIRECTORY ${CMAKE_CURRENT_LIST_DIR})
 endif()
 
@@ -64,6 +70,8 @@ include_directories(
     ${CMAKE_CURRENT_BINARY_DIR}
 )
 
+configure_file(${CMAKE_CURRENT_LIST_DIR}/../version.h.in ${CMAKE_CURRENT_BINARY_DIR}/version.h)
+
 set(HEADERS ${HEADERS}
     ${CMAKE_CURRENT_LIST_DIR}/migrations.h
     ${CMAKE_CURRENT_LIST_DIR}/../ipc/ipc.h
@@ -82,6 +90,7 @@ set(HEADERS ${HEADERS}
     ${CMAKE_CURRENT_LIST_DIR}/ui/uilogic.h
     ${CMAKE_CURRENT_LIST_DIR}/ui/qautostart.h
     ${CMAKE_CURRENT_LIST_DIR}/protocols/vpnprotocol.h
+    ${CMAKE_CURRENT_BINARY_DIR}/version.h
     ${CMAKE_CURRENT_LIST_DIR}/core/sshclient.h
 )
 
@@ -146,6 +155,11 @@ qt6_add_resources(QRC ${QRC} ${CMAKE_CURRENT_LIST_DIR}/resources.qrc)
 if(WIN32)
     add_compile_definitions(MVPN_WINDOWS)
 
+    configure_file(
+        ${CMAKE_CURRENT_LIST_DIR}/platforms/windows/amneziavpn.rc.in 
+        ${CMAKE_CURRENT_BINARY_DIR}/amneziavpn.rc
+    )
+
     set(HEADERS ${HEADERS}
         ${CMAKE_CURRENT_LIST_DIR}/protocols/ikev2_vpn_protocol_windows.h
     )
@@ -155,7 +169,7 @@ if(WIN32)
     )
 
     set(RESOURCES ${RESOURCES}
-        ${CMAKE_CURRENT_LIST_DIR}/platforms/windows/amneziavpn.rc
+        ${CMAKE_CURRENT_BINARY_DIR}/amneziavpn.rc
     )
 
     set(LIBS ${LIBS}
@@ -171,6 +185,9 @@ if(WIN32)
 endif()
 
 if(APPLE)
+    cmake_policy(SET CMP0099 OLD)
+    cmake_policy(SET CMP0114 NEW)
+
     if(NOT BUILD_OSX_APP_IDENTIFIER)
         set(BUILD_OSX_APP_IDENTIFIER org.amnezia.AmneziaVPN CACHE STRING "OSX Application identifier")
     endif()
@@ -188,7 +205,6 @@ if(APPLE)
     set(CMAKE_XCODE_ATTRIBUTE_DEVELOPMENT_TEAM ${BUILD_VPN_DEVELOPMENT_TEAM})
     set(CMAKE_XCODE_ATTRIBUTE_GROUP_ID_IOS ${BUILD_IOS_GROUP_IDENTIFIER})
 
-   #set(CMAKE_RUNTIME_OUTPUT_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/../../build)
     if(NOT IOS)
         set(CMAKE_OSX_ARCHITECTURES "x86_64" CACHE INTERNAL "" FORCE)
 
@@ -196,7 +212,7 @@ if(APPLE)
         set(HEADERS ${HEADERS} ${CMAKE_CURRENT_LIST_DIR}/ui/macos_util.h)
         set(SOURCES ${SOURCES} ${CMAKE_CURRENT_LIST_DIR}/ui/macos_util.mm)
 
-        set(CMAKE_OSX_DEPLOYMENT_TARGET 13.0)
+        set(CMAKE_OSX_DEPLOYMENT_TARGET 10.15)
         add_compile_definitions(MVPN_MACOS)
         # ICON   = $$PWD/images/app.icns
 
@@ -207,7 +223,7 @@ if(APPLE)
         find_library(FW_APPKIT AppKit)
         find_library(FW_SECURITY Security)
 
-        set(LIBS ${LIBS} 
+        set(LIBS ${LIBS}
             ${FW_COCOA} ${FW_APPLICATIONSERVICES}
             ${FW_FOUNDATION} ${FW_APPKIT}
             ${FW_SECURITY} ${FW_CORESERVICES}
@@ -216,7 +232,6 @@ if(APPLE)
     endif()
 endif()
 
-
 if(LINUX AND NOT ANDROID)
     add_compile_definitions(MVPN_LINUX)
 
@@ -226,7 +241,7 @@ endif()
 if(WIN32 OR (APPLE AND NOT IOS) OR (LINUX AND NOT ANDROID))
     message("Client desktop build")
     add_compile_definitions(AMNEZIA_DESKTOP)
-    
+
     set(HEADERS ${HEADERS}
         ${CMAKE_CURRENT_LIST_DIR}/core/ipcclient.h
         ${CMAKE_CURRENT_LIST_DIR}/core/privileged_process.h
@@ -297,26 +312,24 @@ if(IOS)
     add_compile_definitions(MVPN_IOS)
 
     set(HEADERS ${HEADERS}
-        ${CMAKE_CURRENT_LIST_DIR}/protocols/ios_vpnprotocol.h 
-        ${CMAKE_CURRENT_LIST_DIR}/platforms/ios/iosnotificationhandler.h 
-        ${CMAKE_CURRENT_LIST_DIR}/platforms/ios/json.h 
-        ${CMAKE_CURRENT_LIST_DIR}/platforms/ios/bigint.h 
-        ${CMAKE_CURRENT_LIST_DIR}/platforms/ios/bigintipv6addr.h 
-        ${CMAKE_CURRENT_LIST_DIR}/platforms/ios/ipaddress.h 
-        ${CMAKE_CURRENT_LIST_DIR}/platforms/ios/ipaddressrange.h 
-        ${CMAKE_CURRENT_LIST_DIR}/platforms/ios/QtAppDelegate.h 
+        ${CMAKE_CURRENT_LIST_DIR}/protocols/ios_vpnprotocol.h
+        ${CMAKE_CURRENT_LIST_DIR}/platforms/ios/iosnotificationhandler.h
+        ${CMAKE_CURRENT_LIST_DIR}/platforms/ios/bigint.h
+        ${CMAKE_CURRENT_LIST_DIR}/platforms/ios/bigintipv6addr.h
+        ${CMAKE_CURRENT_LIST_DIR}/platforms/ios/ipaddress.h
+        ${CMAKE_CURRENT_LIST_DIR}/platforms/ios/ipaddressrange.h
+        ${CMAKE_CURRENT_LIST_DIR}/platforms/ios/QtAppDelegate.h
         ${CMAKE_CURRENT_LIST_DIR}/platforms/ios/QtAppDelegate-C-Interface.h
     )
 
     set(SOURCES ${SOURCES}
-        ${CMAKE_CURRENT_LIST_DIR}/protocols/ios_vpnprotocol.mm 
-        ${CMAKE_CURRENT_LIST_DIR}/platforms/ios/iosnotificationhandler.mm 
-        ${CMAKE_CURRENT_LIST_DIR}/platforms/ios/json.cpp 
-        ${CMAKE_CURRENT_LIST_DIR}/platforms/ios/iosglue.mm 
-        ${CMAKE_CURRENT_LIST_DIR}/platforms/ios/ipaddress.cpp 
-        ${CMAKE_CURRENT_LIST_DIR}/platforms/ios/ipaddressrange.cpp 
-        ${CMAKE_CURRENT_LIST_DIR}/platforms/ios/QRCodeReaderBase.mm 
-        ${CMAKE_CURRENT_LIST_DIR}/platforms/ios/QtAppDelegate.mm 
+        ${CMAKE_CURRENT_LIST_DIR}/protocols/ios_vpnprotocol.mm
+        ${CMAKE_CURRENT_LIST_DIR}/platforms/ios/iosnotificationhandler.mm
+        ${CMAKE_CURRENT_LIST_DIR}/platforms/ios/iosglue.mm
+        ${CMAKE_CURRENT_LIST_DIR}/platforms/ios/ipaddress.cpp
+        ${CMAKE_CURRENT_LIST_DIR}/platforms/ios/ipaddressrange.cpp
+        ${CMAKE_CURRENT_LIST_DIR}/platforms/ios/QRCodeReaderBase.mm
+        ${CMAKE_CURRENT_LIST_DIR}/platforms/ios/QtAppDelegate.mm
         ${CMAKE_CURRENT_LIST_DIR}/platforms/ios/MobileUtils.mm
     )
 endif()
@@ -331,9 +344,7 @@ qt_add_translations(${PROJECT} TS_FILES
     ${CMAKE_CURRENT_LIST_DIR}/translations/amneziavpn_ru.ts)
 
 if(APPLE AND NOT IOS)
-    set_target_properties(AmneziaVPN PROPERTIES
-        MACOSX_BUNDLE TRUE
-    )
+    set_target_properties(${PROJECT} PROPERTIES MACOSX_BUNDLE TRUE)
 endif()
 
 if(IOS)
@@ -341,66 +352,66 @@ if(IOS)
     enable_language(OBJCXX)
     enable_language(Swift)
 
-    #disbale in cicd
     include(cmake/osxtools.cmake)
-    # set(CMAKE_XCODE_GENERATE_TOP_LEVEL_PROJECT_ONLY TRUE)
-
-    set_target_properties(${PROJECT} PROPERTIES XCODE_ATTRIBUTE_ENABLE_BITCODE "NO")
-    set_target_properties(${PROJECT} PROPERTIES XCODE_ATTRIBUTE_ASSETCATALOG_COMPILER_APPICON_NAME "AppIcon")
-
-    set_target_properties(${PROJECT} PROPERTIES XCODE_LINK_BUILD_PHASE_MODE KNOWN_LOCATION)
-    set(CMAKE_XCODE_ATTRIBUTE_LD_RUNPATH_SEARCH_PATHS "@executable_path/../../Frameworks")
-    set(CMAKE_XCODE_ATTRIBUTE_FRAMEWORK_SEARCH_PATHS ${CMAKE_CURRENT_LIST_DIR}/3rd/OpenVPNAdapter/build/Release-iphoneos)
-
-
-    #need to change for debug and relase
-    set_target_properties(${PROJECT} 
-        PROPERTIES XCODE_ATTRIBUTE_PRODUCT_BUNDLE_IDENTIFIER "org.amnezia.${PROJECT}"
-        XCODE_ATTRIBUTE_TARGETED_DEVICE_FAMILY "1"
-        XCODE_ATTRIBUTE_DEVELOPMENT_TEAM "X7UJ388FXK"
-        XCODE_ATTRIBUTE_CODE_SIGN_IDENTITY "Apple Distribution"
-        )
-
-    set_target_properties(${PROJECT}
-        PROPERTIES XCODE_ATTRIBUTE_PRODUCT_BUNDLE_IDENTIFIER "org.amnezia.${PROJECT}"
-        XCODE_ATTRIBUTE_TARGETED_DEVICE_FAMILY "1"
-        XCODE_ATTRIBUTE_DEVELOPMENT_TEAM "X7UJ388FXK"
-        XCODE_ATTRIBUTE_CODE_SIGN_IDENTITY[variant=Debug] "Apple Development"
-        )
 
     set(LIBS ${LIBS}
         ${CMAKE_CURRENT_LIST_DIR}/3rd/OpenSSL/lib/ios/iphone/libcrypto.a
         ${CMAKE_CURRENT_LIST_DIR}/3rd/OpenSSL/lib/ios/iphone/libssl.a
-        )
+    )
 
     target_include_directories(${PROJECT} PRIVATE ${Qt6Gui_PRIVATE_INCLUDE_DIRS})
 
+    set(APPLE_PROJECT_VERSION ${CMAKE_PROJECT_VERSION_MAJOR}.${CMAKE_PROJECT_VERSION_MINOR}.${CMAKE_PROJECT_VERSION_PATCH})
+
+    set_target_properties(${PROJECT} PROPERTIES
+        XCODE_LINK_BUILD_PHASE_MODE KNOWN_LOCATION
+
+        MACOSX_BUNDLE_INFO_PLIST ${CMAKE_CURRENT_LIST_DIR}/ios/app/Info.plist.in
+        MACOSX_BUNDLE_ICON_FILE "AppIcon"
+        MACOSX_BUNDLE_INFO_STRING "AmneziaVPN"
+        MACOSX_BUNDLE_BUNDLE_NAME "AmneziaVPN"
+        MACOSX_BUNDLE_GUI_IDENTIFIER "${BUILD_IOS_APP_IDENTIFIER}"
+        MACOSX_BUNDLE_BUNDLE_VERSION "${CMAKE_PROJECT_VERSION_TWEAK}"
+        MACOSX_BUNDLE_LONG_VERSION_STRING "${APPLE_PROJECT_VERSION}-${CMAKE_PROJECT_VERSION_TWEAK}"
+        MACOSX_BUNDLE_SHORT_VERSION_STRING "${APPLE_PROJECT_VERSION}"
+
+        XCODE_ATTRIBUTE_PRODUCT_BUNDLE_IDENTIFIER "${BUILD_IOS_APP_IDENTIFIER}"
+        XCODE_ATTRIBUTE_CODE_SIGN_ENTITLEMENTS "${CMAKE_CURRENT_LIST_DIR}/ios/app/main.entitlements"
+        XCODE_ATTRIBUTE_MARKETING_VERSION "${APPLE_PROJECT_VERSION}"
+        XCODE_ATTRIBUTE_CURRENT_PROJECT_VERSION "${CMAKE_PROJECT_VERSION_TWEAK}"
+        XCODE_ATTRIBUTE_PRODUCT_NAME "AmneziaVPN"
+        XCODE_ATTRIBUTE_BUNDLE_INFO_STRING "AmneziaVPN"
+
+        XCODE_GENERATE_SCHEME TRUE
+        XCODE_ATTRIBUTE_ENABLE_BITCODE "NO"
+        XCODE_ATTRIBUTE_ASSETCATALOG_COMPILER_APPICON_NAME "AppIcon"
+        XCODE_ATTRIBUTE_TARGETED_DEVICE_FAMILY "1,2"
+
+        XCODE_EMBED_FRAMEWORKS_CODE_SIGN_ON_COPY ON
+        XCODE_LINK_BUILD_PHASE_MODE KNOWN_LOCATION
+
+        XCODE_ATTRIBUTE_LD_RUNPATH_SEARCH_PATHS "@executable_path/Frameworks"
+
+        XCODE_EMBED_APP_EXTENSIONS networkextension
+
+        XCODE_ATTRIBUTE_CODE_SIGN_IDENTITY "Apple Distribution"
+        XCODE_ATTRIBUTE_CODE_SIGN_IDENTITY[variant=Debug] "Apple Development"
+
+        XCODE_ATTRIBUTE_CODE_SIGN_STYLE Manual
+        XCODE_ATTRIBUTE_PROVISIONING_PROFILE_SPECIFIER "match AppStore org.amnezia.AmneziaVPN"
+        XCODE_ATTRIBUTE_PROVISIONING_PROFILE_SPECIFIER[variant=Debug] "match Development org.amnezia.AmneziaVPN"
+    )
+
     set_target_properties(${PROJECT} PROPERTIES
         XCODE_ATTRIBUTE_SWIFT_VERSION "5.0"
         XCODE_ATTRIBUTE_CLANG_ENABLE_MODULES "YES"
         XCODE_ATTRIBUTE_SWIFT_OBJC_BRIDGING_HEADER "${CMAKE_CURRENT_LIST_DIR}/platforms/ios/WireGuard-Bridging-Header.h"
         XCODE_ATTRIBUTE_SWIFT_PRECOMPILE_BRIDGING_HEADER "NO"
-        XCODE_ATTRIBUTE_SWIFT_OPTIMIZATION_LEVEL "-Onone"
         XCODE_ATTRIBUTE_SWIFT_OBJC_INTERFACE_HEADER_NAME "AmneziaVPN-Swift.h"
     )
 
     set_target_properties(${PROJECT} PROPERTIES
-        OUTPUT_NAME "AmneziaVPN"
-        MACOSX_BUNDLE ON
-        MACOSX_BUNDLE_INFO_PLIST ${CMAKE_CURRENT_LIST_DIR}/ios/app/Info.plist.in
-        MACOSX_BUNDLE_BUNDLE_NAME "AmneziaVPN"
-        MACOSX_BUNDLE_BUNDLE_VERSION "${BUILD_ID}"
-        MACOSX_BUNDLE_COPYRIGHT "MPL-2.0"
-        MACOSX_BUNDLE_GUI_IDENTIFIER "${BUILD_IOS_APP_IDENTIFIER}"
-        MACOSX_BUNDLE_INFO_STRING "AmneziaVPN"
-        MACOSX_BUNDLE_LONG_VERSION_STRING "${CMAKE_PROJECT_VERSION}-${BUILD_ID}"
-        MACOSX_BUNDLE_SHORT_VERSION_STRING "${CMAKE_PROJECT_VERSION}"
-        XCODE_ATTRIBUTE_PRODUCT_BUNDLE_IDENTIFIER "${BUILD_IOS_APP_IDENTIFIER}"
-        XCODE_ATTRIBUTE_CODE_SIGN_ENTITLEMENTS "${CMAKE_CURRENT_LIST_DIR}/ios/app/main.entitlements"
-        XCODE_ATTRIBUTE_MARKETING_VERSION "${CMAKE_PROJECT_VERSION}"
-        XCODE_GENERATE_SCHEME TRUE
-        MACOSX_BUNDLE_ICON_FILE "AppIcon"
-
+        XCODE_ATTRIBUTE_DEVELOPMENT_TEAM "X7UJ388FXK"
     )
 
     target_include_directories(${PROJECT} PRIVATE ${CMAKE_CURRENT_LIST_DIR})
@@ -410,8 +421,10 @@ if(IOS)
         -DVPN_NE_BUNDLEID=\"${BUILD_IOS_APP_IDENTIFIER}.network-extension\"
     )
 
+    target_sources(${PROJECT} PRIVATE
+        ${CMAKE_CURRENT_LIST_DIR}/platforms/ios/iosvpnprotocol.swift
+        ${CMAKE_CURRENT_LIST_DIR}/platforms/ios/ioslogger.swift
 
-   target_sources(${PROJECT} PRIVATE
         ${CMAKE_CURRENT_LIST_DIR}/3rd/wireguard-apple/Sources/Shared/Keychain.swift
         ${CMAKE_CURRENT_LIST_DIR}/3rd/wireguard-apple/Sources/WireGuardKit/IPAddressRange.swift
         ${CMAKE_CURRENT_LIST_DIR}/3rd/wireguard-apple/Sources/WireGuardKit/InterfaceConfiguration.swift
@@ -428,75 +441,43 @@ if(IOS)
         ${CMAKE_CURRENT_LIST_DIR}/3rd/wireguard-apple/Sources/WireGuardKit/PrivateKey.swift
     )
 
-    target_sources(${PROJECT} PRIVATE
-        platforms/ios/iosvpnprotocol.swift
-        platforms/ios/ioslogger.swift
-    )
-
     target_sources(${PROJECT} PRIVATE
         ${CMAKE_CURRENT_LIST_DIR}/ios/app/launch.png
         ${CMAKE_CURRENT_LIST_DIR}/ios/app/AmneziaVPNLaunchScreen.storyboard
+        ${CMAKE_CURRENT_LIST_DIR}/ios/Media.xcassets
     )
     set_source_files_properties(
         ${CMAKE_CURRENT_LIST_DIR}/ios/app/launch.png
         ${CMAKE_CURRENT_LIST_DIR}/ios/app/AmneziaVPNLaunchScreen.storyboard
+        ${CMAKE_CURRENT_LIST_DIR}/ios/Media.xcassets
         PROPERTIES MACOSX_PACKAGE_LOCATION "Resources"
     )
 
-    target_sources(${PROJECT} PRIVATE
-        ${CMAKE_CURRENT_LIST_DIR}/ios/Media.xcassets
-    )
-    set_source_files_properties(
-        ${CMAKE_CURRENT_LIST_DIR}/ios/Media.xcassets
-        PROPERTIES MACOSX_PACKAGE_LOCATION "Resources"
-    )
 
     add_subdirectory(ios/networkextension)
     add_dependencies(${PROJECT} networkextension)
-    set_target_properties(${PROJECT} PROPERTIES XCODE_EMBED_APP_EXTENSIONS networkextension)
 
     set_property(TARGET ${PROJECT} PROPERTY XCODE_EMBED_FRAMEWORKS
         "${CMAKE_CURRENT_LIST_DIR}/3rd/OpenVPNAdapter/build/Release-iphoneos/OpenVPNAdapter.framework"
     )
-    set_target_properties(${PROJECT} PROPERTIES XCODE_EMBED_FRAMEWORKS_CODE_SIGN_ON_COPY ON)
-    set_target_properties(${PROJECT} PROPERTIES XCODE_LINK_BUILD_PHASE_MODE KNOWN_LOCATION)
 
+    set(CMAKE_XCODE_ATTRIBUTE_FRAMEWORK_SEARCH_PATHS ${CMAKE_CURRENT_LIST_DIR}/3rd/OpenVPNAdapter/build/Release-iphoneos)
+    target_link_libraries("networkextension" PRIVATE "${CMAKE_CURRENT_LIST_DIR}/3rd/OpenVPNAdapter/build/Release-iphoneos/OpenVPNAdapter.framework")
 
-    set_target_properties("networkextension"
-        PROPERTIES XCODE_ATTRIBUTE_PRODUCT_BUNDLE_IDENTIFIER "org.amnezia.${PROJECT}.network-extension"
-        XCODE_ATTRIBUTE_TARGETED_DEVICE_FAMILY "1"
-        XCODE_ATTRIBUTE_DEVELOPMENT_TEAM "X7UJ388FXK"
-        XCODE_ATTRIBUTE_CODE_SIGN_IDENTITY "Apple Distribution"
-        )
-
-    set_target_properties("networkextension"
-        PROPERTIES XCODE_ATTRIBUTE_PRODUCT_BUNDLE_IDENTIFIER "org.amnezia.${PROJECT}.network-extension"
-        XCODE_ATTRIBUTE_TARGETED_DEVICE_FAMILY "1"
-        XCODE_ATTRIBUTE_DEVELOPMENT_TEAM "X7UJ388FXK"
-        XCODE_ATTRIBUTE_CODE_SIGN_IDENTITY[variant=Debug] "Apple Development"
-        )
-
-    set_target_properties (${PROJECT} PROPERTIES XCODE_ATTRIBUTE_CODE_SIGN_STYLE Manual)
-    set_target_properties(${PROJECT} PROPERTIES XCODE_ATTRIBUTE_PROVISIONING_PROFILE_SPECIFIER "match AppStore org.amnezia.AmneziaVPN")
-    set_target_properties(${PROJECT} PROPERTIES XCODE_ATTRIBUTE_PROVISIONING_PROFILE_SPECIFIER[variant=Debug] "match Development org.amnezia.AmneziaVPN")
-
-    set_target_properties("networkextension" PROPERTIES XCODE_ATTRIBUTE_CODE_SIGN_STYLE Manual)
-    set_target_properties("networkextension" PROPERTIES XCODE_ATTRIBUTE_PROVISIONING_PROFILE_SPECIFIER "match AppStore org.amnezia.AmneziaVPN.network-extension")
-    set_target_properties("networkextension" PROPERTIES XCODE_ATTRIBUTE_PROVISIONING_PROFILE_SPECIFIER[variant=Debug] "match Development org.amnezia.AmneziaVPN.network-extension")
 endif()
 
 if(ANDROID)
     add_custom_command(
         TARGET ${PROJECT} POST_BUILD
         COMMAND ${CMAKE_COMMAND} -E copy
-            ${CMAKE_CURRENT_LIST_DIR}/android/AndroidManifest.xml 
-            ${CMAKE_CURRENT_LIST_DIR}/android/build.gradle 
-            ${CMAKE_CURRENT_LIST_DIR}/android/gradle/wrapper/gradle-wrapper.jar 
-            ${CMAKE_CURRENT_LIST_DIR}/android/gradle/wrapper/gradle-wrapper.properties 
-            ${CMAKE_CURRENT_LIST_DIR}/android/gradlew 
-            ${CMAKE_CURRENT_LIST_DIR}/android/gradlew.bat 
-            ${CMAKE_CURRENT_LIST_DIR}/android/gradle.properties 
-            ${CMAKE_CURRENT_LIST_DIR}/android/res/values/libs.xml 
+            ${CMAKE_CURRENT_LIST_DIR}/android/AndroidManifest.xml
+            ${CMAKE_CURRENT_LIST_DIR}/android/build.gradle
+            ${CMAKE_CURRENT_LIST_DIR}/android/gradle/wrapper/gradle-wrapper.jar
+            ${CMAKE_CURRENT_LIST_DIR}/android/gradle/wrapper/gradle-wrapper.properties
+            ${CMAKE_CURRENT_LIST_DIR}/android/gradlew
+            ${CMAKE_CURRENT_LIST_DIR}/android/gradlew.bat
+            ${CMAKE_CURRENT_LIST_DIR}/android/gradle.properties
+            ${CMAKE_CURRENT_LIST_DIR}/android/res/values/libs.xml
             ${CMAKE_CURRENT_LIST_DIR}/android/res/xml/fileprovider.xml
             ${CMAKE_CURRENT_LIST_DIR}/android/src/org/amnezia/vpn/AuthHelper.java
             ${CMAKE_CURRENT_LIST_DIR}/android/src/org/amnezia/vpn/IPCContract.kt
@@ -516,7 +497,7 @@ if(ANDROID)
     )
 
     set_property(TARGET ${PROJECT} PROPERTY
-        QT_ANDROID_PACKAGE_SOURCE_DIR 
+        QT_ANDROID_PACKAGE_SOURCE_DIR
         ${CMAKE_CURRENT_LIST_DIR}/android
     )
 
@@ -532,12 +513,6 @@ if(ANDROID)
             ${CMAKE_CURRENT_LIST_DIR}/android/lib/wireguard/${abi}/libwg.so
             ${CMAKE_CURRENT_LIST_DIR}/android/lib/wireguard/${abi}/libwg-go.so
             ${CMAKE_CURRENT_LIST_DIR}/android/lib/wireguard/${abi}/libwg-quick.so
-
-            ${CMAKE_CURRENT_LIST_DIR}/android/lib/openvpn/${abi}/libjbcrypto.so
-            ${CMAKE_CURRENT_LIST_DIR}/android/lib/openvpn/${abi}/libopenvpn.so
-            ${CMAKE_CURRENT_LIST_DIR}/android/lib/openvpn/${abi}/libopvpnutil.so
-            ${CMAKE_CURRENT_LIST_DIR}/android/lib/openvpn/${abi}/libovpn3.so
-            ${CMAKE_CURRENT_LIST_DIR}/android/lib/openvpn/${abi}/libovpnexec.so
         )
     endforeach()
 
@@ -583,5 +558,5 @@ if(WIN32)
     )
 endif()
 if(IOS)
- #include(cmake/ios-arch-fixup.cmake)
+    include(cmake/ios-arch-fixup.cmake)
 endif()

client/Info.plist

@@ -1,24 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
-<plist version="1.0">
-<dict>
-	<key>CFBundleExecutable</key>
-	<string>${EXECUTABLE_NAME}</string>
-	<key>CFBundleIconFile</key>
-	<string>${ASSETCATALOG_COMPILER_APPICON_NAME}</string>
-	<key>CFBundleIdentifier</key>
-	<string>${PRODUCT_BUNDLE_IDENTIFIER}</string>
-	<key>CFBundlePackageType</key>
-	<string>APPL</string>
-	<key>CFBundleSignature</key>
-	<string>${QMAKE_PKGINFO_TYPEINFO}</string>
-	<key>LSMinimumSystemVersion</key>
-	<string>${MACOSX_DEPLOYMENT_TARGET}</string>
-	<key>NOTE</key>
-	<string>This file was generated by Qt/QMake.</string>
-	<key>NSPrincipalClass</key>
-	<string>NSApplication</string>
-	<key>NSSupportsAutomaticGraphicsSwitching</key>
-	<true/>
-</dict>
-</plist>

client/WireGuard-Bridging-Header.h

@@ -1,29 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "wireguard-go-version.h"
-#include "3rd/wireguard-apple/Sources/WireGuardKitC/WireGuardKitC.h"
-
-#include <stdbool.h>
-#include <stdint.h>
-
-#define WG_KEY_LEN (32)
-#define WG_KEY_LEN_BASE64 (45)
-#define WG_KEY_LEN_HEX (65)
-
-void key_to_base64(char base64[WG_KEY_LEN_BASE64],
-                   const uint8_t key[WG_KEY_LEN]);
-bool key_from_base64(uint8_t key[WG_KEY_LEN], const char* base64);
-
-void key_to_hex(char hex[WG_KEY_LEN_HEX], const uint8_t key[WG_KEY_LEN]);
-bool key_from_hex(uint8_t key[WG_KEY_LEN], const char* hex);
-
-bool key_eq(const uint8_t key1[WG_KEY_LEN], const uint8_t key2[WG_KEY_LEN]);
-
-void write_msg_to_log(const char* tag, const char* msg);
-
-#import "TargetConditionals.h"
-#if TARGET_OS_OSX
-#  include <libproc.h>
-#endif

client/amnezia_application.cpp

@@ -8,7 +8,7 @@
 
 #include "core/servercontroller.h"
 #include "logger.h"
-#include "defines.h"
+#include "version.h"
 #include <QQuickStyle>
 
 #include "platforms/ios/QRCodeReaderBase.h"

client/android/build.gradle

@@ -11,6 +11,8 @@ buildscript {
        streamsupportVersion = '1.7.0'
        threetenabpVersion = '1.1.1'
        groupName = 'org.amnezia.vpn'
+       minSdkVer = '24'
+       cmakeMinVersion = "3.25.0+"
    }
 
     repositories {
@@ -36,9 +38,8 @@ apply plugin: 'kotlin-kapt'
 
 dependencies {
     implementation fileTree(dir: 'libs', include: ['*.jar', '*.aar'])
-
+    implementation group: 'org.json', name: 'json', version: '20220924'
     implementation 'androidx.core:core-ktx:1.7.0'
-
     implementation 'androidx.appcompat:appcompat:1.4.1'
 
     implementation "androidx.security:security-crypto:1.1.0-alpha03"
@@ -150,7 +151,10 @@ android {
            minifyEnabled false
            externalNativeBuild {
                cmake {
-                   arguments "-DANDROID_PACKAGE_NAME=${groupName}", "-DGRADLE_USER_HOME=${project.gradle.gradleUserHomeDir}"
+                   version cmakeMinVersion
+                   arguments "-DANDROID_PACKAGE_NAME=${groupName}",
+                                "-DGRADLE_USER_HOME=${project.gradle.gradleUserHomeDir}",
+                                "-DANDROID_PLATFORM=${minSdkVer}"
                }
            }
        }
@@ -160,7 +164,10 @@ android {
            minifyEnabled false
            externalNativeBuild {
                cmake {
-                   arguments "-DANDROID_PACKAGE_NAME=${groupName}", "-DGRADLE_USER_HOME=${project.gradle.gradleUserHomeDir}"
+                   version cmakeMinVersion
+                   arguments "-DANDROID_PACKAGE_NAME=${groupName}",
+                                "-DGRADLE_USER_HOME=${project.gradle.gradleUserHomeDir}",
+                                "-DANDROID_PLATFORM=${minSdkVer}"
                }
            }
        }
@@ -172,11 +179,12 @@ android {
 //       }
 //   }
 
-//   externalNativeBuild {
-//       cmake {
-//           path 'openvpn/src/main/cpp/CMakeLists.txt'
-//       }
-//   }
+    externalNativeBuild {
+        cmake {
+            version cmakeMinVersion
+            path "${projectDir}/cpp/CMakeLists.txt"
+        }
+    }
 }
 
 

client/android/cpp/CMakeLists.txt

@@ -0,0 +1,267 @@
+cmake_minimum_required(VERSION 3.4.1)
+project(AmneziaVPN)
+# Git version string
+
+include(GetGitRevisionDescription.cmake)
+git_describe(OPENVPN2_GIT "${CMAKE_CURRENT_SOURCE_DIR}/openvpn" "--tags" "--always" "--long")
+git_describe(OPENVPN3_GIT "${CMAKE_CURRENT_SOURCE_DIR}/openvpn3" "--tags" "--always" "--long")
+message("OpenVPN 2.x version ${OPENVPN2_GIT}")
+message("OpenVPN 3.x version ${OPENVPN3_GIT}")
+
+# Set mbedtls options
+OPTION(ENABLE_PROGRAMS "" OFF)
+OPTION(USE_SHARED_MBEDTLS_LIBRARY "" OFF)
+OPTION(ENABLE_TESTING "" OFF)
+
+# Own options
+OPTION(OPENVPN2MBED "Use mbed TLS for OpenVPN2" OFF)
+OPTION(OPENVPN3OSSL "Use OpenSSL for OpenVPN3" ON)
+SET(OPENVPN2MBED OFF)
+SET(OPENVPN3OSSL ON)
+
+# STATIC or SHARED
+SET(SSLLIBTYPE STATIC)
+SET(OPENSSL_PATH "openssl")
+
+set(CMAKE_CXX_STANDARD 17)
+
+
+#add_subdirectory(lzo)
+include(tools.cmake)
+include(lzo.cmake)
+include(lz4.cmake)
+include(openssl/openssl.cmake)
+include(cloak.cmake)
+
+if(NOT ${OPENVPN3OSSL} OR ${OPENVPN2MBED})
+    add_subdirectory(mbedtls)
+endif()
+
+    FIND_PACKAGE(SWIG 3.0 REQUIRED)
+
+    add_custom_command(OUTPUT "ovpncli_wrap.cxx"
+            COMMAND ${CMAKE_COMMAND} -E make_directory ovpn3
+            COMMAND ${SWIG_EXECUTABLE} -outdir ovpn3
+            -c++
+            -java -package net.openvpn.ovpn3
+            -outcurrentdir
+            -DOPENVPN_PLATFORM_ANDROID
+            -I${CMAKE_CURRENT_SOURCE_DIR}/openvpn3/client
+            -I${CMAKE_CURRENT_SOURCE_DIR}/openvpn3
+            ${CMAKE_CURRENT_SOURCE_DIR}/openvpn3/client/ovpncli.i)
+
+
+  link_directories(${CMAKE_CURRENT_SOURCE_DIR}/cloak/${ANDROID_ABI}/)
+
+
+  message("${CMAKE_CURRENT_SOURCE_DIR}/cloak/${ANDROID_ABI}/"})
+   
+    set(ovpn3_SRCS
+            openvpn3/client/ovpncli.cpp
+            openvpn3/openvpn/openssl/xkey/xkey_provider.c
+            openvpn3/openvpn/openssl/xkey/xkey_helper.c
+            ovpncli_wrap.cxx)
+
+    add_library(ovpn3 SHARED ${ovpn3_SRCS})
+
+    target_include_directories(ovpn3 PUBLIC
+            ${CMAKE_CURRENT_SOURCE_DIR}/lzo/include
+            ${CMAKE_CURRENT_SOURCE_DIR}/openvpn3
+            ${CMAKE_CURRENT_SOURCE_DIR}/asio/asio/include
+            ${CMAKE_CURRENT_SOURCE_DIR}/openvpn3/client
+            ${CMAKE_CURRENT_SOURCE_DIR}/mbedtls/include
+            )
+
+    if (${OPENVPN3OSSL})
+        target_compile_definitions(ovpn3 PRIVATE
+                -DUSE_OPENSSL
+                )
+        target_link_libraries(ovpn3 crypto ssl lzo lz4 libck-ovpn-plugin)
+    else ()
+        target_compile_definitions(ovpn3 PRIVATE
+                -DUSE_MBEDTLS
+                )
+        target_link_libraries(ovpn3 mbedtls mbedx509 mbedcrypto lzo lz4)
+    endif ()
+
+    target_compile_definitions(ovpn3 PRIVATE
+            -DHAVE_CONFIG_H
+            -DHAVE_LZO
+            -DHAVE_LZ4
+            -DASIO_STANDALONE
+            -DUSE_ASIO
+            -DGIT_VERSION_STRING=\"${OPENVPN3_GIT}\"
+            -DOPENVPN_SHOW_SESSION_TOKEN
+            -DOPENSSL_API_COMPAT=0x10200000L
+            -DOPENVPN_ALLOW_INSECURE_CERTPROFILE
+            -DENABLE_EXTERNAL_PKI
+            )
+#else ()
+#    message("Not budiling OpenVPN for output dir ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}")
+#endif ()
+
+add_library(ovpnutil SHARED ovpnutil/jniglue.c)
+target_compile_definitions(ovpnutil PRIVATE -DTARGET_ARCH_ABI=\"${ANDROID_ABI}\"
+        -DOPENVPN2_GIT_REVISION=\"${OPENVPN2_GIT}\"
+        -DOPENVPN3_GIT_REVISION=\"${OPENVPN3_GIT}\"
+        )
+target_link_libraries(ovpnutil log)
+
+add_library(rsapss SHARED ovpnutil/rsapss.cpp)
+target_link_libraries(rsapss log crypto ssl)
+
+if (NOT ${CMAKE_LIBRARY_OUTPUT_DIRECTORY} MATCHES "build/intermediates/cmake/.*skeleton.*/")
+    add_library(osslspeedtest SHARED ovpnutil/sslspeed.c)
+    target_link_libraries(osslspeedtest log crypto ssl)
+else ()
+    message("Not budiling SSLSpeedTest for output dir ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}")
+endif ()
+
+set(openvpn_srcs
+        src/compat/compat-basename.c
+        src/compat/compat-daemon.c
+        src/compat/compat-dirname.c
+        src/compat/compat-gettimeofday.c
+        src/openvpn/argv.c
+        src/openvpn/auth_token.c
+        src/openvpn/base64.c
+        src/openvpn/buffer.c
+        src/openvpn/clinat.c
+        src/openvpn/console.c
+        src/openvpn/console_builtin.c
+        src/openvpn/crypto.c
+        src/openvpn/crypto_openssl.c
+        src/openvpn/crypto_mbedtls.c
+        src/openvpn/cryptoapi.c
+        src/openvpn/dhcp.c
+        src/openvpn/dns.c
+        src/openvpn/dns.h
+        src/openvpn/error.c
+        src/openvpn/event.c
+        src/openvpn/env_set.c
+        src/openvpn/fdmisc.c
+        src/openvpn/forward.c
+        src/openvpn/fragment.c
+        src/openvpn/gremlin.c
+        src/openvpn/helper.c
+        src/openvpn/httpdigest.c
+        src/openvpn/init.c
+        src/openvpn/interval.c
+        src/openvpn/list.c
+        src/openvpn/lladdr.c
+        src/openvpn/lzo.c
+        src/openvpn/manage.c
+        src/openvpn/mbuf.c
+        src/openvpn/misc.c
+        src/openvpn/mroute.c
+        src/openvpn/mss.c
+        src/openvpn/mstats.c
+        src/openvpn/mtcp.c
+        src/openvpn/mtu.c
+        src/openvpn/mudp.c
+        src/openvpn/multi.c
+        src/openvpn/ntlm.c
+        src/openvpn/occ.c
+        src/openvpn/openvpn.c
+        src/openvpn/options.c
+        src/openvpn/options_util.c
+        src/openvpn/otime.c
+        src/openvpn/packet_id.c
+        src/openvpn/perf.c
+        src/openvpn/ping.c
+        src/openvpn/pkcs11.c
+        src/openvpn/pkcs11_openssl.c
+        src/openvpn/platform.c
+        src/openvpn/plugin.c
+        src/openvpn/pool.c
+        src/openvpn/proto.c
+        src/openvpn/proxy.c
+        src/openvpn/ps.c
+        src/openvpn/push.c
+        src/openvpn/reliable.c
+        src/openvpn/route.c
+        src/openvpn/run_command.c
+        src/openvpn/schedule.c
+        src/openvpn/session_id.c
+        src/openvpn/shaper.c
+        src/openvpn/sig.c
+        src/openvpn/socket.c
+        src/openvpn/socks.c
+        src/openvpn/ssl.c
+        src/openvpn/ssl_openssl.c
+        src/openvpn/ssl_mbedtls.c
+        src/openvpn/ssl_ncp.c
+        src/openvpn/ssl_pkt.c
+        src/openvpn/ssl_pkt.h
+        src/openvpn/ssl_util.c
+        src/openvpn/ssl_verify.c
+        src/openvpn/ssl_verify_openssl.c
+        src/openvpn/ssl_verify_mbedtls.c
+        src/openvpn/status.c
+        src/openvpn/tls_crypt.c
+        src/openvpn/tun.c
+        src/openvpn/vlan.c
+        src/openvpn/xkey_helper.c
+        src/openvpn/xkey_provider.c
+        src/openvpn/comp-lz4.c
+        src/openvpn/comp.c
+        src/openvpn/compstub.c
+        )
+
+PREPEND(openvpn_srcs_with_path "openvpn" ${openvpn_srcs})
+
+add_library(openvpn SHARED ${openvpn_srcs_with_path})
+
+target_include_directories(openvpn PRIVATE
+        openvpn-config
+        openvpn/src/compat
+        openvpn/include
+        mbedtls/include
+        lzo/include
+        openvpn
+        )
+target_compile_definitions(openvpn PRIVATE
+        -DHAVE_CONFIG_H
+        -DCONFIGURE_GIT_REVISION=\"${OPENVPN2_GIT}\"
+        -DCONFIGURE_GIT_FLAGS=\"\"
+        -DTARGET_ABI=\"${ANDROID_ABI}\"
+        -DOPENSSL_API_COMPAT=0x11000000L
+        )
+
+if (${OPENVPN2MBED})
+    target_compile_definitions(openvpn PRIVATE
+            -DENABLE_CRYPTO_MBEDTLS=1
+            )
+    target_link_libraries(openvpn mbedtls mbedx509 mbedcrypto lzo lz4)
+else ()
+    target_compile_definitions(openvpn PRIVATE
+            -DENABLE_CRYPTO_OPENSSL=1
+            )
+    target_link_libraries(openvpn crypto ssl lzo lz4)
+endif ()
+
+add_executable(libovpnexec.so minivpn/minivpn.c)
+target_compile_options(libovpnexec.so PRIVATE -fPIE)
+target_link_libraries(libovpnexec.so PRIVATE openvpn -fPIE -pie)
+
+add_executable(pie_openvpn.${ANDROID_ABI} minivpn/minivpn.c)
+target_compile_options(pie_openvpn.${ANDROID_ABI} PRIVATE -fPIE)
+target_link_libraries(pie_openvpn.${ANDROID_ABI} PRIVATE openvpn -fPIE -pie)
+
+# Hack to copy OpenVPN binaries to assets directory
+SET(OVPN_ASSET_DIR ${CMAKE_SOURCE_DIR}/../../../build/ovpnassets)
+
+add_custom_target(makeassetdir ALL
+        COMMAND ${CMAKE_COMMAND} -E make_directory ${OVPN_ASSET_DIR})
+
+add_custom_command(TARGET pie_openvpn.${ANDROID_ABI} POST_BUILD
+        COMMAND
+        ${CMAKE_COMMAND} -E copy
+        $<TARGET_FILE:pie_openvpn.${ANDROID_ABI}>
+        ${OVPN_ASSET_DIR}
+        )
+
+# Hack that these targets are really executed
+add_dependencies(ovpnutil pie_openvpn.${ANDROID_ABI})
+add_dependencies(pie_openvpn.${ANDROID_ABI} makeassetdir)
+

client/android/cpp/GetGitRevisionDescription.cmake

@@ -0,0 +1,169 @@
+# From https://raw.githubusercontent.com/rpavlik/cmake-modules/master/GetGitRevisionDescription.cmake.in
+# - Returns a version string from Git
+#
+# These functions force a re-configure on each git commit so that you can
+# trust the values of the variables in your build system.
+#
+#  get_git_head_revision(<refspecvar> <hashvar> [<additional arguments to git describe> ...])
+#
+# Returns the refspec and sha hash of the current head revision
+#
+#  git_describe(<var> [<additional arguments to git describe> ...])
+#
+# Returns the results of git describe on the source tree, and adjusting
+# the output so that it tests false if an error occurs.
+#
+#  git_get_exact_tag(<var> [<additional arguments to git describe> ...])
+#
+# Returns the results of git describe --exact-match on the source tree,
+# and adjusting the output so that it tests false if there was no exact
+# matching tag.
+#
+#  git_local_changes(<var>)
+#
+# Returns either "CLEAN" or "DIRTY" with respect to uncommitted changes.
+# Uses the return code of "git diff-index --quiet HEAD --".
+# Does not regard untracked files.
+#
+# Requires CMake 2.6 or newer (uses the 'function' command)
+#
+# Original Author:
+# 2009-2010 Ryan Pavlik <rpavlik@iastate.edu> <abiryan@ryand.net>
+# http://academic.cleardefinition.com
+# Iowa State University HCI Graduate Program/VRAC
+#
+# Copyright Iowa State University 2009-2010.
+# Distributed under the Boost Software License, Version 1.0.
+# (See accompanying file LICENSE_1_0.txt or copy at
+# http://www.boost.org/LICENSE_1_0.txt)
+
+if(__get_git_revision_description)
+	return()
+endif()
+set(__get_git_revision_description YES)
+
+# We must run the following at "include" time, not at function call time,
+# to find the path to this module rather than the path to a calling list file
+get_filename_component(_gitdescmoddir ${CMAKE_CURRENT_LIST_FILE} PATH)
+
+function(get_git_head_revision _refspecvar _hashvar path)
+	set(GIT_PARENT_DIR "${path}")
+	set(GIT_DIR "${GIT_PARENT_DIR}/.git")
+	while(NOT EXISTS "${GIT_DIR}")	# .git dir not found, search parent directories
+		set(GIT_PREVIOUS_PARENT "${GIT_PARENT_DIR}")
+		get_filename_component(GIT_PARENT_DIR ${GIT_PARENT_DIR} PATH)
+		if(GIT_PARENT_DIR STREQUAL GIT_PREVIOUS_PARENT)
+			# We have reached the root directory, we are not in git
+			set(${_refspecvar} "GITDIR-NOTFOUND" PARENT_SCOPE)
+			set(${_hashvar} "GITDIR-NOTFOUND" PARENT_SCOPE)
+			return()
+		endif()
+		set(GIT_DIR "${GIT_PARENT_DIR}/.git")
+	endwhile()
+	# check if this is a submodule
+	if(NOT IS_DIRECTORY ${GIT_DIR})
+		file(READ ${GIT_DIR} submodule)
+		string(REGEX REPLACE "gitdir: (.*)\n$" "\\1" GIT_DIR_RELATIVE ${submodule})
+		get_filename_component(SUBMODULE_DIR ${GIT_DIR} PATH)
+		get_filename_component(GIT_DIR ${SUBMODULE_DIR}/${GIT_DIR_RELATIVE} ABSOLUTE)
+	endif()
+	set(GIT_DATA "${CMAKE_CURRENT_BINARY_DIR}/CMakeFiles/git-data")
+	if(NOT EXISTS "${GIT_DATA}")
+		file(MAKE_DIRECTORY "${GIT_DATA}")
+	endif()
+
+	if(NOT EXISTS "${GIT_DIR}/HEAD")
+		return()
+	endif()
+	set(HEAD_FILE "${GIT_DATA}/HEAD")
+	configure_file("${GIT_DIR}/HEAD" "${HEAD_FILE}" COPYONLY)
+
+	configure_file("${_gitdescmoddir}/GetGitRevisionDescription.cmake.in"
+		"${GIT_DATA}/grabRef.cmake"
+		@ONLY)
+	include("${GIT_DATA}/grabRef.cmake")
+
+	set(${_refspecvar} "${HEAD_REF}" PARENT_SCOPE)
+	set(${_hashvar} "${HEAD_HASH}" PARENT_SCOPE)
+endfunction()
+
+function(git_describe _var path)
+	if(NOT GIT_FOUND)
+		find_package(Git QUIET)
+	endif()
+	get_git_head_revision(refspec hash ${path})
+	if(NOT GIT_FOUND)
+		set(${_var} "GIT-NOTFOUND" PARENT_SCOPE)
+		return()
+	endif()
+	if(NOT hash)
+		set(${_var} "HEAD-HASH-NOTFOUND" PARENT_SCOPE)
+		return()
+	endif()
+
+	# TODO sanitize
+	#if((${ARGN}" MATCHES "&&") OR
+	#	(ARGN MATCHES "||") OR
+	#	(ARGN MATCHES "\\;"))
+	#	message("Please report the following error to the project!")
+	#	message(FATAL_ERROR "Looks like someone's doing something nefarious with git_describe! Passed arguments ${ARGN}")
+	#endif()
+
+	#message(STATUS "Arguments to execute_process: ${ARGN}")
+
+	execute_process(COMMAND
+		"${GIT_EXECUTABLE}"
+		describe
+		${hash}
+		${ARGN}
+		WORKING_DIRECTORY
+		${path}
+		RESULT_VARIABLE
+		res
+		OUTPUT_VARIABLE
+		out
+		ERROR_QUIET
+		OUTPUT_STRIP_TRAILING_WHITESPACE)
+	if(NOT res EQUAL 0)
+		set(out "${out}-${res}-NOTFOUND")
+	endif()
+
+	set(${_var} "${out}" PARENT_SCOPE)
+endfunction()
+
+function(git_get_exact_tag _var path)
+	git_describe(out ${path} --exact-match ${ARGN})
+	set(${_var} "${out}" PARENT_SCOPE)
+endfunction()
+
+function(git_local_changes _var path)
+	if(NOT GIT_FOUND)
+		find_package(Git QUIET)
+	endif()
+	get_git_head_revision(refspec hash path)
+	if(NOT GIT_FOUND)
+		set(${_var} "GIT-NOTFOUND" PARENT_SCOPE)
+		return()
+	endif()
+	if(NOT hash)
+		set(${_var} "HEAD-HASH-NOTFOUND" PARENT_SCOPE)
+		return()
+	endif()
+
+	execute_process(COMMAND
+		"${GIT_EXECUTABLE}"
+		diff-index --quiet HEAD --
+		WORKING_DIRECTORY
+		${path}
+		RESULT_VARIABLE
+		res
+		OUTPUT_VARIABLE
+		out
+		ERROR_QUIET
+		OUTPUT_STRIP_TRAILING_WHITESPACE)
+	if(res EQUAL 0)
+		set(${_var} "CLEAN" PARENT_SCOPE)
+	else()
+		set(${_var} "DIRTY" PARENT_SCOPE)
+	endif()
+endfunction()

client/android/cpp/GetGitRevisionDescription.cmake.in

@@ -0,0 +1,42 @@
+# From https://raw.githubusercontent.com/rpavlik/cmake-modules/master/GetGitRevisionDescription.cmake.in
+#
+# Internal file for GetGitRevisionDescription.cmake
+#
+# Requires CMake 2.6 or newer (uses the 'function' command)
+#
+# Original Author:
+# 2009-2010 Ryan Pavlik <rpavlik@iastate.edu> <abiryan@ryand.net>
+# http://academic.cleardefinition.com
+# Iowa State University HCI Graduate Program/VRAC
+#
+# Copyright Iowa State University 2009-2010.
+# Distributed under the Boost Software License, Version 1.0.
+# (See accompanying file LICENSE_1_0.txt or copy at
+# http://www.boost.org/LICENSE_1_0.txt)
+
+set(HEAD_HASH)
+
+file(READ "@HEAD_FILE@" HEAD_CONTENTS LIMIT 1024)
+
+string(STRIP "${HEAD_CONTENTS}" HEAD_CONTENTS)
+if(HEAD_CONTENTS MATCHES "ref")
+	# named branch
+	string(REPLACE "ref: " "" HEAD_REF "${HEAD_CONTENTS}")
+	if(EXISTS "@GIT_DIR@/${HEAD_REF}")
+		configure_file("@GIT_DIR@/${HEAD_REF}" "@GIT_DATA@/head-ref" COPYONLY)
+	else()
+		configure_file("@GIT_DIR@/packed-refs" "@GIT_DATA@/packed-refs" COPYONLY)
+		file(READ "@GIT_DATA@/packed-refs" PACKED_REFS)
+		if(${PACKED_REFS} MATCHES "([0-9a-z]*) ${HEAD_REF}")
+			set(HEAD_HASH "${CMAKE_MATCH_1}")
+		endif()
+	endif()
+else()
+	# detached HEAD
+	configure_file("@GIT_DIR@/HEAD" "@GIT_DATA@/head-ref" COPYONLY)
+endif()
+
+if(NOT HEAD_HASH)
+	file(READ "@GIT_DATA@/head-ref" HEAD_HASH LIMIT 1024)
+	string(STRIP "${HEAD_HASH}" HEAD_HASH)
+endif()

client/android/cpp/cloak.cmake

@@ -0,0 +1,50 @@
+cmake_minimum_required(VERSION 3.25.0 FATAL_ERROR)
+
+set(TARGET ck_ovpn_plugin_go)
+
+set(CLOAK_SRCS cloak/cmd/ck-ovpn-plugin/ck-ovpn-plugin.go)
+set(CLOAK_LIB libck-ovpn-plugin.so)
+
+list(APPEND CMAKE_PROGRAM_PATH "/usr/local/go/bin")
+find_program(GO_EXEC go)
+
+set(BUILD_CMD_ARGS build)
+list(APPEND BUILD_CMD_ARGS -buildmode=c-shared -o ${CMAKE_CURRENT_BINARY_DIR}/${CLOAK_LIB} ${CMAKE_GO_FLAGS} ./...)
+
+set(PREPARE_ENV_ARGS env)
+list(APPEND PREPARE_ENV_ARGS -w CGO_ENABLED=1 GOOS=android)
+
+
+string(REGEX MATCH "[0-9]+$" ANDROID_API_LEVEL ${ANDROID_PLATFORM})
+message(WARNING "build cloak plugin abi=${ANDROID_ABI}, ANDROID_API_LEVEL=${ANDROID_API_LEVEL}")
+
+if ("${ANDROID_ABI}" STREQUAL "x86")
+	list(APPEND PREPARE_ENV_ARGS GOARCH=386)
+    list(APPEND PREPARE_ENV_ARGS CC=${ANDROID_TOOLCHAIN_ROOT}/bin/i686-linux-android${ANDROID_API_LEVEL}-clang)
+elseif ("${ANDROID_ABI}" STREQUAL "x86_64")
+	list(APPEND PREPARE_ENV_ARGS GOARCH=amd64)
+    list(APPEND PREPARE_ENV_ARGS CC=${ANDROID_TOOLCHAIN_ROOT}/bin/x86_64-linux-android${ANDROID_API_LEVEL}-clang)
+elseif ("${ANDROID_ABI}" STREQUAL "arm64-v8a")
+	list(APPEND PREPARE_ENV_ARGS GOARCH=arm64)
+    list(APPEND PREPARE_ENV_ARGS CC=${ANDROID_TOOLCHAIN_ROOT}/bin/aarch64-linux-android${ANDROID_API_LEVEL}-clang)
+elseif ("${ANDROID_ABI}" STREQUAL "armeabi-v7a")
+	list(APPEND PREPARE_ENV_ARGS GOARCH=arm)
+	list(APPEND PREPARE_ENV_ARGS GOARM=7)
+    list(APPEND PREPARE_ENV_ARGS CC=${ANDROID_TOOLCHAIN_ROOT}/bin/armv7a-linux-androideabi${ANDROID_API_LEVEL}-clang)
+endif ()
+
+add_custom_command(
+		OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/${CLOAK_LIB}
+		DEPENDS ${CLOAK_SRCS}
+		WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/cloak/cmd/ck-ovpn-plugin
+		COMMAND ${GO_EXEC} ${PREPARE_ENV_ARGS}
+		COMMAND ${GO_EXEC} ${BUILD_CMD_ARGS}
+		COMMENT "Building Go library")
+
+add_custom_target(${TARGET} DEPENDS ${CLOAK_LIB} ${HEADER})
+add_library(libck-ovpn-plugin STATIC IMPORTED GLOBAL)
+add_dependencies(libck-ovpn-plugin ${TARGET})
+set_target_properties(libck-ovpn-plugin
+		PROPERTIES
+		IMPORTED_LOCATION ${CMAKE_CURRENT_BINARY_DIR}/${CLOAK_LIB}
+		INTERFACE_INCLUDE_DIRECTORIES ${CMAKE_CURRENT_BINARY_DIR})

client/android/cpp/lz4.cmake

@@ -0,0 +1,7 @@
+set(lz4_srcs
+  lz4.c
+  )
+
+PREPEND(lz4_src_with_path "lz4/lib/" ${lz4_srcs})
+add_library(lz4 ${lz4_src_with_path})
+target_include_directories(lz4 PUBLIC "${CMAKE_CURRENT_SOURCE_DIR}/lz4/lib")

client/android/cpp/lzo.cmake

@@ -0,0 +1,78 @@
+# Lzo's own cmake is rather throublesome
+
+set(lzo_srcs
+  lzo1.c
+  lzo1_99.c
+  lzo1a.c
+  lzo1a_99.c
+  lzo1b_1.c
+  lzo1b_2.c
+  lzo1b_3.c
+  lzo1b_4.c
+  lzo1b_5.c
+  lzo1b_6.c
+  lzo1b_7.c
+  lzo1b_8.c
+  lzo1b_9.c
+  lzo1b_99.c
+  lzo1b_9x.c
+  lzo1b_cc.c
+  lzo1b_d1.c
+  lzo1b_d2.c
+  lzo1b_rr.c
+  lzo1b_xx.c
+  lzo1c_1.c
+  lzo1c_2.c
+  lzo1c_3.c
+  lzo1c_4.c
+  lzo1c_5.c
+  lzo1c_6.c
+  lzo1c_7.c
+  lzo1c_8.c
+  lzo1c_9.c
+  lzo1c_99.c
+  lzo1c_9x.c
+  lzo1c_cc.c
+  lzo1c_d1.c
+  lzo1c_d2.c
+  lzo1c_rr.c
+  lzo1c_xx.c
+  lzo1f_1.c
+  lzo1f_9x.c
+  lzo1f_d1.c
+  lzo1f_d2.c
+  lzo1x_1.c
+  lzo1x_1k.c
+  lzo1x_1l.c
+  lzo1x_1o.c
+  lzo1x_9x.c
+  lzo1x_d1.c
+  lzo1x_d2.c
+  lzo1x_d3.c
+  lzo1x_o.c
+  lzo1y_1.c
+  lzo1y_9x.c
+  lzo1y_d1.c
+  lzo1y_d2.c
+  lzo1y_d3.c
+  lzo1y_o.c
+  lzo1z_9x.c
+  lzo1z_d1.c
+  lzo1z_d2.c
+  lzo1z_d3.c
+  lzo2a_9x.c
+  lzo2a_d1.c
+  lzo2a_d2.c
+  lzo_crc.c
+  lzo_init.c
+  lzo_ptr.c
+  lzo_str.c
+  lzo_util.c
+  )
+
+PREPEND(lzo_src_with_path "lzo/src" ${lzo_srcs})
+add_library(lzo ${lzo_src_with_path})
+target_include_directories(lzo PUBLIC "${CMAKE_CURRENT_SOURCE_DIR}/lzo/include")
+if (${ANDROID_ABI} STREQUAL "armeabi-v7a")
+    target_compile_options(lzo PRIVATE -O0)
+endif()

client/android/cpp/openvpn-config/config.h

@@ -0,0 +1,684 @@
+
+/* config.h.  Generated from config.h.in by configure.  */
+/* config.h.in.  Generated from configure.ac by autoheader.  */
+
+
+/* DISABLE PERSISTEN TUN */
+#undef TUNSETPERSIST
+
+/* Enable deferred authentication */
+#define CONFIGURE_DEF_AUTH 1
+
+/* Enable internal packet filter */
+#undef CONFIGURE_PF //1
+
+/* enable iproute2 support */
+#undef CONFIG_FEATURE_IPROUTE
+
+/* Use memory debugging function in OpenSSL */
+/* #undef CRYPTO_MDEBUG */
+#define HAVE_BASENAME
+/* Use dmalloc memory debugging library */
+/* #undef DMALLOC */
+
+/* Dimension to use for empty array declaration */
+#define EMPTY_ARRAY_SIZE 0
+
+/* Enable client capability only */
+#define ENABLE_CLIENT_ONLY 1
+
+/* Enable debugging support */
+#define ENABLE_DEBUG 1
+
+/* Enable internal fragmentation support */
+#define ENABLE_FRAGMENT 1
+
+/* Enable HTTP proxy support */
+#define ENABLE_HTTP_PROXY 1
+
+/* Enable management server capability */
+#define ENABLE_MANAGEMENT 1
+
+/* Enable multi-homed UDP server capability */
+#define ENABLE_MULTIHOME 0
+
+/* Allow --askpass and --auth-user-pass passwords to be read from a file */
+#define ENABLE_PASSWORD_SAVE 1
+
+/* Enable TCP Server port sharing */
+#define ENABLE_PORT_SHARE 1
+
+/* Enable smaller executable size */
+/* #undef ENABLE_SMALL */
+
+/* Enable Socks proxy support */
+#define ENABLE_SOCKS 1
+
+/* Define to 1 if you have the `accept' function. */
+#define HAVE_ACCEPT 1
+
+/* Define to 1 if you have the <arpa/inet.h> header file. */
+#define HAVE_ARPA_INET_H 1
+
+/* Define to 1 if you have the `bind' function. */
+#define HAVE_BIND 1
+
+/* Define to 1 if you have the `chdir' function. */
+#define HAVE_CHDIR 1
+
+/* Define to 1 if you have the `chroot' function. */
+#define HAVE_CHROOT 1
+
+/* Define to 1 if you have the `chsize' function. */
+/* #undef HAVE_CHSIZE */
+
+/* struct cmsghdr needed for extended socket error support */
+#define HAVE_CMSGHDR 1
+
+/* Define to 1 if you have the `connect' function. */
+#define HAVE_CONNECT 1
+
+/* Define to 1 if your compiler supports GNU GCC-style variadic macros */
+#define HAVE_CPP_VARARG_MACRO_GCC 1
+
+/* Define to 1 if your compiler supports ISO C99 variadic macros */
+#define HAVE_CPP_VARARG_MACRO_ISO 1
+
+/* Define to 1 if you have the `ctime' function. */
+#define HAVE_CTIME 1
+
+/* Define to 1 if you have the <ctype.h> header file. */
+#define HAVE_CTYPE_H 1
+
+/* Define to 1 if you have the `daemon' function. */
+#define HAVE_DAEMON 1
+
+/* Define to 1 if you have the `dup' function. */
+#define HAVE_DUP 1
+
+/* Define to 1 if you have the `dup2' function. */
+#define HAVE_DUP2 1
+
+/* Define to 1 if you have the `ENGINE_cleanup' function. */
+#define HAVE_ENGINE_CLEANUP 0
+
+/* Define to 1 if you have the `ENGINE_load_builtin_engines' function. */
+#define HAVE_ENGINE_LOAD_BUILTIN_ENGINES 0
+
+/* Define to 1 if you have the `ENGINE_register_all_complete' function. */
+#define HAVE_ENGINE_REGISTER_ALL_COMPLETE 0
+
+/* epoll_create function is defined */
+#define HAVE_EPOLL_CREATE 1
+
+/* Define to 1 if you have the <errno.h> header file. */
+#define HAVE_ERRNO_H 1
+
+/* Define to 1 if you have the <err.h> header file. */
+#define HAVE_ERR_H 1
+
+/* Define to 1 if you have the `EVP_CIPHER_CTX_set_key_length' function. */
+#define HAVE_EVP_CIPHER_CTX_SET_KEY_LENGTH 1
+
+/* Define to 1 if you have the `execve' function. */
+#define HAVE_EXECVE 1
+
+/* Define to 1 if you have the <fcntl.h> header file. */
+#define HAVE_FCNTL_H 1
+
+/* Define to 1 if you have the `flock' function. */
+#define HAVE_FLOCK 1
+
+/* Define to 1 if you have the `fork' function. */
+#define HAVE_FORK 1
+
+/* Define to 1 if you have the `ftruncate' function. */
+#define HAVE_FTRUNCATE 1
+
+/* Define to 1 if you have the `getgrnam' function. */
+#define HAVE_GETGRNAM 1
+
+/* Define to 1 if you have the `gethostbyname' function. */
+#define HAVE_GETHOSTBYNAME 1
+
+/* Define to 1 if you have the `getpass' function. */
+/* #define HAVE_GETPASS 1 */
+
+/* Define to 1 if you have the `getpeereid' function. */
+/* #undef HAVE_GETPEEREID */
+
+/* Define to 1 if you have the `getpeername' function. */
+#define HAVE_GETPEERNAME 1
+
+/* Define to 1 if you have the `getpid' function. */
+#define HAVE_GETPID 1
+
+/* Define to 1 if you have the `getpwnam' function. */
+#define HAVE_GETPWNAM 1
+
+/* Define to 1 if you have the `getsockname' function. */
+#define HAVE_GETSOCKNAME 1
+
+/* Define to 1 if you have the `getsockopt' function. */
+#define HAVE_GETSOCKOPT 1
+
+/* Define to 1 if you have the `gettimeofday' function. */
+#define HAVE_GETTIMEOFDAY 1
+
+/* Define to 1 if you have the <grp.h> header file. */
+#define HAVE_GRP_H 1
+
+/* Define to 1 if you have the `inet_ntoa' function. */
+#define HAVE_INET_NTOA 1
+
+/* Define to 1 if you have the <inttypes.h> header file. */
+#define HAVE_INTTYPES_H 1
+
+/* struct in_pktinfo needed for IP_PKTINFO support */
+#define HAVE_IN_PKTINFO 1
+
+#define HAVE_IPI_SPEC_DST 1
+
+/* struct iovec needed for IPv6 support */
+#define HAVE_IOVEC 1
+
+/* struct iphdr needed for IPv6 support */
+#define HAVE_IPHDR 1
+
+/* Define to 1 if you have the <linux/errqueue.h> header file. */
+#define HAVE_LINUX_ERRQUEUE_H 1
+
+/* Define to 1 if you have the <linux/if_tun.h> header file. */
+#define HAVE_LINUX_IF_TUN_H 1
+
+/* Define to 1 if you have the <linux/sockios.h> header file. */
+#define HAVE_LINUX_SOCKIOS_H 1
+
+/* Define to 1 if you have the <linux/types.h> header file. */
+#define HAVE_LINUX_TYPES_H 1
+
+/* Define to 1 if you have the `listen' function. */
+#define HAVE_LISTEN 1
+
+/* Define to 1 if you have the <memory.h> header file. */
+#define HAVE_MEMORY_H 1
+
+/* Define to 1 if you have the `memset' function. */
+#define HAVE_MEMSET 1
+
+/* Define to 1 if you have the `mlockall' function. */
+/* #define HAVE_MLOCKALL 1*/
+
+/* struct msghdr needed for extended socket error support */
+#define HAVE_MSGHDR 1
+
+/* Define to 1 if you have the <netdb.h> header file. */
+#define HAVE_NETDB_H 1
+
+/* Define to 1 if you have the <netinet/if_ether.h> header file. */
+#define HAVE_NETINET_IF_ETHER_H 1
+
+/* Define to 1 if you have the <netinet/in.h> header file. */
+#define HAVE_NETINET_IN_H 1
+
+/* Define to 1 if you have the <netinet/in_systm.h> header file. */
+#define HAVE_NETINET_IN_SYSTM_H 1
+
+/* Define to 1 if you have the <netinet/ip.h> header file. */
+#define HAVE_NETINET_IP_H 1
+
+/* Define to 1 if you have the <netinet/tcp.h> header file. */
+#define HAVE_NETINET_TCP_H 1
+
+/* Define to 1 if you have the <net/if.h> header file. */
+#define HAVE_NET_IF_H 1
+
+/* Define to 1 if you have the <net/if_tun.h> header file. */
+/* #undef HAVE_NET_IF_TUN_H */
+
+/* Define to 1 if you have the <net/tun/if_tun.h> header file. */
+/* #undef HAVE_NET_TUN_IF_TUN_H */
+
+/* Define to 1 if you have the `nice' function. */
+#define HAVE_NICE 1
+
+/* Define to 1 if you have the `openlog' function. */
+#define HAVE_OPENLOG 1
+
+/* Define to 1 if you have the <openssl/engine.h> header file. */
+#define HAVE_OPENSSL_ENGINE_H 0
+
+/* Define to 1 if you have the `poll' function. */
+#define HAVE_POLL 1
+
+/* Define if you have POSIX threads libraries and header files. */
+/* #undef HAVE_PTHREAD */
+
+/* Define to 1 if you have the `putenv' function. */
+#define HAVE_PUTENV 1
+
+/* Define to 1 if you have the <pwd.h> header file. */
+#define HAVE_PWD_H 1
+
+/* Define to 1 if you have the `readv' function. */
+#define HAVE_READV 1
+
+/* Define to 1 if you have the `recv' function. */
+#define HAVE_RECV 1
+
+/* Define to 1 if you have the `recvfrom' function. */
+#define HAVE_RECVFROM 1
+
+/* Define to 1 if you have the `recvmsg' function. */
+#define HAVE_RECVMSG 1
+
+/* Define to 1 if you have the <resolv.h> header file. */
+#define HAVE_RESOLV_H 1
+
+/* Indicates if res_init is available */
+#define HAVE_RES_INIT 1
+
+/* Define to 1 if you have the `select' function. */
+#define HAVE_SELECT 1
+
+/* Define to 1 if you have the `send' function. */
+#define HAVE_SEND 1
+
+/* Define to 1 if you have the `sendmsg' function. */
+#define HAVE_SENDMSG 1
+
+/* Define to 1 if you have the `sendto' function. */
+#define HAVE_SENDTO 1
+
+/* SELinux support */
+/* #undef HAVE_SETCON */
+
+/* Define to 1 if you have the `setgid' function. */
+#define HAVE_SETGID 1
+
+/* Define to 1 if you have the `setgroups' function. */
+#define HAVE_SETGROUPS 1
+
+/* Define to 1 if you have the `setsid' function. */
+#define HAVE_SETSID 1
+
+/* Define to 1 if you have the `setsockopt' function. */
+#define HAVE_SETSOCKOPT 1
+
+/* Define to 1 if you have the `setuid' function. */
+#define HAVE_SETUID 1
+
+/* Define to 1 if you have the <signal.h> header file. */
+#define HAVE_SIGNAL_H 1
+
+/* Define to 1 if you have the `socket' function. */
+#define HAVE_SOCKET 1
+
+/* struct sock_extended_err needed for extended socket error support */
+#define HAVE_SOCK_EXTENDED_ERR 1
+
+/* Define to 1 if you have the `stat' function. */
+#define HAVE_STAT 1
+
+/* Define to 1 if you have the <stdarg.h> header file. */
+#define HAVE_STDARG_H 1
+
+/* Define to 1 if you have the <stdint.h> header file. */
+#define HAVE_STDINT_H 1
+
+/* Define to 1 if you have the <stdio.h> header file. */
+#define HAVE_STDIO_H 1
+
+/* Define to 1 if you have the <stdlib.h> header file. */
+#define HAVE_STDLIB_H 1
+
+/* Define to 1 if you have the `strdup' function. */
+#define HAVE_STRDUP 1
+
+/* Define to 1 if you have the `strerror' function. */
+#define HAVE_STRERROR 1
+
+/* Define to 1 if you have the <strings.h> header file. */
+#define HAVE_STRINGS_H 1
+
+/* Define to 1 if you have the <string.h> header file. */
+#define HAVE_STRING_H 1
+
+/* Define to 1 if you have the <stropts.h> header file. */
+#define HAVE_STROPTS_H 1
+
+/* Define to 1 if you have the `syslog' function. */
+ #define HAVE_SYSLOG 1
+
+/* Define to 1 if you have the <syslog.h> header file. */
+#define HAVE_SYSLOG_H 1
+
+/* Define to 1 if you have the `system' function. */
+#define HAVE_SYSTEM 1
+
+/* Define to 1 if you have the <sys/epoll.h> header file. */
+#define HAVE_SYS_EPOLL_H 1
+
+/* Define to 1 if you have the <sys/file.h> header file. */
+#define HAVE_SYS_FILE_H 1
+
+/* Define to 1 if you have the <sys/ioctl.h> header file. */
+#define HAVE_SYS_IOCTL_H 1
+
+/* Define to 1 if you have the <sys/mman.h> header file. */
+#define HAVE_SYS_MMAN_H 1
+
+/* Define to 1 if you have the <poll.h> header file. */
+#define HAVE_POLL_H 1
+
+/* Define to 1 if you have the <sys/socket.h> header file. */
+#define HAVE_SYS_SOCKET_H 1
+
+/* Define to 1 if you have the <sys/sockio.h> header file. */
+/* #undef HAVE_SYS_SOCKIO_H */
+
+/* Define to 1 if you have the <sys/stat.h> header file. */
+#define HAVE_SYS_STAT_H 1
+
+/* Define to 1 if you have the <sys/time.h> header file. */
+#define HAVE_SYS_TIME_H 1
+
+/* Define to 1 if you have the <sys/types.h> header file. */
+#define HAVE_SYS_TYPES_H 1
+
+/* Define to 1 if you have the <sys/uio.h> header file. */
+#define HAVE_SYS_UIO_H 1
+
+/* Define to 1 if you have the <sys/un.h> header file. */
+#define HAVE_SYS_UN_H 1
+
+/* Define to 1 if you have <sys/wait.h> that is POSIX.1 compatible. */
+#define HAVE_SYS_WAIT_H 1
+
+/* Define to 1 if you have the `time' function. */
+#define HAVE_TIME 1
+
+/* struct tun_pi needed for IPv6 support */
+#define HAVE_TUN_PI 1
+
+/* Define to 1 if you have the `umask' function. */
+#define HAVE_UMASK 1
+
+/* Define to 1 if you have the <unistd.h> header file. */
+#define HAVE_UNISTD_H 1
+
+/* Define to 1 if you have the `unlink' function. */
+#define HAVE_UNLINK 1
+
+/* Define to 1 if you have the `vfork' function. */
+#define HAVE_VFORK 1
+
+/* Define to 1 if you have the <vfork.h> header file. */
+/* #undef HAVE_VFORK_H */
+
+/* Define to 1 if you have the `vsnprintf' function. */
+#define HAVE_VSNPRINTF 1
+
+/* Define to 1 if `fork' works. */
+#define HAVE_WORKING_FORK 1
+
+/* Define to 1 if `vfork' works. */
+#define HAVE_WORKING_VFORK 1
+
+/* Define to 1 if you have the `writev' function. */
+#define HAVE_WRITEV 1
+
+/* Path to ifconfig tool */
+#define IFCONFIG_PATH "/system/xbin/ifconfig"
+
+/* Path to iproute tool */
+#define IPROUTE_PATH "ip"
+
+/* Use lzo/ directory prefix for LZO header files (for LZO 2.0) */
+#define LZO_HEADER_DIR 1
+
+/* LZO version number */
+#define LZO_VERSION_NUM "2"
+
+/* Name of package */
+#define PACKAGE "openvpn"
+
+/* Define to the address where bug reports for this package should be sent. */
+#define PACKAGE_BUGREPORT "openvpn-users@lists.sourceforge.net"
+
+/* Define to the full name of this package. */
+#define PACKAGE_NAME "OpenVPN"
+
+/* Define to the full name and version of this package. */
+#define PACKAGE_STRING "OpenVPN 2.6-icsopenvpn"
+
+/* Define to the one symbol short name of this package. */
+#define PACKAGE_TARNAME "openvpn"
+
+/* Define to the version of this package. */
+#define PACKAGE_VERSION "2.6_master"
+
+/* Define to the necessary symbol if this constant uses a non-standard name on
+   your system. */
+/* #undef PTHREAD_CREATE_JOINABLE */
+
+/* Define as the return type of signal handlers (`int' or `void'). */
+#define RETSIGTYPE void
+
+/* Path to route tool */
+#define ROUTE_PATH "/system/xbin/route"
+
+/* The size of `unsigned int', as computed by sizeof. */
+#define SIZEOF_UNSIGNED_INT 4
+
+/* The size of `unsigned long', as computed by sizeof. */
+#define SIZEOF_UNSIGNED_LONG 4
+
+/* Define to 1 if you have the ANSI C header files. */
+#define STDC_HEADERS 1
+
+/* Enable strict options check between peers */
+/* #undef STRICT_OPTIONS_CHECK */
+
+/* The TAP-Win32 id defined in tap-win32/SOURCES */
+#define TAP_ID "tap0901"
+
+/* The TAP-Win32 version number is defined in tap-win32/SOURCES */
+#define TAP_WIN32_MIN_MAJOR 9
+
+/* The TAP-Win32 version number is defined in tap-win32/SOURCES */
+#define TAP_WIN32_MIN_MINOR 1
+
+/* A string representing our target */
+#define TARGET_ALIAS TARGET_ABI
+
+/* Are we running on Mac OS X? */
+/* #undef TARGET_DARWIN */
+
+/* Are we running on DragonFlyBSD? */
+/* #undef TARGET_DRAGONFLY */
+
+/* Are we running on FreeBSD? */
+/* #undef TARGET_FREEBSD */
+
+/* Are we running on Android Linux? */
+/* TARGET_LINUX is not enable since the TARGET_XXX options mainly
+   control different tun/tap, ifconfig behaviour and Android VpnProvider
+   is very different from Linux */
+#define TARGET_ANDROID
+
+/* Are we running on Linux? */
+/* #define TARGET_LINUX 1 */
+
+/* Are we running NetBSD? */
+/* #undef TARGET_NETBSD */
+
+/* Are we running on OpenBSD? */
+/* #undef TARGET_OPENBSD */
+
+/* Are we running on Solaris? */
+/* #undef TARGET_SOLARIS */
+
+/* Are we running WIN32? */
+/* #undef TARGET_WIN32 */
+
+/* Define to 1 if you can safely include both <sys/time.h> and <time.h>. */
+#define TIME_WITH_SYS_TIME 1
+
+/* Win32 builtin */
+/* #undef UF */
+
+/* Use OpenSSL crypto library */
+#define USE_CRYPTO 1
+
+/* Use libdl for dynamic library loading */
+#define USE_LIBDL 1
+
+/* Use LoadLibrary to load DLLs on Windows */
+/* #undef USE_LOAD_LIBRARY */
+
+/* Use LZO compression library */
+#define ENABLE_LZO 1
+#define ENABLE_SNAPPY 1
+#define ENABLE_LZ4 1
+#define NEED_COMPAT_LZ4 1
+
+/* Enable PKCS11 capability */
+/* #undef USE_PKCS11 */
+
+/* Use pthread-based multithreading */
+/* #undef USE_PTHREAD */
+
+/* Use OpenSSL SSL library */
+#define ENABLE_SSL 1
+#define USE_SSL 1
+#define ENABLE_CRYPTO 1
+
+/* via android.mk */
+/*#define ENABLE_CRYPTO_OPENSSL 1*/
+/* #define ENABLE_CRYPTO_POLARSSL 1 */
+
+/* Use valgrind memory debugging library */
+/* #undef USE_VALGRIND */
+
+/* Version number of package */
+//#define VERSION "2.3.1"
+
+/* Enable GNU extensions on systems that have them.  */
+#ifndef _GNU_SOURCE
+# define _GNU_SOURCE 1
+#endif
+
+/* Define to empty if `const' does not conform to ANSI C. */
+/* #undef const */
+
+/* Define to `int' if <sys/types.h> doesn't define. */
+/* #undef gid_t */
+
+/* Some systems don't define in_addr_t */
+/* #undef in_addr_t */
+
+/* Define to `__inline__' or `__inline' if that's what the C compiler
+   calls it, or to nothing if 'inline' is not supported under any name.  */
+#ifndef __cplusplus
+/* #undef inline */
+#endif
+
+/* Define to `long int' if <sys/types.h> does not define. */
+/* #undef off_t */
+
+/* Define to `int' if <sys/types.h> does not define. */
+/* #undef pid_t */
+
+/* Define to `unsigned int' if <sys/types.h> does not define. */
+/* #undef size_t */
+
+/* type to use in place of socklen_t if not defined */
+/* #undef socklen_t */
+
+/* Define to `int' if <sys/types.h> doesn't define. */
+/* #undef uid_t */
+
+/* 16-bit unsigned type */
+/* #undef uint16_t */
+
+/* 32-bit unsigned type */
+/* #undef uint32_t */
+
+/* 8-bit unsigned type */
+/* #undef uint8_t */
+
+/* Define as `fork' if `vfork' does not work. */
+/* #undef vfork */
+
+/* Define to empty if the keyword `volatile' does not work. Warning: valid
+   code using `volatile' can become incorrect without. Disable with care. */
+/* #undef volatile */
+
+// New version
+#define HAVE_INET_NTOP 1
+#define HAVE_INET_PTON 1
+#define HAVE_LZO_LZOUTIL_H 1
+#define HAVE_LZO_LZO1X_H 1
+#define HAVE_SYS_TIME_H 1
+#define HAVE_TIME_H 1
+// #define HAVE_CONFIG_VERSION_H 1
+#define PATH_SEPARATOR_STR "/"
+#define HAVE_SA_FAMILY_T 1
+
+
+// Workaround for bionc
+#define IPPROTO_IP IPPROTO_IP
+#define IPPROTO_TCP IPPROTO_TCP
+
+int res_init();
+
+#define HAVE_AEAD_CIPHER_MODES 1
+
+#define HAVE_EVP_MD_CTX_RESET 1
+#define HAVE_EVP_MD_CTX_FREE 1
+#define HAVE_EVP_MD_CTX_NEW 1
+#define HAVE_EVP_CIPHER_CTX_FREE 1
+#define HAVE_EVP_CIPHER_CTX_NEW 1
+#define HAVE_HMAC_CTX_RESET 1
+#define HAVE_HMAC_CTX_FREE 1
+#define HAVE_HMAC_CTX_NEW 1
+#define HAVE_SSL_CTX_GET_DEFAULT_PASSWD_CB_USERDATA 1
+#define HAVE_SSL_CTX_GET_DEFAULT_PASSWD_CB 1
+#define HAVE_X509_GET0_PUBKEY 1
+#define HAVE_X509_STORE_GET0_OBJECTS 1
+#define HAVE_X509_OBJECT_FREE 1
+#define HAVE_X509_OBJECT_GET_TYPE 1
+#define HAVE_EVP_PKEY_GET0_RSA 1
+#define HAVE_EVP_PKEY_ID 1
+#define HAVE_EVP_PKEY_GET0_DSA 1
+#define HAVE_RSA_SET_FLAGS 1
+#define HAVE_RSA_GET0_KEY 1
+#define HAVE_RSA_SET0_KEY 1
+#define HAVE_RSA_BITS 1
+#define HAVE_DSA_BITS 1
+#define HAVE_DSA_GET0_PQG 1
+#define HAVE_RSA_METH_NEW 1
+#define HAVE_RSA_METH_FREE 1
+#define HAVE_RSA_METH_SET_PUB_ENC 1
+#define HAVE_RSA_METH_SET_PUB_DEC 1
+#define HAVE_RSA_METH_SET_PRIV_DEC 1
+#define HAVE_RSA_METH_SET_PRIV_ENC 1
+#define HAVE_RSA_METH_SET_INIT 1
+#define HAVE_RSA_METH_SET_FINISH 1
+#define HAVE_RSA_METH_SET0_APP_DATA 1
+#define HAVE_EVP_PKEY_GET0_EC_KEY 1
+#define HAVE_EC_GROUP_ORDER_BITS 1
+#define HAVE_RSA_METH_GET0_APP_DATA 1
+#define HAVE_RSA_METH_SET_SIGN 1
+
+#define ENABLE_OFB_CFB_MODE 1
+
+#define HAVE_X509_GET0_NOTBEFORE 1
+#define HAVE_X509_GET0_NOTAFTER 1
+
+#define HAVE_OPENSSL_VERSION 1
+#define HAVE_EVP_CIPHER_CTX_RESET
+
+
+#define _SOCKLEN_T_DECLARED 1

client/android/cpp/openvpn-config/openvpn-plugin.h

@@ -0,0 +1,875 @@
+/* include/openvpn-plugin.h.  Generated from openvpn-plugin.h.in by configure.  */
+/*
+ *  OpenVPN -- An application to securely tunnel IP networks
+ *             over a single TCP/UDP port, with support for SSL/TLS-based
+ *             session authentication and key exchange,
+ *             packet encryption, packet authentication, and
+ *             packet compression.
+ *
+ *  Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License version 2
+ *  as published by the Free Software Foundation.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License along
+ *  with this program; if not, write to the Free Software Foundation, Inc.,
+ *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#ifndef OPENVPN_PLUGIN_H_
+#define OPENVPN_PLUGIN_H_
+
+#define OPENVPN_PLUGIN_VERSION 3
+
+#ifdef ENABLE_CRYPTO_MBEDTLS
+#include <mbedtls/x509_crt.h>
+#ifndef __OPENVPN_X509_CERT_T_DECLARED
+#define __OPENVPN_X509_CERT_T_DECLARED
+typedef mbedtls_x509_crt openvpn_x509_cert_t;
+#endif
+#else  /* ifdef ENABLE_CRYPTO_MBEDTLS */
+#include <openssl/x509.h>
+#ifndef __OPENVPN_X509_CERT_T_DECLARED
+#define __OPENVPN_X509_CERT_T_DECLARED
+typedef X509 openvpn_x509_cert_t;
+#endif
+#endif
+
+#include <stdarg.h>
+#include <stddef.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Provide some basic version information to plug-ins at OpenVPN compile time
+ * This is will not be the complete version
+ */
+#define OPENVPN_VERSION_MAJOR 2
+#define OPENVPN_VERSION_MINOR 5
+#define OPENVPN_VERSION_PATCH "_git"
+
+/*
+ * Plug-in types.  These types correspond to the set of script callbacks
+ * supported by OpenVPN.
+ *
+ * This is the general call sequence to expect when running in server mode:
+ *
+ * Initial Server Startup:
+ *
+ * FUNC: openvpn_plugin_open_v1
+ * FUNC: openvpn_plugin_client_constructor_v1 (this is the top-level "generic"
+ *                                             client template)
+ * FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_UP
+ * FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_ROUTE_UP
+ *
+ * New Client Connection:
+ *
+ * FUNC: openvpn_plugin_client_constructor_v1
+ * FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_ENABLE_PF
+ * FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_TLS_VERIFY (called once for every cert
+ *                                                     in the server chain)
+ * FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY
+ * FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_TLS_FINAL
+ * FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_IPCHANGE
+ *
+ * [If OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY returned OPENVPN_PLUGIN_FUNC_DEFERRED,
+ * we don't proceed until authentication is verified via auth_control_file]
+ *
+ * FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_CLIENT_CONNECT_V2
+ * FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_LEARN_ADDRESS
+ *
+ * [Client session ensues]
+ *
+ * For each "TLS soft reset", according to reneg-sec option (or similar):
+ *
+ * FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_ENABLE_PF
+ *
+ * FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_TLS_VERIFY (called once for every cert
+ *                                                     in the server chain)
+ * FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY
+ * FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_TLS_FINAL
+ *
+ * [If OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY returned OPENVPN_PLUGIN_FUNC_DEFERRED,
+ * we expect that authentication is verified via auth_control_file within
+ * the number of seconds defined by the "hand-window" option.  Data channel traffic
+ * will continue to flow uninterrupted during this period.]
+ *
+ * [Client session continues]
+ *
+ * FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_CLIENT_DISCONNECT
+ * FUNC: openvpn_plugin_client_destructor_v1
+ *
+ * [ some time may pass ]
+ *
+ * FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_LEARN_ADDRESS (this coincides with a
+ *                                                            lazy free of initial
+ *                                                            learned addr object)
+ * Server Shutdown:
+ *
+ * FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_DOWN
+ * FUNC: openvpn_plugin_client_destructor_v1 (top-level "generic" client)
+ * FUNC: openvpn_plugin_close_v1
+ */
+#define OPENVPN_PLUGIN_UP                        0
+#define OPENVPN_PLUGIN_DOWN                      1
+#define OPENVPN_PLUGIN_ROUTE_UP                  2
+#define OPENVPN_PLUGIN_IPCHANGE                  3
+#define OPENVPN_PLUGIN_TLS_VERIFY                4
+#define OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY     5
+#define OPENVPN_PLUGIN_CLIENT_CONNECT            6
+#define OPENVPN_PLUGIN_CLIENT_DISCONNECT         7
+#define OPENVPN_PLUGIN_LEARN_ADDRESS             8
+#define OPENVPN_PLUGIN_CLIENT_CONNECT_V2         9
+#define OPENVPN_PLUGIN_TLS_FINAL                10
+#define OPENVPN_PLUGIN_ENABLE_PF                11
+#define OPENVPN_PLUGIN_ROUTE_PREDOWN            12
+#define OPENVPN_PLUGIN_CLIENT_CONNECT_DEFER     13
+#define OPENVPN_PLUGIN_CLIENT_CONNECT_DEFER_V2  14
+#define OPENVPN_PLUGIN_CLIENT_CRRESPONSE        15
+#define OPENVPN_PLUGIN_N                        16
+
+/*
+ * Build a mask out of a set of plug-in types.
+ */
+#define OPENVPN_PLUGIN_MASK(x) (1<<(x))
+
+/*
+ * A pointer to a plugin-defined object which contains
+ * the object state.
+ */
+typedef void *openvpn_plugin_handle_t;
+
+/*
+ * Return value for openvpn_plugin_func_v1 function
+ */
+#define OPENVPN_PLUGIN_FUNC_SUCCESS  0
+#define OPENVPN_PLUGIN_FUNC_ERROR    1
+#define OPENVPN_PLUGIN_FUNC_DEFERRED 2
+
+/*
+ * For Windows (needs to be modified for MSVC)
+ */
+#if defined(_WIN32) && !defined(OPENVPN_PLUGIN_H)
+#define OPENVPN_EXPORT __declspec(dllexport)
+#else
+#define OPENVPN_EXPORT
+#endif
+
+/*
+ * If OPENVPN_PLUGIN_H is defined, we know that we are being
+ * included in an OpenVPN compile, rather than a plugin compile.
+ */
+#ifdef OPENVPN_PLUGIN_H
+
+/*
+ * We are compiling OpenVPN.
+ */
+#define OPENVPN_PLUGIN_DEF        typedef
+#define OPENVPN_PLUGIN_FUNC(name) (*name)
+
+#else  /* ifdef OPENVPN_PLUGIN_H */
+
+/*
+ * We are compiling plugin.
+ */
+#define OPENVPN_PLUGIN_DEF        OPENVPN_EXPORT
+#define OPENVPN_PLUGIN_FUNC(name) name
+
+#endif
+
+/*
+ * Used by openvpn_plugin_func to return structured
+ * data.  The plugin should allocate all structure
+ * instances, name strings, and value strings with
+ * malloc, since OpenVPN will assume that it
+ * can free the list by calling free() over the same.
+ */
+struct openvpn_plugin_string_list
+{
+    struct openvpn_plugin_string_list *next;
+    char *name;
+    char *value;
+};
+
+
+/* openvpn_plugin_{open,func}_v3() related structs */
+
+/**
+ * Defines version of the v3 plugin argument structs
+ *
+ * Whenever one or more of these structs are modified, this constant
+ * must be updated.  A changelog should be appended in this comment
+ * as well, to make it easier to see what information is available
+ * in the different versions.
+ *
+ * Version   Comment
+ *    1      Initial plugin v3 structures providing the same API as
+ *           the v2 plugin interface, X509 certificate information +
+ *           a logging API for plug-ins.
+ *
+ *    2      Added ssl_api member in struct openvpn_plugin_args_open_in
+ *           which identifies the SSL implementation OpenVPN is compiled
+ *           against.
+ *
+ *    3      Added ovpn_version, ovpn_version_major, ovpn_version_minor
+ *           and ovpn_version_patch to provide the runtime version of
+ *           OpenVPN to plug-ins.
+ *
+ *    4      Exported secure_memzero() as plugin_secure_memzero()
+ *
+ *    5      Exported openvpn_base64_encode() as plugin_base64_encode()
+ *           Exported openvpn_base64_decode() as plugin_base64_decode()
+ */
+#define OPENVPN_PLUGINv3_STRUCTVER 5
+
+/**
+ * Definitions needed for the plug-in callback functions.
+ */
+typedef enum
+{
+    PLOG_ERR    = (1 << 0),/* Error condition message */
+    PLOG_WARN   = (1 << 1),/* General warning message */
+    PLOG_NOTE   = (1 << 2),/* Informational message */
+    PLOG_DEBUG  = (1 << 3),/* Debug message, displayed if verb >= 7 */
+
+    PLOG_ERRNO  = (1 << 8),/* Add error description to message */
+    PLOG_NOMUTE = (1 << 9), /* Mute setting does not apply for message */
+
+} openvpn_plugin_log_flags_t;
+
+
+#ifdef __GNUC__
+#if __USE_MINGW_ANSI_STDIO
+#define _ovpn_chk_fmt(a, b) __attribute__ ((format(gnu_printf, (a), (b))))
+#else
+#define _ovpn_chk_fmt(a, b) __attribute__ ((format(__printf__, (a), (b))))
+#endif
+#else  /* ifdef __GNUC__ */
+#define _ovpn_chk_fmt(a, b)
+#endif
+
+typedef void (*plugin_log_t)(openvpn_plugin_log_flags_t flags,
+                             const char *plugin_name,
+                             const char *format, ...) _ovpn_chk_fmt (3, 4);
+
+typedef void (*plugin_vlog_t)(openvpn_plugin_log_flags_t flags,
+                              const char *plugin_name,
+                              const char *format,
+                              va_list arglist) _ovpn_chk_fmt (3, 0);
+/* #undef _ovpn_chk_fmt */
+
+/**
+ *  Export of secure_memzero() to be used inside plug-ins
+ *
+ *  @param data   Pointer to data to zeroise
+ *  @param len    Length of data, in bytes
+ *
+ */
+typedef void (*plugin_secure_memzero_t)(void *data, size_t len);
+
+/**
+ *  Export of openvpn_base64_encode() to be used inside plug-ins
+ *
+ *  @param data   Pointer to data to BASE64 encode
+ *  @param size   Length of data, in bytes
+ *  @param *str   Pointer to the return buffer.  This needed memory is
+ *                allocated by openvpn_base64_encode() and needs to be free()d
+ *                after use.
+ *
+ *  @return int   Returns the length of the buffer created, or -1 on error.
+ *
+ */
+typedef int (*plugin_base64_encode_t)(const void *data, int size, char **str);
+
+/**
+ *  Export of openvpn_base64_decode() to be used inside plug-ins
+ *
+ *  @param str    Pointer to the BASE64 encoded data
+ *  @param data   Pointer to the buffer where save the decoded data
+ *  @param size   Size of the destination buffer
+ *
+ *  @return int   Returns the length of the decoded data, or -1 on error or
+ *                if the destination buffer is too small.
+ *
+ */
+typedef int (*plugin_base64_decode_t)(const char *str, void *data, int size);
+
+
+/**
+ * Used by the openvpn_plugin_open_v3() function to pass callback
+ * function pointers to the plug-in.
+ *
+ * plugin_log
+ * plugin_vlog : Use these functions to add information to the OpenVPN log file.
+ *               Messages will only be displayed if the plugin_name parameter
+ *               is set. PLOG_DEBUG messages will only be displayed with plug-in
+ *               debug log verbosity (at the time of writing that's verb >= 7).
+ *
+ * plugin_secure_memzero
+ *             : Use this function to securely wipe sensitive information from
+ *               memory.  This function is declared in a way that the compiler
+ *               will not remove these function calls during the compiler
+ *               optimization phase.
+ */
+struct openvpn_plugin_callbacks
+{
+    plugin_log_t plugin_log;
+    plugin_vlog_t plugin_vlog;
+    plugin_secure_memzero_t plugin_secure_memzero;
+    plugin_base64_encode_t plugin_base64_encode;
+    plugin_base64_decode_t plugin_base64_decode;
+};
+
+/**
+ * Used by the openvpn_plugin_open_v3() function to indicate to the
+ * plug-in what kind of SSL implementation OpenVPN uses.  This is
+ * to avoid SEGV issues when OpenVPN is complied against mbed TLS
+ * and the plug-in against OpenSSL.
+ */
+typedef enum {
+    SSLAPI_NONE,
+    SSLAPI_OPENSSL,
+    SSLAPI_MBEDTLS
+} ovpnSSLAPI;
+
+/**
+ * Arguments used to transport variables to the plug-in.
+ * The struct openvpn_plugin_args_open_in is only used
+ * by the openvpn_plugin_open_v3() function.
+ *
+ * STRUCT MEMBERS
+ *
+ * type_mask : Set by OpenVPN to the logical OR of all script
+ *             types which this version of OpenVPN supports.
+ *
+ * argv : a NULL-terminated array of options provided to the OpenVPN
+ *        "plug-in" directive.  argv[0] is the dynamic library pathname.
+ *
+ * envp : a NULL-terminated array of OpenVPN-set environmental
+ *        variables in "name=value" format.  Note that for security reasons,
+ *        these variables are not actually written to the "official"
+ *        environmental variable store of the process.
+ *
+ * callbacks : a pointer to the plug-in callback function struct.
+ *
+ */
+struct openvpn_plugin_args_open_in
+{
+    const int type_mask;
+    const char **const argv;
+    const char **const envp;
+    struct openvpn_plugin_callbacks *callbacks;
+    const ovpnSSLAPI ssl_api;
+    const char *ovpn_version;
+    const unsigned int ovpn_version_major;
+    const unsigned int ovpn_version_minor;
+    const char *const ovpn_version_patch;
+};
+
+
+/**
+ * Arguments used to transport variables from the plug-in back
+ * to the OpenVPN process.  The struct openvpn_plugin_args_open_return
+ * is only used by the openvpn_plugin_open_v3() function.
+ *
+ * STRUCT MEMBERS
+ *
+ * type_mask  : The plug-in should set this value to the logical OR of all script
+ *              types which the plug-in wants to intercept.  For example, if the
+ *              script wants to intercept the client-connect and client-disconnect
+ *              script types:
+ *
+ *              type_mask = OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_CLIENT_CONNECT)
+ *                         | OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_CLIENT_DISCONNECT)
+ *
+ * handle :     Pointer to a global plug-in context, created by the plug-in.  This pointer
+ *              is passed on to the other plug-in calls.
+ *
+ * return_list : used to return data back to OpenVPN.
+ *
+ */
+struct openvpn_plugin_args_open_return
+{
+    int type_mask;
+    openvpn_plugin_handle_t handle;
+    struct openvpn_plugin_string_list **return_list;
+};
+
+/**
+ * Arguments used to transport variables to and from the
+ * plug-in.  The struct openvpn_plugin_args_func is only used
+ * by the openvpn_plugin_func_v3() function.
+ *
+ * STRUCT MEMBERS:
+ *
+ * type : one of the PLUGIN_x types.
+ *
+ * argv : a NULL-terminated array of "command line" options which
+ *        would normally be passed to the script.  argv[0] is the dynamic
+ *        library pathname.
+ *
+ * envp : a NULL-terminated array of OpenVPN-set environmental
+ *        variables in "name=value" format.  Note that for security reasons,
+ *        these variables are not actually written to the "official"
+ *        environmental variable store of the process.
+ *
+ * handle : Pointer to a global plug-in context, created by the plug-in's openvpn_plugin_open_v3().
+ *
+ * per_client_context : the per-client context pointer which was returned by
+ *        openvpn_plugin_client_constructor_v1, if defined.
+ *
+ * current_cert_depth : Certificate depth of the certificate being passed over
+ *
+ * *current_cert : X509 Certificate object received from the client
+ *
+ */
+struct openvpn_plugin_args_func_in
+{
+    const int type;
+    const char **const argv;
+    const char **const envp;
+    openvpn_plugin_handle_t handle;
+    void *per_client_context;
+    int current_cert_depth;
+    openvpn_x509_cert_t *current_cert;
+};
+
+
+/**
+ * Arguments used to transport variables to and from the
+ * plug-in.  The struct openvpn_plugin_args_func is only used
+ * by the openvpn_plugin_func_v3() function.
+ *
+ * STRUCT MEMBERS:
+ *
+ * return_list : used to return data back to OpenVPN for further processing/usage by
+ *               the OpenVPN executable.
+ *
+ */
+struct openvpn_plugin_args_func_return
+{
+    struct openvpn_plugin_string_list **return_list;
+};
+
+/*
+ * Multiple plugin modules can be cascaded, and modules can be
+ * used in tandem with scripts.  The order of operation is that
+ * the module func() functions are called in the order that
+ * the modules were specified in the config file.  If a script
+ * was specified as well, it will be called last.  If the
+ * return code of the module/script controls an authentication
+ * function (such as tls-verify or auth-user-pass-verify), then
+ * every module and script must return success (0) in order for
+ * the connection to be authenticated.
+ *
+ * Notes:
+ *
+ * Plugins which use a privilege-separation model (by forking in
+ * their initialization function before the main OpenVPN process
+ * downgrades root privileges and/or executes a chroot) must
+ * daemonize after a fork if the "daemon" environmental variable is
+ * set.  In addition, if the "daemon_log_redirect" variable is set,
+ * the plugin should preserve stdout/stderr across the daemon()
+ * syscall.  See the daemonize() function in plugin/auth-pam/auth-pam.c
+ * for an example.
+ */
+
+/*
+ * Prototypes for functions which OpenVPN plug-ins must define.
+ */
+
+/*
+ * FUNCTION: openvpn_plugin_open_v2
+ *
+ * REQUIRED: YES
+ *
+ * Called on initial plug-in load.  OpenVPN will preserve plug-in state
+ * across SIGUSR1 restarts but not across SIGHUP restarts.  A SIGHUP reset
+ * will cause the plugin to be closed and reopened.
+ *
+ * ARGUMENTS
+ *
+ * *type_mask : Set by OpenVPN to the logical OR of all script
+ *              types which this version of OpenVPN supports.  The plug-in
+ *              should set this value to the logical OR of all script types
+ *              which the plug-in wants to intercept.  For example, if the
+ *              script wants to intercept the client-connect and
+ *              client-disconnect script types:
+ *
+ *              *type_mask = OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_CLIENT_CONNECT)
+ *                         | OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_CLIENT_DISCONNECT)
+ *
+ * argv : a NULL-terminated array of options provided to the OpenVPN
+ *        "plug-in" directive.  argv[0] is the dynamic library pathname.
+ *
+ * envp : a NULL-terminated array of OpenVPN-set environmental
+ *        variables in "name=value" format.  Note that for security reasons,
+ *        these variables are not actually written to the "official"
+ *        environmental variable store of the process.
+ *
+ * return_list : used to return data back to OpenVPN.
+ *
+ * RETURN VALUE
+ *
+ * An openvpn_plugin_handle_t value on success, NULL on failure
+ */
+OPENVPN_PLUGIN_DEF openvpn_plugin_handle_t OPENVPN_PLUGIN_FUNC(openvpn_plugin_open_v2)
+    (unsigned int *type_mask,
+    const char *argv[],
+    const char *envp[],
+    struct openvpn_plugin_string_list **return_list);
+
+/*
+ * FUNCTION: openvpn_plugin_func_v2
+ *
+ * Called to perform the work of a given script type.
+ *
+ * REQUIRED: YES
+ *
+ * ARGUMENTS
+ *
+ * handle : the openvpn_plugin_handle_t value which was returned by
+ *          openvpn_plugin_open.
+ *
+ * type : one of the PLUGIN_x types
+ *
+ * argv : a NULL-terminated array of "command line" options which
+ *        would normally be passed to the script.  argv[0] is the dynamic
+ *        library pathname.
+ *
+ * envp : a NULL-terminated array of OpenVPN-set environmental
+ *        variables in "name=value" format.  Note that for security reasons,
+ *        these variables are not actually written to the "official"
+ *        environmental variable store of the process.
+ *
+ * per_client_context : the per-client context pointer which was returned by
+ *        openvpn_plugin_client_constructor_v1, if defined.
+ *
+ * return_list : used to return data back to OpenVPN.
+ *
+ * RETURN VALUE
+ *
+ * OPENVPN_PLUGIN_FUNC_SUCCESS on success, OPENVPN_PLUGIN_FUNC_ERROR on failure
+ *
+ * In addition, OPENVPN_PLUGIN_FUNC_DEFERRED may be returned by
+ * OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY.  This enables asynchronous
+ * authentication where the plugin (or one of its agents) may indicate
+ * authentication success/failure some number of seconds after the return
+ * of the OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY handler by writing a single
+ * char to the file named by auth_control_file in the environmental variable
+ * list (envp).
+ *
+ * first char of auth_control_file:
+ * '0' -- indicates auth failure
+ * '1' -- indicates auth success
+ *
+ * OpenVPN will delete the auth_control_file after it goes out of scope.
+ *
+ * If an OPENVPN_PLUGIN_ENABLE_PF handler is defined and returns success
+ * for a particular client instance, packet filtering will be enabled for that
+ * instance.  OpenVPN will then attempt to read the packet filter configuration
+ * from the temporary file named by the environmental variable pf_file.  This
+ * file may be generated asynchronously and may be dynamically updated during the
+ * client session, however the client will be blocked from sending or receiving
+ * VPN tunnel packets until the packet filter file has been generated.  OpenVPN
+ * will periodically test the packet filter file over the life of the client
+ * instance and reload when modified.  OpenVPN will delete the packet filter file
+ * when the client instance goes out of scope.
+ *
+ * Packet filter file grammar:
+ *
+ * [CLIENTS DROP|ACCEPT]
+ * {+|-}common_name1
+ * {+|-}common_name2
+ * . . .
+ * [SUBNETS DROP|ACCEPT]
+ * {+|-}subnet1
+ * {+|-}subnet2
+ * . . .
+ * [END]
+ *
+ * Subnet: IP-ADDRESS | IP-ADDRESS/NUM_NETWORK_BITS
+ *
+ * CLIENTS refers to the set of clients (by their common-name) which
+ * this instance is allowed ('+') to connect to, or is excluded ('-')
+ * from connecting to.  Note that in the case of client-to-client
+ * connections, such communication must be allowed by the packet filter
+ * configuration files of both clients.
+ *
+ * SUBNETS refers to IP addresses or IP address subnets which this
+ * instance may connect to ('+') or is excluded ('-') from connecting
+ * to.
+ *
+ * DROP or ACCEPT defines default policy when there is no explicit match
+ * for a common-name or subnet.  The [END] tag must exist.  A special
+ * purpose tag called [KILL] will immediately kill the client instance.
+ * A given client or subnet rule applies to both incoming and outgoing
+ * packets.
+ *
+ * See plugin/defer/simple.c for an example on using asynchronous
+ * authentication and client-specific packet filtering.
+ */
+OPENVPN_PLUGIN_DEF int OPENVPN_PLUGIN_FUNC(openvpn_plugin_func_v2)
+    (openvpn_plugin_handle_t handle,
+    const int type,
+    const char *argv[],
+    const char *envp[],
+    void *per_client_context,
+    struct openvpn_plugin_string_list **return_list);
+
+
+/*
+ * FUNCTION: openvpn_plugin_open_v3
+ *
+ * REQUIRED: YES
+ *
+ * Called on initial plug-in load.  OpenVPN will preserve plug-in state
+ * across SIGUSR1 restarts but not across SIGHUP restarts.  A SIGHUP reset
+ * will cause the plugin to be closed and reopened.
+ *
+ * ARGUMENTS
+ *
+ * version : fixed value, defines the API version of the OpenVPN plug-in API.  The plug-in
+ *           should validate that this value is matching the OPENVPN_PLUGINv3_STRUCTVER
+ *           value.
+ *
+ * arguments : Structure with all arguments available to the plug-in.
+ *
+ * retptr :    used to return data back to OpenVPN.
+ *
+ * RETURN VALUE
+ *
+ * OPENVPN_PLUGIN_FUNC_SUCCESS on success, OPENVPN_PLUGIN_FUNC_ERROR on failure
+ */
+OPENVPN_PLUGIN_DEF int OPENVPN_PLUGIN_FUNC(openvpn_plugin_open_v3)
+    (const int version,
+    struct openvpn_plugin_args_open_in const *arguments,
+    struct openvpn_plugin_args_open_return *retptr);
+
+/*
+ * FUNCTION: openvpn_plugin_func_v3
+ *
+ * Called to perform the work of a given script type.
+ *
+ * REQUIRED: YES
+ *
+ * ARGUMENTS
+ *
+ * version : fixed value, defines the API version of the OpenVPN plug-in API.  The plug-in
+ *           should validate that this value is matching the OPENVPN_PLUGIN_VERSION value.
+ *
+ * handle : the openvpn_plugin_handle_t value which was returned by
+ *          openvpn_plugin_open.
+ *
+ * return_list : used to return data back to OpenVPN.
+ *
+ * RETURN VALUE
+ *
+ * OPENVPN_PLUGIN_FUNC_SUCCESS on success, OPENVPN_PLUGIN_FUNC_ERROR on failure
+ *
+ * In addition, OPENVPN_PLUGIN_FUNC_DEFERRED may be returned by
+ * OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY.  This enables asynchronous
+ * authentication where the plugin (or one of its agents) may indicate
+ * authentication success/failure some number of seconds after the return
+ * of the OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY handler by writing a single
+ * char to the file named by auth_control_file in the environmental variable
+ * list (envp).
+ *
+ * first char of auth_control_file:
+ * '0' -- indicates auth failure
+ * '1' -- indicates auth success
+ *
+ * OpenVPN will delete the auth_control_file after it goes out of scope.
+ *
+ * If an OPENVPN_PLUGIN_ENABLE_PF handler is defined and returns success
+ * for a particular client instance, packet filtering will be enabled for that
+ * instance.  OpenVPN will then attempt to read the packet filter configuration
+ * from the temporary file named by the environmental variable pf_file.  This
+ * file may be generated asynchronously and may be dynamically updated during the
+ * client session, however the client will be blocked from sending or receiving
+ * VPN tunnel packets until the packet filter file has been generated.  OpenVPN
+ * will periodically test the packet filter file over the life of the client
+ * instance and reload when modified.  OpenVPN will delete the packet filter file
+ * when the client instance goes out of scope.
+ *
+ * Packet filter file grammar:
+ *
+ * [CLIENTS DROP|ACCEPT]
+ * {+|-}common_name1
+ * {+|-}common_name2
+ * . . .
+ * [SUBNETS DROP|ACCEPT]
+ * {+|-}subnet1
+ * {+|-}subnet2
+ * . . .
+ * [END]
+ *
+ * Subnet: IP-ADDRESS | IP-ADDRESS/NUM_NETWORK_BITS
+ *
+ * CLIENTS refers to the set of clients (by their common-name) which
+ * this instance is allowed ('+') to connect to, or is excluded ('-')
+ * from connecting to.  Note that in the case of client-to-client
+ * connections, such communication must be allowed by the packet filter
+ * configuration files of both clients.
+ *
+ * SUBNETS refers to IP addresses or IP address subnets which this
+ * instance may connect to ('+') or is excluded ('-') from connecting
+ * to.
+ *
+ * DROP or ACCEPT defines default policy when there is no explicit match
+ * for a common-name or subnet.  The [END] tag must exist.  A special
+ * purpose tag called [KILL] will immediately kill the client instance.
+ * A given client or subnet rule applies to both incoming and outgoing
+ * packets.
+ *
+ * See plugin/defer/simple.c for an example on using asynchronous
+ * authentication and client-specific packet filtering.
+ */
+OPENVPN_PLUGIN_DEF int OPENVPN_PLUGIN_FUNC(openvpn_plugin_func_v3)
+    (const int version,
+    struct openvpn_plugin_args_func_in const *arguments,
+    struct openvpn_plugin_args_func_return *retptr);
+
+/*
+ * FUNCTION: openvpn_plugin_close_v1
+ *
+ * REQUIRED: YES
+ *
+ * ARGUMENTS
+ *
+ * handle : the openvpn_plugin_handle_t value which was returned by
+ *          openvpn_plugin_open.
+ *
+ * Called immediately prior to plug-in unload.
+ */
+OPENVPN_PLUGIN_DEF void OPENVPN_PLUGIN_FUNC(openvpn_plugin_close_v1)
+    (openvpn_plugin_handle_t handle);
+
+/*
+ * FUNCTION: openvpn_plugin_abort_v1
+ *
+ * REQUIRED: NO
+ *
+ * ARGUMENTS
+ *
+ * handle : the openvpn_plugin_handle_t value which was returned by
+ *          openvpn_plugin_open.
+ *
+ * Called when OpenVPN is in the process of aborting due to a fatal error.
+ * Will only be called on an open context returned by a prior successful
+ * openvpn_plugin_open callback.
+ */
+OPENVPN_PLUGIN_DEF void OPENVPN_PLUGIN_FUNC(openvpn_plugin_abort_v1)
+    (openvpn_plugin_handle_t handle);
+
+/*
+ * FUNCTION: openvpn_plugin_client_constructor_v1
+ *
+ * Called to allocate a per-client memory region, which
+ * is then passed to the openvpn_plugin_func_v2 function.
+ * This function is called every time the OpenVPN server
+ * constructs a client instance object, which normally
+ * occurs when a session-initiating packet is received
+ * by a new client, even before the client has authenticated.
+ *
+ * This function should allocate the private memory needed
+ * by the plugin to track individual OpenVPN clients, and
+ * return a void * to this memory region.
+ *
+ * REQUIRED: NO
+ *
+ * ARGUMENTS
+ *
+ * handle : the openvpn_plugin_handle_t value which was returned by
+ *          openvpn_plugin_open.
+ *
+ * RETURN VALUE
+ *
+ * void * pointer to plugin's private per-client memory region, or NULL
+ * if no memory region is required.
+ */
+OPENVPN_PLUGIN_DEF void *OPENVPN_PLUGIN_FUNC(openvpn_plugin_client_constructor_v1)
+    (openvpn_plugin_handle_t handle);
+
+/*
+ * FUNCTION: openvpn_plugin_client_destructor_v1
+ *
+ * This function is called on client instance object destruction.
+ *
+ * REQUIRED: NO
+ *
+ * ARGUMENTS
+ *
+ * handle : the openvpn_plugin_handle_t value which was returned by
+ *          openvpn_plugin_open.
+ *
+ * per_client_context : the per-client context pointer which was returned by
+ *        openvpn_plugin_client_constructor_v1, if defined.
+ */
+OPENVPN_PLUGIN_DEF void OPENVPN_PLUGIN_FUNC(openvpn_plugin_client_destructor_v1)
+    (openvpn_plugin_handle_t handle, void *per_client_context);
+
+/*
+ * FUNCTION: openvpn_plugin_select_initialization_point_v1
+ *
+ * Several different points exist in OpenVPN's initialization sequence where
+ * the openvpn_plugin_open function can be called.  While the default is
+ * OPENVPN_PLUGIN_INIT_PRE_DAEMON, this function can be used to select a
+ * different initialization point.  For example, if your plugin needs to
+ * return configuration parameters to OpenVPN, use
+ * OPENVPN_PLUGIN_INIT_PRE_CONFIG_PARSE.
+ *
+ * REQUIRED: NO
+ *
+ * RETURN VALUE:
+ *
+ * An OPENVPN_PLUGIN_INIT_x value.
+ */
+#define OPENVPN_PLUGIN_INIT_PRE_CONFIG_PARSE 1
+#define OPENVPN_PLUGIN_INIT_PRE_DAEMON       2 /* default */
+#define OPENVPN_PLUGIN_INIT_POST_DAEMON      3
+#define OPENVPN_PLUGIN_INIT_POST_UID_CHANGE  4
+
+OPENVPN_PLUGIN_DEF int OPENVPN_PLUGIN_FUNC(openvpn_plugin_select_initialization_point_v1)
+    (void);
+
+/*
+ * FUNCTION: openvpn_plugin_min_version_required_v1
+ *
+ * This function is called by OpenVPN to query the minimum
+ * plugin interface version number required by the plugin.
+ *
+ * REQUIRED: NO
+ *
+ * RETURN VALUE
+ *
+ * The minimum OpenVPN plugin interface version number necessary to support
+ * this plugin.
+ */
+OPENVPN_PLUGIN_DEF int OPENVPN_PLUGIN_FUNC(openvpn_plugin_min_version_required_v1)
+    (void);
+
+/*
+ * Deprecated functions which are still supported for backward compatibility.
+ */
+
+OPENVPN_PLUGIN_DEF openvpn_plugin_handle_t OPENVPN_PLUGIN_FUNC(openvpn_plugin_open_v1)
+    (unsigned int *type_mask,
+    const char *argv[],
+    const char *envp[]);
+
+OPENVPN_PLUGIN_DEF int OPENVPN_PLUGIN_FUNC(openvpn_plugin_func_v1)
+    (openvpn_plugin_handle_t handle, const int type, const char *argv[], const char *envp[]);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* OPENVPN_PLUGIN_H_ */

client/android/cpp/ovpnutil/jniglue.c

@@ -0,0 +1,40 @@
+#include <jni.h>
+#include <android/log.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+
+#include "jniglue.h"
+
+jint JNI_OnLoad(JavaVM *vm, void *reserved) {
+#ifndef NDEBUG
+    __android_log_write(ANDROID_LOG_DEBUG,"openvpn", "Loading openvpn native library $id$ compiled on "   __DATE__ " " __TIME__ );
+#endif
+    return JNI_VERSION_1_2;
+}
+
+
+void android_openvpn_log(int level,const char* prefix,const char* prefix_sep,const char* m1)
+{
+    __android_log_print(ANDROID_LOG_DEBUG,"openvpn","%s%s%s",prefix,prefix_sep,m1);
+}
+
+
+//! Hack to get the current installed ABI of the libraries. See also https://github.com/schwabe/ics-openvpn/issues/391
+jstring Java_de_blinkt_openvpn_core_NativeUtils_getJNIAPI(JNIEnv *env, jclass jo)
+{
+
+    return (*env)->NewStringUTF(env, TARGET_ARCH_ABI);
+}
+
+jstring Java_de_blinkt_openvpn_core_NativeUtils_getOpenVPN2GitVersion(JNIEnv *env, jclass jo)
+{
+
+  return (*env)->NewStringUTF(env, OPENVPN2_GIT_REVISION);
+}
+
+jstring Java_de_blinkt_openvpn_core_NativeUtils_getOpenVPN3GitVersion(JNIEnv *env, jclass jo)
+{
+
+  return (*env)->NewStringUTF(env, OPENVPN3_GIT_REVISION);
+}

client/android/cpp/ovpnutil/jniglue.h

@@ -0,0 +1,21 @@
+//
+//  jniglue.h
+//  xcopenvpn
+//
+//  Created by Arne Schwabe on 29.03.12.
+//  Copyright (c) 2012 Universität Paderborn. All rights reserved.
+//
+
+#ifndef xcopenvpn_jniglue_h
+#define xcopenvpn_jniglue_h
+void android_openvpn_log(int level,const char* prefix,const char* prefix_sep,const char* m1);
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+    int jniThrowException(JNIEnv* env, const char* className, const char* msg);
+
+#ifdef __cplusplus
+}
+#endif

client/android/cpp/ovpnutil/rsapss.cpp

@@ -0,0 +1,146 @@
+/* Adapted from OpenSSL's rsa_pss.c from OpenSSL 3.0.1 */
+
+/*
+ * Copyright 2005-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+#include "jni.h"
+
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+#include <openssl/rsa.h>
+
+#include <array>
+
+static const unsigned char zeroes[] = {0, 0, 0, 0, 0, 0, 0, 0};
+
+static char opensslerr[1024];
+extern "C" jbyteArray Java_de_blinkt_openvpn_core_NativeUtils_rsapss(JNIEnv *env,
+								     jclass,
+								     jint hashtype,
+								     jint MSBits,
+								     jint rsa_size,
+								     jbyteArray from) {
+
+  /*
+  unsigned char *EM,
+				     const unsigned char *mHash,
+				     const EVP_MD *Hash, const EVP_MD *mgf1Hash,
+				     int sLen)
+*/
+
+  jbyte *data = env->GetByteArrayElements(from, nullptr);
+  int datalen = env->GetArrayLength(from);
+
+  const auto *mHash = reinterpret_cast<const unsigned char *>(data);
+
+  const EVP_MD *Hash;
+
+  if (hashtype == 0) {
+    Hash = EVP_md5();
+  } else if (hashtype == 1) {
+    Hash = EVP_sha1();
+  } else if (hashtype == 2) {
+    Hash = EVP_sha224();
+  } else if (hashtype == 3) {
+    Hash = EVP_sha256();
+  } else if (hashtype == 4) {
+    Hash = EVP_sha384();
+  } else if (hashtype == 5) {
+    Hash = EVP_sha512();
+  }
+
+  const EVP_MD *mgf1Hash = Hash;
+
+  int ret = 0;
+  int maskedDBLen, emLen;
+  unsigned char *H, *salt = nullptr, *p;
+  EVP_MD_CTX *ctx = nullptr;
+
+  int hLen = EVP_MD_get_size(Hash);
+  int sLen = hLen; /* RSA_PSS_SALTLEN_DIGEST */
+
+  std::array<unsigned char, 2048> buf{};
+  unsigned char *EM = buf.data();
+
+  if (hLen < 0)
+    goto err;
+
+  emLen = rsa_size;
+  if (MSBits == 0) {
+    *EM++ = 0;
+    emLen--;
+  }
+  if (emLen < hLen + 2) {
+    goto err;
+  }
+  if (sLen == RSA_PSS_SALTLEN_MAX) {
+    sLen = emLen - hLen - 2;
+  } else if (sLen > emLen - hLen - 2) {
+    goto err;
+  }
+
+  if (sLen > 0) {
+    salt = (unsigned char *) OPENSSL_malloc(sLen);
+    if (salt == nullptr) {
+      goto err;
+    }
+    if (RAND_bytes_ex(nullptr, salt, sLen, 0) <= 0)
+      goto err;
+  }
+  maskedDBLen = emLen - hLen - 1;
+  H = EM + maskedDBLen;
+  ctx = EVP_MD_CTX_new();
+  if (ctx == nullptr)
+    goto err;
+  if (!EVP_DigestInit_ex(ctx, Hash, nullptr)
+      || !EVP_DigestUpdate(ctx, zeroes, sizeof(zeroes))
+      || !EVP_DigestUpdate(ctx, mHash, hLen))
+    goto err;
+  if (sLen && !EVP_DigestUpdate(ctx, salt, sLen))
+    goto err;
+  if (!EVP_DigestFinal_ex(ctx, H, nullptr))
+    goto err;
+
+  /* Generate dbMask in place then perform XOR on it */
+  if (PKCS1_MGF1(EM, maskedDBLen, H, hLen, mgf1Hash))
+    goto err;
+
+  p = EM;
+
+  /*
+   * Initial PS XORs with all zeroes which is a NOP so just update pointer.
+   * Note from a test above this value is guaranteed to be non-negative.
+   */
+  p += emLen - sLen - hLen - 2;
+  *p++ ^= 0x1;
+  if (sLen > 0) {
+    for (int i = 0; i < sLen; i++)
+      *p++ ^= salt[i];
+  }
+  if (MSBits)
+    EM[0] &= 0xFF >> (8 - MSBits);
+
+  /* H is already in place so just set final 0xbc */
+
+  EM[emLen - 1] = 0xbc;
+
+  ret = 1;
+
+  err:
+  EVP_MD_CTX_free(ctx);
+  OPENSSL_clear_free(salt, (size_t) sLen); /* salt != NULL implies sLen > 0 */
+
+
+  jbyteArray jb;
+
+  jb = env->NewByteArray(emLen);
+
+  env->SetByteArrayRegion(jb, 0, emLen, (jbyte *) EM);
+
+  return jb;
+}

client/android/cpp/ovpnutil/sslspeed.c

@@ -0,0 +1,334 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * Portions of the attached software ("Contribution") are developed by
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+ *
+ * The Contribution is licensed pursuant to the OpenSSL open source
+ * license provided above.
+ *
+ * The ECDH and ECDSA speed test software is originally written by
+ * Sumit Gupta of Sun Microsystems Laboratories.
+ *
+ */
+
+// Modified by Arne Schwabe to give a simple openssl evp speed java api
+
+#include <jni.h>
+
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netdb.h>
+#include <netinet/in.h>
+#include <sys/ioctl.h>
+#include <sys/times.h>
+#include <linux/if.h>
+#include <android/log.h>
+#include <unistd.h>
+#include <string.h>
+#include <stdio.h>
+#include <errno.h>
+
+#include "jniglue.h"
+#include <android/log.h>
+
+#include <openssl/crypto.h>
+#include <openssl/rand.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/async.h>
+#include <openssl/provider.h>
+
+
+/* This file just contains code thrown together until it works */
+
+
+#undef SECONDS
+#define SECONDS                 3
+#define PRIME_SECONDS   10
+#define RSA_SECONDS             10
+#define DSA_SECONDS             10
+#define ECDSA_SECONDS   10
+#define ECDH_SECONDS    10
+
+
+typedef struct loopargs_st {
+    unsigned char *buf;
+    unsigned char *buf2;
+    unsigned char *buf_malloc;
+    unsigned char *buf2_malloc;
+    unsigned int siglen;
+    EVP_CIPHER_CTX *ctx;
+    HMAC_CTX *hctx;
+} loopargs_t;
+
+#undef BUFSIZE
+#define BUFSIZE (1024*16+1)
+#define MAX_MISALIGNMENT 63
+
+
+#define MAX_BLOCK_SIZE 128
+static unsigned char iv[2 * MAX_BLOCK_SIZE / 8];
+
+#define SIZE_NUM        7
+static const int lengths[SIZE_NUM] = {
+    16, 64, 256, 1024, 1500, 8 * 1024, 16 * 1024
+};
+
+static int testnum;
+
+# define COND(unused_cond) (run && count<0x7fffffff)
+
+static volatile int run = 0;
+
+#ifdef SIGALRM
+# if defined(__STDC__) || defined(sgi) || defined(_AIX)
+#  define SIGRETTYPE void
+# else
+#  define SIGRETTYPE int
+# endif
+
+
+#define START   0
+#define STOP    1
+#define TM_START        0
+#define TM_STOP         1
+
+static int usertime = 1;
+
+double app_tminterval(int stop, int usertime)
+{
+    double ret = 0;
+    struct tms rus;
+    clock_t now = times(&rus);
+    static clock_t tmstart;
+
+    if (usertime)
+        now = rus.tms_utime;
+
+    if (stop == TM_START)
+        tmstart = now;
+    else {
+        long int tck = sysconf(_SC_CLK_TCK);
+        ret = (now - tmstart) / (double)tck;
+    }
+
+    return (ret);
+}
+
+
+
+
+static double Time_F(int s)
+{
+    double ret = app_tminterval(s, usertime);
+    if (s == STOP)
+        alarm(0);
+    return ret;
+}
+
+#endif
+
+
+static long save_count = 0;
+static int decrypt = 0;
+static int EVP_Update_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **)args;
+    unsigned char *buf = tempargs->buf;
+    EVP_CIPHER_CTX *ctx = tempargs->ctx;
+    int outl, count;
+
+    if (decrypt)
+        for (count = 0; COND(nb_iter); count++)
+            EVP_DecryptUpdate(ctx, buf, &outl, buf, lengths[testnum]);
+    else
+        for (count = 0; COND(nb_iter); count++)
+            EVP_EncryptUpdate(ctx, buf, &outl, buf, lengths[testnum]);
+    if (decrypt)
+        EVP_DecryptFinal_ex(ctx, buf, &outl);
+    else
+        EVP_EncryptFinal_ex(ctx, buf, &outl);
+    return count;
+}
+
+static const EVP_MD *evp_md = NULL;
+static int EVP_Digest_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **)args;
+    unsigned char *buf = tempargs->buf;
+    unsigned char md[EVP_MAX_MD_SIZE];
+    int count;
+
+    for (count = 0; COND(nb_iter); count++) {
+        if (!EVP_Digest(buf, lengths[testnum], md, NULL, evp_md, NULL))
+            return -1;
+    }
+    return count;
+}
+
+
+static int run_benchmark(int async_jobs,
+                         int (*loop_function)(void *), loopargs_t *loopargs)
+{
+    int job_op_count = 0;
+    int total_op_count = 0;
+    int num_inprogress = 0;
+    int error = 0, i = 0, ret = 0;
+    OSSL_ASYNC_FD job_fd = 0;
+    size_t num_job_fds = 0;
+
+    run = 1;
+
+    if (async_jobs == 0) {
+        return loop_function((void *)&loopargs);
+    }
+    return 1234567;
+}
+
+
+static void* stop_run(void* arg)
+{
+    __android_log_write(ANDROID_LOG_DEBUG,"openvpn", "stop run thread started");
+    sleep(3);
+    run=0;
+    __android_log_write(ANDROID_LOG_DEBUG,"openvpn", "stop run thread stopped");
+    return NULL;
+}
+
+jdoubleArray Java_de_blinkt_openvpn_core_NativeUtils_getOpenSSLSpeed(JNIEnv* env, jclass thiz, jstring algorithm, jint testnumber)
+{
+
+    OSSL_PROVIDER *legacy;
+    OSSL_PROVIDER *deflt;
+
+    OSSL_LIB_CTX *lib_ctx = OSSL_LIB_CTX_new();
+
+    /* Load Multiple providers into the default (NULL) library context */
+    legacy = OSSL_PROVIDER_load(lib_ctx, "legacy");
+    if (legacy == NULL) {
+        __android_log_write(ANDROID_LOG_DEBUG,"openvpn", "Failed to load Legacy provider\n");
+        return NULL;
+    }
+    deflt = OSSL_PROVIDER_load(lib_ctx, "default");
+    if (deflt == NULL) {
+        __android_log_write(ANDROID_LOG_DEBUG,"openvpn", "Failed to load Default provider\n");
+        OSSL_PROVIDER_unload(legacy);
+        return NULL;
+    }
+
+    static const unsigned char key16[16] = {
+        0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
+        0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12
+    };
+    const EVP_CIPHER *evp_cipher = NULL;
+
+    const char* alg = (*env)->GetStringUTFChars( env, algorithm , NULL ) ;
+
+    evp_cipher = EVP_CIPHER_fetch(lib_ctx, alg, NULL);
+    if (evp_cipher == NULL)
+        evp_md = EVP_MD_fetch(lib_ctx, alg, NULL);
+    if (evp_cipher == NULL && evp_md == NULL) {
+        //        BIO_printf(bio_err, "%s: %s is an unknown cipher or digest\n", prog, opt_arg());
+        //jniThrowException(env, "java/security/NoSuchAlgorithmException", "Algorithm not found");
+        __android_log_write(ANDROID_LOG_DEBUG,"openvpn", "Algorithm not found");
+        return NULL;
+    }
+
+    loopargs_t *loopargs = NULL;
+    int loopargs_len = 1;
+    int async_jobs = 0;
+    loopargs = malloc(loopargs_len * sizeof(loopargs_t));
+    memset(loopargs, 0, loopargs_len * sizeof(loopargs_t));
+
+
+    jdoubleArray ret = (*env)->NewDoubleArray(env, 3);
+
+    if (testnum < 0 || testnum >= SIZE_NUM)
+        goto error;
+
+    testnum = testnumber;
+
+
+    for (int i = 0; i < loopargs_len; i++) {
+        int misalign=0;
+        loopargs[i].buf_malloc = malloc((int)BUFSIZE + MAX_MISALIGNMENT + 1);
+        loopargs[i].buf2_malloc = malloc((int)BUFSIZE + MAX_MISALIGNMENT + 1);
+        /* Align the start of buffers on a 64 byte boundary */
+        loopargs[i].buf = loopargs[i].buf_malloc + misalign;
+        loopargs[i].buf2 = loopargs[i].buf2_malloc + misalign;
+    }
+
+
+    int count;
+    double d;
+    if (evp_cipher) {
+        /*
+         * -O3 -fschedule-insns messes up an optimization here!
+         * names[D_EVP] somehow becomes NULL
+         */
+
+
+        for (int k = 0; k < loopargs_len; k++) {
+            loopargs[k].ctx = EVP_CIPHER_CTX_new();
+            if (decrypt)
+                EVP_DecryptInit_ex(loopargs[k].ctx, evp_cipher, NULL, key16, iv);
+            else
+                EVP_EncryptInit_ex(loopargs[k].ctx, evp_cipher, NULL, key16, iv);
+            EVP_CIPHER_CTX_set_padding(loopargs[k].ctx, 0);
+        }
+
+        Time_F(START);
+        pthread_t timer_thread;
+
+        if (pthread_create(&timer_thread, NULL, stop_run, NULL))
+            goto error;
+
+        count = run_benchmark(async_jobs, EVP_Update_loop, loopargs);
+        d = Time_F(STOP);
+        for (int k = 0; k < loopargs_len; k++) {
+            EVP_CIPHER_CTX_free(loopargs[k].ctx);
+        }
+    }
+    if (evp_md) {
+        pthread_t timer_thread;
+        if (pthread_create(&timer_thread, NULL, stop_run, NULL))
+        {
+            __android_log_write(ANDROID_LOG_DEBUG,"openvpn", "creating thread failed");
+            goto error;
+        }
+
+        Time_F(START);
+        count = run_benchmark(async_jobs, EVP_Digest_loop, loopargs);
+        d = Time_F(STOP);
+    }
+
+    // Save results in hacky way
+    double results[] = {(double) lengths[testnum], (double) count, d};
+
+
+    (*env)->SetDoubleArrayRegion(env, ret, 0, 3, results);
+    //        print_result(D_EVP, testnum, count, d);
+
+    OSSL_LIB_CTX_free(lib_ctx);
+    free(loopargs);
+    return ret;
+error:
+    for (int k = 0; k < loopargs_len; k++) {
+      EVP_CIPHER_CTX_free(loopargs[k].ctx);
+    }
+    free(loopargs);
+
+    OSSL_LIB_CTX_free(lib_ctx);
+  return NULL;
+}

client/android/cpp/tools.cmake

@@ -0,0 +1,7 @@
+FUNCTION(PREPEND var prefix)
+   SET(listVar "")
+   FOREACH(f ${ARGN})
+      LIST(APPEND listVar "${prefix}/${f}")
+   ENDFOREACH(f)
+   SET(${var} "${listVar}" PARENT_SCOPE)
+ENDFUNCTION(PREPEND)

client/android/shadowsocks/src/main/java/org/amnezia/vpn/shadowsocks/core/bg/BaseService.kt

@@ -261,7 +261,7 @@ object BaseService {
 
         fun stopRunner(restart: Boolean = false, msg: String? = null) {
             if (data.state == State.Stopping) return
-            // channge the state
+            // change the state
             data.changeState(State.Stopping)
             GlobalScope.launch(Dispatchers.Main.immediate) {
                 data.connectingJob?.cancelAndJoin() // ensure stop connecting first

client/android/shadowsocks/src/main/java/org/amnezia/vpn/shadowsocks/core/utils/Constants.kt

@@ -30,7 +30,7 @@ object Key {
     const val id = "profileId"
     const val name = "profileName"
 
-    const val individual = "Proxyed"
+    const val individual = "Proxied"
 
     const val serviceMode = "serviceMode"
     const val modeProxy = "proxy"

client/android/src/com/wireguard/crypto/Ed25519.java

@@ -835,7 +835,7 @@ public final class Ed25519 {
     }
 
     /**
-     * Decodes {@code s} into an extented projective point.
+     * Decodes {@code s} into an extended projective point.
      * See Section 5.1.3 Decoding in https://tools.ietf.org/html/rfc8032#section-5.1.3
      */
     private static XYZT fromBytesNegateVarTime(byte[] s) throws GeneralSecurityException {
@@ -973,7 +973,7 @@ public final class Ed25519 {
      *
      * <p>NOTE that this function requires that {@code icopy} be 1 or 0; other values give wrong
      * results. Also, the two limb arrays must be in reduced-coefficient, reduced-degree form: the
-     * values in a[10..19] or b[10..19] aren't swapped, and all all values in a[0..9],b[0..9] must
+     * values in a[10..19] or b[10..19] aren't swapped, and all values in a[0..9],b[0..9] must
      * have magnitude less than Integer.MAX_VALUE.
      */
     static void copyConditional(long[] a, long[] b, int icopy) {

client/android/src/net/openvpn/ovpn3/ClientAPI_Config.java

@@ -1,6 +1,6 @@
 /* ----------------------------------------------------------------------------
  * This file was automatically generated by SWIG (http://www.swig.org).
- * Version 4.0.2
+ * Version 4.0.1
  *
  * Do not make changes to this file unless you know what you are doing--modify
  * the SWIG interface file instead.
@@ -117,12 +117,12 @@ public class ClientAPI_Config {
     return ovpncliJNI.ClientAPI_Config_protoVersionOverride_get(swigCPtr, this);
   }
 
-  public void setIpv6(String value) {
-    ovpncliJNI.ClientAPI_Config_ipv6_set(swigCPtr, this, value);
+  public void setAllowUnusedAddrFamilies(String value) {
+    ovpncliJNI.ClientAPI_Config_allowUnusedAddrFamilies_set(swigCPtr, this, value);
   }
 
-  public String getIpv6() {
-    return ovpncliJNI.ClientAPI_Config_ipv6_get(swigCPtr, this);
+  public String getAllowUnusedAddrFamilies() {
+    return ovpncliJNI.ClientAPI_Config_allowUnusedAddrFamilies_get(swigCPtr, this);
   }
 
   public void setConnTimeout(int value) {
@@ -221,14 +221,6 @@ public class ClientAPI_Config {
     return ovpncliJNI.ClientAPI_Config_defaultKeyDirection_get(swigCPtr, this);
   }
 
-  public void setForceAesCbcCiphersuites(boolean value) {
-    ovpncliJNI.ClientAPI_Config_forceAesCbcCiphersuites_set(swigCPtr, this, value);
-  }
-
-  public boolean getForceAesCbcCiphersuites() {
-    return ovpncliJNI.ClientAPI_Config_forceAesCbcCiphersuites_get(swigCPtr, this);
-  }
-
   public void setTlsVersionMinOverride(String value) {
     ovpncliJNI.ClientAPI_Config_tlsVersionMinOverride_set(swigCPtr, this, value);
   }
@@ -366,6 +358,14 @@ public class ClientAPI_Config {
     return ovpncliJNI.ClientAPI_Config_gremlinConfig_get(swigCPtr, this);
   }
 
+  public void setUsePluggableTransports(boolean value) {
+    ovpncliJNI.ClientAPI_Config_usePluggableTransports_set(swigCPtr, this, value);
+  }
+
+  public boolean getUsePluggableTransports() {
+    return ovpncliJNI.ClientAPI_Config_usePluggableTransports_get(swigCPtr, this);
+  }
+
   public void setWintun(boolean value) {
     ovpncliJNI.ClientAPI_Config_wintun_set(swigCPtr, this, value);
   }
@@ -374,6 +374,30 @@ public class ClientAPI_Config {
     return ovpncliJNI.ClientAPI_Config_wintun_get(swigCPtr, this);
   }
 
+  public void setAllowLocalDnsResolvers(boolean value) {
+    ovpncliJNI.ClientAPI_Config_allowLocalDnsResolvers_set(swigCPtr, this, value);
+  }
+
+  public boolean getAllowLocalDnsResolvers() {
+    return ovpncliJNI.ClientAPI_Config_allowLocalDnsResolvers_get(swigCPtr, this);
+  }
+
+  public void setEnableLegacyAlgorithms(boolean value) {
+    ovpncliJNI.ClientAPI_Config_enableLegacyAlgorithms_set(swigCPtr, this, value);
+  }
+
+  public boolean getEnableLegacyAlgorithms() {
+    return ovpncliJNI.ClientAPI_Config_enableLegacyAlgorithms_get(swigCPtr, this);
+  }
+
+  public void setEnableNonPreferredDCAlgorithms(boolean value) {
+    ovpncliJNI.ClientAPI_Config_enableNonPreferredDCAlgorithms_set(swigCPtr, this, value);
+  }
+
+  public boolean getEnableNonPreferredDCAlgorithms() {
+    return ovpncliJNI.ClientAPI_Config_enableNonPreferredDCAlgorithms_get(swigCPtr, this);
+  }
+
   public ClientAPI_Config() {
     this(ovpncliJNI.new_ClientAPI_Config(), true);
   }

client/android/src/net/openvpn/ovpn3/ClientAPI_ConnectionInfo.java

@@ -1,6 +1,6 @@
 /* ----------------------------------------------------------------------------
  * This file was automatically generated by SWIG (http://www.swig.org).
- * Version 4.0.2
+ * Version 4.0.1
  *
  * Do not make changes to this file unless you know what you are doing--modify
  * the SWIG interface file instead.

client/android/src/net/openvpn/ovpn3/ClientAPI_DynamicChallenge.java

@@ -1,6 +1,6 @@
 /* ----------------------------------------------------------------------------
  * This file was automatically generated by SWIG (http://www.swig.org).
- * Version 4.0.2
+ * Version 4.0.1
  *
  * Do not make changes to this file unless you know what you are doing--modify
  * the SWIG interface file instead.

client/android/src/net/openvpn/ovpn3/ClientAPI_EvalConfig.java

@@ -1,6 +1,6 @@
 /* ----------------------------------------------------------------------------
  * This file was automatically generated by SWIG (http://www.swig.org).
- * Version 4.0.2
+ * Version 4.0.1
  *
  * Do not make changes to this file unless you know what you are doing--modify
  * the SWIG interface file instead.

client/android/src/net/openvpn/ovpn3/ClientAPI_Event.java

@@ -1,6 +1,6 @@
 /* ----------------------------------------------------------------------------
  * This file was automatically generated by SWIG (http://www.swig.org).
- * Version 4.0.2
+ * Version 4.0.1
  *
  * Do not make changes to this file unless you know what you are doing--modify
  * the SWIG interface file instead.

client/android/src/net/openvpn/ovpn3/ClientAPI_ExternalPKIBase.java

@@ -1,6 +1,6 @@
 /* ----------------------------------------------------------------------------
  * This file was automatically generated by SWIG (http://www.swig.org).
- * Version 4.0.2
+ * Version 4.0.1
  *
  * Do not make changes to this file unless you know what you are doing--modify
  * the SWIG interface file instead.

client/android/src/net/openvpn/ovpn3/ClientAPI_ExternalPKICertRequest.java

@@ -1,6 +1,6 @@
 /* ----------------------------------------------------------------------------
  * This file was automatically generated by SWIG (http://www.swig.org).
- * Version 4.0.2
+ * Version 4.0.1
  *
  * Do not make changes to this file unless you know what you are doing--modify
  * the SWIG interface file instead.

client/android/src/net/openvpn/ovpn3/ClientAPI_ExternalPKIRequestBase.java

@@ -1,6 +1,6 @@
 /* ----------------------------------------------------------------------------
  * This file was automatically generated by SWIG (http://www.swig.org).
- * Version 4.0.2
+ * Version 4.0.1
  *
  * Do not make changes to this file unless you know what you are doing--modify
  * the SWIG interface file instead.

client/android/src/net/openvpn/ovpn3/ClientAPI_ExternalPKISignRequest.java

@@ -1,6 +1,6 @@
 /* ----------------------------------------------------------------------------
  * This file was automatically generated by SWIG (http://www.swig.org).
- * Version 4.0.2
+ * Version 4.0.1
  *
  * Do not make changes to this file unless you know what you are doing--modify
  * the SWIG interface file instead.

client/android/src/net/openvpn/ovpn3/ClientAPI_InterfaceStats.java

@@ -1,6 +1,6 @@
 /* ----------------------------------------------------------------------------
  * This file was automatically generated by SWIG (http://www.swig.org).
- * Version 4.0.2
+ * Version 4.0.1
  *
  * Do not make changes to this file unless you know what you are doing--modify
  * the SWIG interface file instead.

client/android/src/net/openvpn/ovpn3/ClientAPI_KeyValue.java

@@ -1,6 +1,6 @@
 /* ----------------------------------------------------------------------------
  * This file was automatically generated by SWIG (http://www.swig.org).
- * Version 4.0.2
+ * Version 4.0.1
  *
  * Do not make changes to this file unless you know what you are doing--modify
  * the SWIG interface file instead.

client/android/src/net/openvpn/ovpn3/ClientAPI_LLVector.java

@@ -1,6 +1,6 @@
 /* ----------------------------------------------------------------------------
  * This file was automatically generated by SWIG (http://www.swig.org).
- * Version 4.0.2
+ * Version 4.0.1
  *
  * Do not make changes to this file unless you know what you are doing--modify
  * the SWIG interface file instead.

client/android/src/net/openvpn/ovpn3/ClientAPI_LogInfo.java

@@ -1,6 +1,6 @@
 /* ----------------------------------------------------------------------------
  * This file was automatically generated by SWIG (http://www.swig.org).
- * Version 4.0.2
+ * Version 4.0.1
  *
  * Do not make changes to this file unless you know what you are doing--modify
  * the SWIG interface file instead.

client/android/src/net/openvpn/ovpn3/ClientAPI_MergeConfig.java

@@ -1,6 +1,6 @@
 /* ----------------------------------------------------------------------------
  * This file was automatically generated by SWIG (http://www.swig.org).
- * Version 4.0.2
+ * Version 4.0.1
  *
  * Do not make changes to this file unless you know what you are doing--modify
  * the SWIG interface file instead.

client/android/src/net/openvpn/ovpn3/ClientAPI_OpenVPNClient.java

@@ -1,6 +1,6 @@
 /* ----------------------------------------------------------------------------
  * This file was automatically generated by SWIG (http://www.swig.org).
- * Version 4.0.2
+ * Version 4.0.1
  *
  * Do not make changes to this file unless you know what you are doing--modify
  * the SWIG interface file instead.
@@ -56,26 +56,6 @@ public class ClientAPI_OpenVPNClient extends ClientAPI_TunBuilderBase {
     ovpncliJNI.ClientAPI_OpenVPNClient_director_connect(this, swigCPtr, true, true);
   }
 
-  public static ClientAPI_MergeConfig merge_config_static(String path, boolean follow_references) {
-    return new ClientAPI_MergeConfig(ovpncliJNI.ClientAPI_OpenVPNClient_merge_config_static(path, follow_references), true);
-  }
-
-  public static ClientAPI_MergeConfig merge_config_string_static(String config_content) {
-    return new ClientAPI_MergeConfig(ovpncliJNI.ClientAPI_OpenVPNClient_merge_config_string_static(config_content), true);
-  }
-
-  public static ClientAPI_EvalConfig eval_config_static(ClientAPI_Config config) {
-    return new ClientAPI_EvalConfig(ovpncliJNI.ClientAPI_OpenVPNClient_eval_config_static(ClientAPI_Config.getCPtr(config), config), true);
-  }
-
-  public static int max_profile_size() {
-    return ovpncliJNI.ClientAPI_OpenVPNClient_max_profile_size();
-  }
-
-  public static boolean parse_dynamic_challenge(String cookie, ClientAPI_DynamicChallenge dc) {
-    return ovpncliJNI.ClientAPI_OpenVPNClient_parse_dynamic_challenge(cookie, ClientAPI_DynamicChallenge.getCPtr(dc), dc);
-  }
-
   public ClientAPI_EvalConfig eval_config(ClientAPI_Config arg0) {
     return new ClientAPI_EvalConfig(ovpncliJNI.ClientAPI_OpenVPNClient_eval_config(swigCPtr, this, ClientAPI_Config.getCPtr(arg0), arg0), true);
   }
@@ -176,20 +156,4 @@ public class ClientAPI_OpenVPNClient extends ClientAPI_TunBuilderBase {
     if (getClass() == ClientAPI_OpenVPNClient.class) ovpncliJNI.ClientAPI_OpenVPNClient_clock_tick(swigCPtr, this); else ovpncliJNI.ClientAPI_OpenVPNClient_clock_tickSwigExplicitClientAPI_OpenVPNClient(swigCPtr, this);
   }
 
-  public static String crypto_self_test() {
-    return ovpncliJNI.ClientAPI_OpenVPNClient_crypto_self_test();
-  }
-
-  public static int app_expire() {
-    return ovpncliJNI.ClientAPI_OpenVPNClient_app_expire();
-  }
-
-  public static String platform() {
-    return ovpncliJNI.ClientAPI_OpenVPNClient_platform();
-  }
-
-  public static String copyright() {
-    return ovpncliJNI.ClientAPI_OpenVPNClient_copyright();
-  }
-
 }

client/android/src/net/openvpn/ovpn3/ClientAPI_OpenVPNClientHelper.java

@@ -0,0 +1,75 @@
+/* ----------------------------------------------------------------------------
+ * This file was automatically generated by SWIG (http://www.swig.org).
+ * Version 4.0.1
+ *
+ * Do not make changes to this file unless you know what you are doing--modify
+ * the SWIG interface file instead.
+ * ----------------------------------------------------------------------------- */
+
+package net.openvpn.ovpn3;
+
+public class ClientAPI_OpenVPNClientHelper {
+  private transient long swigCPtr;
+  protected transient boolean swigCMemOwn;
+
+  protected ClientAPI_OpenVPNClientHelper(long cPtr, boolean cMemoryOwn) {
+    swigCMemOwn = cMemoryOwn;
+    swigCPtr = cPtr;
+  }
+
+  protected static long getCPtr(ClientAPI_OpenVPNClientHelper obj) {
+    return (obj == null) ? 0 : obj.swigCPtr;
+  }
+
+  @SuppressWarnings("deprecation")
+  protected void finalize() {
+    delete();
+  }
+
+  public synchronized void delete() {
+    if (swigCPtr != 0) {
+      if (swigCMemOwn) {
+        swigCMemOwn = false;
+        ovpncliJNI.delete_ClientAPI_OpenVPNClientHelper(swigCPtr);
+      }
+      swigCPtr = 0;
+    }
+  }
+
+  public ClientAPI_OpenVPNClientHelper() {
+    this(ovpncliJNI.new_ClientAPI_OpenVPNClientHelper(), true);
+  }
+
+  public ClientAPI_MergeConfig merge_config(String path, boolean follow_references) {
+    return new ClientAPI_MergeConfig(ovpncliJNI.ClientAPI_OpenVPNClientHelper_merge_config(swigCPtr, this, path, follow_references), true);
+  }
+
+  public ClientAPI_MergeConfig merge_config_string(String config_content) {
+    return new ClientAPI_MergeConfig(ovpncliJNI.ClientAPI_OpenVPNClientHelper_merge_config_string(swigCPtr, this, config_content), true);
+  }
+
+  public ClientAPI_EvalConfig eval_config(ClientAPI_Config config) {
+    return new ClientAPI_EvalConfig(ovpncliJNI.ClientAPI_OpenVPNClientHelper_eval_config(swigCPtr, this, ClientAPI_Config.getCPtr(config), config), true);
+  }
+
+  public static int max_profile_size() {
+    return ovpncliJNI.ClientAPI_OpenVPNClientHelper_max_profile_size();
+  }
+
+  public static boolean parse_dynamic_challenge(String cookie, ClientAPI_DynamicChallenge dc) {
+    return ovpncliJNI.ClientAPI_OpenVPNClientHelper_parse_dynamic_challenge(cookie, ClientAPI_DynamicChallenge.getCPtr(dc), dc);
+  }
+
+  public String crypto_self_test() {
+    return ovpncliJNI.ClientAPI_OpenVPNClientHelper_crypto_self_test(swigCPtr, this);
+  }
+
+  public static String platform() {
+    return ovpncliJNI.ClientAPI_OpenVPNClientHelper_platform();
+  }
+
+  public static String copyright() {
+    return ovpncliJNI.ClientAPI_OpenVPNClientHelper_copyright();
+  }
+
+}

client/android/src/net/openvpn/ovpn3/ClientAPI_ProvideCreds.java

@@ -1,6 +1,6 @@
 /* ----------------------------------------------------------------------------
  * This file was automatically generated by SWIG (http://www.swig.org).
- * Version 4.0.2
+ * Version 4.0.1
  *
  * Do not make changes to this file unless you know what you are doing--modify
  * the SWIG interface file instead.

client/android/src/net/openvpn/ovpn3/ClientAPI_RemoteOverride.java

@@ -1,6 +1,6 @@
 /* ----------------------------------------------------------------------------
  * This file was automatically generated by SWIG (http://www.swig.org).
- * Version 4.0.2
+ * Version 4.0.1
  *
  * Do not make changes to this file unless you know what you are doing--modify
  * the SWIG interface file instead.

client/android/src/net/openvpn/ovpn3/ClientAPI_ServerEntry.java

@@ -1,6 +1,6 @@
 /* ----------------------------------------------------------------------------
  * This file was automatically generated by SWIG (http://www.swig.org).
- * Version 4.0.2
+ * Version 4.0.1
  *
  * Do not make changes to this file unless you know what you are doing--modify
  * the SWIG interface file instead.

client/android/src/net/openvpn/ovpn3/ClientAPI_ServerEntryVector.java

@@ -1,6 +1,6 @@
 /* ----------------------------------------------------------------------------
  * This file was automatically generated by SWIG (http://www.swig.org).
- * Version 4.0.2
+ * Version 4.0.1
  *
  * Do not make changes to this file unless you know what you are doing--modify
  * the SWIG interface file instead.

client/android/src/net/openvpn/ovpn3/ClientAPI_SessionToken.java

@@ -1,6 +1,6 @@
 /* ----------------------------------------------------------------------------
  * This file was automatically generated by SWIG (http://www.swig.org).
- * Version 4.0.2
+ * Version 4.0.1
  *
  * Do not make changes to this file unless you know what you are doing--modify
  * the SWIG interface file instead.

client/android/src/net/openvpn/ovpn3/ClientAPI_Status.java

@@ -1,6 +1,6 @@
 /* ----------------------------------------------------------------------------
  * This file was automatically generated by SWIG (http://www.swig.org).
- * Version 4.0.2
+ * Version 4.0.1
  *
  * Do not make changes to this file unless you know what you are doing--modify
  * the SWIG interface file instead.

client/android/src/net/openvpn/ovpn3/ClientAPI_StringVec.java

@@ -1,6 +1,6 @@
 /* ----------------------------------------------------------------------------
  * This file was automatically generated by SWIG (http://www.swig.org).
- * Version 4.0.2
+ * Version 4.0.1
  *
  * Do not make changes to this file unless you know what you are doing--modify
  * the SWIG interface file instead.

client/android/src/net/openvpn/ovpn3/ClientAPI_TransportStats.java

@@ -1,6 +1,6 @@
 /* ----------------------------------------------------------------------------
  * This file was automatically generated by SWIG (http://www.swig.org).
- * Version 4.0.2
+ * Version 4.0.1
  *
  * Do not make changes to this file unless you know what you are doing--modify
  * the SWIG interface file instead.

client/android/src/net/openvpn/ovpn3/ClientAPI_TunBuilderBase.java

@@ -1,6 +1,6 @@
 /* ----------------------------------------------------------------------------
  * This file was automatically generated by SWIG (http://www.swig.org).
- * Version 4.0.2
+ * Version 4.0.1
  *
  * Do not make changes to this file unless you know what you are doing--modify
  * the SWIG interface file instead.
@@ -104,8 +104,8 @@ public class ClientAPI_TunBuilderBase {
     return ovpncliJNI.ClientAPI_TunBuilderBase_tun_builder_add_wins_server(swigCPtr, this, address);
   }
 
-  public boolean tun_builder_set_block_ipv6(boolean block_ipv6) {
-    return ovpncliJNI.ClientAPI_TunBuilderBase_tun_builder_set_block_ipv6(swigCPtr, this, block_ipv6);
+  public boolean tun_builder_set_allow_family(int af, boolean allow) {
+    return ovpncliJNI.ClientAPI_TunBuilderBase_tun_builder_set_allow_family(swigCPtr, this, af, allow);
   }
 
   public boolean tun_builder_set_adapter_domain_suffix(String name) {

client/android/src/net/openvpn/ovpn3/SWIGTYPE_p_std__string.java

@@ -1,6 +1,6 @@
 /* ----------------------------------------------------------------------------
  * This file was automatically generated by SWIG (http://www.swig.org).
- * Version 4.0.2
+ * Version 4.0.1
  *
  * Do not make changes to this file unless you know what you are doing--modify
  * the SWIG interface file instead.

client/android/src/net/openvpn/ovpn3/SWIGTYPE_p_std__vectorT_openvpn__ClientAPI__KeyValue_t.java

@@ -1,6 +1,6 @@
 /* ----------------------------------------------------------------------------
  * This file was automatically generated by SWIG (http://www.swig.org).
- * Version 4.0.2
+ * Version 4.0.1
  *
  * Do not make changes to this file unless you know what you are doing--modify
  * the SWIG interface file instead.

client/android/src/net/openvpn/ovpn3/ovpncli.java

@@ -1,6 +1,6 @@
 /* ----------------------------------------------------------------------------
  * This file was automatically generated by SWIG (http://www.swig.org).
- * Version 4.0.2
+ * Version 4.0.1
  *
  * Do not make changes to this file unless you know what you are doing--modify
  * the SWIG interface file instead.

client/android/src/net/openvpn/ovpn3/ovpncliJNI.java

@@ -1,6 +1,6 @@
 /* ----------------------------------------------------------------------------
  * This file was automatically generated by SWIG (http://www.swig.org).
- * Version 4.0.2
+ * Version 4.0.1
  *
  * Do not make changes to this file unless you know what you are doing--modify
  * the SWIG interface file instead.
@@ -73,7 +73,7 @@ public class ovpncliJNI {
   public final static native boolean ClientAPI_TunBuilderBase_tun_builder_set_proxy_http(long jarg1, ClientAPI_TunBuilderBase jarg1_, String jarg2, int jarg3);
   public final static native boolean ClientAPI_TunBuilderBase_tun_builder_set_proxy_https(long jarg1, ClientAPI_TunBuilderBase jarg1_, String jarg2, int jarg3);
   public final static native boolean ClientAPI_TunBuilderBase_tun_builder_add_wins_server(long jarg1, ClientAPI_TunBuilderBase jarg1_, String jarg2);
-  public final static native boolean ClientAPI_TunBuilderBase_tun_builder_set_block_ipv6(long jarg1, ClientAPI_TunBuilderBase jarg1_, boolean jarg2);
+  public final static native boolean ClientAPI_TunBuilderBase_tun_builder_set_allow_family(long jarg1, ClientAPI_TunBuilderBase jarg1_, int jarg2, boolean jarg3);
   public final static native boolean ClientAPI_TunBuilderBase_tun_builder_set_adapter_domain_suffix(long jarg1, ClientAPI_TunBuilderBase jarg1_, String jarg2);
   public final static native int ClientAPI_TunBuilderBase_tun_builder_establish(long jarg1, ClientAPI_TunBuilderBase jarg1_);
   public final static native boolean ClientAPI_TunBuilderBase_tun_builder_persist(long jarg1, ClientAPI_TunBuilderBase jarg1_);
@@ -183,8 +183,8 @@ public class ovpncliJNI {
   public final static native String ClientAPI_Config_protoOverride_get(long jarg1, ClientAPI_Config jarg1_);
   public final static native void ClientAPI_Config_protoVersionOverride_set(long jarg1, ClientAPI_Config jarg1_, int jarg2);
   public final static native int ClientAPI_Config_protoVersionOverride_get(long jarg1, ClientAPI_Config jarg1_);
-  public final static native void ClientAPI_Config_ipv6_set(long jarg1, ClientAPI_Config jarg1_, String jarg2);
-  public final static native String ClientAPI_Config_ipv6_get(long jarg1, ClientAPI_Config jarg1_);
+  public final static native void ClientAPI_Config_allowUnusedAddrFamilies_set(long jarg1, ClientAPI_Config jarg1_, String jarg2);
+  public final static native String ClientAPI_Config_allowUnusedAddrFamilies_get(long jarg1, ClientAPI_Config jarg1_);
   public final static native void ClientAPI_Config_connTimeout_set(long jarg1, ClientAPI_Config jarg1_, int jarg2);
   public final static native int ClientAPI_Config_connTimeout_get(long jarg1, ClientAPI_Config jarg1_);
   public final static native void ClientAPI_Config_tunPersist_set(long jarg1, ClientAPI_Config jarg1_, boolean jarg2);
@@ -209,8 +209,6 @@ public class ovpncliJNI {
   public final static native String ClientAPI_Config_privateKeyPassword_get(long jarg1, ClientAPI_Config jarg1_);
   public final static native void ClientAPI_Config_defaultKeyDirection_set(long jarg1, ClientAPI_Config jarg1_, int jarg2);
   public final static native int ClientAPI_Config_defaultKeyDirection_get(long jarg1, ClientAPI_Config jarg1_);
-  public final static native void ClientAPI_Config_forceAesCbcCiphersuites_set(long jarg1, ClientAPI_Config jarg1_, boolean jarg2);
-  public final static native boolean ClientAPI_Config_forceAesCbcCiphersuites_get(long jarg1, ClientAPI_Config jarg1_);
   public final static native void ClientAPI_Config_tlsVersionMinOverride_set(long jarg1, ClientAPI_Config jarg1_, String jarg2);
   public final static native String ClientAPI_Config_tlsVersionMinOverride_get(long jarg1, ClientAPI_Config jarg1_);
   public final static native void ClientAPI_Config_tlsCertProfileOverride_set(long jarg1, ClientAPI_Config jarg1_, String jarg2);
@@ -245,8 +243,16 @@ public class ovpncliJNI {
   public final static native long ClientAPI_Config_clockTickMS_get(long jarg1, ClientAPI_Config jarg1_);
   public final static native void ClientAPI_Config_gremlinConfig_set(long jarg1, ClientAPI_Config jarg1_, String jarg2);
   public final static native String ClientAPI_Config_gremlinConfig_get(long jarg1, ClientAPI_Config jarg1_);
+  public final static native void ClientAPI_Config_usePluggableTransports_set(long jarg1, ClientAPI_Config jarg1_, boolean jarg2);
+  public final static native boolean ClientAPI_Config_usePluggableTransports_get(long jarg1, ClientAPI_Config jarg1_);
   public final static native void ClientAPI_Config_wintun_set(long jarg1, ClientAPI_Config jarg1_, boolean jarg2);
   public final static native boolean ClientAPI_Config_wintun_get(long jarg1, ClientAPI_Config jarg1_);
+  public final static native void ClientAPI_Config_allowLocalDnsResolvers_set(long jarg1, ClientAPI_Config jarg1_, boolean jarg2);
+  public final static native boolean ClientAPI_Config_allowLocalDnsResolvers_get(long jarg1, ClientAPI_Config jarg1_);
+  public final static native void ClientAPI_Config_enableLegacyAlgorithms_set(long jarg1, ClientAPI_Config jarg1_, boolean jarg2);
+  public final static native boolean ClientAPI_Config_enableLegacyAlgorithms_get(long jarg1, ClientAPI_Config jarg1_);
+  public final static native void ClientAPI_Config_enableNonPreferredDCAlgorithms_set(long jarg1, ClientAPI_Config jarg1_, boolean jarg2);
+  public final static native boolean ClientAPI_Config_enableNonPreferredDCAlgorithms_get(long jarg1, ClientAPI_Config jarg1_);
   public final static native long new_ClientAPI_Config();
   public final static native void delete_ClientAPI_Config(long jarg1);
   public final static native void ClientAPI_Event_error_set(long jarg1, ClientAPI_Event jarg1_, boolean jarg2);
@@ -372,13 +378,18 @@ public class ovpncliJNI {
   public final static native String ClientAPI_RemoteOverride_error_get(long jarg1, ClientAPI_RemoteOverride jarg1_);
   public final static native long new_ClientAPI_RemoteOverride();
   public final static native void delete_ClientAPI_RemoteOverride(long jarg1);
+  public final static native long new_ClientAPI_OpenVPNClientHelper();
+  public final static native void delete_ClientAPI_OpenVPNClientHelper(long jarg1);
+  public final static native long ClientAPI_OpenVPNClientHelper_merge_config(long jarg1, ClientAPI_OpenVPNClientHelper jarg1_, String jarg2, boolean jarg3);
+  public final static native long ClientAPI_OpenVPNClientHelper_merge_config_string(long jarg1, ClientAPI_OpenVPNClientHelper jarg1_, String jarg2);
+  public final static native long ClientAPI_OpenVPNClientHelper_eval_config(long jarg1, ClientAPI_OpenVPNClientHelper jarg1_, long jarg2, ClientAPI_Config jarg2_);
+  public final static native int ClientAPI_OpenVPNClientHelper_max_profile_size();
+  public final static native boolean ClientAPI_OpenVPNClientHelper_parse_dynamic_challenge(String jarg1, long jarg2, ClientAPI_DynamicChallenge jarg2_);
+  public final static native String ClientAPI_OpenVPNClientHelper_crypto_self_test(long jarg1, ClientAPI_OpenVPNClientHelper jarg1_);
+  public final static native String ClientAPI_OpenVPNClientHelper_platform();
+  public final static native String ClientAPI_OpenVPNClientHelper_copyright();
   public final static native long new_ClientAPI_OpenVPNClient();
   public final static native void delete_ClientAPI_OpenVPNClient(long jarg1);
-  public final static native long ClientAPI_OpenVPNClient_merge_config_static(String jarg1, boolean jarg2);
-  public final static native long ClientAPI_OpenVPNClient_merge_config_string_static(String jarg1);
-  public final static native long ClientAPI_OpenVPNClient_eval_config_static(long jarg1, ClientAPI_Config jarg1_);
-  public final static native int ClientAPI_OpenVPNClient_max_profile_size();
-  public final static native boolean ClientAPI_OpenVPNClient_parse_dynamic_challenge(String jarg1, long jarg2, ClientAPI_DynamicChallenge jarg2_);
   public final static native long ClientAPI_OpenVPNClient_eval_config(long jarg1, ClientAPI_OpenVPNClient jarg1_, long jarg2, ClientAPI_Config jarg2_);
   public final static native long ClientAPI_OpenVPNClient_provide_creds(long jarg1, ClientAPI_OpenVPNClient jarg1_, long jarg2, ClientAPI_ProvideCreds jarg2_);
   public final static native boolean ClientAPI_OpenVPNClient_socket_protect(long jarg1, ClientAPI_OpenVPNClient jarg1_, int jarg2, String jarg3, boolean jarg4);
@@ -408,10 +419,6 @@ public class ovpncliJNI {
   public final static native void ClientAPI_OpenVPNClient_remote_overrideSwigExplicitClientAPI_OpenVPNClient(long jarg1, ClientAPI_OpenVPNClient jarg1_, long jarg2, ClientAPI_RemoteOverride jarg2_);
   public final static native void ClientAPI_OpenVPNClient_clock_tick(long jarg1, ClientAPI_OpenVPNClient jarg1_);
   public final static native void ClientAPI_OpenVPNClient_clock_tickSwigExplicitClientAPI_OpenVPNClient(long jarg1, ClientAPI_OpenVPNClient jarg1_);
-  public final static native String ClientAPI_OpenVPNClient_crypto_self_test();
-  public final static native int ClientAPI_OpenVPNClient_app_expire();
-  public final static native String ClientAPI_OpenVPNClient_platform();
-  public final static native String ClientAPI_OpenVPNClient_copyright();
   public final static native void ClientAPI_OpenVPNClient_director_connect(ClientAPI_OpenVPNClient obj, long cptr, boolean mem_own, boolean weak_global);
   public final static native void ClientAPI_OpenVPNClient_change_ownership(ClientAPI_OpenVPNClient obj, long cptr, boolean take_or_release);
   public final static native long ClientAPI_ExternalPKICertRequest_SWIGUpcast(long jarg1);
@@ -469,8 +476,8 @@ public class ovpncliJNI {
   public static boolean SwigDirector_ClientAPI_OpenVPNClient_tun_builder_add_wins_server(ClientAPI_OpenVPNClient jself, String address) {
     return jself.tun_builder_add_wins_server(address);
   }
-  public static boolean SwigDirector_ClientAPI_OpenVPNClient_tun_builder_set_block_ipv6(ClientAPI_OpenVPNClient jself, boolean block_ipv6) {
-    return jself.tun_builder_set_block_ipv6(block_ipv6);
+  public static boolean SwigDirector_ClientAPI_OpenVPNClient_tun_builder_set_allow_family(ClientAPI_OpenVPNClient jself, int af, boolean allow) {
+    return jself.tun_builder_set_allow_family(af, allow);
   }
   public static boolean SwigDirector_ClientAPI_OpenVPNClient_tun_builder_set_adapter_domain_suffix(ClientAPI_OpenVPNClient jself, String name) {
     return jself.tun_builder_set_adapter_domain_suffix(name);

client/android/src/org/amnezia/vpn/NotificationUtil.kt

@@ -27,7 +27,7 @@ object NotificationUtil {
      * Parcel - Gets called from AndroidController.cpp
      */
     fun update(data: Parcel) {
-        // [data] is here a json containing the noification content
+        // [data] is here a json containing the notification content
         val buffer = data.createByteArray()
         val json = buffer?.let { String(it) }
         val content = JSONObject(json)

client/android/src/org/amnezia/vpn/OpenVPNThreadv3.kt

@@ -14,6 +14,7 @@ import com.wireguard.android.util.SharedLibraryLoader
 import com.wireguard.config.*
 import com.wireguard.crypto.Key
 import org.json.JSONObject
+import java.util.Base64
 
 import net.openvpn.ovpn3.ClientAPI_Config
 import net.openvpn.ovpn3.ClientAPI_EvalConfig
@@ -25,6 +26,7 @@ import net.openvpn.ovpn3.ClientAPI_OpenVPNClient
 import net.openvpn.ovpn3.ClientAPI_ProvideCreds
 import net.openvpn.ovpn3.ClientAPI_Status
 import net.openvpn.ovpn3.ClientAPI_TransportStats
+import java.lang.StringBuilder
 
 class OpenVPNThreadv3(var service: VPNService): ClientAPI_OpenVPNClient(), Runnable {
     private val tag = "OpenVPNThreadv3"
@@ -35,10 +37,10 @@ class OpenVPNThreadv3(var service: VPNService): ClientAPI_OpenVPNClient(), Runna
     private var bytesOutIndex = -1
 
     init {
-        findConfigIndicies()
+        findConfigIndices()
     }
 
-    private fun findConfigIndicies() {
+    private fun findConfigIndices() {
         val n: Int = stats_n()
 
         for (i in 0 until n) {
@@ -59,7 +61,48 @@ class OpenVPNThreadv3(var service: VPNService): ClientAPI_OpenVPNClient(), Runna
     override fun run() {
 
         val config: ClientAPI_Config = ClientAPI_Config()
-        config.content = mService.getVpnConfig().getJSONObject("openvpn_config_data").getString("config")
+
+        val jsonVpnConfig = mService.getVpnConfig()
+        val ovpnConfig = jsonVpnConfig.getJSONObject("openvpn_config_data").getString("config")
+
+        val resultingConfig = StringBuilder()
+        resultingConfig.append(ovpnConfig)
+
+        if (jsonVpnConfig.getString("protocol") == "cloak") {
+            val cloakConfigJson: JSONObject = jsonVpnConfig.getJSONObject("cloak_config_data")
+
+            if (cloakConfigJson.keySet().contains("NumConn")) {
+                cloakConfigJson.put("NumConn", 1)
+            }
+
+            if (cloakConfigJson.keySet().contains("ProxyMethod")) {
+                cloakConfigJson.put("ProxyMethod", "openvpn")
+            }
+
+            if (cloakConfigJson.keySet().contains("port")) {
+                val portValue = cloakConfigJson.get("port")
+                cloakConfigJson.remove("port")
+                cloakConfigJson.put("RemotePort", portValue)
+            }
+
+            if (cloakConfigJson.keySet().contains("remote")) {
+                val hostValue = cloakConfigJson.get("remote")
+                cloakConfigJson.remove("remote")
+                cloakConfigJson.put("RemoteHost", hostValue)
+            }
+
+            val cloakConfig = Base64.getEncoder().encodeToString(
+                jsonVpnConfig.getJSONObject("cloak_config_data").toString().toByteArray()
+            )
+
+            resultingConfig.append("\n<cloak>\n")
+            resultingConfig.append(cloakConfig)
+            resultingConfig.append("\n</cloak>\n")
+
+            config.setUsePluggableTransports(true)
+        }
+
+        config.content = resultingConfig.toString()
 
         eval_config(config)
 
@@ -67,7 +110,6 @@ class OpenVPNThreadv3(var service: VPNService): ClientAPI_OpenVPNClient(), Runna
         if (status.getError()) {
             Log.i(tag, "connect() error: " + status.getError() + ": " + status.getMessage())
         }
-
     }
 
     override fun log(arg0: ClientAPI_LogInfo){

client/android/src/org/amnezia/vpn/Prefs.kt

@@ -29,7 +29,7 @@ object Prefs {
             return sharedPreferences
         } catch (e: Exception) {
             Log.e("Android-Prefs", "Getting Encryption Storage failed, plaintext fallback")
-            return context.getSharedPreferences("com.amnezia.vpn.prefrences", Context.MODE_PRIVATE)
+            return context.getSharedPreferences("com.amnezia.vpn.preferences", Context.MODE_PRIVATE)
         }
     }
 }

client/android/src/org/amnezia/vpn/VPNLogger.kt

@@ -11,14 +11,14 @@ import android.util.Log as nativeLog
 
 /*
  * Drop in replacement for android.util.Log 
- * Also stores a copy of all logs in tmp/mozilla_deamon_logs.txt
+ * Also stores a copy of all logs in tmp/mozilla_daemon_logs.txt
 */
 class Log {
     val LOG_MAX_FILE_SIZE = 204800
     private var file: File
     private constructor(context: Context) {
         val tempDIR = context.cacheDir
-        file = File(tempDIR, "mozilla_deamon_logs.txt")
+        file = File(tempDIR, "mozilla_daemon_logs.txt")
         if (file.length() > LOG_MAX_FILE_SIZE) {
             file.writeText("")
         }
@@ -46,7 +46,7 @@ class Log {
             if (!BuildConfig.DEBUG) { return; }
             nativeLog.e(tag, message)
         }
-        // Only Prints && Loggs when in debug, noop in release.
+        // Only Prints && Logs when in debug, noop in release.
         fun sensitive(tag: String, message: String?) {
             if (!BuildConfig.DEBUG) { return; }
             if (message == null) { return; }

client/android/src/org/amnezia/vpn/VPNService.kt

@@ -176,7 +176,6 @@ class VPNService : BaseVpnService(), LocalDnsService.Interface {
     }
 
     override fun onUnbind(intent: Intent?): Boolean {
-        Log.v(tag, "Aman: onUnbind....................")
         if (!isUp) {
             // If the Qt Client got closed while we were not connected
             // we do not need to stay as a foreground service.
@@ -185,12 +184,17 @@ class VPNService : BaseVpnService(), LocalDnsService.Interface {
         return super.onUnbind(intent)
     }
 
+    override fun onDestroy() {
+        turnOff()
+
+        super.onDestroy()
+    }
+
     /**
      * EntryPoint for the Service, gets Called when AndroidController.cpp
      * calles bindService. Returns the [VPNServiceBinder] so QT can send Requests to it.
      */
     override fun onBind(intent: Intent): IBinder {
-        Log.v(tag, "Aman: onBind....................")
 
         when (mProtocol) {
             "shadowsocks" -> {
@@ -214,7 +218,6 @@ class VPNService : BaseVpnService(), LocalDnsService.Interface {
      * or from Booting the device and having "connect on boot" enabled.
      */
     override fun onStartCommand(intent: Intent?, flags: Int, startId: Int): Int {
-        Log.v(tag, "Aman: onStartCommand....................")
         this.intent = intent
         this.flags = flags
         this.startId = startId
@@ -278,6 +281,7 @@ class VPNService : BaseVpnService(), LocalDnsService.Interface {
     var isUp: Boolean = false
         get() {
             return when (mProtocol) {
+                "cloak",
                 "openvpn" -> {
                     field
                 }
@@ -303,6 +307,7 @@ class VPNService : BaseVpnService(), LocalDnsService.Interface {
             val deviceIpv4: String = ""
 
             val status = when (mProtocol) {
+                "cloak",
                 "openvpn" -> {
                     if (mOpenVPNThreadv3 == null) {
                         Status(null, null, null, null)
@@ -373,7 +378,9 @@ class VPNService : BaseVpnService(), LocalDnsService.Interface {
         Log.i(tag, "Config: $mConfig")
         mProtocol = mConfig!!.getString("protocol")
         Log.i(tag, "Protocol: $mProtocol")
+
         when (mProtocol) {
+            "cloak",
             "openvpn" -> {
                 startOpenVpn()
             }
@@ -396,7 +403,6 @@ class VPNService : BaseVpnService(), LocalDnsService.Interface {
     fun establish(): ParcelFileDescriptor? {
         Log.v(tag, "Aman: establish....................")
         mbuilder.allowFamily(OsConstants.AF_INET)
-        mbuilder.allowFamily(OsConstants.AF_INET6)
 
         if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.Q) mbuilder.setMetered(false)
         if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M) setUnderlyingNetworks(null)
@@ -448,8 +454,13 @@ class VPNService : BaseVpnService(), LocalDnsService.Interface {
     fun turnOff() {
         Log.v(tag, "Aman: turnOff....................")
         when (mProtocol) {
-            "wireguard" -> wgTurnOff(currentTunnelHandle)
-            "openvpn" -> ovpnTurnOff()
+            "wireguard" -> {
+                wgTurnOff(currentTunnelHandle)
+            }
+            "cloak",
+            "openvpn" -> {
+                ovpnTurnOff()
+            }
             "shadowsocks" -> {
                 stopRunner(false)
                 stopTest()
@@ -458,6 +469,7 @@ class VPNService : BaseVpnService(), LocalDnsService.Interface {
                 Log.e(tag, "No protocol")
             }
         }
+
         currentTunnelHandle = -1
         stopForeground(true)
         isUp = false
@@ -548,7 +560,7 @@ class VPNService : BaseVpnService(), LocalDnsService.Interface {
      * Create a Wireguard [Config]  from a [json] string -
      * The [json] will be created in AndroidVpnProtocol.cpp
      */
-    private fun buildWireugardConfig(obj: JSONObject): Config {
+    private fun buildWireguardConfig(obj: JSONObject): Config {
         val confBuilder = Config.Builder()
         val wireguardConfigData = obj.getJSONObject("wireguard_config_data")
         val config = parseConfigData(wireguardConfigData.getString("config"))
@@ -689,6 +701,10 @@ class VPNService : BaseVpnService(), LocalDnsService.Interface {
     }
 
     private fun startOpenVpn() {
+        if (isUp || mOpenVPNThreadv3 != null) {
+            ovpnTurnOff()
+        }
+
         mOpenVPNThreadv3 = OpenVPNThreadv3(this)
 
         Thread({
@@ -697,7 +713,7 @@ class VPNService : BaseVpnService(), LocalDnsService.Interface {
     }
 
     private fun startWireGuard() {
-        val wireguard_conf = buildWireugardConfig(mConfig!!)
+        val wireguard_conf = buildWireguardConfig(mConfig!!)
         Log.i(tag, "startWireGuard: wireguard_conf : $wireguard_conf")
         if (currentTunnelHandle != -1) {
             Log.e(tag, "Tunnel already up")

client/android/src/org/amnezia/vpn/VPNServiceBinder.kt

@@ -50,7 +50,7 @@ class VPNServiceBinder(service: VPNService) : Binder() {
         when (code) {
             ACTIONS.activate -> {
                 try {
-                    Log.i(tag, "Activiation Requested, parsing Config")
+                    Log.i(tag, "Activation Requested, parsing Config")
                     // [data] is here a json containing the wireguard/openvpn conf
                     val buffer = data.createByteArray()
                     val json = buffer?.let { String(it) }

client/android/src/org/amnezia/vpn/qt/VPNActivity.kt

@@ -114,7 +114,7 @@ class VPNActivity : org.qtproject.qt.android.bindings.QtActivity() {
             // QT will always attempt to read the clipboard if content is there.
             // since we have no use of the clipboard in android 10+
             // we _can_  return null
-            // And we defnitly should since android 12 displays clipboard access.
+            // And we definitely should since android 12 displays clipboard access.
             null
         } else {
             super.getSystemService(name)
@@ -259,13 +259,13 @@ class VPNActivity : org.qtproject.qt.android.bindings.QtActivity() {
     private val ACTION_REGISTER_LISTENER = 3
     private val ACTION_RESUME_ACTIVATE = 7
     private val ACTION_IMPORT_CONFIG = 11
-    private val EVENT_PERMISSION_REQURED = 6
+    private val EVENT_PERMISSION_REQUIRED = 6
     private val EVENT_DISCONNECTED = 2
 
     private val UI_EVENT_QR_CODE_RECEIVED = 0
 
     fun onPermissionRequest(code: Int, data: Parcel?) {
-        if (code != EVENT_PERMISSION_REQURED) {
+        if (code != EVENT_PERMISSION_REQUIRED) {
             return
         }
 

client/client.pro

@@ -1,415 +0,0 @@
-QT += widgets core gui network xml remoteobjects quick svg quickcontrols2
-equals(QT_MAJOR_VERSION, 6): QT += core5compat
-
-TARGET = AmneziaVPN
-TEMPLATE = app
-
-# silent builds on CI env
-IS_CI=$$(CI)
-!isEmpty(IS_CI){
-  message("Detected CI env")
-  CONFIG += silent #ccache
-}
-
-CONFIG += qtquickcompiler
-
-include("3rd/QtSsh/src/ssh/qssh.pri")
-include("3rd/QtSsh/src/botan/botan.pri")
-!android:!ios:include("3rd/SingleApplication/singleapplication.pri")
-include ("3rd/SortFilterProxyModel/SortFilterProxyModel.pri")
-
-include("3rd/qrcodegen/qrcodegen.pri")
-include("3rd/QSimpleCrypto/QSimpleCrypto.pri")
-include("3rd/qtkeychain/qtkeychain.pri")
-
-INCLUDEPATH += $$PWD/3rd/QSimpleCrypto/include
-INCLUDEPATH += $$PWD/3rd/OpenSSL/include
-INCLUDEPATH += $$PWD/3rd/qtkeychain/include
-INCLUDEPATH += $$PWD/3rd/libssh/include
-DEPENDPATH += $$PWD/3rd/OpenSSL/include
-
-HEADERS  += \
-    ../ipc/ipc.h \
-    amnezia_application.h \
-    configurators/cloak_configurator.h \
-    configurators/configurator_base.h \
-    configurators/ikev2_configurator.h \
-    configurators/shadowsocks_configurator.h \
-    configurators/ssh_configurator.h \
-    configurators/vpn_configurator.h \
-    configurators/wireguard_configurator.h \
-    containers/containers_defs.h \
-    core/defs.h \
-    core/errorstrings.h \
-    configurators/openvpn_configurator.h \
-    core/scripts_registry.h \
-    core/server_defs.h \
-    core/servercontroller.h \
-    defines.h \
-    logger.h \
-    managementserver.h \
-    platforms/ios/MobileUtils.h \
-    platforms/linux/leakdetector.h \
-    protocols/protocols_defs.h \
-    secure_qsettings.h \
-    settings.h \
-    ui/notificationhandler.h \
-    ui/models/containers_model.h \
-    ui/models/protocols_model.h \
-    ui/pages.h \
-    ui/pages_logic/AppSettingsLogic.h \
-    ui/pages_logic/GeneralSettingsLogic.h \
-    ui/pages_logic/NetworkSettingsLogic.h \
-    ui/pages_logic/NewServerProtocolsLogic.h \
-    ui/pages_logic/PageLogicBase.h \
-    ui/pages_logic/QrDecoderLogic.h \
-    ui/pages_logic/ServerConfiguringProgressLogic.h \
-    ui/pages_logic/ServerContainersLogic.h \
-    ui/pages_logic/ServerListLogic.h \
-    ui/pages_logic/ServerSettingsLogic.h \
-    ui/pages_logic/ShareConnectionLogic.h \
-    ui/pages_logic/SitesLogic.h \
-    ui/pages_logic/StartPageLogic.h \
-    ui/pages_logic/ViewConfigLogic.h \
-    ui/pages_logic/VpnLogic.h \
-    ui/pages_logic/WizardLogic.h \
-    ui/pages_logic/protocols/CloakLogic.h \
-    ui/pages_logic/protocols/OpenVpnLogic.h \
-    ui/pages_logic/protocols/OtherProtocolsLogic.h \
-    ui/pages_logic/protocols/PageProtocolLogicBase.h \
-    ui/pages_logic/protocols/ShadowSocksLogic.h \
-    ui/pages_logic/protocols/WireGuardLogic.h \
-    ui/property_helper.h \
-    ui/models/servers_model.h \
-    ui/uilogic.h \
-    ui/qautostart.h \
-    ui/models/sites_model.h \
-    utilities.h \
-    vpnconnection.h \
-    protocols/vpnprotocol.h \
-    constants.h \
-    platforms/ios/QRCodeReaderBase.h
-
-SOURCES  += \
-    amnezia_application.cpp \
-    configurators/cloak_configurator.cpp \
-    configurators/configurator_base.cpp \
-    configurators/ikev2_configurator.cpp \
-    configurators/shadowsocks_configurator.cpp \
-    configurators/ssh_configurator.cpp \
-    configurators/vpn_configurator.cpp \
-    configurators/wireguard_configurator.cpp \
-    containers/containers_defs.cpp \
-    core/errorstrings.cpp \
-    configurators/openvpn_configurator.cpp \
-    core/scripts_registry.cpp \
-    core/server_defs.cpp \
-    core/servercontroller.cpp \
-    logger.cpp \
-    main.cpp \
-    managementserver.cpp \
-    platforms/ios/MobileUtils.cpp \
-    platforms/linux/leakdetector.cpp \
-    protocols/protocols_defs.cpp \
-    secure_qsettings.cpp \
-    settings.cpp \
-    ui/notificationhandler.cpp \
-    ui/models/containers_model.cpp \
-    ui/models/protocols_model.cpp \
-    ui/pages_logic/AppSettingsLogic.cpp \
-    ui/pages_logic/GeneralSettingsLogic.cpp \
-    ui/pages_logic/NetworkSettingsLogic.cpp \
-    ui/pages_logic/NewServerProtocolsLogic.cpp \
-    ui/pages_logic/PageLogicBase.cpp \
-    ui/pages_logic/QrDecoderLogic.cpp \
-    ui/pages_logic/ServerConfiguringProgressLogic.cpp \
-    ui/pages_logic/ServerContainersLogic.cpp \
-    ui/pages_logic/ServerListLogic.cpp \
-    ui/pages_logic/ServerSettingsLogic.cpp \
-    ui/pages_logic/ShareConnectionLogic.cpp \
-    ui/pages_logic/SitesLogic.cpp \
-    ui/pages_logic/StartPageLogic.cpp \
-    ui/pages_logic/ViewConfigLogic.cpp \
-    ui/pages_logic/VpnLogic.cpp \
-    ui/pages_logic/WizardLogic.cpp \
-    ui/pages_logic/protocols/CloakLogic.cpp \
-    ui/pages_logic/protocols/OpenVpnLogic.cpp \
-    ui/pages_logic/protocols/OtherProtocolsLogic.cpp \
-    ui/pages_logic/protocols/PageProtocolLogicBase.cpp \
-    ui/pages_logic/protocols/ShadowSocksLogic.cpp \
-    ui/models/servers_model.cpp \
-    ui/pages_logic/protocols/WireGuardLogic.cpp \
-    ui/uilogic.cpp \
-    ui/qautostart.cpp \
-    ui/models/sites_model.cpp \
-    utilities.cpp \
-    vpnconnection.cpp \
-    protocols/vpnprotocol.cpp \
-    platforms/ios/QRCodeReaderBase.cpp
-
-RESOURCES += \
-    resources.qrc
-
-TRANSLATIONS = \
-    translations/amneziavpn_ru.ts
-
-win32 {
-    DEFINES += MVPN_WINDOWS
-
-    OTHER_FILES += platforms/windows/amneziavpn.rc
-    RC_FILE = platforms/windows/amneziavpn.rc
-
-    HEADERS += \
-       protocols/ikev2_vpn_protocol_windows.h \
-
-    SOURCES += \
-       protocols/ikev2_vpn_protocol_windows.cpp \
-
-    VERSION = 2.0.0.0
-    QMAKE_TARGET_COMPANY = "AmneziaVPN"
-    QMAKE_TARGET_PRODUCT = "AmneziaVPN"
-
-
-    LIBS += \
-        -luser32 \
-        -lrasapi32 \
-        -lshlwapi \
-        -liphlpapi \
-        -lws2_32 \
-        -lgdi32
-
-    QMAKE_LFLAGS_WINDOWS += /entry:mainCRTStartup
-
-   !contains(QMAKE_TARGET.arch, x86_64) {
-      message("Windows x86 build")
-      LIBS += -L$$PWD/3rd/OpenSSL/lib/windows/x86/ -llibssl -llibcrypto
-   }
-   else {
-      message("Windows x86_64 build")
-      LIBS += -L$$PWD/3rd/OpenSSL/lib/windows/x86_64/ -llibssl -llibcrypto
-   }
-}
-
-macx {
-    DEFINES += MVPN_MACOS
-
-    ICON   = $$PWD/images/app.icns
-
-    HEADERS  += ui/macos_util.h
-    SOURCES  += ui/macos_util.mm
-
-    LIBS += -framework Cocoa -framework ApplicationServices -framework CoreServices -framework Foundation -framework AppKit -framework Security
-
-    LIBS += $$PWD/3rd/OpenSSL/lib/macos/x86_64/libcrypto.a
-    LIBS += $$PWD/3rd/OpenSSL/lib/macos/x86_64/libssl.a
-}
-
-linux:!android {
-    DEFINES += MVPN_LINUX
-    LIBS += /usr/lib/x86_64-linux-gnu/libcrypto.a
-    LIBS += /usr/lib/x86_64-linux-gnu/libssl.a
-    LIBS += $$PWD/3rd/libssh/build/src/libssh.a
-    LIBS += -lz
-
-    INCLUDEPATH += $$PWD/platforms/linux
-}
-
-win32|macx|linux:!android {
-   DEFINES += AMNEZIA_DESKTOP
-
-   HEADERS  += \
-      core/ipcclient.h \
-      core/privileged_process.h \
-      ui/systemtray_notificationhandler.h \
-      protocols/openvpnprotocol.h \
-      protocols/openvpnovercloakprotocol.h \
-      protocols/shadowsocksvpnprotocol.h \
-      protocols/wireguardprotocol.h \
-
-   SOURCES  += \
-      core/ipcclient.cpp \
-      core/privileged_process.cpp \
-      ui/systemtray_notificationhandler.cpp \
-      protocols/openvpnprotocol.cpp \
-      protocols/openvpnovercloakprotocol.cpp \
-      protocols/shadowsocksvpnprotocol.cpp \
-      protocols/wireguardprotocol.cpp \
-
-   REPC_REPLICA += ../ipc/ipc_interface.rep
-   REPC_REPLICA += ../ipc/ipc_process_interface.rep
-}
-
-android {
-    message(Platform: android)
-    message("$$ANDROID_TARGET_ARCH")
-    versionAtLeast(QT_VERSION, 6.0.0) {
-        # We need to include qtprivate api's
-        # As QAndroidBinder is not yet implemented with a public api
-        QT += core-private
-        ANDROID_ABIS = $$ANDROID_TARGET_ARCH
-    }
-
-   DEFINES += MVPN_ANDROID
-
-   INCLUDEPATH += platforms/android
-
-   HEADERS += \
-      platforms/android/android_controller.h \
-      platforms/android/android_notificationhandler.h \
-      protocols/android_vpnprotocol.h \
-      platforms/android/androidutils.h \
-      platforms/android/androidvpnactivity.h
-
-   SOURCES += \
-      platforms/android/android_controller.cpp \
-      platforms/android/android_notificationhandler.cpp \
-      protocols/android_vpnprotocol.cpp \
-      platforms/android/androidutils.cpp \
-      platforms/android/androidvpnactivity.cpp
-
-   DISTFILES += \
-      android/AndroidManifest.xml \
-      android/build.gradle \
-      android/gradle/wrapper/gradle-wrapper.jar \
-      android/gradle/wrapper/gradle-wrapper.properties \
-      android/gradlew \
-      android/gradlew.bat \
-      android/gradle.properties \
-      android/res/values/libs.xml \
-      android/res/xml/fileprovider.xml \
-      android/src/org/amnezia/vpn/AuthHelper.java \
-      android/src/org/amnezia/vpn/IPCContract.kt \
-      android/src/org/amnezia/vpn/NotificationUtil.kt \
-      android/src/org/amnezia/vpn/OpenVPNThreadv3.kt \
-      android/src/org/amnezia/vpn/Prefs.kt \
-      android/src/org/amnezia/vpn/VpnLogger.kt \
-      android/src/org/amnezia/vpn/VpnService.kt \
-      android/src/org/amnezia/vpn/VpnServiceBinder.kt \
-      android/src/org/amnezia/vpn/qt/AmneziaApp.kt \
-      android/src/org/amnezia/vpn/qt/PackageManagerHelper.java \
-      android/src/org/amnezia/vpn/qt/VPNActivity.kt \
-      android/src/org/amnezia/vpn/qt/VPNApplication.java \
-      android/src/org/amnezia/vpn/qt/VPNPermissionHelper.kt
-
-      ANDROID_PACKAGE_SOURCE_DIR = $$PWD/android
-
-   for (abi, ANDROID_ABIS): {
-
-      equals(ANDROID_TARGET_ARCH,$$abi) {
-         LIBS += $$PWD/3rd/OpenSSL/lib/android/$${abi}/libcrypto.a
-         LIBS += $$PWD/3rd/OpenSSL/lib/android/$${abi}/libssl.a
-      }
-
-      ANDROID_EXTRA_LIBS += $$PWD/android/lib/wireguard/$${abi}/libwg.so
-      ANDROID_EXTRA_LIBS += $$PWD/android/lib/wireguard/$${abi}/libwg-go.so
-      ANDROID_EXTRA_LIBS += $$PWD/android/lib/wireguard/$${abi}/libwg-quick.so
-
-      ANDROID_EXTRA_LIBS += $$PWD/android/lib/openvpn/$${abi}/libjbcrypto.so
-      ANDROID_EXTRA_LIBS += $$PWD/android/lib/openvpn/$${abi}/libopenvpn.so
-      ANDROID_EXTRA_LIBS += $$PWD/android/lib/openvpn/$${abi}/libopvpnutil.so
-      ANDROID_EXTRA_LIBS += $$PWD/android/lib/openvpn/$${abi}/libovpn3.so
-      ANDROID_EXTRA_LIBS += $$PWD/android/lib/openvpn/$${abi}/libovpnexec.so
-   }
-}
-
-ios {
-    message("Client iOS build")
-    CONFIG += static
-    CONFIG += file_copies
-
-    # For the authentication
-    LIBS += -framework AuthenticationServices
-
-    # For notifications
-    LIBS += -framework UIKit
-    LIBS += -framework Foundation
-    LIBS += -framework StoreKit
-    LIBS += -framework UserNotifications
-    LIBS += -framework AVFoundation
-
-    DEFINES += MVPN_IOS
-
-    HEADERS += \
-      protocols/ios_vpnprotocol.h \
-      platforms/ios/iosnotificationhandler.h \
-      platforms/ios/json.h \
-      platforms/ios/bigint.h \
-      platforms/ios/bigintipv6addr.h \
-      platforms/ios/ipaddress.h \
-      platforms/ios/ipaddressrange.h \
-      platforms/ios/QtAppDelegate.h \
-      platforms/ios/QtAppDelegate-C-Interface.h
-
-    SOURCES -= \
-      platforms/ios/QRCodeReaderBase.cpp \
-      platforms/ios/MobileUtils.cpp
-
-    SOURCES += \
-      protocols/ios_vpnprotocol.mm \
-      platforms/ios/iosnotificationhandler.mm \
-      platforms/ios/json.cpp \
-      platforms/ios/iosglue.mm \
-      platforms/ios/ipaddress.cpp \
-      platforms/ios/ipaddressrange.cpp \
-      platforms/ios/QRCodeReaderBase.mm \
-      platforms/ios/QtAppDelegate.mm \
-      platforms/ios/MobileUtils.mm
-
-    Q_ENABLE_BITCODE.value = NO
-    Q_ENABLE_BITCODE.name = ENABLE_BITCODE
-    QMAKE_MAC_XCODE_SETTINGS += Q_ENABLE_BITCODE
-
-#    CONFIG(iphoneos, iphoneos|iphonesimulator) {
-  iphoneos {
-    message("Building for iPhone OS")
-    QMAKE_TARGET_BUNDLE_PREFIX = org.amnezia
-    QMAKE_BUNDLE = AmneziaVPN
-    QMAKE_IOS_DEPLOYMENT_TARGET = 13.0
-    QMAKE_APPLE_TARGETED_DEVICE_FAMILY = 1
-    QMAKE_DEVELOPMENT_TEAM = X7UJ388FXK
-    QMAKE_PROVISIONING_PROFILE = f2fefb59-14aa-4aa9-ac14-1d5531b06dcc
-    QMAKE_XCODE_CODE_SIGN_IDENTITY = "Apple Distribution"
-    QMAKE_INFO_PLIST = $$PWD/ios/app/Info.plist
-
-    XCODEBUILD_FLAGS += -allowProvisioningUpdates
-
-    DEFINES += iphoneos
-
-    contains(QT_ARCH, arm64) {
-      message("Building for iOS/ARM v8 64-bit architecture")
-      ARCH_TAG = "ios_armv8_64"
-
-      LIBS += $$PWD/3rd/OpenSSL/lib/ios/iphone/libcrypto.a
-      LIBS += $$PWD/3rd/OpenSSL/lib/ios/iphone/libssl.a
-    } else {
-      message("Building for iOS/ARM v7 (32-bit) architecture")
-      ARCH_TAG = "ios_armv7"
-    }
-  }
-#    }
-
-
-#    CONFIG(iphonesimulator, iphoneos|iphonesimulator) {
-#  iphonesimulator {
-#    message("Building for iPhone Simulator")
-#    ARCH_TAG = "ios_x86_64"
-#
-#    DEFINES += iphonesimulator
-#
-#    LIBS += $$PWD/3rd/OpenSSL/lib/ios/simulator/libcrypto.a
-#    LIBS += $$PWD/3rd/OpenSSL/lib/ios/simulator/libssl.a
-#  }
-#    }
-
-    NETWORKEXTENSION=1
-#    ! build_pass: system(ruby $$PWD/scripts/xcode_patcher.rb "$$PWD" "$$OUT_PWD/AmneziaVPN.xcodeproj" "2.0" "2.0.0" "ios" "$$NETWORKEXTENSION"|| echo "Failed to merge xcode with wireguard")
-
-
-
-#ruby %{sourceDir}/client/ios/xcode_patcher.rb "%{buildDir}/AmneziaVPN.xcodeproj" "2.0" "2.0.0" "ios" "1"
-    #cd client/ && /Users/md/Qt/5.15.2/ios/bin/qmake -o Makefile /Users/md/amnezia/desktop-client/client/client.pro -spec macx-ios-clang CONFIG+=iphonesimulator CONFIG+=simulator CONFIG+=qml_debug -after
-# %{sourceDir}/client/ios/xcode_patcher.rb %{buildDir}/client/AmneziaVPN.xcodeproj 2.0 2.0.0 ios 1
-}
-
-
-

client/cmake/osxtools.cmake

@@ -13,7 +13,7 @@ endif()
 if(CODE_SIGN_IDENTITY)
     find_program(CODESIGN_BIN NAMES codesign)
     if(NOT CODESIGN_BIN)
-        messsage(FATAL_ERROR "Cannot sign code, could not find 'codesign' executable")
+        message(FATAL_ERROR "Cannot sign code, could not find 'codesign' executable")
     endif()
     set(CMAKE_XCODE_ATTRIBUTE_CODE_SIGN_IDENTITY ${CODE_SIGN_IDENTITY})
 endif()

client/configurators/cloak_configurator.cpp

@@ -39,7 +39,7 @@ QString CloakConfigurator::genCloakConfig(const ServerCredentials &credentials,
     config.insert("UID", cloakBypassUid);
     config.insert("PublicKey", cloakPublicKey);
     config.insert("ServerName", "$FAKE_WEB_SITE_ADDRESS");
-    config.insert("NumConn", 4);
+    config.insert("NumConn", 1);
     config.insert("BrowserSig", "chrome");
     config.insert("StreamTimeout", 300);
 

client/configurators/openvpn_configurator.cpp

@@ -118,6 +118,10 @@ QString OpenVpnConfigurator::processConfigWithLocalSettings(QString jsonConfig)
             config.append("redirect-gateway def1 bypass-dhcp\n");
         }
     }
+    
+    // Prevent ipv6 leak
+    config.append("ifconfig-ipv6 fd15:53b6:dead::2/64  fd15:53b6:dead::1\n");
+    config.append("redirect-gateway ipv6\n");
 
 #if (defined Q_OS_MAC || defined(Q_OS_LINUX)) && !defined(Q_OS_ANDROID)
     config.replace("block-outside-dns", "");

client/configurators/vpn_configurator.h

@@ -30,7 +30,7 @@ public:
     QString &processConfigWithLocalSettings(int serverIndex, DockerContainer container, Proto proto, QString &config);
     QString &processConfigWithExportSettings(int serverIndex, DockerContainer container, Proto proto, QString &config);
 
-    // workaround for containers which is not support normal configaration
+    // workaround for containers which is not support normal configuration
     void updateContainerConfigAfterInstallation(DockerContainer container,
         QJsonObject &containerConfig, const QString &stdOut);