Opened 9 years ago
Closed 6 years ago
#477 closed Bug / Defect (fixed)
VPNConfigurationCopyAll largely ignores argument on iOS 8
| Reported by: | saurik | Owned by: | Antonio Quartulli |
|---|---|---|---|
| Priority: | major | Milestone: | |
| Component: | OpenVPN Connect | Version: | |
| Severity: | Not set (select this one, unless your'e a OpenVPN developer) | Keywords: | |
| Cc: |
Description
The function VPNConfigurationCopyAll is, as far as I can tell, an undocumented private function being used by OpenVPN. On iOS 7 it took an argument that filtered the list of results to only those matching a specific "vpntype". On iOS 8, it isn't clear that the concept of "vpntype" still exists, and this argument now just seems to initialize the name of the local configuration. (This function has effectively been entirely reimplemented and now defers to NEVPNConfigurationCopyAll in the NetworkExtension? library.)
On jailbroken devices, it is much easier to end up in scenarios where the list contains more entries than would otherwise be expected (potentially due to a maybe overzealous sandbox patch, although the underlying cause is irrelevant). This can be easily reproduced on any device running Pangu8 (at least with the current 0.4 untether) by installing a static VPN profile, such as the one that comes with the app TunnelBear?. OpenVPN throws an unrecognized selector when it tries to copy the vendor data.
As the behavior of this function has changed, this code in OpenVPN should be looked at anyway, and it is probably just a matter of time before OpenVPN experiences issues on a wider class of devices. (Which, I will point out, is one of the fantastic benefits of testing on jailbroken devices: in addition to having more powerful debugging abilities and better introspection, you tend to be able to find bugs more quickly as there are fewer accidental deterministic assumptions slipping in to your test environment.)
I don't know what the correct fix is yet; figuring that out would probably require more of my time to figure out how these VPNConfiguration functions work, and given that OpenVPN is already using them somehow I imagine you all have experts in these functions around that can do the updated reverse engineering work required to figure out what might be different or how the API now works. If it is at all useful, I managed to determine that all of the NetworkExtension? stuff eventually now wraps the following logic:
cy# var cm = [new NEConfigurationManager initWithPluginType:"net.openvpn.OpenVPN-Connect.vpnplug"]
cy# cm.pluginType
@"net.openvpn.OpenVPN-Connect.vpnplug"
cy# [cm reloadFromDisk]
cy# [c.name for (c of [cm.loadedConfigurations allValues])]
[@"Private Tunnel/San? Jose",@"TunnelBear?"]
Change History (3)
comment:1 Changed 9 years ago by
| Owner: | set to jamesyonan |
|---|---|
| Status: | new → assigned |
comment:2 Changed 6 years ago by
| Owner: | changed from jamesyonan to Antonio Quartulli |
|---|
comment:3 Changed 6 years ago by
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
The current 1.2.6 release in AppStore? uses the Network Extension framework. therefore I think this ticket is not valid anymore.
I am closing it, but feel free to reopen it if you see room for improvements or want to suggest a change.