Closes https://github.com/DefinedNet/mobile_nebula/issues/191
Nate would like us to be able to save an invalid site, as a way of saving partial progress and then fixing issues later on, so that's what this PR does, for both Android and iOS. To test, add a site, give it a name, and press save. You should be taken to a list of sites, including the newly created invalid site.
The main thing here is that it will support edge-to-edge when we target android 15, and it changes the default for deep links.
The update to mobile_scanner should improve ios simulator support, but I'm finding that the app still won't load in the simulator (even without mobile_scanner at all), so there's some other work to do there.
https://medium.com/flutter/whats-new-in-flutter-3-27-28341129570c
This should avoid the errors we've been seeing in Sentry of:
```
MissingPluginException(No implementation found for method listen on channel net.defined.nebula/null)
```
To test, start up the mobile app in an android phone or emulator, tap the plus button to add a new site, and verify that no error log is shown.
Note: we still get a similar error when tapping the "Good Site" or "Bad Site" in debug, but I believe that is because it's being created too quickly before the EventChannel has a chance to be set up. Adding a site manually does not trigger the error.
Addresses the errors seen in DefinedNet/mobile_nebula/actions/runs/11221064890/job/31190581077#step:13:1260
Locally I am able to perform most of a release build after removing these proguard rules which were previously added to avoid minification stripping out flutter code. That seems to no longer be required, though.
This updates kotlin, gson, AGP, and WorkManager to the latest versions.
It also updates the README to include the correct ndk version for our AGP, as specified here: developer.android.com/build/releases/gradle-plugin#compatibility
This updates flutter to 3.24.1, the latest stable version, and also updates our flutter dependencies to latest.
It targets the latest android sdk, 34, which is required if we want to publish a new version to the Google Play store.
I also needed to make a few adjustments to handle deprecations. The biggest change is that I needed to wrap the main widget in MaterialApp to avoid problems with AdaptiveSwitch in iOS.
When a user restores to a new phone, their TPM will no longer be able to
decrypt the encrypted credentials.
We have code already in place to delete "invalid" sites, which cleans
these up by removing them.
However, when trying to save a new site, Android continues to try to use
the old keys which are no longer decryptable. So, when saving new
encrypted files, simply reset the crypto keys if we are unable to
encrypt.
Previously VPN permissions were requested when the UI was loaded. If the
user denied the permissions it would have to be force stopped and
reopened to get another permission request grant.
Additionally, when requesting VPN permissions Android will kill any
other running VPN service. This avoids that behavior unless a site is
explicitly started.
Also disables the app from showing up in the "Always On" settings.
I think this closes the loop on DNS issues I was experiencing.
Previously, after starting Nebula, DNS would work until you switched
networks (e.g. from mobile to WiFi or vice-versa). This was fixed by
removing some explicit DNS server sets in commit
a283bf8010. This casued DNS to work in
`adb shell` even after toggling networks.
However, it did not actually fix the problem for Android applications.
The new behavior is that they would work while on WiFi, but fail on a
mobile network.
To quote Android docs:
> Allows traffic from the specified address family. By default, if no
> address, route or DNS server of a specific family (IPv4 or IPv6) is
> added to this VPN, then all outgoing traffic of that family is blocked.
> If any address, route or DNS server is added, that family is allowed.
> This method allows an address family to be unblocked even without adding
> an address, route or DNS server of that family. Traffic of that family
> will then typically fall-through to the underlying network if it's
> supported. family must be either AF_INET (for IPv4) or AF_INET6 (for
> IPv6). IllegalArgumentException is thrown if it's neither.
In my case, my home network supports only IPv4 while my mobile network
uses DNS over IPv6. Since my Nebula routes are IPv4-only, IPv6 traffic
stopped working, and DNS requests failed.
Previously when `stopVpn()` was called, it was possible for the network
change callback to fire while we were in the middle of shutting down.
This commit unregisters the network change callback before telling
Nebula to shutdown.
Fixes#15. When tapping the toggle in rapid succession,
`NebulaVpnService.onStartCommand` is called twice, in serial. This
method includes logic to show an error to the user if they somehow
attempt to connect to a service while already connected.
However, this method of showing an error message (calling
`announceExit`) sends a signal to `MainActivity` telling it the service
has exited, and that it should set the UI state to "Disconnected." It
does not actually disconnect the service at this point, resulting in a
state mismatch in which you cannot actually disconnect the service.
The solution in this commit is to remove this signalling and simply
return out of `onStartCommand` to avoid processing the start request
twice if the site is already running.
- Updated README with some maybe-helpful instructions for downgrading
flutter to a version that will build the project
- Added a step to create a missing directory to the Gradle build
(otherwise the build fails)
- Set `shrinkResources false` - otherwise you get an error that you
can't shrink resources unless you also enable minifying