Commit Graph

39 Commits

Author SHA1 Message Date
John Maguire 76f0ba17df
Don't use Nebula tunnel for app traffic on Android (#153) 2024-03-07 15:57:26 -05:00
John Maguire ec1af2974a
Fix encryption errors after restoring to a new phone (#143)
When a user restores to a new phone, their TPM will no longer be able to
decrypt the encrypted credentials.

We have code already in place to delete "invalid" sites, which cleans
these up by removing them.

However, when trying to save a new site, Android continues to try to use
the old keys which are no longer decryptable. So, when saving new
encrypted files, simply reset the crypto keys if we are unable to
encrypt.
2023-12-01 15:26:21 -05:00
John Maguire 693c7b6346
Hide CA expiration errors on managed sites (#128) 2023-05-17 12:10:11 -04:00
John Maguire cfca253ec1
Disallow some problematic app from the VPN (#126) 2023-05-15 17:10:20 -04:00
John Maguire 4bbd6c01ea
Clarify permissions error w/ Always On VPN (#119) 2023-05-10 16:39:32 -04:00
John Maguire a5139c4335
Hide QR code scanner on devices without cameras (#101) 2022-11-22 16:50:11 -05:00
John Maguire 17cc3477b7
Make user agent consistent on iOS and Android (#98)
Instead of Nebula/, Nebula-DEBUG/, and NebulaNetworkExtension/, ensure
that the user agent is always MobileNebula/.
2022-11-21 16:58:02 -05:00
John Maguire 4924888879
Don't require android.hardware.camera feature (#97)
flutter_barcode_scanner pulls in this feature but we only need it to be
optional. This should help expand support on Chromebook devices.
2022-11-21 16:05:19 -05:00
John Maguire a5ec4f5ed5
Allow deletion of managed sites on Android (#94) 2022-11-18 16:18:07 -05:00
John Maguire 974c7a4eed
Refresh Sites when a site is saved (closes #89) (#93)
* Refresh Sites when a site is saved (closes #89)

* Update with iOS side fix
2022-11-18 16:03:52 -05:00
John Maguire 37758d4a01
Request VPN permissions on site start (#92)
Previously VPN permissions were requested when the UI was loaded. If the
user denied the permissions it would have to be force stopped and
reopened to get another permission request grant.

Additionally, when requesting VPN permissions Android will kill any
other running VPN service. This avoids that behavior unless a site is
explicitly started.

Also disables the app from showing up in the "Always On" settings.
2022-11-18 14:34:45 -05:00
John Maguire 9dd5b9cad9
Don't reload Nebula unless config is updated (#91) 2022-11-18 14:27:27 -05:00
John Maguire e4bbd0a31c
Fix majority of Android Studio warnings (#88) 2022-11-17 16:48:44 -05:00
John Maguire a5684e1978
Fix share on Android by moving to flutter share lib (#87)
Co-authored-by: Nate Brown <nbrown.us@gmail.com>
2022-11-17 15:46:06 -06:00
John Maguire c7a53c3905
Support DN host enrollment (#86)
Co-authored-by: Nate Brown <nbrown.us@gmail.com>
2022-11-17 16:43:16 -05:00
John Maguire 5ec6004a9f
Fix crash on Android 9 and below (#81) 2022-11-08 08:08:07 -07:00
John Maguire 552d16bce2
Improvements to NebulaVpnService (#79) 2022-10-31 12:49:38 -06:00
Nate Brown dbe67c2f81
Upgrade to flutter 3 (#70)
Co-authored-by: John Maguire <contact@johnmaguire.me>
2022-09-21 15:27:35 -05:00
Nate Brown e3780bda1e
Show a message on android if permissions were denied (#65) 2022-08-05 16:42:31 -05:00
Nate Brown 958b15d711
Allow import of private key, make it so key material isn't removed when navigating off the add a cert page (#64) 2022-08-05 16:42:17 -05:00
Nate Brown 457952b5ed
Rebind against nebula 1.6 for relays, modernize build (#63) 2022-08-04 19:39:46 -05:00
John Maguire 145a6c9b4f
Mark VPN as unmetered (#53) 2022-01-11 12:09:51 -05:00
John Maguire 47865d568b
Fix DNS over mobile networks on Android (#40)
I think this closes the loop on DNS issues I was experiencing.
Previously, after starting Nebula, DNS would work until you switched
networks (e.g. from mobile to WiFi or vice-versa). This was fixed by
removing some explicit DNS server sets in commit
a283bf8010. This casued DNS to work in
`adb shell` even after toggling networks.

However, it did not actually fix the problem for Android applications.
The new behavior is that they would work while on WiFi, but fail on a
mobile network.

To quote Android docs:

> Allows traffic from the specified address family. By default, if no
> address, route or DNS server of a specific family (IPv4 or IPv6) is
> added to this VPN, then all outgoing traffic of that family is blocked.
> If any address, route or DNS server is added, that family is allowed.
> This method allows an address family to be unblocked even without adding
> an address, route or DNS server of that family. Traffic of that family
> will then typically fall-through to the underlying network if it's
> supported. family must be either AF_INET (for IPv4) or AF_INET6 (for
> IPv6). IllegalArgumentException is thrown if it's neither.

In my case, my home network supports only IPv4 while my mobile network
uses DNS over IPv6. Since my Nebula routes are IPv4-only, IPv6 traffic
stopped working, and DNS requests failed.
2021-05-10 16:16:21 -04:00
Nate Brown 0bb2a30829
Support replacing certs (#33) 2021-05-03 15:16:00 -05:00
Nate Brown a283bf8010
Remove setting dns as it seems to be unnecessary (#35) 2021-05-03 14:44:13 -05:00
John Maguire 3194028a78
Unregister network callback on stop (Android) (#34)
Previously when `stopVpn()` was called, it was possible for the network
change callback to fire while we were in the middle of shutting down.
This commit unregisters the network change callback before telling
Nebula to shutdown.
2021-05-03 14:58:09 -04:00
John Maguire 1d044a1e36
Fix state when connection toggle is tapped twice (#16)
Fixes #15. When tapping the toggle in rapid succession,
`NebulaVpnService.onStartCommand` is called twice, in serial.  This
method includes logic to show an error to the user if they somehow
attempt to connect to a service while already connected.

However, this method of showing an error message (calling
`announceExit`) sends a signal to `MainActivity` telling it the service
has exited, and that it should set the UI state to "Disconnected." It
does not actually disconnect the service at this point, resulting in a
state mismatch in which you cannot actually disconnect the service.

The solution in this commit is to remove this signalling and simply
return out of `onStartCommand` to avoid processing the start request
twice if the site is already running.
2021-05-03 14:56:21 -04:00
John Maguire 3123ce5f9a
Let Android install debug & release APKs side-by-side (#31) 2021-04-29 16:13:13 -04:00
Nate Brown a7c32f5bd4
Kotlin active site race on boot fix (#29) 2021-04-29 10:17:43 -05:00
Nathan Brown 4cad646a7c
Disable sleep/wake detection on android (#27) 2021-04-23 16:54:48 -05:00
Nathan Brown 1283ce30e9
IPV6 support (#24) 2021-04-23 16:23:06 -05:00
Nate Brown 33f73b8ea0 Tweak android icon 2020-09-25 10:47:10 -05:00
Nate Brown a01b22fcfe Update icon 2020-09-24 16:24:04 -05:00
Nate Brown 0fd4d8d7fc Intercept copy to clipboard on chromeos and inject our file contents into the clipboard 2020-08-31 18:33:25 -05:00
Nate Brown 38389e99d4 Better share functionality 2020-08-18 17:26:06 -05:00
Nate Brown 646550575d Fix share on ipad, improve share file names 2020-08-17 19:12:28 -05:00
Nate Brown 1a4cbceda0 Run check config on app boot, fix early error reporting on android 2020-08-17 11:56:15 -05:00
Nate Brown 9acc4b74ec Update icons and proper case name 2020-08-04 10:35:33 -05:00
Nate Brown b546dd1c9d Initial commit 2020-07-27 15:43:58 -05:00