diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2017-06-21 18:29:48 +0200 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2017-07-03 10:27:52 +0200 |
| commit | 1a63e8e44ed75d2a055bab1a4bf5aefacb6c7375 (patch) | |
| tree | a171c882972f5198bc73c96e898d5879fcbc805d | |
| parent | 70f7eb76d98b4f8b5d5c942498cb5b0b6e618fca (diff) | |
| download | strongswan-1a63e8e44ed75d2a055bab1a4bf5aefacb6c7375.tar.bz2 strongswan-1a63e8e44ed75d2a055bab1a4bf5aefacb6c7375.tar.xz | |
android: Make excluded subnets configurable in the GUI
9 files changed, 68 insertions, 5 deletions
diff --git a/src/frontends/android/app/src/main/java/org/strongswan/android/ui/VpnProfileDetailActivity.java b/src/frontends/android/app/src/main/java/org/strongswan/android/ui/VpnProfileDetailActivity.java index bf64370cf..2be50e698 100644 --- a/src/frontends/android/app/src/main/java/org/strongswan/android/ui/VpnProfileDetailActivity.java +++ b/src/frontends/android/app/src/main/java/org/strongswan/android/ui/VpnProfileDetailActivity.java @@ -65,6 +65,7 @@ import org.strongswan.android.security.TrustedCertificateEntry; import org.strongswan.android.ui.adapter.CertificateIdentitiesAdapter; import org.strongswan.android.ui.widget.TextInputLayoutHelper; import org.strongswan.android.utils.Constants; +import org.strongswan.android.utils.IPRangeSet; import java.security.cert.X509Certificate; import java.util.UUID; @@ -105,6 +106,8 @@ public class VpnProfileDetailActivity extends AppCompatActivity private TextInputLayoutHelper mMTUWrap; private EditText mPort; private TextInputLayoutHelper mPortWrap; + private EditText mExcludedSubnets; + private TextInputLayoutHelper mExcludedSubnetsWrap; private CheckBox mBlockIPv4; private CheckBox mBlockIPv6; @@ -149,6 +152,8 @@ public class VpnProfileDetailActivity extends AppCompatActivity mMTUWrap = (TextInputLayoutHelper) findViewById(R.id.mtu_wrap); mPort = (EditText)findViewById(R.id.port); mPortWrap = (TextInputLayoutHelper) findViewById(R.id.port_wrap); + mExcludedSubnets = (EditText)findViewById(R.id.excluded_subnets); + mExcludedSubnetsWrap = (TextInputLayoutHelper)findViewById(R.id.excluded_subnets_wrap); mBlockIPv4 = (CheckBox)findViewById(R.id.split_tunneling_v4); mBlockIPv6 = (CheckBox)findViewById(R.id.split_tunneling_v6); @@ -437,7 +442,8 @@ public class VpnProfileDetailActivity extends AppCompatActivity { Integer st = mProfile.getSplitTunneling(); show = mProfile.getRemoteId() != null || mProfile.getMTU() != null || - mProfile.getPort() != null || (st != null && st != 0); + mProfile.getPort() != null || (st != null && st != 0) || + mProfile.getExcludedSubnets() != null; } mShowAdvanced.setVisibility(!show ? View.VISIBLE : View.GONE); mAdvancedSettings.setVisibility(show ? View.VISIBLE : View.GONE); @@ -510,6 +516,11 @@ public class VpnProfileDetailActivity extends AppCompatActivity mMTUWrap.setError(String.format(getString(R.string.alert_text_out_of_range), Constants.MTU_MIN, Constants.MTU_MAX)); valid = false; } + if (!validateSubnets(mExcludedSubnets)) + { + mExcludedSubnetsWrap.setError(getString(R.string.alert_text_no_subnets)); + valid = false; + } if (!validateInteger(mPort, 1, 65535)) { mPortWrap.setError(String.format(getString(R.string.alert_text_out_of_range), 1, 65535)); @@ -547,6 +558,8 @@ public class VpnProfileDetailActivity extends AppCompatActivity mProfile.setRemoteId(remote_id.isEmpty() ? null : remote_id); mProfile.setMTU(getInteger(mMTU)); mProfile.setPort(getInteger(mPort)); + String excluded = mExcludedSubnets.getText().toString().trim(); + mProfile.setExcludedSubnets(excluded.isEmpty() ? null : excluded); int st = 0; st |= mBlockIPv4.isChecked() ? VpnProfile.SPLIT_TUNNELING_BLOCK_IPV4 : 0; st |= mBlockIPv6.isChecked() ? VpnProfile.SPLIT_TUNNELING_BLOCK_IPV6 : 0; @@ -576,6 +589,7 @@ public class VpnProfileDetailActivity extends AppCompatActivity mRemoteId.setText(mProfile.getRemoteId()); mMTU.setText(mProfile.getMTU() != null ? mProfile.getMTU().toString() : null); mPort.setText(mProfile.getPort() != null ? mProfile.getPort().toString() : null); + mExcludedSubnets.setText(mProfile.getExcludedSubnets()); mBlockIPv4.setChecked(mProfile.getSplitTunneling() != null && (mProfile.getSplitTunneling() & VpnProfile.SPLIT_TUNNELING_BLOCK_IPV4) != 0); mBlockIPv6.setChecked(mProfile.getSplitTunneling() != null && (mProfile.getSplitTunneling() & VpnProfile.SPLIT_TUNNELING_BLOCK_IPV6) != 0); useralias = mProfile.getUserCertificateAlias(); @@ -665,6 +679,17 @@ public class VpnProfileDetailActivity extends AppCompatActivity } } + /** + * Check that the value in the given text box is a valid list of subnets/ranges + * + * @param view text box + */ + private boolean validateSubnets(EditText view) + { + String value = view.getText().toString().trim(); + return value.isEmpty() || IPRangeSet.fromString(value) != null; + } + private class SelectUserCertOnClickListener implements OnClickListener, KeyChainAliasCallback { @Override diff --git a/src/frontends/android/app/src/main/res/layout/profile_detail_view.xml b/src/frontends/android/app/src/main/res/layout/profile_detail_view.xml index 08881b38c..82880a16f 100644 --- a/src/frontends/android/app/src/main/res/layout/profile_detail_view.xml +++ b/src/frontends/android/app/src/main/res/layout/profile_detail_view.xml @@ -1,6 +1,6 @@ <?xml version="1.0" encoding="utf-8"?> <!-- - Copyright (C) 2012-2016 Tobias Brunner + Copyright (C) 2012-2017 Tobias Brunner Copyright (C) 2012 Giuliano Grassi Copyright (C) 2012 Ralf Sager HSR Hochschule fuer Technik Rapperswil @@ -248,10 +248,27 @@ android:layout_width="match_parent" android:layout_height="wrap_content" android:layout_marginTop="10dp" + android:layout_marginBottom="10dp" android:layout_marginLeft="4dp" - android:textSize="12sp" + android:textSize="20sp" android:text="@string/profile_split_tunneling_label" /> + <org.strongswan.android.ui.widget.TextInputLayoutHelper + android:id="@+id/excluded_subnets_wrap" + android:layout_width="match_parent" + android:layout_height="wrap_content" + app:helper_text="@string/profile_excluded_subnets_hint" > + + <android.support.design.widget.TextInputEditText + android:id="@+id/excluded_subnets" + android:layout_width="match_parent" + android:layout_height="wrap_content" + android:singleLine="true" + android:inputType="textNoSuggestions" + android:hint="@string/profile_excluded_subnets_label" /> + + </org.strongswan.android.ui.widget.TextInputLayoutHelper> + <CheckBox android:id="@+id/split_tunneling_v4" android:layout_width="match_parent" diff --git a/src/frontends/android/app/src/main/res/values-de/strings.xml b/src/frontends/android/app/src/main/res/values-de/strings.xml index 941c16370..30e984e7d 100644 --- a/src/frontends/android/app/src/main/res/values-de/strings.xml +++ b/src/frontends/android/app/src/main/res/values-de/strings.xml @@ -1,6 +1,6 @@ <?xml version="1.0" encoding="utf-8"?> <!-- - Copyright (C) 2012-2016 Tobias Brunner + Copyright (C) 2012-2017 Tobias Brunner Copyright (C) 2012 Giuliano Grassi Copyright (C) 2012 Ralf Sager HSR Hochschule fuer Technik Rapperswil @@ -82,6 +82,8 @@ <string name="profile_split_tunneling_label">Split-Tunneling</string> <string name="profile_split_tunnelingv4_title">Blockiere IPv4 Verkehr der nicht für das VPN bestimmt ist</string> <string name="profile_split_tunnelingv6_title">Blockiere IPv6 Verkehr der nicht für das VPN bestimmt ist</string> + <string name="profile_excluded_subnets_label">Ausgeschlossene Subnetze</string> + <string name="profile_excluded_subnets_hint">Mit Leerzeichen getrennte Subnetze und/oder IP-Adressen, die vom VPN ausgeschlossen werden sollen (z.B. \"192.168.1.0/24 2001:db8::/64\")</string> <string name="profile_import">VPN Profile importieren</string> <string name="profile_import_failed">VPN Profil-Import fehlgeschlagen</string> <string name="profile_import_failed_detail">VPN Profil-Import fehlgeschlagen: %1$s</string> @@ -98,6 +100,7 @@ <string name="alert_text_nocertfound_title">Kein CA-Zertifikat ausgewählt</string> <string name="alert_text_nocertfound">Bitte wählen Sie eines aus oder aktivieren Sie <i>Automatisch wählen</i></string> <string name="alert_text_out_of_range">Bitte geben Sie eine Nummer von %1$d - %2$d ein</string> + <string name="alert_text_no_subnets">Bitte geben Sie mit Leerzeichen getrennte, gültige Subnetzte und/oder IP-Adressen ein</string> <string name="tnc_notice_title">EAP-TNC kann Ihre Privatsphäre beeinträchtigen</string> <string name="tnc_notice_subtitle">Gerätedaten werden an den Server-Betreiber gesendet</string> <string name="tnc_notice_details"><![CDATA[<p>Trusted Network Connect (TNC) erlaubt Server-Betreibern den Gesundheitszustand von Endgeräten zu prüfen.</p><p>Dazu kann der Betreiber Daten verlangen, wie etwa eine eindeutige Identifikationsnummer, eine Liste der installierten Pakete, Systemeinstellungen oder kryptografische Prüfsummen von Dateien.</p><b>Solche Daten werden nur übermittelt nachdem die Identität des Servers geprüft wurde.</b>]]></string> diff --git a/src/frontends/android/app/src/main/res/values-pl/strings.xml b/src/frontends/android/app/src/main/res/values-pl/strings.xml index 08d11c6f8..6823ccd7b 100644 --- a/src/frontends/android/app/src/main/res/values-pl/strings.xml +++ b/src/frontends/android/app/src/main/res/values-pl/strings.xml @@ -82,6 +82,8 @@ <string name="profile_split_tunneling_label">Split tunneling</string> <string name="profile_split_tunnelingv4_title">Block IPv4 traffic not destined for the VPN</string> <string name="profile_split_tunnelingv6_title">Block IPv6 traffic not destined for the VPN</string> + <string name="profile_excluded_subnets_label">Excluded subnets</string> + <string name="profile_excluded_subnets_hint">Subnets and/or IP addresses, separated by spaces, to exclude from the VPN (e.g. \"192.168.1.0/24 2001:db8::/64\")</string> <string name="profile_import">Import VPN profile</string> <string name="profile_import_failed">Failed to import VPN profile</string> <string name="profile_import_failed_detail">Failed to import VPN profile: %1$s</string> @@ -98,6 +100,7 @@ <string name="alert_text_nocertfound_title">Nie wybrano żadnego certyfikatu CA</string> <string name="alert_text_nocertfound">Wybierz lub uaktywnij jeden <i>Wybierz automatycznie</i></string> <string name="alert_text_out_of_range">Please enter a number in the range from %1$d - %2$d</string> + <string name="alert_text_no_subnets">Please enter valid subnets and/or IP addresses, separated by spaces</string> <string name="tnc_notice_title">EAP-TNC may affect your privacy</string> <string name="tnc_notice_subtitle">Device data is sent to the server operator</string> <string name="tnc_notice_details"><![CDATA[<p>Trusted Network Connect (TNC) allows server operators to assess the health of a client device.</p><p>For that purpose the server operator may request data such as a unique identifier, a list of installed packages, system settings, or cryptographic checksums of files.</p><b>Any data will be sent only after verifying the server\'s identity.</b>]]></string> diff --git a/src/frontends/android/app/src/main/res/values-ru/strings.xml b/src/frontends/android/app/src/main/res/values-ru/strings.xml index 092d73497..eb24bc46f 100644 --- a/src/frontends/android/app/src/main/res/values-ru/strings.xml +++ b/src/frontends/android/app/src/main/res/values-ru/strings.xml @@ -79,6 +79,8 @@ <string name="profile_split_tunneling_label">Split tunneling</string> <string name="profile_split_tunnelingv4_title">Block IPv4 traffic not destined for the VPN</string> <string name="profile_split_tunnelingv6_title">Block IPv6 traffic not destined for the VPN</string> + <string name="profile_excluded_subnets_label">Excluded subnets</string> + <string name="profile_excluded_subnets_hint">Subnets and/or IP addresses, separated by spaces, to exclude from the VPN (e.g. \"192.168.1.0/24 2001:db8::/64\")</string> <string name="profile_import">Import VPN profile</string> <string name="profile_import_failed">Failed to import VPN profile</string> <string name="profile_import_failed_detail">Failed to import VPN profile: %1$s</string> @@ -95,6 +97,7 @@ <string name="alert_text_nocertfound_title">Не выбран сертификат CA</string> <string name="alert_text_nocertfound">Пожалуйста выберите один <i>Выбрать автоматически</i></string> <string name="alert_text_out_of_range">Please enter a number in the range from %1$d - %2$d</string> + <string name="alert_text_no_subnets">Please enter valid subnets and/or IP addresses, separated by spaces</string> <string name="tnc_notice_title">EAP-TNC may affect your privacy</string> <string name="tnc_notice_subtitle">Device data is sent to the server operator</string> <string name="tnc_notice_details"><![CDATA[<p>Trusted Network Connect (TNC) allows server operators to assess the health of a client device.</p><p>For that purpose the server operator may request data such as a unique identifier, a list of installed packages, system settings, or cryptographic checksums of files.</p><b>Any data will be sent only after verifying the server\'s identity.</b>]]></string> diff --git a/src/frontends/android/app/src/main/res/values-ua/strings.xml b/src/frontends/android/app/src/main/res/values-ua/strings.xml index b1b71034d..dbae53ca1 100644 --- a/src/frontends/android/app/src/main/res/values-ua/strings.xml +++ b/src/frontends/android/app/src/main/res/values-ua/strings.xml @@ -80,6 +80,8 @@ <string name="profile_split_tunneling_label">Split tunneling</string> <string name="profile_split_tunnelingv4_title">Block IPv4 traffic not destined for the VPN</string> <string name="profile_split_tunnelingv6_title">Block IPv6 traffic not destined for the VPN</string> + <string name="profile_excluded_subnets_label">Excluded subnets</string> + <string name="profile_excluded_subnets_hint">Subnets and/or IP addresses, separated by spaces, to exclude from the VPN (e.g. \"192.168.1.0/24 2001:db8::/64\")</string> <string name="profile_import">Import VPN profile</string> <string name="profile_import_failed">Failed to import VPN profile</string> <string name="profile_import_failed_detail">Failed to import VPN profile: %1$s</string> @@ -96,6 +98,7 @@ <string name="alert_text_nocertfound_title">Не вибрано сертифікат CA</string> <string name="alert_text_nocertfound">Будь ласка виберіть один <i>Вибрати автоматично</i></string> <string name="alert_text_out_of_range">Please enter a number in the range from %1$d - %2$d</string> + <string name="alert_text_no_subnets">Please enter valid subnets and/or IP addresses, separated by spaces</string> <string name="tnc_notice_title">EAP-TNC may affect your privacy</string> <string name="tnc_notice_subtitle">Device data is sent to the server operator</string> <string name="tnc_notice_details"><![CDATA[<p>Trusted Network Connect (TNC) allows server operators to assess the health of a client device.</p><p>For that purpose the server operator may request data such as a unique identifier, a list of installed packages, system settings, or cryptographic checksums of files.</p><b>Any data will be sent only after verifying the server\'s identity.</b>]]></string> diff --git a/src/frontends/android/app/src/main/res/values-zh-rCN/strings.xml b/src/frontends/android/app/src/main/res/values-zh-rCN/strings.xml index e9ad8e02b..bae1c3702 100644 --- a/src/frontends/android/app/src/main/res/values-zh-rCN/strings.xml +++ b/src/frontends/android/app/src/main/res/values-zh-rCN/strings.xml @@ -79,6 +79,8 @@ <string name="profile_split_tunneling_label">拆分隧道</string> <string name="profile_split_tunnelingv4_title">屏蔽不通过VPN的IPV4流量</string> <string name="profile_split_tunnelingv6_title">屏蔽不通过VPN的IPV6流量</string> + <string name="profile_excluded_subnets_label">Excluded subnets</string> + <string name="profile_excluded_subnets_hint">Subnets and/or IP addresses, separated by spaces, to exclude from the VPN (e.g. \"192.168.1.0/24 2001:db8::/64\")</string> <string name="profile_import">导入VPN配置</string> <string name="profile_import_failed">导入VPN配置失败</string> <string name="profile_import_failed_detail">导入VPN配置失败: %1$s</string> @@ -95,6 +97,7 @@ <string name="alert_text_nocertfound_title">未选择CA证书</string> <string name="alert_text_nocertfound">请选择一项或激活 <i>自动选择</i></string> <string name="alert_text_out_of_range">请输入一个数字范围从%1$d到%2$d</string> + <string name="alert_text_no_subnets">Please enter valid subnets and/or IP addresses, separated by spaces</string> <string name="tnc_notice_title">EAP-TNC可能会影响您的隐私</string> <string name="tnc_notice_subtitle">设备数据已被发送至服务器管理员</string> <string name="tnc_notice_details"><![CDATA[<p>Trusted Network Connect (TNC) 允许服务器管理员评定一个用户设备的状况。</p><p>出于此目的,服务器管理员可能要求以下数据如独立ID、已安装软件列表、系统设置、或加密过的文件校验值。</p><b>任何数据都仅将在验证过服务器的身份ID之后被发出。</b>]]></string> diff --git a/src/frontends/android/app/src/main/res/values-zh-rTW/strings.xml b/src/frontends/android/app/src/main/res/values-zh-rTW/strings.xml index 3be4a6d55..ccd645f35 100644 --- a/src/frontends/android/app/src/main/res/values-zh-rTW/strings.xml +++ b/src/frontends/android/app/src/main/res/values-zh-rTW/strings.xml @@ -79,6 +79,8 @@ <string name="profile_split_tunneling_label">拆分隧道</string> <string name="profile_split_tunnelingv4_title">屏蔽不通过VPN的IPV4流量</string> <string name="profile_split_tunnelingv6_title">屏蔽不通过VPN的IPV6流量</string> + <string name="profile_excluded_subnets_label">Excluded subnets</string> + <string name="profile_excluded_subnets_hint">Subnets and/or IP addresses, separated by spaces, to exclude from the VPN (e.g. \"192.168.1.0/24 2001:db8::/64\")</string> <string name="profile_import">匯入VPN設定檔</string> <string name="profile_import_failed">匯入VPN設定檔失敗</string> <string name="profile_import_failed_detail">匯入VPN設定檔失敗: %1$s</string> @@ -95,6 +97,7 @@ <string name="alert_text_nocertfound_title">沒有選擇CA憑證</string> <string name="alert_text_nocertfound">請選擇一項或啟動 <i>自動選擇</i></string> <string name="alert_text_out_of_range">請輸入一個數字範圍從%1$d到%2$d</string> + <string name="alert_text_no_subnets">Please enter valid subnets and/or IP addresses, separated by spaces</string> <string name="tnc_notice_title">EAP-TNC可能會影響您的隱私安全</string> <string name="tnc_notice_subtitle">裝置資料已經發送給伺服器管理者</string> <string name="tnc_notice_details"><![CDATA[<p>Trusted Network Connect (TNC) 可以讓伺服器管理者評估用戶裝置的狀況。</p><p>在這個目的下,伺服器管理者可能會要求以下資料,例如ID、已安裝的App項目、系統設定、或加密檔案驗證值。</p><b>任何資料都只有在驗證伺服器的身分ID之後才會被送出。</b>]]></string> diff --git a/src/frontends/android/app/src/main/res/values/strings.xml b/src/frontends/android/app/src/main/res/values/strings.xml index 1e9a0ee8a..6f1bd4b9b 100644 --- a/src/frontends/android/app/src/main/res/values/strings.xml +++ b/src/frontends/android/app/src/main/res/values/strings.xml @@ -1,6 +1,6 @@ <?xml version="1.0" encoding="utf-8"?> <!-- - Copyright (C) 2012-2016 Tobias Brunner + Copyright (C) 2012-2017 Tobias Brunner Copyright (C) 2012 Giuliano Grassi Copyright (C) 2012 Ralf Sager HSR Hochschule fuer Technik Rapperswil @@ -82,6 +82,8 @@ <string name="profile_split_tunneling_label">Split tunneling</string> <string name="profile_split_tunnelingv4_title">Block IPv4 traffic not destined for the VPN</string> <string name="profile_split_tunnelingv6_title">Block IPv6 traffic not destined for the VPN</string> + <string name="profile_excluded_subnets_label">Excluded subnets</string> + <string name="profile_excluded_subnets_hint">Subnets and/or IP addresses, separated by spaces, to exclude from the VPN (e.g. \"192.168.1.0/24 2001:db8::/64\")</string> <string name="profile_import">Import VPN profile</string> <string name="profile_import_failed">Failed to import VPN profile</string> <string name="profile_import_failed_detail">Failed to import VPN profile: %1$s</string> @@ -98,6 +100,7 @@ <string name="alert_text_nocertfound_title">No CA certificate selected</string> <string name="alert_text_nocertfound">Please select one or activate <i>Select automatically</i></string> <string name="alert_text_out_of_range">Please enter a number in the range from %1$d - %2$d</string> + <string name="alert_text_no_subnets">Please enter valid subnets and/or IP addresses, separated by spaces</string> <string name="tnc_notice_title">EAP-TNC may affect your privacy</string> <string name="tnc_notice_subtitle">Device data is sent to the server operator</string> <string name="tnc_notice_details"><![CDATA[<p>Trusted Network Connect (TNC) allows server operators to assess the health of a client device.</p><p>For that purpose the server operator may request data such as a unique identifier, a list of installed packages, system settings, or cryptographic checksums of files.</p><b>Any data will be sent only after verifying the server\'s identity.</b>]]></string> |