android: Make excluded subnets configurable in the GUI
This commit is contained in:
Tobias Brunner
parent
70f7eb76d9
commit
1a63e8e44e
|
|
@ -65,6 +65,7 @@ import org.strongswan.android.security.TrustedCertificateEntry;
|
|||
import org.strongswan.android.ui.adapter.CertificateIdentitiesAdapter;
|
||||
import org.strongswan.android.ui.widget.TextInputLayoutHelper;
|
||||
import org.strongswan.android.utils.Constants;
|
||||
import org.strongswan.android.utils.IPRangeSet;
|
||||
|
||||
import java.security.cert.X509Certificate;
|
||||
import java.util.UUID;
|
||||
|
|
@ -105,6 +106,8 @@ public class VpnProfileDetailActivity extends AppCompatActivity
|
|||
private TextInputLayoutHelper mMTUWrap;
|
||||
private EditText mPort;
|
||||
private TextInputLayoutHelper mPortWrap;
|
||||
private EditText mExcludedSubnets;
|
||||
private TextInputLayoutHelper mExcludedSubnetsWrap;
|
||||
private CheckBox mBlockIPv4;
|
||||
private CheckBox mBlockIPv6;
|
||||
|
||||
|
|
@ -149,6 +152,8 @@ public class VpnProfileDetailActivity extends AppCompatActivity
|
|||
mMTUWrap = (TextInputLayoutHelper) findViewById(R.id.mtu_wrap);
|
||||
mPort = (EditText)findViewById(R.id.port);
|
||||
mPortWrap = (TextInputLayoutHelper) findViewById(R.id.port_wrap);
|
||||
mExcludedSubnets = (EditText)findViewById(R.id.excluded_subnets);
|
||||
mExcludedSubnetsWrap = (TextInputLayoutHelper)findViewById(R.id.excluded_subnets_wrap);
|
||||
mBlockIPv4 = (CheckBox)findViewById(R.id.split_tunneling_v4);
|
||||
mBlockIPv6 = (CheckBox)findViewById(R.id.split_tunneling_v6);
|
||||
|
||||
|
|
@ -437,7 +442,8 @@ public class VpnProfileDetailActivity extends AppCompatActivity
|
|||
{
|
||||
Integer st = mProfile.getSplitTunneling();
|
||||
show = mProfile.getRemoteId() != null || mProfile.getMTU() != null ||
|
||||
mProfile.getPort() != null || (st != null && st != 0);
|
||||
mProfile.getPort() != null || (st != null && st != 0) ||
|
||||
mProfile.getExcludedSubnets() != null;
|
||||
}
|
||||
mShowAdvanced.setVisibility(!show ? View.VISIBLE : View.GONE);
|
||||
mAdvancedSettings.setVisibility(show ? View.VISIBLE : View.GONE);
|
||||
|
|
@ -510,6 +516,11 @@ public class VpnProfileDetailActivity extends AppCompatActivity
|
|||
mMTUWrap.setError(String.format(getString(R.string.alert_text_out_of_range), Constants.MTU_MIN, Constants.MTU_MAX));
|
||||
valid = false;
|
||||
}
|
||||
if (!validateSubnets(mExcludedSubnets))
|
||||
{
|
||||
mExcludedSubnetsWrap.setError(getString(R.string.alert_text_no_subnets));
|
||||
valid = false;
|
||||
}
|
||||
if (!validateInteger(mPort, 1, 65535))
|
||||
{
|
||||
mPortWrap.setError(String.format(getString(R.string.alert_text_out_of_range), 1, 65535));
|
||||
|
|
@ -547,6 +558,8 @@ public class VpnProfileDetailActivity extends AppCompatActivity
|
|||
mProfile.setRemoteId(remote_id.isEmpty() ? null : remote_id);
|
||||
mProfile.setMTU(getInteger(mMTU));
|
||||
mProfile.setPort(getInteger(mPort));
|
||||
String excluded = mExcludedSubnets.getText().toString().trim();
|
||||
mProfile.setExcludedSubnets(excluded.isEmpty() ? null : excluded);
|
||||
int st = 0;
|
||||
st |= mBlockIPv4.isChecked() ? VpnProfile.SPLIT_TUNNELING_BLOCK_IPV4 : 0;
|
||||
st |= mBlockIPv6.isChecked() ? VpnProfile.SPLIT_TUNNELING_BLOCK_IPV6 : 0;
|
||||
|
|
@ -576,6 +589,7 @@ public class VpnProfileDetailActivity extends AppCompatActivity
|
|||
mRemoteId.setText(mProfile.getRemoteId());
|
||||
mMTU.setText(mProfile.getMTU() != null ? mProfile.getMTU().toString() : null);
|
||||
mPort.setText(mProfile.getPort() != null ? mProfile.getPort().toString() : null);
|
||||
mExcludedSubnets.setText(mProfile.getExcludedSubnets());
|
||||
mBlockIPv4.setChecked(mProfile.getSplitTunneling() != null && (mProfile.getSplitTunneling() & VpnProfile.SPLIT_TUNNELING_BLOCK_IPV4) != 0);
|
||||
mBlockIPv6.setChecked(mProfile.getSplitTunneling() != null && (mProfile.getSplitTunneling() & VpnProfile.SPLIT_TUNNELING_BLOCK_IPV6) != 0);
|
||||
useralias = mProfile.getUserCertificateAlias();
|
||||
|
|
@ -665,6 +679,17 @@ public class VpnProfileDetailActivity extends AppCompatActivity
|
|||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Check that the value in the given text box is a valid list of subnets/ranges
|
||||
*
|
||||
* @param view text box
|
||||
*/
|
||||
private boolean validateSubnets(EditText view)
|
||||
{
|
||||
String value = view.getText().toString().trim();
|
||||
return value.isEmpty() || IPRangeSet.fromString(value) != null;
|
||||
}
|
||||
|
||||
private class SelectUserCertOnClickListener implements OnClickListener, KeyChainAliasCallback
|
||||
{
|
||||
@Override
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!--
|
||||
Copyright (C) 2012-2016 Tobias Brunner
|
||||
Copyright (C) 2012-2017 Tobias Brunner
|
||||
Copyright (C) 2012 Giuliano Grassi
|
||||
Copyright (C) 2012 Ralf Sager
|
||||
HSR Hochschule fuer Technik Rapperswil
|
||||
|
|
@ -248,10 +248,27 @@
|
|||
android:layout_width="match_parent"
|
||||
android:layout_height="wrap_content"
|
||||
android:layout_marginTop="10dp"
|
||||
android:layout_marginBottom="10dp"
|
||||
android:layout_marginLeft="4dp"
|
||||
android:textSize="12sp"
|
||||
android:textSize="20sp"
|
||||
android:text="@string/profile_split_tunneling_label" />
|
||||
|
||||
<org.strongswan.android.ui.widget.TextInputLayoutHelper
|
||||
android:id="@+id/excluded_subnets_wrap"
|
||||
android:layout_width="match_parent"
|
||||
android:layout_height="wrap_content"
|
||||
app:helper_text="@string/profile_excluded_subnets_hint" >
|
||||
|
||||
<android.support.design.widget.TextInputEditText
|
||||
android:id="@+id/excluded_subnets"
|
||||
android:layout_width="match_parent"
|
||||
android:layout_height="wrap_content"
|
||||
android:singleLine="true"
|
||||
android:inputType="textNoSuggestions"
|
||||
android:hint="@string/profile_excluded_subnets_label" />
|
||||
|
||||
</org.strongswan.android.ui.widget.TextInputLayoutHelper>
|
||||
|
||||
<CheckBox
|
||||
android:id="@+id/split_tunneling_v4"
|
||||
android:layout_width="match_parent"
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!--
|
||||
Copyright (C) 2012-2016 Tobias Brunner
|
||||
Copyright (C) 2012-2017 Tobias Brunner
|
||||
Copyright (C) 2012 Giuliano Grassi
|
||||
Copyright (C) 2012 Ralf Sager
|
||||
HSR Hochschule fuer Technik Rapperswil
|
||||
|
|
@ -82,6 +82,8 @@
|
|||
<string name="profile_split_tunneling_label">Split-Tunneling</string>
|
||||
<string name="profile_split_tunnelingv4_title">Blockiere IPv4 Verkehr der nicht für das VPN bestimmt ist</string>
|
||||
<string name="profile_split_tunnelingv6_title">Blockiere IPv6 Verkehr der nicht für das VPN bestimmt ist</string>
|
||||
<string name="profile_excluded_subnets_label">Ausgeschlossene Subnetze</string>
|
||||
<string name="profile_excluded_subnets_hint">Mit Leerzeichen getrennte Subnetze und/oder IP-Adressen, die vom VPN ausgeschlossen werden sollen (z.B. \"192.168.1.0/24 2001:db8::/64\")</string>
|
||||
<string name="profile_import">VPN Profile importieren</string>
|
||||
<string name="profile_import_failed">VPN Profil-Import fehlgeschlagen</string>
|
||||
<string name="profile_import_failed_detail">VPN Profil-Import fehlgeschlagen: %1$s</string>
|
||||
|
|
@ -98,6 +100,7 @@
|
|||
<string name="alert_text_nocertfound_title">Kein CA-Zertifikat ausgewählt</string>
|
||||
<string name="alert_text_nocertfound">Bitte wählen Sie eines aus oder aktivieren Sie <i>Automatisch wählen</i></string>
|
||||
<string name="alert_text_out_of_range">Bitte geben Sie eine Nummer von %1$d - %2$d ein</string>
|
||||
<string name="alert_text_no_subnets">Bitte geben Sie mit Leerzeichen getrennte, gültige Subnetzte und/oder IP-Adressen ein</string>
|
||||
<string name="tnc_notice_title">EAP-TNC kann Ihre Privatsphäre beeinträchtigen</string>
|
||||
<string name="tnc_notice_subtitle">Gerätedaten werden an den Server-Betreiber gesendet</string>
|
||||
<string name="tnc_notice_details"><![CDATA[<p>Trusted Network Connect (TNC) erlaubt Server-Betreibern den Gesundheitszustand von Endgeräten zu prüfen.</p><p>Dazu kann der Betreiber Daten verlangen, wie etwa eine eindeutige Identifikationsnummer, eine Liste der installierten Pakete, Systemeinstellungen oder kryptografische Prüfsummen von Dateien.</p><b>Solche Daten werden nur übermittelt nachdem die Identität des Servers geprüft wurde.</b>]]></string>
|
||||
|
|
|
|||
|
|
@ -82,6 +82,8 @@
|
|||
<string name="profile_split_tunneling_label">Split tunneling</string>
|
||||
<string name="profile_split_tunnelingv4_title">Block IPv4 traffic not destined for the VPN</string>
|
||||
<string name="profile_split_tunnelingv6_title">Block IPv6 traffic not destined for the VPN</string>
|
||||
<string name="profile_excluded_subnets_label">Excluded subnets</string>
|
||||
<string name="profile_excluded_subnets_hint">Subnets and/or IP addresses, separated by spaces, to exclude from the VPN (e.g. \"192.168.1.0/24 2001:db8::/64\")</string>
|
||||
<string name="profile_import">Import VPN profile</string>
|
||||
<string name="profile_import_failed">Failed to import VPN profile</string>
|
||||
<string name="profile_import_failed_detail">Failed to import VPN profile: %1$s</string>
|
||||
|
|
@ -98,6 +100,7 @@
|
|||
<string name="alert_text_nocertfound_title">Nie wybrano żadnego certyfikatu CA</string>
|
||||
<string name="alert_text_nocertfound">Wybierz lub uaktywnij jeden <i>Wybierz automatycznie</i></string>
|
||||
<string name="alert_text_out_of_range">Please enter a number in the range from %1$d - %2$d</string>
|
||||
<string name="alert_text_no_subnets">Please enter valid subnets and/or IP addresses, separated by spaces</string>
|
||||
<string name="tnc_notice_title">EAP-TNC may affect your privacy</string>
|
||||
<string name="tnc_notice_subtitle">Device data is sent to the server operator</string>
|
||||
<string name="tnc_notice_details"><![CDATA[<p>Trusted Network Connect (TNC) allows server operators to assess the health of a client device.</p><p>For that purpose the server operator may request data such as a unique identifier, a list of installed packages, system settings, or cryptographic checksums of files.</p><b>Any data will be sent only after verifying the server\'s identity.</b>]]></string>
|
||||
|
|
|
|||
|
|
@ -79,6 +79,8 @@
|
|||
<string name="profile_split_tunneling_label">Split tunneling</string>
|
||||
<string name="profile_split_tunnelingv4_title">Block IPv4 traffic not destined for the VPN</string>
|
||||
<string name="profile_split_tunnelingv6_title">Block IPv6 traffic not destined for the VPN</string>
|
||||
<string name="profile_excluded_subnets_label">Excluded subnets</string>
|
||||
<string name="profile_excluded_subnets_hint">Subnets and/or IP addresses, separated by spaces, to exclude from the VPN (e.g. \"192.168.1.0/24 2001:db8::/64\")</string>
|
||||
<string name="profile_import">Import VPN profile</string>
|
||||
<string name="profile_import_failed">Failed to import VPN profile</string>
|
||||
<string name="profile_import_failed_detail">Failed to import VPN profile: %1$s</string>
|
||||
|
|
@ -95,6 +97,7 @@
|
|||
<string name="alert_text_nocertfound_title">Не выбран сертификат CA</string>
|
||||
<string name="alert_text_nocertfound">Пожалуйста выберите один <i>Выбрать автоматически</i></string>
|
||||
<string name="alert_text_out_of_range">Please enter a number in the range from %1$d - %2$d</string>
|
||||
<string name="alert_text_no_subnets">Please enter valid subnets and/or IP addresses, separated by spaces</string>
|
||||
<string name="tnc_notice_title">EAP-TNC may affect your privacy</string>
|
||||
<string name="tnc_notice_subtitle">Device data is sent to the server operator</string>
|
||||
<string name="tnc_notice_details"><![CDATA[<p>Trusted Network Connect (TNC) allows server operators to assess the health of a client device.</p><p>For that purpose the server operator may request data such as a unique identifier, a list of installed packages, system settings, or cryptographic checksums of files.</p><b>Any data will be sent only after verifying the server\'s identity.</b>]]></string>
|
||||
|
|
|
|||
|
|
@ -80,6 +80,8 @@
|
|||
<string name="profile_split_tunneling_label">Split tunneling</string>
|
||||
<string name="profile_split_tunnelingv4_title">Block IPv4 traffic not destined for the VPN</string>
|
||||
<string name="profile_split_tunnelingv6_title">Block IPv6 traffic not destined for the VPN</string>
|
||||
<string name="profile_excluded_subnets_label">Excluded subnets</string>
|
||||
<string name="profile_excluded_subnets_hint">Subnets and/or IP addresses, separated by spaces, to exclude from the VPN (e.g. \"192.168.1.0/24 2001:db8::/64\")</string>
|
||||
<string name="profile_import">Import VPN profile</string>
|
||||
<string name="profile_import_failed">Failed to import VPN profile</string>
|
||||
<string name="profile_import_failed_detail">Failed to import VPN profile: %1$s</string>
|
||||
|
|
@ -96,6 +98,7 @@
|
|||
<string name="alert_text_nocertfound_title">Не вибрано сертифікат CA</string>
|
||||
<string name="alert_text_nocertfound">Будь ласка виберіть один <i>Вибрати автоматично</i></string>
|
||||
<string name="alert_text_out_of_range">Please enter a number in the range from %1$d - %2$d</string>
|
||||
<string name="alert_text_no_subnets">Please enter valid subnets and/or IP addresses, separated by spaces</string>
|
||||
<string name="tnc_notice_title">EAP-TNC may affect your privacy</string>
|
||||
<string name="tnc_notice_subtitle">Device data is sent to the server operator</string>
|
||||
<string name="tnc_notice_details"><![CDATA[<p>Trusted Network Connect (TNC) allows server operators to assess the health of a client device.</p><p>For that purpose the server operator may request data such as a unique identifier, a list of installed packages, system settings, or cryptographic checksums of files.</p><b>Any data will be sent only after verifying the server\'s identity.</b>]]></string>
|
||||
|
|
|
|||
|
|
@ -79,6 +79,8 @@
|
|||
<string name="profile_split_tunneling_label">拆分隧道</string>
|
||||
<string name="profile_split_tunnelingv4_title">屏蔽不通过VPN的IPV4流量</string>
|
||||
<string name="profile_split_tunnelingv6_title">屏蔽不通过VPN的IPV6流量</string>
|
||||
<string name="profile_excluded_subnets_label">Excluded subnets</string>
|
||||
<string name="profile_excluded_subnets_hint">Subnets and/or IP addresses, separated by spaces, to exclude from the VPN (e.g. \"192.168.1.0/24 2001:db8::/64\")</string>
|
||||
<string name="profile_import">导入VPN配置</string>
|
||||
<string name="profile_import_failed">导入VPN配置失败</string>
|
||||
<string name="profile_import_failed_detail">导入VPN配置失败: %1$s</string>
|
||||
|
|
@ -95,6 +97,7 @@
|
|||
<string name="alert_text_nocertfound_title">未选择CA证书</string>
|
||||
<string name="alert_text_nocertfound">请选择一项或激活 <i>自动选择</i></string>
|
||||
<string name="alert_text_out_of_range">请输入一个数字范围从%1$d到%2$d</string>
|
||||
<string name="alert_text_no_subnets">Please enter valid subnets and/or IP addresses, separated by spaces</string>
|
||||
<string name="tnc_notice_title">EAP-TNC可能会影响您的隐私</string>
|
||||
<string name="tnc_notice_subtitle">设备数据已被发送至服务器管理员</string>
|
||||
<string name="tnc_notice_details"><![CDATA[<p>Trusted Network Connect (TNC) 允许服务器管理员评定一个用户设备的状况。</p><p>出于此目的,服务器管理员可能要求以下数据如独立ID、已安装软件列表、系统设置、或加密过的文件校验值。</p><b>任何数据都仅将在验证过服务器的身份ID之后被发出。</b>]]></string>
|
||||
|
|
|
|||
|
|
@ -79,6 +79,8 @@
|
|||
<string name="profile_split_tunneling_label">拆分隧道</string>
|
||||
<string name="profile_split_tunnelingv4_title">屏蔽不通过VPN的IPV4流量</string>
|
||||
<string name="profile_split_tunnelingv6_title">屏蔽不通过VPN的IPV6流量</string>
|
||||
<string name="profile_excluded_subnets_label">Excluded subnets</string>
|
||||
<string name="profile_excluded_subnets_hint">Subnets and/or IP addresses, separated by spaces, to exclude from the VPN (e.g. \"192.168.1.0/24 2001:db8::/64\")</string>
|
||||
<string name="profile_import">匯入VPN設定檔</string>
|
||||
<string name="profile_import_failed">匯入VPN設定檔失敗</string>
|
||||
<string name="profile_import_failed_detail">匯入VPN設定檔失敗: %1$s</string>
|
||||
|
|
@ -95,6 +97,7 @@
|
|||
<string name="alert_text_nocertfound_title">沒有選擇CA憑證</string>
|
||||
<string name="alert_text_nocertfound">請選擇一項或啟動 <i>自動選擇</i></string>
|
||||
<string name="alert_text_out_of_range">請輸入一個數字範圍從%1$d到%2$d</string>
|
||||
<string name="alert_text_no_subnets">Please enter valid subnets and/or IP addresses, separated by spaces</string>
|
||||
<string name="tnc_notice_title">EAP-TNC可能會影響您的隱私安全</string>
|
||||
<string name="tnc_notice_subtitle">裝置資料已經發送給伺服器管理者</string>
|
||||
<string name="tnc_notice_details"><![CDATA[<p>Trusted Network Connect (TNC) 可以讓伺服器管理者評估用戶裝置的狀況。</p><p>在這個目的下,伺服器管理者可能會要求以下資料,例如ID、已安裝的App項目、系統設定、或加密檔案驗證值。</p><b>任何資料都只有在驗證伺服器的身分ID之後才會被送出。</b>]]></string>
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!--
|
||||
Copyright (C) 2012-2016 Tobias Brunner
|
||||
Copyright (C) 2012-2017 Tobias Brunner
|
||||
Copyright (C) 2012 Giuliano Grassi
|
||||
Copyright (C) 2012 Ralf Sager
|
||||
HSR Hochschule fuer Technik Rapperswil
|
||||
|
|
@ -82,6 +82,8 @@
|
|||
<string name="profile_split_tunneling_label">Split tunneling</string>
|
||||
<string name="profile_split_tunnelingv4_title">Block IPv4 traffic not destined for the VPN</string>
|
||||
<string name="profile_split_tunnelingv6_title">Block IPv6 traffic not destined for the VPN</string>
|
||||
<string name="profile_excluded_subnets_label">Excluded subnets</string>
|
||||
<string name="profile_excluded_subnets_hint">Subnets and/or IP addresses, separated by spaces, to exclude from the VPN (e.g. \"192.168.1.0/24 2001:db8::/64\")</string>
|
||||
<string name="profile_import">Import VPN profile</string>
|
||||
<string name="profile_import_failed">Failed to import VPN profile</string>
|
||||
<string name="profile_import_failed_detail">Failed to import VPN profile: %1$s</string>
|
||||
|
|
@ -98,6 +100,7 @@
|
|||
<string name="alert_text_nocertfound_title">No CA certificate selected</string>
|
||||
<string name="alert_text_nocertfound">Please select one or activate <i>Select automatically</i></string>
|
||||
<string name="alert_text_out_of_range">Please enter a number in the range from %1$d - %2$d</string>
|
||||
<string name="alert_text_no_subnets">Please enter valid subnets and/or IP addresses, separated by spaces</string>
|
||||
<string name="tnc_notice_title">EAP-TNC may affect your privacy</string>
|
||||
<string name="tnc_notice_subtitle">Device data is sent to the server operator</string>
|
||||
<string name="tnc_notice_details"><![CDATA[<p>Trusted Network Connect (TNC) allows server operators to assess the health of a client device.</p><p>For that purpose the server operator may request data such as a unique identifier, a list of installed packages, system settings, or cryptographic checksums of files.</p><b>Any data will be sent only after verifying the server\'s identity.</b>]]></string>
|
||||
|
|
|
|||
Loading…
Reference in New Issue