Changed for eduVPN

- fix building on Xcode 16. See: WireGuard/wireguard-apple#33
- support ProxyGuard using the forked wireguard-go as a submodule
- fix split tunnel DNS search domains, see:
  https://lists.zx2c4.com/pipermail/wireguard/2021-July/006927.html from eduvpn/apple#524
- Update Go modules

Author: jwijenbergh

.gitmodules

@@ -0,0 +1,3 @@
+[submodule "Sources/WireGuardKitGo/wireguard-go"]
+	path = Sources/WireGuardKitGo/wireguard-go
+	url = https://codeberg.org/eduVPN/wireguard-go

README.md

@@ -4,10 +4,10 @@ This project contains an application for iOS and for macOS, as well as many comp
 
 ## Building
 
-- Clone this repo:
+- Clone this repo and its submodule:
 
 ```
-$ git clone https://git.zx2c4.com/wireguard-apple
+$ git clone --recursive https://git.zx2c4.com/wireguard-apple
 $ cd wireguard-apple
 ```
 

Sources/Shared/Model/TunnelConfiguration+WgQuickConfig.swift

@@ -27,6 +27,7 @@ extension TunnelConfiguration {
         case peerHasInvalidPreSharedKey(String)
         case peerHasInvalidAllowedIP(String)
         case peerHasInvalidEndpoint(String)
+        case peerHasInvalidProxyEndpoint(String)
         case peerHasInvalidPersistentKeepAlive(String)
         case peerHasInvalidTransferBytes(String)
         case peerHasInvalidLastHandshakeTime(String)
@@ -72,7 +73,7 @@ extension TunnelConfiguration {
                         attributes[key] = value
                     }
                     let interfaceSectionKeys: Set<String> = ["privatekey", "listenport", "address", "dns", "mtu"]
-                    let peerSectionKeys: Set<String> = ["publickey", "presharedkey", "allowedips", "endpoint", "persistentkeepalive"]
+                    let peerSectionKeys: Set<String> = ["publickey", "presharedkey", "allowedips", "endpoint", "proxyendpoint", "persistentkeepalive"]
                     if parserState == .inInterfaceSection {
                         guard interfaceSectionKeys.contains(key) else {
                             throw ParseError.interfaceHasUnrecognizedKey(keyWithCase)
@@ -156,6 +157,9 @@ extension TunnelConfiguration {
             if let endpoint = peer.endpoint {
                 output.append("Endpoint = \(endpoint.stringRepresentation)\n")
             }
+            if let proxyEndpoint = peer.proxyEndpoint {
+                output.append("ProxyEndpoint = \(proxyEndpoint.absoluteString)\n")
+            }
             if let persistentKeepAlive = peer.persistentKeepAlive {
                 output.append("PersistentKeepalive = \(persistentKeepAlive)\n")
             }
@@ -240,6 +244,12 @@ extension TunnelConfiguration {
             }
             peer.endpoint = endpoint
         }
+        if let proxyEndpointString = attributes["proxyendpoint"] {
+            guard let proxyEndpoint = URL(string: proxyEndpointString) else {
+                throw ParseError.peerHasInvalidProxyEndpoint(proxyEndpointString)
+            }
+            peer.proxyEndpoint = URL(string: proxyEndpointString)
+        }
         if let persistentKeepAliveString = attributes["persistentkeepalive"] {
             guard let persistentKeepAlive = UInt16(persistentKeepAliveString) else {
                 throw ParseError.peerHasInvalidPersistentKeepAlive(persistentKeepAliveString)

Sources/WireGuardApp/Base.lproj/Localizable.strings

@@ -89,6 +89,7 @@
 "tunnelPeerPublicKey" = "Public key";
 "tunnelPeerPreSharedKey" = "Preshared key";
 "tunnelPeerEndpoint" = "Endpoint";
+"tunnelPeerProxyEndpoint" = "Proxy Endpoint";
 "tunnelPeerPersistentKeepalive" = "Persistent keepalive";
 "tunnelPeerAllowedIPs" = "Allowed IPs";
 "tunnelPeerRxBytes" = "Data received";
@@ -187,6 +188,7 @@
 "alertInvalidPeerMessagePreSharedKeyInvalid" = "Peer’s preshared key must be a 32-byte key in base64 encoding";
 "alertInvalidPeerMessageAllowedIPsInvalid" = "Peer’s allowed IPs must be a list of comma-separated IP addresses, optionally in CIDR notation";
 "alertInvalidPeerMessageEndpointInvalid" = "Peer’s endpoint must be of the form ‘host:port’ or ‘[host]:port’";
+"alertInvalidPeerMessageProxyEndpointInvalid" = "Peer’s proxy endpoint must be a valid URL";
 "alertInvalidPeerMessagePersistentKeepaliveInvalid" = "Peer’s persistent keepalive must be between 0 to 65535, or unspecified";
 "alertInvalidPeerMessagePublicKeyDuplicated" = "Two or more peers cannot have the same public key";
 
@@ -395,10 +397,11 @@
 "macAlertPreSharedKeyInvalid" = "Preshared key is invalid";
 "macAlertAllowedIPInvalid (%@)" = "Allowed IP ‘%@’ is invalid";
 "macAlertEndpointInvalid (%@)" = "Endpoint ‘%@’ is invalid";
+"macAlertProxyEndpointInvalid (%@)" = "Proxy Endpoint ‘%@’ is invalid";
 "macAlertPersistentKeepliveInvalid (%@)" = "Persistent keepalive value ‘%@’ is invalid";
 
 "macAlertUnrecognizedPeerKey (%@)" = "Peer contains unrecognized key ‘%@’";
-"macAlertInfoUnrecognizedPeerKey" = "Valid keys are: ‘PublicKey’, ‘PresharedKey’, ‘AllowedIPs’, ‘Endpoint’ and ‘PersistentKeepalive’";
+"macAlertInfoUnrecognizedPeerKey" = "Valid keys are: ‘PublicKey’, ‘PresharedKey’, ‘AllowedIPs’, ‘Endpoint’, 'ProxyEndpoint' and ‘PersistentKeepalive’";
 
 "macAlertMultipleEntriesForKey (%@)" = "There should be only one entry per section for key ‘%@’";
 

Sources/WireGuardApp/Tunnel/TunnelConfiguration+UapiConfig.swift

@@ -140,6 +140,12 @@ extension TunnelConfiguration {
             }
             peer.endpoint = endpoint
         }
+        if let proxyEndpointString = attributes["proxy_endpoint"] {
+            guard let proxyEndpoint = URL(string: proxyEndpointString) else {
+                throw ParseError.peerHasInvalidProxyEndpoint(proxyEndpointString)
+            }
+            peer.proxyEndpoint = proxyEndpoint
+        }
         if let persistentKeepAliveString = attributes["persistent_keepalive_interval"] {
             guard let persistentKeepAlive = UInt16(persistentKeepAliveString) else {
                 throw ParseError.peerHasInvalidPersistentKeepAlive(persistentKeepAliveString)

Sources/WireGuardApp/UI/TunnelViewModel.swift

@@ -41,6 +41,7 @@ class TunnelViewModel {
         case publicKey
         case preSharedKey
         case endpoint
+        case proxyEndpoint
         case persistentKeepAlive
         case allowedIPs
         case rxBytes
@@ -54,6 +55,7 @@ class TunnelViewModel {
             case .publicKey: return tr("tunnelPeerPublicKey")
             case .preSharedKey: return tr("tunnelPeerPreSharedKey")
             case .endpoint: return tr("tunnelPeerEndpoint")
+            case .proxyEndpoint: return tr("tunnelPeerProxyEndpoint")
             case .persistentKeepAlive: return tr("tunnelPeerPersistentKeepalive")
             case .allowedIPs: return tr("tunnelPeerAllowedIPs")
             case .rxBytes: return tr("tunnelPeerRxBytes")
@@ -314,6 +316,9 @@ class TunnelViewModel {
             if let endpoint = config.endpoint {
                 scratchpad[.endpoint] = endpoint.stringRepresentation
             }
+            if let proxyEndpoint = config.proxyEndpoint {
+                scratchpad[.proxyEndpoint] = proxyEndpoint.absoluteString
+            }
             if let persistentKeepAlive = config.persistentKeepAlive {
                 scratchpad[.persistentKeepAlive] = String(persistentKeepAlive)
             }
@@ -372,6 +377,14 @@ class TunnelViewModel {
                     errorMessages.append(tr("alertInvalidPeerMessageEndpointInvalid"))
                 }
             }
+            if let proxyEndpointString = scratchpad[.proxyEndpoint] {
+                if let proxyEndpoint = URL(string: proxyEndpointString) {
+                    config.proxyEndpoint = proxyEndpoint
+                } else {
+                    fieldsWithError.insert(.proxyEndpoint)
+                    errorMessages.append(tr("alertInvalidPeerMessageProxyEndpointInvalid"))
+                }
+            }
             if let persistentKeepAliveString = scratchpad[.persistentKeepAlive] {
                 if let persistentKeepAlive = UInt16(persistentKeepAliveString) {
                     config.persistentKeepAlive = persistentKeepAlive

Sources/WireGuardApp/UI/iOS/ViewController/TunnelDetailTableViewController.swift

@@ -19,7 +19,7 @@ class TunnelDetailTableViewController: UITableViewController {
     ]
 
     static let peerFields: [TunnelViewModel.PeerField] = [
-        .publicKey, .preSharedKey, .endpoint,
+        .publicKey, .preSharedKey, .endpoint, .proxyEndpoint,
         .allowedIPs, .persistentKeepAlive,
         .rxBytes, .txBytes, .lastHandshakeTime
     ]

Sources/WireGuardApp/UI/iOS/ViewController/TunnelEditTableViewController.swift

@@ -356,7 +356,7 @@ extension TunnelEditTableViewController {
         case .publicKey:
             cell.placeholderText = tr("tunnelEditPlaceholderTextRequired")
             cell.keyboardType = .default
-        case .preSharedKey, .endpoint:
+        case .preSharedKey, .endpoint, .proxyEndpoint:
             cell.placeholderText = tr("tunnelEditPlaceholderTextOptional")
             cell.keyboardType = .default
         case .allowedIPs:

Sources/WireGuardApp/UI/macOS/ParseError+WireGuardAppError.swift

@@ -39,6 +39,8 @@ extension TunnelConfiguration.ParseError: WireGuardAppError {
             return (tr(format: "macAlertAllowedIPInvalid (%@)", value), tr("alertInvalidPeerMessageAllowedIPsInvalid"))
         case .peerHasInvalidEndpoint(let value):
             return (tr(format: "macAlertEndpointInvalid (%@)", value), tr("alertInvalidPeerMessageEndpointInvalid"))
+        case .peerHasInvalidProxyEndpoint(let value):
+            return (tr(format: "macAlertProxyEndpointInvalid (%@)", value), tr("alertInvalidPeerMessageProxyEndpointInvalid"))
         case .peerHasInvalidPersistentKeepAlive(let value):
             return (tr(format: "macAlertPersistentKeepliveInvalid (%@)", value), tr("alertInvalidPeerMessagePersistentKeepaliveInvalid"))
         case .peerHasUnrecognizedKey(let value):

Sources/WireGuardApp/UI/macOS/View/ConfTextColorTheme.swift

@@ -16,6 +16,7 @@ struct ConfTextAquaColorTheme: ConfTextColorTheme {
         HighlightPublicKey.rawValue: NSColor(hex: "#643820"), // Preprocessor directives in Xcode
         HighlightPrivateKey.rawValue: NSColor(hex: "#643820"), // Preprocessor directives in Xcode
         HighlightPresharedKey.rawValue: NSColor(hex: "#643820"), // Preprocessor directives in Xcode
+        HighlightProxyEndpoint.rawValue: NSColor(hex: "#9B2393"), // Preprocessor directives in Xcode
         HighlightIP.rawValue: NSColor(hex: "#0E0EFF"), // URLs in Xcode
         HighlightHost.rawValue: NSColor(hex: "#0E0EFF"), // URLs in Xcode
         HighlightCidr.rawValue: NSColor(hex: "#815F03"), // Attributes in Xcode
@@ -35,6 +36,7 @@ struct ConfTextDarkAquaColorTheme: ConfTextColorTheme {
         HighlightPublicKey.rawValue: NSColor(hex: "#FD8F3F"), // Preprocessor directives in Xcode
         HighlightPrivateKey.rawValue: NSColor(hex: "#FD8F3F"), // Preprocessor directives in Xcode
         HighlightPresharedKey.rawValue: NSColor(hex: "#FD8F3F"), // Preprocessor directives in Xcode
+        HighlightProxyEndpoint.rawValue: NSColor(hex: "#9B2393"), // Preprocessor directives in Xcode
         HighlightIP.rawValue: NSColor(hex: "#53A5FB"), // URLs in Xcode
         HighlightHost.rawValue: NSColor(hex: "#53A5FB"), // URLs in Xcode
         HighlightCidr.rawValue: NSColor(hex: "#75B492"), // Attributes in Xcode