react-native-ovpn 0.1.0

package/android/src/main/java/com/openvpn/OpenvpnService.kt

@@ -0,0 +1,248 @@
+package com.openvpn
+
+import android.app.NotificationChannel
+import android.app.NotificationManager
+import android.content.Context
+import android.content.Intent
+import android.graphics.Color
+import android.os.Build
+import android.os.RemoteException
+import android.util.Log
+import de.blinkt.openvpn.VpnProfile
+import de.blinkt.openvpn.core.ConnectionStatus
+import de.blinkt.openvpn.core.OpenVPNService
+import de.blinkt.openvpn.core.ProfileManager
+import de.blinkt.openvpn.core.VpnStatus
+
+private const val TAG = "OpenvpnDbg"
+
+/**
+ * Extends [OpenVPNService] to intercept state/byte-count callbacks and forward
+ * them to [OpenvpnEventBus].
+ *
+ * Starting the tunnel
+ * -------------------
+ * The parent's `startOpenVPN(Intent, startId)` is private, so we cannot call it
+ * directly from a subclass. Instead we:
+ *   1. Register the [VpnProfile] as a temporary profile via
+ *      [ProfileManager.setTemporaryProfile], which persists it by UUID.
+ *   2. Re-build the intent with the UUID extras that the parent's
+ *      `fetchVPNProfile(intent)` expects (`VpnProfile.EXTRA_PROFILEUUID` +
+ *      `VpnProfile.EXTRA_PROFILE_VERSION`) and delegate to
+ *      `super.onStartCommand(...)`.
+ *
+ * Stopping the tunnel
+ * -------------------
+ * [OpenVPNService.stopVPN] is declared in `IOpenVPNServiceInternal` and throws
+ * [RemoteException]; we catch and ignore it here.
+ *
+ * Listener overrides
+ * ------------------
+ * The parent already implements [VpnStatus.StateListener] and
+ * [VpnStatus.ByteCountListener]. We override those methods, forward to the
+ * EventBus, and then call super so the parent's notification logic still runs.
+ * We do NOT register/unregister the listeners separately — the parent
+ * `onStartCommand` and `onDestroy` handle that.
+ */
+class OpenvpnService : OpenVPNService() {
+
+  private var lastEmittedAt: Long = 0L
+  // Latched at the moment we first observe LEVEL_CONNECTED so that
+  // durationMs is honest after service restarts / reconnections.
+  private var sessionStartedAt: Long = 0L
+
+  override fun onCreate() {
+    Log.i(TAG, "OpenvpnService.onCreate")
+    createOpenVpnChannels()
+    super.onCreate()
+    // Capture ics-openvpn's internal log lines (including the openvpn binary's
+    // stdout/stderr) and forward them both to logcat (for debugging) and to
+    // the JS bridge.
+    VpnStatus.addLogListener { item ->
+      val s = item.getString(this)
+      Log.i(TAG, "vpn-log: $s")
+      OpenvpnEventBus.emitLog(s)
+    }
+  }
+
+  private fun createOpenVpnChannels() {
+    if (Build.VERSION.SDK_INT < Build.VERSION_CODES.O) return
+    val mgr = getSystemService(Context.NOTIFICATION_SERVICE) as? NotificationManager
+      ?: return
+
+    if (mgr.getNotificationChannel(NOTIFICATION_CHANNEL_BG_ID) == null) {
+      val bg = NotificationChannel(
+        NOTIFICATION_CHANNEL_BG_ID,
+        "VPN background",
+        NotificationManager.IMPORTANCE_MIN,
+      ).apply {
+        description = "Ongoing VPN connection status"
+        enableLights(false)
+        lightColor = Color.DKGRAY
+      }
+      mgr.createNotificationChannel(bg)
+    }
+    if (mgr.getNotificationChannel(NOTIFICATION_CHANNEL_NEWSTATUS_ID) == null) {
+      val status = NotificationChannel(
+        NOTIFICATION_CHANNEL_NEWSTATUS_ID,
+        "VPN status",
+        NotificationManager.IMPORTANCE_LOW,
+      ).apply {
+        description = "VPN status change notifications"
+        enableLights(true)
+        lightColor = Color.BLUE
+      }
+      mgr.createNotificationChannel(status)
+    }
+    if (mgr.getNotificationChannel(NOTIFICATION_CHANNEL_USERREQ_ID) == null) {
+      val req = NotificationChannel(
+        NOTIFICATION_CHANNEL_USERREQ_ID,
+        "VPN requests",
+        NotificationManager.IMPORTANCE_HIGH,
+      ).apply {
+        description = "Urgent VPN requests (e.g. 2FA)"
+        enableVibration(true)
+        lightColor = Color.CYAN
+      }
+      mgr.createNotificationChannel(req)
+    }
+  }
+
+  override fun onStartCommand(intent: Intent?, flags: Int, startId: Int): Int {
+    if (intent?.action == ACTION_STOP) {
+      stopTunnel()
+      return START_NOT_STICKY
+    }
+
+    @Suppress("DEPRECATION")
+    val profile = intent?.getSerializableExtra(EXTRA_PROFILE) as? VpnProfile
+
+    if (profile == null) {
+      OpenvpnEventBus.emitError("NATIVE_ERROR", "OpenvpnService started without a profile")
+      return START_NOT_STICKY
+    }
+
+    // Register the profile so the parent's fetchVPNProfile can find it by UUID.
+    ProfileManager.setTemporaryProfile(this, profile)
+
+    // Build an intent the parent's fetchVPNProfile understands.
+    val parentIntent = Intent(intent).apply {
+      putExtra(VpnProfile.EXTRA_PROFILEUUID, profile.uuid.toString())
+      putExtra(VpnProfile.EXTRA_PROFILE_VERSION, profile.mVersion)
+      // Remove our own extras so the parent doesn't trip on them.
+      removeExtra(EXTRA_PROFILE)
+      removeExtra(EXTRA_NOTIF_TITLE)
+      removeExtra(EXTRA_NOTIF_TEXT)
+      removeExtra(EXTRA_NOTIF_ICON)
+      removeExtra(EXTRA_NOTIF_CHANNEL)
+    }
+
+    return super.onStartCommand(parentIntent, flags, startId)
+  }
+
+  private fun stopTunnel() {
+    // Emit transition states synchronously: the openvpn binary takes ~50-200ms
+    // to actually exit after SIGINT, and stopSelf() below unregisters our
+    // VpnStatus listener before the binary's exit callback fires. Without
+    // these explicit emits the JS bridge never observes the disconnected state
+    // and the UI stays stuck on "connected".
+    OpenvpnEventBus.emitState("disconnecting")
+    try {
+      stopVPN(false)
+    } catch (_: RemoteException) {
+      // Management interface not running; nothing to stop.
+    }
+    OpenvpnEventBus.emitState("disconnected")
+    sessionStartedAt = 0L
+    @Suppress("DEPRECATION")
+    stopForeground(true)
+    stopSelf()
+  }
+
+  // ── VpnStatus.StateListener ──────────────────────────────────────────────
+
+  override fun updateState(
+    state: String?,
+    logmessage: String?,
+    resid: Int,
+    level: ConnectionStatus?,
+    intent: Intent?,
+  ) {
+    Log.i(TAG, "updateState: state=$state level=$level msg=$logmessage")
+    // Let the parent update the foreground notification.
+    super.updateState(state, logmessage, resid, level, intent)
+
+    val mapped = mapState(level)
+    OpenvpnEventBus.emitState(mapped)
+    if (!logmessage.isNullOrEmpty()) OpenvpnEventBus.emitLog(logmessage)
+
+    // Latch session start when we first observe the connected level. Reset
+    // on disconnect so that a subsequent connection re-latches. This makes
+    // durationMs accurate across service restarts / reconnects.
+    when (level) {
+      ConnectionStatus.LEVEL_CONNECTED ->
+        if (sessionStartedAt == 0L) sessionStartedAt = System.currentTimeMillis()
+      ConnectionStatus.LEVEL_NOTCONNECTED,
+      ConnectionStatus.LEVEL_NONETWORK,
+      ConnectionStatus.LEVEL_AUTH_FAILED ->
+        sessionStartedAt = 0L
+      else -> { /* keep latched */ }
+    }
+
+    // Map ics-openvpn ConnectionStatus levels to our error codes. The `state`
+    // string varies across versions, so we discriminate on the typed enum.
+    when (level) {
+      ConnectionStatus.LEVEL_AUTH_FAILED ->
+        OpenvpnEventBus.emitError("AUTH_FAILED", logmessage)
+      ConnectionStatus.LEVEL_NONETWORK ->
+        OpenvpnEventBus.emitError("NETWORK_UNREACHABLE", logmessage)
+      else -> { /* not an error level */ }
+    }
+  }
+
+  override fun setConnectedVPN(uuid: String?) {
+    super.setConnectedVPN(uuid)
+  }
+
+  // ── VpnStatus.ByteCountListener ──────────────────────────────────────────
+
+  override fun updateByteCount(inBytes: Long, outBytes: Long, diffIn: Long, diffOut: Long) {
+    super.updateByteCount(inBytes, outBytes, diffIn, diffOut)
+
+    val now = System.currentTimeMillis()
+    if (now - lastEmittedAt < BYTES_EMIT_INTERVAL_MS) return
+    lastEmittedAt = now
+    // Before we've observed LEVEL_CONNECTED, durationMs is 0 — better than
+    // reporting time-since-service-create as connected duration.
+    val durationMs = if (sessionStartedAt == 0L) 0L else (now - sessionStartedAt)
+    OpenvpnEventBus.emitStats(inBytes, outBytes, durationMs)
+  }
+
+  // ── Helpers ──────────────────────────────────────────────────────────────
+
+  private fun mapState(level: ConnectionStatus?): String =
+    when (level) {
+      ConnectionStatus.LEVEL_CONNECTED -> "connected"
+      ConnectionStatus.LEVEL_NOTCONNECTED -> "disconnected"
+      ConnectionStatus.LEVEL_AUTH_FAILED -> "error"
+      ConnectionStatus.LEVEL_CONNECTING_NO_SERVER_REPLY_YET,
+      ConnectionStatus.LEVEL_CONNECTING_SERVER_REPLIED -> "connecting"
+      ConnectionStatus.LEVEL_WAITING_FOR_USER_INPUT -> "connecting"
+      ConnectionStatus.LEVEL_VPNPAUSED -> "disconnecting"
+      ConnectionStatus.LEVEL_NONETWORK -> "disconnected"
+      ConnectionStatus.LEVEL_START -> "connecting"
+      ConnectionStatus.UNKNOWN_LEVEL,
+      null -> "idle"
+    }
+
+  companion object {
+    const val ACTION_START = "com.openvpn.START"
+    const val ACTION_STOP = "com.openvpn.STOP"
+    const val EXTRA_PROFILE = "profile"
+    const val EXTRA_NOTIF_TITLE = "notif_title"
+    const val EXTRA_NOTIF_TEXT = "notif_text"
+    const val EXTRA_NOTIF_ICON = "notif_icon"
+    const val EXTRA_NOTIF_CHANNEL = "notif_channel"
+    private const val BYTES_EMIT_INTERVAL_MS = 1000L
+  }
+}

package/android/src/main/java/com/openvpn/PermissionLauncher.kt

@@ -0,0 +1,39 @@
+package com.openvpn
+
+import android.app.Activity
+import android.content.Intent
+import android.net.VpnService
+import com.facebook.react.bridge.Promise
+import com.facebook.react.bridge.ReactApplicationContext
+import java.util.concurrent.atomic.AtomicReference
+
+object PermissionLauncher {
+
+  private const val REQUEST_CODE = 0xCAF3
+
+  private val pending = AtomicReference<Promise?>(null)
+
+  fun request(reactContext: ReactApplicationContext, promise: Promise) {
+    val intent = VpnService.prepare(reactContext)
+    if (intent == null) {
+      promise.resolve(true)
+      return
+    }
+    val activity = reactContext.currentActivity
+    if (activity == null) {
+      promise.reject("PERMISSION_DENIED", "No current Activity to launch the VPN consent dialog")
+      return
+    }
+    if (!pending.compareAndSet(null, promise)) {
+      promise.reject("PERMISSION_DENIED", "Another permission request is already in flight")
+      return
+    }
+    activity.startActivityForResult(intent, REQUEST_CODE)
+  }
+
+  fun onActivityResult(requestCode: Int, resultCode: Int, @Suppress("UNUSED_PARAMETER") data: Intent?) {
+    if (requestCode != REQUEST_CODE) return
+    val promise = pending.getAndSet(null) ?: return
+    promise.resolve(resultCode == Activity.RESULT_OK)
+  }
+}

package/android/src/main/java/com/openvpn/ProfileBuilder.kt

@@ -0,0 +1,68 @@
+package com.openvpn
+
+import de.blinkt.openvpn.VpnProfile
+import de.blinkt.openvpn.core.ConfigParser
+import java.io.StringReader
+
+object ProfileBuilder {
+
+  fun build(
+    ovpn: String,
+    username: String,
+    password: String,
+    dns: List<String>,
+    killSwitch: Boolean,
+  ): VpnProfile {
+    val sanitized = ensureLegacyCipherSupport(ovpn)
+    val parser = ConfigParser()
+    try {
+      parser.parseConfig(StringReader(sanitized))
+    } catch (e: Exception) {
+      throw OpenvpnException("INVALID_CONFIG", e.message ?: "failed to parse .ovpn")
+    }
+
+    val profile = parser.convertProfile()
+    profile.mUsername = username
+    profile.mPassword = password
+
+    if (dns.isNotEmpty()) {
+      profile.mOverrideDNS = true
+      profile.mDNS1 = dns.getOrNull(0).orEmpty()
+      profile.mDNS2 = dns.getOrNull(1).orEmpty()
+    }
+
+    if (killSwitch) {
+      profile.mBlockUnusedAddressFamilies = true
+      profile.mAllowLocalLAN = false
+    }
+
+    return profile
+  }
+
+  // OpenVPN 2.6+ rejects deprecated ciphers (AES-128-CBC, AES-256-CBC, BF-CBC)
+  // from negotiation by default. Many legacy servers (VPN Gate, SoftEther
+  // exports, older OpenVPN Access Servers) still push these. To preserve
+  // compatibility we ensure the resulting profile advertises both the modern
+  // defaults and the common legacy fallbacks unless the user already supplied
+  // an explicit data-ciphers directive.
+  private fun ensureLegacyCipherSupport(ovpn: String): String {
+    val hasDataCiphers = ovpn.lineSequence().any {
+      val t = it.trim()
+      t.startsWith("data-ciphers ") || t == "data-ciphers"
+    }
+    val hasFallback = ovpn.lineSequence().any {
+      val t = it.trim()
+      t.startsWith("data-ciphers-fallback ") || t == "data-ciphers-fallback"
+    }
+    if (hasDataCiphers && hasFallback) return ovpn
+    val builder = StringBuilder(ovpn)
+    if (!ovpn.endsWith("\n")) builder.append('\n')
+    if (!hasDataCiphers) {
+      builder.append("data-ciphers AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-256-CBC:AES-128-CBC\n")
+    }
+    if (!hasFallback) {
+      builder.append("data-ciphers-fallback AES-128-CBC\n")
+    }
+    return builder.toString()
+  }
+}

package/android/src/main/res/drawable/ic_vpn_default.xml

@@ -0,0 +1,10 @@
+<vector xmlns:android="http://schemas.android.com/apk/res/android"
+    android:width="24dp"
+    android:height="24dp"
+    android:viewportWidth="24"
+    android:viewportHeight="24"
+    android:tint="?attr/colorControlNormal">
+  <path
+      android:fillColor="#FFFFFFFF"
+      android:pathData="M12,1L3,5v6c0,5.55 3.84,10.74 9,12c5.16,-1.26 9,-6.45 9,-12V5l-9,-4zM10.94,16.93L7.4,13.4l1.41,-1.41l2.12,2.12l5.66,-5.66l1.41,1.41l-7.07,7.07z"/>
+</vector>

package/android/src/main/res/values/strings.xml

@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="utf-8"?>
+<resources>
+  <string name="openvpn_notification_title">Connected</string>
+  <string name="openvpn_notification_text">VPN is active</string>
+  <string name="openvpn_notification_channel_name">VPN status</string>
+</resources>

package/android/src/test/java/com/openvpn/NotificationHelperTest.kt

@@ -0,0 +1,49 @@
+package com.openvpn
+
+import android.content.Context
+import androidx.test.core.app.ApplicationProvider
+import org.junit.Assert.assertEquals
+import org.junit.Assert.assertNotNull
+import org.junit.Test
+import org.junit.runner.RunWith
+import org.robolectric.RobolectricTestRunner
+
+@RunWith(RobolectricTestRunner::class)
+class NotificationHelperTest {
+
+  private val context: Context = ApplicationProvider.getApplicationContext()
+
+  @Test
+  fun `build returns a Notification with defaults`() {
+    val n = NotificationHelper.build(context, NotificationOverrides())
+    assertNotNull(n)
+    val extras = n.extras
+    assertEquals("Connected", extras.getString("android.title"))
+    assertEquals("VPN is active", extras.getString("android.text"))
+  }
+
+  @Test
+  fun `build applies title override`() {
+    val n = NotificationHelper.build(
+      context,
+      NotificationOverrides(title = "MyVPN connected"),
+    )
+    assertEquals("MyVPN connected", n.extras.getString("android.title"))
+  }
+
+  @Test
+  fun `build applies text override`() {
+    val n = NotificationHelper.build(
+      context,
+      NotificationOverrides(text = "Routing your traffic"),
+    )
+    assertEquals("Routing your traffic", n.extras.getString("android.text"))
+  }
+
+  @Test
+  fun `ensureChannel does not throw`() {
+    NotificationHelper.ensureChannel(context, "openvpn", "VPN status")
+    // Channel manager assertions vary by Robolectric version; this test just
+    // verifies the call does not throw.
+  }
+}

package/android/src/test/java/com/openvpn/ProfileBuilderTest.kt

@@ -0,0 +1,83 @@
+package com.openvpn
+
+import org.junit.Assert.assertEquals
+import org.junit.Assert.assertNotNull
+import org.junit.Assert.assertTrue
+import org.junit.Test
+import org.junit.runner.RunWith
+import org.robolectric.RobolectricTestRunner
+
+@RunWith(RobolectricTestRunner::class)
+class ProfileBuilderTest {
+
+  private val minimalOvpn = """
+    client
+    dev tun
+    proto udp
+    remote 1.2.3.4 1194
+    cipher AES-256-CBC
+  """.trimIndent()
+
+  @Test
+  fun `builds VpnProfile from minimal config`() {
+    val profile = ProfileBuilder.build(
+      ovpn = minimalOvpn,
+      username = "alice",
+      password = "s3cret",
+      dns = emptyList(),
+      killSwitch = false,
+    )
+    assertNotNull(profile)
+    assertEquals("alice", profile.mUsername)
+    assertEquals("s3cret", profile.mPassword)
+  }
+
+  @Test
+  fun `injects DNS override when provided`() {
+    val profile = ProfileBuilder.build(
+      ovpn = minimalOvpn,
+      username = "u",
+      password = "p",
+      dns = listOf("1.1.1.1", "1.0.0.1"),
+      killSwitch = false,
+    )
+    assertTrue(profile.mOverrideDNS)
+    assertEquals("1.1.1.1", profile.mDNS1)
+    assertEquals("1.0.0.1", profile.mDNS2)
+  }
+
+  @Test
+  fun `does not override DNS when list is empty`() {
+    val profile = ProfileBuilder.build(
+      ovpn = minimalOvpn,
+      username = "u",
+      password = "p",
+      dns = emptyList(),
+      killSwitch = false,
+    )
+    assertEquals(false, profile.mOverrideDNS)
+  }
+
+  @Test
+  fun `sets kill-switch flag when requested`() {
+    val profile = ProfileBuilder.build(
+      ovpn = minimalOvpn,
+      username = "u",
+      password = "p",
+      dns = emptyList(),
+      killSwitch = true,
+    )
+    assertTrue(profile.mBlockUnusedAddressFamilies)
+  }
+
+  @Test(expected = OpenvpnException::class)
+  fun `throws OpenvpnException on garbage input`() {
+    ProfileBuilder.build(
+      ovpn = "this is not an ovpn config",
+      username = "u",
+      password = "p",
+      dns = emptyList(),
+      killSwitch = false,
+    )
+  }
+}

package/app.plugin.js

@@ -0,0 +1,3 @@
+// This file is the entry point Expo expects for a config plugin shipped
+// alongside an npm package. It re-exports the compiled plugin from plugin/build.
+module.exports = require('./plugin/build');

package/ios/Openvpn-Bridging-Header.h

@@ -0,0 +1,8 @@
+//
+//  Openvpn-Bridging-Header.h
+//  react-native-ovpn
+//
+//  Exposes Objective-C / Objective-C++ symbols to the Swift sources in this
+//  pod. React Native's framework imports propagate automatically; add types
+//  here only when a Swift compile error demands them.
+//

package/ios/Openvpn.h

@@ -0,0 +1,5 @@
+#import <OpenvpnSpec/OpenvpnSpec.h>
+
+@interface Openvpn : NSObject <NativeOpenvpnSpec>
+
+@end

package/ios/Openvpn.mm

@@ -0,0 +1,123 @@
+#import "Openvpn.h"
+#import <React/RCTBridge.h>
+#import <React/RCTEventEmitter.h>
+
+// Bridges to Swift sources in this pod. CocoaPods generates this header
+// from the @objc-annotated Swift classes (OpenvpnManager, OpenvpnEventBridge,
+// OpenvpnConstants, etc.). Header name pattern: "<ModuleName>-Swift.h".
+#import "Openvpn-Swift.h"
+
+@implementation Openvpn
+
+RCT_EXPORT_MODULE(Openvpn)
+
++ (BOOL)requiresMainQueueSetup {
+  return NO;
+}
+
+- (NSArray<NSString *> *)supportedEvents {
+  return @[ @"OpenVpn:state", @"OpenVpn:stats", @"OpenVpn:log", @"OpenVpn:error" ];
+}
+
+- (void)setBridge:(RCTBridge *)bridge {
+  [super setBridge:bridge];
+  [[OpenvpnEventBridge shared] attach:bridge];
+}
+
+- (void)invalidate {
+  [[OpenvpnEventBridge shared] detach];
+  [super invalidate];
+}
+
+// MARK: TurboModule methods
+
+- (void)requestPermission:(RCTPromiseResolveBlock)resolve
+                   reject:(RCTPromiseRejectBlock)reject {
+  [[OpenvpnManager shared] requestPermissionWithCompletion:^(BOOL granted, NSError * _Nullable error) {
+    if (error) {
+      reject(@"PERMISSION_DENIED", error.localizedDescription, error);
+      return;
+    }
+    resolve(@(granted));
+  }];
+}
+
+- (void)connect:(NSDictionary *)params
+        resolve:(RCTPromiseResolveBlock)resolve
+         reject:(RCTPromiseRejectBlock)reject {
+  // Per-app routing rejection (iOS does not support it without MDM).
+  NSArray *allowedApps = params[@"allowedApps"];
+  NSArray *disallowedApps = params[@"disallowedApps"];
+  if ((allowedApps && allowedApps.count > 0) ||
+      (disallowedApps && disallowedApps.count > 0)) {
+    reject(@"INVALID_CONFIG",
+           @"per-app routing not supported on iOS (MDM-only)",
+           nil);
+    return;
+  }
+
+  NSString *ovpn = params[@"config"];
+  if (!ovpn) {
+    reject(@"INVALID_CONFIG", @"config missing", nil);
+    return;
+  }
+  NSString *username = params[@"username"] ?: @"";
+  NSString *password = params[@"password"] ?: @"";
+  NSArray<NSString *> *dns = params[@"dns"] ?: @[];
+
+  // killSwitch is silently ignored on iOS (deferred to Plan 3.1) per the
+  // Plan 3 spec extension §5.
+
+  [[OpenvpnManager shared] connectWithOvpn:ovpn
+                                  username:username
+                                  password:password
+                                       dns:dns
+                                completion:^(BOOL ok, NSError * _Nullable error) {
+    if (error) {
+      reject(@"NATIVE_ERROR", error.localizedDescription, error);
+      return;
+    }
+    resolve(nil);
+  }];
+}
+
+- (void)disconnect:(RCTPromiseResolveBlock)resolve
+            reject:(RCTPromiseRejectBlock)reject {
+  [[OpenvpnManager shared] disconnectWithCompletion:^(BOOL ok, NSError * _Nullable error) {
+    if (error) {
+      reject(@"NATIVE_ERROR", error.localizedDescription, error);
+      return;
+    }
+    resolve(nil);
+  }];
+}
+
+- (void)getStatus:(RCTPromiseResolveBlock)resolve
+           reject:(RCTPromiseRejectBlock)reject {
+  resolve(@{ @"state": @"idle" });
+}
+
+- (void)getStats:(RCTPromiseResolveBlock)resolve
+          reject:(RCTPromiseRejectBlock)reject {
+  resolve(@{
+    @"bytesIn": @0,
+    @"bytesOut": @0,
+    @"durationMs": @0,
+  });
+}
+
+// addListener / removeListeners are required by NativeEventEmitter and are
+// no-ops on our side (the event bus emits unconditionally).
+- (void)addListener:(NSString *)eventName {}
+- (void)removeListeners:(double)count {}
+
+- (std::shared_ptr<facebook::react::TurboModule>)getTurboModule:
+    (const facebook::react::ObjCTurboModule::InitParams &)params {
+  return std::make_shared<facebook::react::NativeOpenvpnSpecJSI>(params);
+}
+
++ (NSString *)moduleName {
+  return @"Openvpn";
+}
+
+@end