react-native-ovpn 0.1.0

package/ios/OpenvpnAppGroup.swift

@@ -0,0 +1,59 @@
+import Foundation
+
+/// Read-only view over the App Group container, used by the host app to
+/// observe stats and log lines the PacketTunnelProvider writes there.
+///
+/// The extension writes; the host reads. Atomic file writes keep readers
+/// safe from torn writes; we tolerate brief absence by returning nil.
+struct OpenvpnAppGroup {
+
+  let identifier: String
+
+  /// Returns the path to a file inside the shared container, or nil if the
+  /// App Group is not configured / accessible.
+  func url(for filename: String) -> URL? {
+    return FileManager.default.containerURL(
+      forSecurityApplicationGroupIdentifier: identifier
+    )?.appendingPathComponent(filename)
+  }
+
+  /// Reads the latest stats snapshot. Returns nil if the file is missing
+  /// or malformed.
+  ///
+  /// JSONSerialization returns numbers as `NSNumber`. A direct `as? Int64`
+  /// against `NSNumber` always fails in Swift; we must go through
+  /// `NSNumber.int64Value`.
+  func readStats() -> (bytesIn: Int64, bytesOut: Int64, durationMs: Int64)? {
+    guard let url = url(for: OpenvpnConstants.statsFilename),
+          let data = try? Data(contentsOf: url),
+          let json = try? JSONSerialization.jsonObject(with: data) as? [String: Any],
+          let bytesIn = (json["bytesIn"] as? NSNumber)?.int64Value,
+          let bytesOut = (json["bytesOut"] as? NSNumber)?.int64Value,
+          let durationMs = (json["durationMs"] as? NSNumber)?.int64Value
+    else {
+      return nil
+    }
+    return (bytesIn, bytesOut, durationMs)
+  }
+
+  /// Reads any new log lines since the given byte offset. Returns the lines
+  /// and the new offset (the file's current size). Returns nil if missing.
+  func readLog(sinceOffset: UInt64) -> (lines: [String], newOffset: UInt64)? {
+    guard let url = url(for: OpenvpnConstants.logFilename) else { return nil }
+    guard let handle = try? FileHandle(forReadingFrom: url) else { return nil }
+    defer { try? handle.close() }
+    do {
+      try handle.seek(toOffset: sinceOffset)
+    } catch {
+      // File rotated / truncated under us — re-read from start.
+      do { try handle.seek(toOffset: 0) } catch { return nil }
+    }
+    let data: Data
+    do { data = try handle.readToEnd() ?? Data() } catch { return nil }
+    let lines = String(data: data, encoding: .utf8)?
+      .split(separator: "\n")
+      .map(String.init) ?? []
+    let newOffset = sinceOffset + UInt64(data.count)
+    return (lines, newOffset)
+  }
+}

package/ios/OpenvpnConstants.swift

@@ -0,0 +1,46 @@
+import Foundation
+
+/// Centralized constants used across the iOS side.
+enum OpenvpnConstants {
+
+  // MARK: Info.plist keys
+
+  /// Required key in the host app's Info.plist. Value is the App Group
+  /// identifier (e.g. "group.com.example.openvpn") that the host and the
+  /// PacketTunnelProvider extension share.
+  ///
+  /// We propagate this value to the extension via providerConfiguration so
+  /// the extension does not need its own Info.plist entry.
+  static let infoPlistAppGroupKey = "OpenVPNAppGroupIdentifier"
+
+  // MARK: providerConfiguration keys
+
+  /// Key under which the .ovpn config string is stored in
+  /// NETunnelProviderProtocol.providerConfiguration.
+  static let configKey = "ovpn_config"
+
+  /// Username (UTF-8 string).
+  static let usernameKey = "ovpn_username"
+
+  /// Password (UTF-8 string). Encrypted at rest by iOS.
+  static let passwordKey = "ovpn_password"
+
+  /// Optional list of DNS servers (Array<String>) to override pushed DNS.
+  static let dnsKey = "ovpn_dns"
+
+  /// App Group identifier — propagated from host to extension so the
+  /// extension reads/writes the same shared container.
+  static let appGroupKey = "ovpn_app_group"
+
+  // MARK: RCT event channels
+
+  static let stateChannel = "OpenVpn:state"
+  static let statsChannel = "OpenVpn:stats"
+  static let logChannel   = "OpenVpn:log"
+  static let errorChannel = "OpenVpn:error"
+
+  // MARK: App Group filenames
+
+  static let statsFilename = "openvpn-stats.json"
+  static let logFilename   = "openvpn-log.txt"
+}

package/ios/OpenvpnEventBridge.swift

@@ -0,0 +1,58 @@
+import Foundation
+import React
+
+/// Emits OpenVpn:state/stats/log/error events back to JS. Holds a weak
+/// reference to the RCT bridge so it doesn't extend the bridge's lifetime.
+@objc(OpenvpnEventBridge)
+final class OpenvpnEventBridge: NSObject {
+
+  @objc static let shared = OpenvpnEventBridge()
+
+  override init() { super.init() }
+
+  private weak var bridge: RCTBridge?
+
+  @objc func attach(_ bridge: RCTBridge?) {
+    self.bridge = bridge
+  }
+
+  @objc func detach() {
+    self.bridge = nil
+  }
+
+  // MARK: Channels
+
+  @objc func emitState(_ state: String) {
+    emit(OpenvpnConstants.stateChannel, body: state)
+  }
+
+  @objc func emitStats(bytesIn: Int64, bytesOut: Int64, durationMs: Int64) {
+    emit(OpenvpnConstants.statsChannel, body: [
+      "bytesIn": NSNumber(value: bytesIn),
+      "bytesOut": NSNumber(value: bytesOut),
+      "durationMs": NSNumber(value: durationMs),
+    ])
+  }
+
+  @objc func emitLog(_ line: String) {
+    emit(OpenvpnConstants.logChannel, body: line)
+  }
+
+  @objc func emitError(code: String, nativeMessage: String?) {
+    var body: [String: Any] = ["code": code]
+    if let msg = nativeMessage { body["nativeMessage"] = msg }
+    emit(OpenvpnConstants.errorChannel, body: body)
+  }
+
+  // MARK: Internal
+
+  private func emit(_ name: String, body: Any) {
+    guard let bridge = self.bridge else { return }
+    bridge.enqueueJSCall(
+      "RCTDeviceEventEmitter",
+      method: "emit",
+      args: [name, body],
+      completion: nil
+    )
+  }
+}

package/ios/OpenvpnManager.swift

@@ -0,0 +1,219 @@
+import Foundation
+import NetworkExtension
+
+/// High-level controller for the OpenVPN tunnel from the host app's side.
+/// Manages NETunnelProviderManager lifecycle, starts/stops the extension,
+/// observes status changes, and polls the App Group container for stats
+/// and log lines written by the extension.
+@objc(OpenvpnManager)
+final class OpenvpnManager: NSObject {
+
+  @objc static let shared = OpenvpnManager()
+
+  override init() { super.init() }
+
+  private var statusObserver: NSObjectProtocol?
+  private var statsTimer: Timer?
+  private var logTimer: Timer?
+  private var logOffset: UInt64 = 0
+  private var sessionStartedAt: Date?
+
+  // MARK: Permission
+
+  /// Triggers iOS's "Allow VPN configuration?" prompt on first call by
+  /// saving an (empty) preference. Subsequent calls are silent.
+  @objc(requestPermissionWithCompletion:)
+  func requestPermission(completion: @escaping (Bool, Error?) -> Void) {
+    NETunnelProviderManager.loadAllFromPreferences { managers, error in
+      if let error = error {
+        completion(false, error)
+        return
+      }
+      let manager = managers?.first ?? NETunnelProviderManager()
+      manager.localizedDescription = "OpenVPN"
+      manager.saveToPreferences { saveError in
+        if let saveError = saveError as NSError? {
+          if saveError.code == NEVPNError.configurationReadWriteFailed.rawValue {
+            completion(false, nil)
+          } else {
+            completion(false, saveError)
+          }
+          return
+        }
+        completion(true, nil)
+      }
+    }
+  }
+
+  // MARK: Connect / Disconnect
+
+  @objc(connectWithOvpn:username:password:dns:completion:)
+  func connect(
+    ovpn: String,
+    username: String,
+    password: String,
+    dns: [String],
+    completion: @escaping (Bool, Error?) -> Void
+  ) {
+    guard let appGroup = appGroupIdentifier() else {
+      completion(false, NSError(
+        domain: "Openvpn",
+        code: 1,
+        userInfo: [NSLocalizedDescriptionKey:
+          "Missing OpenVPNAppGroupIdentifier in host app Info.plist"]
+      ))
+      return
+    }
+
+    NETunnelProviderManager.loadAllFromPreferences { managers, error in
+      if let error = error {
+        completion(false, error)
+        return
+      }
+      let manager = managers?.first ?? NETunnelProviderManager()
+      manager.localizedDescription = "OpenVPN"
+
+      let protocolConfig = NETunnelProviderProtocol()
+      protocolConfig.providerBundleIdentifier = self.extensionBundleIdentifier()
+      protocolConfig.serverAddress = self.extractRemote(from: ovpn) ?? "openvpn-server"
+      protocolConfig.providerConfiguration = [
+        OpenvpnConstants.configKey: ovpn,
+        OpenvpnConstants.usernameKey: username,
+        OpenvpnConstants.passwordKey: password,
+        OpenvpnConstants.dnsKey: dns,
+        OpenvpnConstants.appGroupKey: appGroup,
+      ]
+      manager.protocolConfiguration = protocolConfig
+      manager.isEnabled = true
+
+      manager.saveToPreferences { saveError in
+        if let saveError = saveError {
+          completion(false, saveError)
+          return
+        }
+        manager.loadFromPreferences { loadError in
+          if let loadError = loadError {
+            completion(false, loadError)
+            return
+          }
+          self.startObservingStatus(manager: manager)
+          do {
+            try manager.connection.startVPNTunnel()
+            self.beginPolling(appGroup: appGroup)
+            completion(true, nil)
+          } catch {
+            completion(false, error)
+          }
+        }
+      }
+    }
+  }
+
+  @objc(disconnectWithCompletion:)
+  func disconnect(completion: @escaping (Bool, Error?) -> Void) {
+    NETunnelProviderManager.loadAllFromPreferences { managers, _ in
+      managers?.first?.connection.stopVPNTunnel()
+      self.stopPolling()
+      completion(true, nil)
+    }
+  }
+
+  // MARK: Status observation
+
+  private func startObservingStatus(manager: NETunnelProviderManager) {
+    if let observer = statusObserver {
+      NotificationCenter.default.removeObserver(observer)
+    }
+    statusObserver = NotificationCenter.default.addObserver(
+      forName: .NEVPNStatusDidChange,
+      object: manager.connection,
+      queue: .main
+    ) { [weak self] _ in
+      let status = manager.connection.status
+      let mapped = Self.mapStatus(status)
+      OpenvpnEventBridge.shared.emitState(mapped)
+
+      if status == .connected, self?.sessionStartedAt == nil {
+        self?.sessionStartedAt = Date()
+      }
+      if status == .disconnected {
+        self?.sessionStartedAt = nil
+      }
+    }
+  }
+
+  private static func mapStatus(_ status: NEVPNStatus) -> String {
+    switch status {
+    case .invalid:        return "idle"
+    case .disconnected:   return "disconnected"
+    case .connecting:     return "connecting"
+    case .connected:      return "connected"
+    case .reasserting:    return "reconnecting"
+    case .disconnecting:  return "disconnecting"
+    @unknown default:     return "idle"
+    }
+  }
+
+  // MARK: Polling App Group for stats + logs
+
+  private func beginPolling(appGroup: String) {
+    let group = OpenvpnAppGroup(identifier: appGroup)
+    logOffset = 0
+
+    statsTimer?.invalidate()
+    statsTimer = Timer.scheduledTimer(withTimeInterval: 1.0, repeats: true) { _ in
+      guard let stats = group.readStats() else { return }
+      OpenvpnEventBridge.shared.emitStats(
+        bytesIn: stats.bytesIn,
+        bytesOut: stats.bytesOut,
+        durationMs: stats.durationMs
+      )
+    }
+
+    logTimer?.invalidate()
+    logTimer = Timer.scheduledTimer(withTimeInterval: 0.5, repeats: true) { [weak self] _ in
+      guard let self = self else { return }
+      guard let result = group.readLog(sinceOffset: self.logOffset) else { return }
+      for line in result.lines where !line.isEmpty {
+        OpenvpnEventBridge.shared.emitLog(line)
+      }
+      self.logOffset = result.newOffset
+    }
+  }
+
+  private func stopPolling() {
+    statsTimer?.invalidate()
+    statsTimer = nil
+    logTimer?.invalidate()
+    logTimer = nil
+    logOffset = 0
+    sessionStartedAt = nil
+  }
+
+  // MARK: Helpers
+
+  private func appGroupIdentifier() -> String? {
+    return Bundle.main.object(forInfoDictionaryKey: OpenvpnConstants.infoPlistAppGroupKey) as? String
+  }
+
+  private func extensionBundleIdentifier() -> String {
+    // Convention: extension bundle id is host bundle + ".OpenVPNTunnel".
+    // Consumers can override via the OpenVPNExtensionBundleIdentifier Info.plist key.
+    if let override = Bundle.main.object(forInfoDictionaryKey: "OpenVPNExtensionBundleIdentifier") as? String {
+      return override
+    }
+    let host = Bundle.main.bundleIdentifier ?? "com.example.app"
+    return "\(host).OpenVPNTunnel"
+  }
+
+  private func extractRemote(from ovpn: String) -> String? {
+    for line in ovpn.split(separator: "\n") {
+      let trimmed = line.trimmingCharacters(in: .whitespaces)
+      if trimmed.hasPrefix("remote ") {
+        let parts = trimmed.split(separator: " ", maxSplits: 2, omittingEmptySubsequences: true)
+        if parts.count >= 2 { return String(parts[1]) }
+      }
+    }
+    return nil
+  }
+}

package/ios/PacketTunnelProvider/Info.plist

@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+  <key>CFBundleDevelopmentRegion</key>
+  <string>$(DEVELOPMENT_LANGUAGE)</string>
+  <key>CFBundleDisplayName</key>
+  <string>OpenVPN Tunnel</string>
+  <key>CFBundleExecutable</key>
+  <string>$(EXECUTABLE_NAME)</string>
+  <key>CFBundleIdentifier</key>
+  <string>$(PRODUCT_BUNDLE_IDENTIFIER)</string>
+  <key>CFBundleInfoDictionaryVersion</key>
+  <string>6.0</string>
+  <key>CFBundleName</key>
+  <string>$(PRODUCT_NAME)</string>
+  <key>CFBundlePackageType</key>
+  <string>$(PRODUCT_BUNDLE_PACKAGE_TYPE)</string>
+  <key>CFBundleShortVersionString</key>
+  <string>1.0</string>
+  <key>CFBundleVersion</key>
+  <string>1</string>
+  <key>NSExtension</key>
+  <dict>
+    <key>NSExtensionPointIdentifier</key>
+    <string>com.apple.networkextension.packet-tunnel</string>
+    <key>NSExtensionPrincipalClass</key>
+    <string>$(PRODUCT_MODULE_NAME).PacketTunnelProvider</string>
+  </dict>
+</dict>
+</plist>

package/ios/PacketTunnelProvider/PacketTunnelProvider.swift

@@ -0,0 +1,199 @@
+//
+//  PacketTunnelProvider.swift
+//  Template shipped by react-native-openvpn.  Copy into your iOS app's
+//  Network Extension target.  See ios/PacketTunnelProvider/README.md for
+//  the full target-creation walkthrough.
+//
+
+import NetworkExtension
+import OpenVPNAdapter
+
+final class PacketTunnelProvider: NEPacketTunnelProvider {
+
+  private lazy var adapter: OpenVPNAdapter = {
+    let a = OpenVPNAdapter()
+    a.delegate = self
+    return a
+  }()
+
+  private var startCompletion: ((Error?) -> Void)?
+  private var stopCompletion: (() -> Void)?
+  private var appGroup: String?
+  private var sessionStartedAt: Date?
+  private var statsTick: Timer?
+
+  override func startTunnel(
+    options: [String : NSObject]?,
+    completionHandler: @escaping (Error?) -> Void
+  ) {
+    guard
+      let proto = self.protocolConfiguration as? NETunnelProviderProtocol,
+      let providerConfig = proto.providerConfiguration,
+      let configString = providerConfig["ovpn_config"] as? String
+    else {
+      completionHandler(NSError(
+        domain: "OpenVPN",
+        code: 1,
+        userInfo: [NSLocalizedDescriptionKey: "missing config"]
+      ))
+      return
+    }
+    let username = providerConfig["ovpn_username"] as? String ?? ""
+    let password = providerConfig["ovpn_password"] as? String ?? ""
+    let dns = providerConfig["ovpn_dns"] as? [String] ?? []
+    self.appGroup = providerConfig["ovpn_app_group"] as? String
+
+    // Apply DNS overrides via the standard OpenVPN dhcp-option directive,
+    // appending one line per server to the config text. OpenVPN3-core parses
+    // these reliably; setting them via OpenVPNConfiguration.settings is
+    // unreliable across versions of OpenVPNAdapter.
+    var effectiveConfig = configString
+    for server in dns where !server.isEmpty {
+      effectiveConfig += "\ndhcp-option DNS \(server)"
+    }
+
+    let configurationData = Data(effectiveConfig.utf8)
+    let configuration = OpenVPNConfiguration()
+    configuration.fileContent = configurationData
+    configuration.settings = [:]
+
+    do {
+      let evaluation = try adapter.apply(configuration: configuration)
+      if evaluation.isAutologin == false {
+        let credentials = OpenVPNCredentials()
+        credentials.username = username
+        credentials.password = password
+        try adapter.provideCredentials(credentials)
+      }
+    } catch {
+      completionHandler(error)
+      return
+    }
+
+    self.startCompletion = completionHandler
+    adapter.connect(using: self.packetFlow)
+    self.startStatsTimer()
+  }
+
+  override func stopTunnel(
+    with reason: NEProviderStopReason,
+    completionHandler: @escaping () -> Void
+  ) {
+    self.stopCompletion = completionHandler
+    self.stopStatsTimer()
+    adapter.disconnect()
+  }
+
+  // MARK: Stats writing
+
+  private func startStatsTimer() {
+    statsTick?.invalidate()
+    statsTick = Timer.scheduledTimer(withTimeInterval: 1.0, repeats: true) { [weak self] _ in
+      self?.writeStatsToAppGroup()
+    }
+  }
+
+  private func stopStatsTimer() {
+    statsTick?.invalidate()
+    statsTick = nil
+  }
+
+  private func writeStatsToAppGroup() {
+    guard let appGroup = appGroup,
+          let url = FileManager.default.containerURL(
+            forSecurityApplicationGroupIdentifier: appGroup
+          )?.appendingPathComponent("openvpn-stats.json")
+    else { return }
+    let bytesIn = adapter.transportStatistics.bytesIn
+    let bytesOut = adapter.transportStatistics.bytesOut
+    let durationMs: Int64 = {
+      guard let start = sessionStartedAt else { return 0 }
+      return Int64(Date().timeIntervalSince(start) * 1000)
+    }()
+    let payload: [String: Any] = [
+      "bytesIn": NSNumber(value: bytesIn),
+      "bytesOut": NSNumber(value: bytesOut),
+      "durationMs": NSNumber(value: durationMs),
+    ]
+    if let data = try? JSONSerialization.data(withJSONObject: payload) {
+      try? data.write(to: url, options: .atomic)
+    }
+  }
+
+  private func appendLog(_ line: String) {
+    guard let appGroup = appGroup,
+          let url = FileManager.default.containerURL(
+            forSecurityApplicationGroupIdentifier: appGroup
+          )?.appendingPathComponent("openvpn-log.txt")
+    else { return }
+    let lineWithNewline = (line + "\n").data(using: .utf8) ?? Data()
+    if FileManager.default.fileExists(atPath: url.path),
+       let handle = try? FileHandle(forWritingTo: url) {
+      defer { try? handle.close() }
+      try? handle.seekToEnd()
+      try? handle.write(contentsOf: lineWithNewline)
+    } else {
+      try? lineWithNewline.write(to: url, options: .atomic)
+    }
+  }
+}
+
+// MARK: OpenVPNAdapterDelegate
+
+extension PacketTunnelProvider: OpenVPNAdapterDelegate {
+
+  func openVPNAdapter(
+    _ openVPNAdapter: OpenVPNAdapter,
+    configureTunnelWithNetworkSettings settings: NEPacketTunnelNetworkSettings?,
+    completionHandler: @escaping (Error?) -> Void
+  ) {
+    setTunnelNetworkSettings(settings, completionHandler: completionHandler)
+  }
+
+  func openVPNAdapter(
+    _ openVPNAdapter: OpenVPNAdapter,
+    handleEvent event: OpenVPNAdapterEvent,
+    message: String?
+  ) {
+    switch event {
+    case .connected:
+      sessionStartedAt = Date()
+      startCompletion?(nil)
+      startCompletion = nil
+    case .disconnected:
+      // If a user-initiated stop is pending, complete it. Otherwise this is
+      // an unexpected disconnect — only THEN cancel the tunnel with the
+      // system (calling both is redundant and can confuse NEVPNStatus).
+      if let completion = stopCompletion {
+        completion()
+        stopCompletion = nil
+      } else {
+        cancelTunnelWithError(nil)
+      }
+    case .reconnecting:
+      break
+    default:
+      break
+    }
+    if let m = message { appendLog("[\(event)] \(m)") }
+  }
+
+  func openVPNAdapter(
+    _ openVPNAdapter: OpenVPNAdapter,
+    handleError error: Error
+  ) {
+    appendLog("[error] \(error.localizedDescription)")
+    if let start = startCompletion {
+      start(error)
+      startCompletion = nil
+    }
+    cancelTunnelWithError(error)
+  }
+
+  func openVPNAdapter(
+    _ openVPNAdapter: OpenVPNAdapter,
+    handleLogMessage logMessage: String
+  ) {
+    appendLog(logMessage)
+  }
+}