Skip to content

[iOS] Add an explicit "Block connections without VPN" setting to VPN (VPN Kill Switch Toggle) #24663

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
soner-yuksel wants to merge 6 commits into
base: master
Choose a base branch
from
Open

[iOS] Add an explicit "Block connections without VPN" setting to VPN (VPN Kill Switch Toggle) #24663

soner-yuksel wants to merge 6 commits into from
+318 −166

Conversation

@soner-yuksel
Copy link
Contributor

@soner-yuksel soner-yuksel commented Jul 15, 2024
edited
Loading

Resolves brave/brave-browser#38057

Design: https://www.figma.com/design/J4LKBMftiWhqromRWfUQLG/VPN-design?node-id=113-12449&t=PYj40XUIRVEX2lF6-0

Security Ticket: https://github.com/brave/reviews/issues/1689

This PR is adding the toggle for VPN kill switch which is an security feature designed to protect your digital data from accidental exposure.

The idea is when the VPN connection drops, the VPN kill switch will block your internet access until the connection to the VPN server is restored.

To build a VPN client that implements a packet-oriented, custom VPN protocol, a packet tunnel provider should be implemented.

To configure this an tunnel provider object should be created and this will manage the tunnel provider’s VPN configuration.

For IKEv2 this is NEVPNManager https://developer.apple.com/documentation/networkextension/nevpnmanager/
Usage in https://github.com/GuardianFirewall/GuardianConnect/blob/3c828f38094debd22d217ee61c0ecf05d76cd741/GuardianConnect/Classes/GRDVPNHelper.m#L728C2-L728C14

For WireGuard this is NETunnelProviderManager https://developer.apple.com/documentation/networkextension/netunnelprovidermanager
Usage in Guardian: https://github.com/GuardianFirewall/GuardianConnect/blob/3c828f38094debd22d217ee61c0ecf05d76cd741/GuardianConnect/Classes/GRDVPNHelper.m#L1001C72-L1001C95

And after that the protocol object needs to be created and set as protocol configuration for tunnel manager.

For WireGuard: NETunnelProviderProtocol https://developer.apple.com/documentation/networkextension/netunnelproviderprotocol
Usage in Guardian: https://github.com/GuardianFirewall/GuardianConnect/blob/3c828f38094debd22d217ee61c0ecf05d76cd741/GuardianConnect/Classes/GRDVPNHelper.m#L881C3-L881C27

And for IKEv2: NEVPNManager will assign the protocol configuration
Usage in Guardian:
https://github.com/GuardianFirewall/GuardianConnect/blob/3c828f38094debd22d217ee61c0ecf05d76cd741/GuardianConnect/Classes/GRDVPNHelper.m#L676

Finally to achieve the Kill Switch "Block connections without VPN" setting, the includeAllNetworks property should be set on protocol config.

NEVPNProtocol includeAllNetworks
https://developer.apple.com/documentation/networkextension/nevpnprotocol/3131931-includeallnetworks

The definition of includeAllNetworks is

If this property is true, the system routes network traffic through the tunnel except traffic for designated system services necessary for maintaining expected device functionality.

Guardian Side
IKEv2: https://github.com/GuardianFirewall/GuardianConnect/blob/3c828f38094debd22d217ee61c0ecf05d76cd741/GuardianConnect/Classes/GRDVPNHelper.m#L801
Wireguard: https://github.com/GuardianFirewall/GuardianConnect/blob/3c828f38094debd22d217ee61c0ecf05d76cd741/GuardianConnect/Classes/GRDVPNHelper.m#L1021

For Brave iOS implementation we can not just enable the includeAllNetworks and actually expect it will perform as requested.

After enabling key part is to establish a new connection entirely with this setting disabled or enabled.

Security Review: TBD

Submitter Checklist:

  • I confirm that no security/privacy review is needed and no other type of reviews are needed, or that I have requested them
  • There is a ticket for my issue
  • Used Github auto-closing keywords in the PR description above
  • Wrote a good PR/commit description
  • Squashed any review feedback or "fixup" commits before merge, so that history is a record of what happened in the repo, not your PR
  • Added appropriate labels (QA/Yes or QA/No; release-notes/include or release-notes/exclude; OS/...) to the associated issue
  • Checked the PR locally:
    • npm run test -- brave_browser_tests, npm run test -- brave_unit_tests wiki
    • npm run presubmit wiki, npm run gn_check, npm run tslint
  • Ran git rebase master (if needed)

Reviewer Checklist:

  • A security review is not needed, or a link to one is included in the PR description
  • New files have MPL-2.0 license header
  • Adequate test coverage exists to prevent regressions
  • Major classes, functions and non-trivial code blocks are well-commented
  • Changes in component dependencies are properly reflected in gn
  • Code follows the style guide
  • Test plan is specified in PR before merging

After-merge Checklist:

Screenshots:

1321321315211

RPReplay_Final1720729393.MP4

Test Plan:

So the plans on QA side is to be related about being sure if the VPN can be switched on or off properly after enabling toggle

  • Navigate Settings
  • VPN Settings
  • Enable and Disable Kill Switch
  • Check VPN connection is established

@soner-yuksel soner-yuksel added CI/skip-android Do not run CI builds for Android CI/skip-macos-x64 needs-security-review CI/skip-windows-x64 Do not run CI builds for Windows x64 CI/skip-macos-arm64 Do not run CI builds for macOS arm64 labels Jul 15, 2024
@soner-yuksel soner-yuksel self-assigned this Jul 15, 2024
@stoletheminerals stoletheminerals self-requested a review July 16, 2024 11:24
@soner-yuksel soner-yuksel marked this pull request as ready for review July 16, 2024 16:47
@soner-yuksel soner-yuksel requested a review from a team as a code owner July 16, 2024 16:47
@soner-yuksel soner-yuksel force-pushed the ios/enhancement/vpn-kill-switch branch from a5e26b7 to a2e3614 Compare August 7, 2024 17:50
@soner-yuksel soner-yuksel force-pushed the ios/enhancement/vpn-kill-switch branch from a2e3614 to f1eb20a Compare August 13, 2024 20:51
@brave-builds
Copy link
Collaborator

brave-builds commented Aug 13, 2024

A Storybook has been deployed to preview UI for the latest push

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@stoletheminerals stoletheminerals Awaiting requested review from stoletheminerals

1 more reviewer

@iccub iccub iccub approved these changes

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

@soner-yuksel soner-yuksel

Labels

CI/skip-android Do not run CI builds for Android CI/skip-macos-arm64 Do not run CI builds for macOS arm64 CI/skip-windows-x64 Do not run CI builds for Windows x64 needs-security-review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[iOS] Add an explicit "Block connections without VPN" setting to VPN (VPN Kill Switch Toggle)

5 participants

@soner-yuksel @brave-builds @iccub @mihaiplesa