diff --git a/Cargo.lock b/Cargo.lock index 66d0b516e3f5..49d3e0f812b7 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2065,6 +2065,7 @@ dependencies = [ "mullvad-version", "nix 0.23.1", "objc", + "once_cell", "parking_lot", "rand 0.8.5", "regex", diff --git a/mullvad-daemon/Cargo.toml b/mullvad-daemon/Cargo.toml index c651a232b5f4..e50c45f07f84 100644 --- a/mullvad-daemon/Cargo.toml +++ b/mullvad-daemon/Cargo.toml @@ -18,6 +18,7 @@ err-derive = "0.3.1" fern = { version = "0.6", features = ["colored"] } futures = "0.3" ipnetwork = "0.16" +once_cell = "1.13" lazy_static = "1.0" libc = "0.2" log = "0.4" diff --git a/mullvad-daemon/src/tunnel.rs b/mullvad-daemon/src/tunnel.rs index 8ee0f1e6d789..7af7adc4d0e8 100644 --- a/mullvad-daemon/src/tunnel.rs +++ b/mullvad-daemon/src/tunnel.rs @@ -1,4 +1,10 @@ -use std::{future::Future, pin::Pin, sync::Arc}; +use std::{ + future::Future, + net::{IpAddr, Ipv4Addr, Ipv6Addr}, + pin::Pin, + str::FromStr, + sync::Arc, +}; use tokio::sync::Mutex; @@ -6,6 +12,7 @@ use mullvad_relay_selector::{RelaySelector, SelectedBridge, SelectedObfuscator, use mullvad_types::{ endpoint::MullvadEndpoint, location::GeoIpLocation, relay_list::Relay, settings::TunnelOptions, }; +use once_cell::sync::Lazy; use talpid_core::tunnel_state_machine::TunnelParametersGenerator; use talpid_types::{ net::{wireguard, TunnelParameters}, @@ -18,6 +25,18 @@ use talpid_types::net::openvpn; use crate::device::{AccountManagerHandle, PrivateAccountAndDevice}; +/// The IP-addresses that the client uses when it connects to a server that supports the +/// "Same IP" functionality. This means all clients have the same in-tunnel IP on these +/// servers. This improves anonymity since the in-tunnel IP will not be unique to a specific +/// peer. +static SAME_IP_V4: Lazy = + Lazy::new(|| Ipv4Addr::from_str("10.127.255.254").unwrap().into()); +static SAME_IP_V6: Lazy = Lazy::new(|| { + Ipv6Addr::from_str("fc00:bbbb:bbbb:bb01:ffff:ffff:ffff:ffff") + .unwrap() + .into() +}); + #[derive(err_derive::Error, Debug)] pub enum Error { #[error(display = "Not logged in on a valid device")] @@ -192,13 +211,18 @@ impl InnerParametersGenerator { unreachable!("OpenVPN is not supported on Android"); } MullvadEndpoint::Wireguard(endpoint) => { + let tunnel_ipv4 = data.device.wg_data.addresses.ipv4_address.ip(); + let tunnel_ipv6 = data.device.wg_data.addresses.ipv6_address.ip(); let tunnel = wireguard::TunnelConfig { private_key: data.device.wg_data.private_key, - addresses: vec![ - data.device.wg_data.addresses.ipv4_address.ip().into(), - data.device.wg_data.addresses.ipv6_address.ip().into(), - ], + addresses: vec![IpAddr::from(tunnel_ipv4), IpAddr::from(tunnel_ipv6)], }; + // FIXME: Used for debugging purposes during the migration to same IP. Remove when the migration is over. + if tunnel_ipv4 == *SAME_IP_V4 || tunnel_ipv6 == *SAME_IP_V6 { + log::debug!("Same IP is being used"); + } else { + log::debug!("Same IP is NOT being used"); + } let (obfuscator_relay, obfuscator_config) = match obfuscator { Some(obfuscator) => (Some(obfuscator.relay), Some(obfuscator.config)),