Exit tunnel when keychain is locked (solves boot issue)

1 files changed, 18 insertions, 0 deletions

diff --git a/ios/PacketTunnel/PacketTunnelProvider.swift b/ios/PacketTunnel/PacketTunnelProvider.swift
index 6c28d845d9..50de296161 100644
--- a/ios/PacketTunnel/PacketTunnelProvider.swift
+++ b/ios/PacketTunnel/PacketTunnelProvider.swift
@@ -194,6 +194,24 @@ class PacketTunnelProvider: NEPacketTunnelProvider, TunnelMonitorDelegate {
                 message: "Failed to read tunnel configuration when starting the tunnel."
             )
 
+            /*
+              We use default data protection level which locks keychain and file system access
+              until device is first unlocked.
+
+              However iOS starts packet tunnel on boot and unfortunately we do not have access to
+              UIApplication.isProtectedDataAvailable nor associated delegate methods that would
+              tell us when data protection is being lifted.
+
+              Exit immediately and pass the underlying error to completion handler to tell iOS to
+              restart the tunnel later on.
+             */
+            if let error = error as? ReadSettingsVersionError,
+               error.underlyingError as? KeychainError == KeychainError.interactionNotAllowed
+            {
+                completionHandler(error.underlyingError)
+                return
+            }
+
             configurationError = error
 
             startEmptyTunnel(completionHandler: completionHandler)