diff options
| author | David Lönnhager <david.l@mullvad.net> | 2024-01-17 14:43:58 +0100 |
|---|---|---|
| committer | David Lönnhager <david.l@mullvad.net> | 2024-01-17 14:43:58 +0100 |
| commit | 88b52d5ebd66d7e195173df0594f52b089cef593 (patch) | |
| tree | e0d0a47729566bd7aed60364f437643a41cb72e9 | |
| parent | b3898cf9441bbd42571e05ea8baa59e2bbf37de8 (diff) | |
| parent | d8bec4fee210f47118eb80f5875d9541e837808a (diff) | |
| download | mullvadvpn-88b52d5ebd66d7e195173df0594f52b089cef593.tar.xz mullvadvpn-88b52d5ebd66d7e195173df0594f52b089cef593.zip | |
Merge branch 'linux-enable-pq-by-default'
| -rw-r--r-- | CHANGELOG.md | 4 | ||||
| -rw-r--r-- | mullvad-types/src/custom_tunnel.rs | 19 | ||||
| -rw-r--r-- | mullvad-types/src/wireguard.rs | 7 | ||||
| -rw-r--r-- | test/test-manager/src/tests/tunnel_state.rs | 2 |
4 files changed, 22 insertions, 10 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 64a2bda55e..069627bb0c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -50,6 +50,10 @@ Line wrap the file at 100 chars. Th #### Android - Migrate to Compose Navigation which also improves screen transition animations. +#### Linux +- Enable quantum resistant tunnels by default (when set to `auto`). On other platforms, `auto` still + always means the same thing as `off`. + ### Security #### Android - Change from singleTask to singleInstance to fix Task Affinity Vulnerability in Android 8. diff --git a/mullvad-types/src/custom_tunnel.rs b/mullvad-types/src/custom_tunnel.rs index 8fdf361447..09298c49e0 100644 --- a/mullvad-types/src/custom_tunnel.rs +++ b/mullvad-types/src/custom_tunnel.rs @@ -58,13 +58,20 @@ impl CustomTunnelEndpoint { fwmark: crate::TUNNEL_FWMARK, } .into(), - ConnectionConfig::Wireguard(connection) => wireguard::TunnelParameters { - connection, - options: tunnel_options.wireguard.into_talpid_tunnel_options(), - generic_options: tunnel_options.generic, - obfuscation: None, + ConnectionConfig::Wireguard(connection) => { + let mut options = tunnel_options.wireguard.into_talpid_tunnel_options(); + if options.quantum_resistant { + options.quantum_resistant = false; + log::info!("Ignoring quantum resistant option for custom tunnel"); + } + wireguard::TunnelParameters { + connection, + options, + generic_options: tunnel_options.generic, + obfuscation: None, + } + .into() } - .into(), }; Ok(parameters) } diff --git a/mullvad-types/src/wireguard.rs b/mullvad-types/src/wireguard.rs index f551250324..2bbce9bb2b 100644 --- a/mullvad-types/src/wireguard.rs +++ b/mullvad-types/src/wireguard.rs @@ -10,9 +10,10 @@ pub const MIN_ROTATION_INTERVAL: Duration = Duration::from_secs(1 * 24 * 60 * 60 pub const MAX_ROTATION_INTERVAL: Duration = Duration::from_secs(14 * 24 * 60 * 60); pub const DEFAULT_ROTATION_INTERVAL: Duration = MAX_ROTATION_INTERVAL; -/// Whether to enable or disable quantum resistant tunnels when the setting -/// is set to `QuantumResistantState::Auto`. -const QUANTUM_RESISTANT_AUTO_STATE: bool = false; +/// Whether to enable or disable quantum resistant tunnels when the setting is set to +/// `QuantumResistantState::Auto`. It is currently enabled by default on Linux but disabled on all +/// other platforms. +const QUANTUM_RESISTANT_AUTO_STATE: bool = cfg!(target_os = "linux"); #[derive(Serialize, Deserialize, Copy, Clone, Debug, PartialEq, Eq)] #[cfg_attr(target_os = "android", derive(IntoJava, FromJava))] diff --git a/test/test-manager/src/tests/tunnel_state.rs b/test/test-manager/src/tests/tunnel_state.rs index 565bd34552..5b884474ac 100644 --- a/test/test-manager/src/tests/tunnel_state.rs +++ b/test/test-manager/src/tests/tunnel_state.rs @@ -294,7 +294,7 @@ pub async fn test_connected_state( }, // TODO: Consider the type of `relay` / `relay_filter` instead tunnel_type: TunnelType::Wireguard, - quantum_resistant: false, + quantum_resistant: _, proxy: None, obfuscation: None, entry_endpoint: None, |