Replace IPAddressRange from WireGuardKit with ours

author: Emīls <emils@mullvad.net> 2026-04-07 16:01:43 +0200
committer: Jon Petersson <jon.petersson@mullvad.net> 2026-04-13 13:19:02 +0200
commit: 17aef424c77788244d86381d56aba7f391de5270 (patch)
tree: 18f1837d81d24dae8f813ec5209436a7725e64fe
parent: 6b125665a5b490c1c284356686c3aa8d0ff30d88 (diff)
download: mullvadvpn-17aef424c77788244d86381d56aba7f391de5270.tar.xz
mullvadvpn-17aef424c77788244d86381d56aba7f391de5270.zip
22 files changed, 432 insertions, 20 deletions
diff --git a/ios/MullvadMockData/MullvadTypes/DeviceMock.swift b/ios/MullvadMockData/MullvadTypes/DeviceMock.swift
index 695c8c8660..1fe9c045c6 100644
--- a/ios/MullvadMockData/MullvadTypes/DeviceMock.swift
+++ b/ios/MullvadMockData/MullvadTypes/DeviceMock.swift
@@ -8,7 +8,8 @@
 
 import Foundation
 import MullvadTypes
-import WireGuardKitTypes  // IPAddressRange
+
+import class WireGuardKitTypes.PublicKey
 
 extension Device {
     public static func mock(publicKey: WireGuard.PublicKey) -> Device {
diff --git a/ios/MullvadRustRuntimeTests/IPAddressRangeTests.swift b/ios/MullvadRustRuntimeTests/IPAddressRangeTests.swift
new file mode 100644
index 0000000000..2c96d2037b
--- /dev/null
+++ b/ios/MullvadRustRuntimeTests/IPAddressRangeTests.swift
@@ -0,0 +1,227 @@
+//
+//  IPAddressRangeTests.swift
+//  MullvadRustRuntimeTests
+//
+//  Copyright © 2026 Mullvad VPN AB. All rights reserved.
+//
+
+import MullvadTypes
+import Network
+import XCTest
+
+final class IPAddressRangeTests: XCTestCase {
+    // MARK: - IPv4 String Parsing
+
+    func testParseIPv4WithPrefix() {
+        let range = IPAddressRange(from: "192.168.1.0/24")
+        XCTAssertNotNil(range)
+        XCTAssertEqual("\(range!.address)", "192.168.1.0")
+        XCTAssertEqual(range!.networkPrefixLength, 24)
+    }
+
+    func testParseIPv4WithoutPrefix() {
+        let range = IPAddressRange(from: "10.0.0.1")
+        XCTAssertNotNil(range)
+        XCTAssertEqual("\(range!.address)", "10.0.0.1")
+        XCTAssertEqual(range!.networkPrefixLength, 32)
+    }
+
+    func testParseIPv4DefaultRoute() {
+        let range = IPAddressRange(from: "0.0.0.0/0")
+        XCTAssertNotNil(range)
+        XCTAssertEqual(range!.networkPrefixLength, 0)
+    }
+
+    func testParseIPv4FullMask() {
+        let range = IPAddressRange(from: "255.255.255.255/32")
+        XCTAssertNotNil(range)
+        XCTAssertEqual(range!.networkPrefixLength, 32)
+    }
+
+    func testParseIPv4PrefixClampedToMax() {
+        let range = IPAddressRange(from: "192.168.1.1/33")
+        XCTAssertNotNil(range)
+        XCTAssertEqual(range!.networkPrefixLength, 32)
+    }
+
+    func testParseInvalidString() {
+        XCTAssertNil(IPAddressRange(from: "invalid"))
+    }
+
+    func testParseTrailingSlash() {
+        XCTAssertNil(IPAddressRange(from: "192.168.1.1/"))
+    }
+
+    func testParseEmptyString() {
+        XCTAssertNil(IPAddressRange(from: ""))
+    }
+
+    // MARK: - IPv6 String Parsing
+
+    func testParseIPv6WithPrefix() {
+        let range = IPAddressRange(from: "::ff/64")
+        XCTAssertNotNil(range)
+        XCTAssertEqual(range!.networkPrefixLength, 64)
+    }
+
+    func testParseIPv6WithoutPrefix() {
+        let range = IPAddressRange(from: "::1")
+        XCTAssertNotNil(range)
+        XCTAssertEqual(range!.networkPrefixLength, 128)
+    }
+
+    func testParseIPv6DefaultRoute() {
+        let range = IPAddressRange(from: "::/0")
+        XCTAssertNotNil(range)
+        XCTAssertEqual(range!.networkPrefixLength, 0)
+    }
+
+    func testParseIPv6FullAddress() {
+        let range = IPAddressRange(from: "fe80::1/128")
+        XCTAssertNotNil(range)
+        XCTAssertEqual(range!.networkPrefixLength, 128)
+    }
+
+    func testParseIPv6PrefixClampedToMax() {
+        let range = IPAddressRange(from: "::1/129")
+        XCTAssertNotNil(range)
+        XCTAssertEqual(range!.networkPrefixLength, 128)
+    }
+
+    // MARK: - String Representation Roundtrip
+
+    func testStringRepresentationRoundtripIPv4() {
+        let original = "192.168.1.0/24"
+        let range = IPAddressRange(from: original)!
+        XCTAssertEqual(range.description, original)
+    }
+
+    func testStringRepresentationRoundtripIPv6() {
+        let range = IPAddressRange(from: "::/0")!
+        XCTAssertEqual(range.description, "::/0")
+    }
+
+    // MARK: - Subnet Mask IPv4
+
+    func testSubnetMaskIPv4Zero() {
+        let range = IPAddressRange(from: "0.0.0.0/0")!
+        XCTAssertEqual("\(range.subnetMask())", "0.0.0.0")
+    }
+
+    func testSubnetMaskIPv4Slash8() {
+        let range = IPAddressRange(from: "10.0.0.0/8")!
+        XCTAssertEqual("\(range.subnetMask())", "255.0.0.0")
+    }
+
+    func testSubnetMaskIPv4Slash24() {
+        let range = IPAddressRange(from: "192.168.1.0/24")!
+        XCTAssertEqual("\(range.subnetMask())", "255.255.255.0")
+    }
+
+    func testSubnetMaskIPv4Slash32() {
+        let range = IPAddressRange(from: "192.168.1.1/32")!
+        XCTAssertEqual("\(range.subnetMask())", "255.255.255.255")
+    }
+
+    // MARK: - Subnet Mask IPv6
+
+    func testSubnetMaskIPv6Zero() {
+        let range = IPAddressRange(from: "::/0")!
+        let mask = range.subnetMask()
+        XCTAssertEqual(mask.rawValue, Data(repeating: 0, count: 16))
+    }
+
+    func testSubnetMaskIPv6Slash64() {
+        let range = IPAddressRange(from: "::1/64")!
+        let mask = range.subnetMask()
+        var expected = Data(repeating: 0xff, count: 8)
+        expected.append(Data(repeating: 0, count: 8))
+        XCTAssertEqual(mask.rawValue, expected)
+    }
+
+    func testSubnetMaskIPv6Slash128() {
+        let range = IPAddressRange(from: "::1/128")!
+        let mask = range.subnetMask()
+        XCTAssertEqual(mask.rawValue, Data(repeating: 0xff, count: 16))
+    }
+
+    // MARK: - Masked Address
+
+    func testMaskedAddressIPv4() {
+        let range = IPAddressRange(from: "192.168.1.100/24")!
+        XCTAssertEqual("\(range.maskedAddress())", "192.168.1.0")
+    }
+
+    func testMaskedAddressIPv4Slash8() {
+        let range = IPAddressRange(from: "10.20.30.40/8")!
+        XCTAssertEqual("\(range.maskedAddress())", "10.0.0.0")
+    }
+
+    // MARK: - Codable
+
+    func testCodableRoundtrip() throws {
+        let range = IPAddressRange(from: "10.64.0.1/32")!
+        let encoder = JSONEncoder()
+        let data = try encoder.encode(range)
+        let decoded = try JSONDecoder().decode(IPAddressRange.self, from: data)
+        XCTAssertEqual(range, decoded)
+    }
+
+    func testDecodeSingleStringValue() throws {
+        let json = "\"10.64.0.1/32\""
+        let data = json.data(using: .utf8)!
+        let decoded = try JSONDecoder().decode(IPAddressRange.self, from: data)
+        XCTAssertEqual("\(decoded.address)", "10.64.0.1")
+        XCTAssertEqual(decoded.networkPrefixLength, 32)
+    }
+
+    func testDecodeIPv6SingleStringValue() throws {
+        let json = "\"::ff/64\""
+        let data = json.data(using: .utf8)!
+        let decoded = try JSONDecoder().decode(IPAddressRange.self, from: data)
+        XCTAssertEqual(decoded.networkPrefixLength, 64)
+    }
+
+    func testDecodeInvalidStringThrows() {
+        let json = "\"not-an-ip\""
+        let data = json.data(using: .utf8)!
+        XCTAssertThrowsError(try JSONDecoder().decode(IPAddressRange.self, from: data))
+    }
+
+    func testEncodesAsSingleString() throws {
+        let range = IPAddressRange(from: "192.168.1.0/24")!
+        let data = try JSONEncoder().encode(range)
+        let string = String(data: data, encoding: .utf8)!
+        XCTAssertEqual(string, "\"192.168.1.0/24\"")
+    }
+
+    // MARK: - Equatable / Hashable
+
+    func testEqualRanges() {
+        let a = IPAddressRange(from: "10.0.0.1/24")!
+        let b = IPAddressRange(from: "10.0.0.1/24")!
+        XCTAssertEqual(a, b)
+        XCTAssertEqual(a.hashValue, b.hashValue)
+    }
+
+    func testUnequalPrefix() {
+        let a = IPAddressRange(from: "10.0.0.1/24")!
+        let b = IPAddressRange(from: "10.0.0.1/32")!
+        XCTAssertNotEqual(a, b)
+    }
+
+    func testUnequalAddress() {
+        let a = IPAddressRange(from: "10.0.0.1/24")!
+        let b = IPAddressRange(from: "10.0.0.2/24")!
+        XCTAssertNotEqual(a, b)
+    }
+
+    // MARK: - Direct Init
+
+    func testDirectInit() {
+        let address = IPv4Address("192.168.1.1")!
+        let range = IPAddressRange(address: address, networkPrefixLength: 24)
+        XCTAssertEqual("\(range.address)", "192.168.1.1")
+        XCTAssertEqual(range.networkPrefixLength, 24)
+    }
+}
diff --git a/ios/MullvadSettings/StoredDeviceData.swift b/ios/MullvadSettings/StoredDeviceData.swift
index 2b7660a962..50ba401d6e 100644
--- a/ios/MullvadSettings/StoredDeviceData.swift
+++ b/ios/MullvadSettings/StoredDeviceData.swift
@@ -8,7 +8,6 @@
 
 import Foundation
 import MullvadTypes
-@preconcurrency import WireGuardKitTypes  // IPAddressRange
 
 public struct StoredDeviceData: Codable, Equatable, Sendable {
     /// Device creation date.
diff --git a/ios/MullvadSettings/TunnelSettingsV1.swift b/ios/MullvadSettings/TunnelSettingsV1.swift
index d672a36a6c..39b9e04142 100644
--- a/ios/MullvadSettings/TunnelSettingsV1.swift
+++ b/ios/MullvadSettings/TunnelSettingsV1.swift
@@ -9,7 +9,9 @@
 import Foundation
 import MullvadTypes
 import Network
-import WireGuardKitTypes  // IPAddressRange
+
+import class WireGuardKitTypes.PrivateKey
+import class WireGuardKitTypes.PublicKey
 
 /// A struct that holds the configuration passed via `NETunnelProviderProtocol`.
 public struct TunnelSettingsV1: Codable, Equatable, TunnelSettings {
diff --git a/ios/MullvadTypes/IPAddressRange.swift b/ios/MullvadTypes/IPAddressRange.swift
new file mode 100644
index 0000000000..9cf36e64b1
--- /dev/null
+++ b/ios/MullvadTypes/IPAddressRange.swift
@@ -0,0 +1,147 @@
+//
+//  IPAddressRange.swift
+//  MullvadTypes
+//
+//  Created by Mullvad VPN.
+//  Copyright © 2026 Mullvad VPN AB. All rights reserved.
+//
+
+import Foundation
+import Network
+
+public struct IPAddressRange: Sendable {
+    public let address: IPAddress
+    public let networkPrefixLength: UInt8
+
+    public init(address: IPAddress, networkPrefixLength: UInt8) {
+        self.address = address
+        self.networkPrefixLength = networkPrefixLength
+    }
+}
+
+extension IPAddressRange: Equatable {
+    public static func == (lhs: IPAddressRange, rhs: IPAddressRange) -> Bool {
+        lhs.address.rawValue == rhs.address.rawValue && lhs.networkPrefixLength == rhs.networkPrefixLength
+    }
+}
+
+extension IPAddressRange: Hashable {
+    public func hash(into hasher: inout Hasher) {
+        hasher.combine(address.rawValue)
+        hasher.combine(networkPrefixLength)
+    }
+}
+
+extension IPAddressRange: Codable {
+    public func encode(to encoder: Encoder) throws {
+        var container = encoder.singleValueContainer()
+        try container.encode(description)
+    }
+
+    public init(from decoder: Decoder) throws {
+        let container = try decoder.singleValueContainer()
+        let value = try container.decode(String.self)
+
+        if let ipAddressRange = IPAddressRange(from: value) {
+            self = ipAddressRange
+        } else {
+            throw DecodingError.dataCorrupted(
+                DecodingError.Context(
+                    codingPath: container.codingPath,
+                    debugDescription: "Invalid IPAddressRange representation"
+                )
+            )
+        }
+    }
+}
+
+extension IPAddressRange: CustomStringConvertible {
+    public var description: String {
+        "\(address)/\(networkPrefixLength)"
+    }
+}
+
+extension IPAddressRange {
+    public init?(from string: String) {
+        guard let parsed = IPAddressRange.parseAddressString(string) else { return nil }
+        address = parsed.0
+        networkPrefixLength = parsed.1
+    }
+
+    private static func parseAddressString(_ string: String) -> (IPAddress, UInt8)? {
+        // Split "192.168.1.0/24" into address ("192.168.1.0") and prefix length ("24")
+        let parts = string.split(separator: "/", maxSplits: 1)
+        guard let addressPart = parts.first else { return nil }
+
+        // Parse the address part as either IPv4 or IPv6
+        let address: IPAddress
+        if let addr = IPv4Address(String(addressPart)) {
+            address = addr
+        } else if let addr = IPv6Address(String(addressPart)) {
+            address = addr
+        } else {
+            return nil
+        }
+
+        let maxNetworkPrefixLength: UInt8 = address is IPv4Address ? 32 : 128
+
+        // If a prefix length is provided, parse it; otherwise default to the maximum for the address family
+        if parts.count > 1 {
+            guard let prefixLength = UInt8(parts[1]) else { return nil }
+            return (address, min(prefixLength, maxNetworkPrefixLength))
+        } else {
+            return (address, maxNetworkPrefixLength)
+        }
+    }
+
+    public func subnetMask() -> IPAddress {
+        switch address {
+        case is IPv4Address:
+            let mask = networkPrefixLength > 0 ? ~UInt32(0) << (32 - networkPrefixLength) : UInt32(0)
+            let bytes = Data([
+                UInt8(truncatingIfNeeded: mask >> 24),
+                UInt8(truncatingIfNeeded: mask >> 16),
+                UInt8(truncatingIfNeeded: mask >> 8),
+                UInt8(truncatingIfNeeded: mask >> 0),
+            ])
+            return IPv4Address(bytes)!
+
+        case is IPv6Address:
+            var bytes = Data(repeating: 0, count: 16)
+            for i in 0..<Int(networkPrefixLength / 8) {
+                bytes[i] = 0xff
+            }
+            let nibble = networkPrefixLength % 32
+            if nibble != 0 {
+                let mask = ~UInt32(0) << (32 - nibble)
+                let i = Int(networkPrefixLength / 32 * 4)
+                bytes[i + 0] = UInt8(truncatingIfNeeded: mask >> 24)
+                bytes[i + 1] = UInt8(truncatingIfNeeded: mask >> 16)
+                bytes[i + 2] = UInt8(truncatingIfNeeded: mask >> 8)
+                bytes[i + 3] = UInt8(truncatingIfNeeded: mask >> 0)
+            }
+            return IPv6Address(bytes)!
+
+        default:
+            fatalError("Unsupported address type: \(type(of: address))")
+        }
+    }
+
+    public func maskedAddress() -> IPAddress {
+        let subnet = subnetMask().rawValue
+        var masked = Data(address.rawValue)
+        assert(subnet.count == masked.count)
+        for i in 0..<subnet.count {
+            masked[i] &= subnet[i]
+        }
+
+        switch address {
+        case is IPv4Address:
+            return IPv4Address(masked)!
+        case is IPv6Address:
+            return IPv6Address(masked)!
+        default:
+            fatalError("Unsupported address type: \(type(of: address))")
+        }
+    }
+}
diff --git a/ios/MullvadTypes/RESTTypes.swift b/ios/MullvadTypes/RESTTypes.swift
index e75eca2bb1..df63b0b4fc 100644
--- a/ios/MullvadTypes/RESTTypes.swift
+++ b/ios/MullvadTypes/RESTTypes.swift
@@ -7,7 +7,8 @@
 //
 
 import Foundation
-@preconcurrency import WireGuardKitTypes  // IPAddressRange
+
+import class WireGuardKitTypes.PublicKey
 
 public struct Account: Codable, Equatable, Sendable {
     public let id: String
diff --git a/ios/MullvadVPN.xcodeproj/project.pbxproj b/ios/MullvadVPN.xcodeproj/project.pbxproj
index 95120ef386..51b3eeb7a8 100644
--- a/ios/MullvadVPN.xcodeproj/project.pbxproj
+++ b/ios/MullvadVPN.xcodeproj/project.pbxproj
@@ -37,6 +37,7 @@
 		016EE0382F850C0E0035B25C /* WireGuardKey.swift in Sources */ = {isa = PBXBuildFile; fileRef = 016EE0372F850C0E0035B25C /* WireGuardKey.swift */; };
 		016EE03A2F850C5A0035B25C /* WireGuardKeyTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 016EE0392F850C5A0035B25C /* WireGuardKeyTests.swift */; };
 		016EE03C2F8524EB0035B25C /* WireGuardKey.swift in Sources */ = {isa = PBXBuildFile; fileRef = 016EE03B2F8524EB0035B25C /* WireGuardKey.swift */; };
+		016EE0422F8540B00035B25C /* IPAddressRange.swift in Sources */ = {isa = PBXBuildFile; fileRef = 016EE0412F8540B00035B25C /* IPAddressRange.swift */; };
 		01B2FF862D70B914004AED35 /* MullvadRustRuntime.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = A992DA1D2C24709F00DE7CE5 /* MullvadRustRuntime.framework */; };
 		01C981E82F43C3410002D284 /* BlockedStateReason+Localization.swift in Sources */ = {isa = PBXBuildFile; fileRef = 01C981E52F43C3410002D284 /* BlockedStateReason+Localization.swift */; };
 		01C981E92F43C3410002D284 /* TunnelStateAccessibilityAnnouncer.swift in Sources */ = {isa = PBXBuildFile; fileRef = 01C981E62F43C3410002D284 /* TunnelStateAccessibilityAnnouncer.swift */; };
@@ -1720,6 +1721,7 @@
 		016EE0372F850C0E0035B25C /* WireGuardKey.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = WireGuardKey.swift; sourceTree = "<group>"; };
 		016EE0392F850C5A0035B25C /* WireGuardKeyTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = WireGuardKeyTests.swift; sourceTree = "<group>"; };
 		016EE03B2F8524EB0035B25C /* WireGuardKey.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = WireGuardKey.swift; sourceTree = "<group>"; };
+		016EE0412F8540B00035B25C /* IPAddressRange.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = IPAddressRange.swift; sourceTree = "<group>"; };
 		01C981E52F43C3410002D284 /* BlockedStateReason+Localization.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "BlockedStateReason+Localization.swift"; sourceTree = "<group>"; };
 		01C981E62F43C3410002D284 /* TunnelStateAccessibilityAnnouncer.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = TunnelStateAccessibilityAnnouncer.swift; sourceTree = "<group>"; };
 		01C981EA2F45D5C20002D284 /* TunnelControlPageTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = TunnelControlPageTests.swift; sourceTree = "<group>"; };
@@ -3210,6 +3212,7 @@
 		581943F228F8014500B0CB5E /* MullvadTypes */ = {
 			isa = PBXGroup;
 			children = (
+				016EE0412F8540B00035B25C /* IPAddressRange.swift */,
 				449EBA242B975B7C00DFA4EB /* Protocols */,
 				588D7ED72AF3A533005DF40A /* AccessMethodKind.swift */,
 				584D26BE270C550B004EA533 /* AnyIPAddress.swift */,
@@ -7016,6 +7019,7 @@
 				F0ADF1CD2CFDFF3100299F09 /* StringConversionError.swift in Sources */,
 				A9A8A8EB2A262AB30086D569 /* FileCache.swift in Sources */,
 				A90C48692C36BF3900DCB94C /* TunnelProvider.swift in Sources */,
+				016EE0422F8540B00035B25C /* IPAddressRange.swift in Sources */,
 				01FFF95F2F0BE13900BDAF45 /* SelectedEndpoint.swift in Sources */,
 				44EC6C5A2E3BB3F60087F54A /* PersistentProxyConfiguration.swift in Sources */,
 				016EE03C2F8524EB0035B25C /* WireGuardKey.swift in Sources */,
diff --git a/ios/MullvadVPN/View controllers/DeviceList/DeviceManaging.swift b/ios/MullvadVPN/View controllers/DeviceList/DeviceManaging.swift
index 9ba33127f7..b4fa18618a 100644
--- a/ios/MullvadVPN/View controllers/DeviceList/DeviceManaging.swift
+++ b/ios/MullvadVPN/View controllers/DeviceList/DeviceManaging.swift
@@ -9,7 +9,9 @@
 import Foundation
 import MullvadREST
 import MullvadTypes
-import WireGuardKitTypes  // IPAddressRange
+
+import class WireGuardKitTypes.PrivateKey
+import class WireGuardKitTypes.PublicKey
 
 protocol DeviceManaging {
     var currentDeviceId: String? { get }
diff --git a/ios/MullvadVPNTests/MullvadVPN/PacketTunnel/DeviceCheck/DeviceCheckOperationTests.swift b/ios/MullvadVPNTests/MullvadVPN/PacketTunnel/DeviceCheck/DeviceCheckOperationTests.swift
index 3dc22de7a9..baed5d13a9 100644
--- a/ios/MullvadVPNTests/MullvadVPN/PacketTunnel/DeviceCheck/DeviceCheckOperationTests.swift
+++ b/ios/MullvadVPNTests/MullvadVPN/PacketTunnel/DeviceCheck/DeviceCheckOperationTests.swift
@@ -11,9 +11,11 @@ import MullvadSettings
 import MullvadTypes
 import Operations
 import PacketTunnelCore
-@preconcurrency import WireGuardKitTypes  // For IPAddressRange
 import XCTest
 
+@preconcurrency import class WireGuardKitTypes.PrivateKey
+@preconcurrency import class WireGuardKitTypes.PublicKey
+
 @testable import MullvadMockData
 
 class DeviceCheckOperationTests: XCTestCase {
diff --git a/ios/MullvadVPNTests/MullvadVPN/TunnelManager/StartTunnelOperationTests.swift b/ios/MullvadVPNTests/MullvadVPN/TunnelManager/StartTunnelOperationTests.swift
index 631e00d7fa..abf156b74f 100644
--- a/ios/MullvadVPNTests/MullvadVPN/TunnelManager/StartTunnelOperationTests.swift
+++ b/ios/MullvadVPNTests/MullvadVPN/TunnelManager/StartTunnelOperationTests.swift
@@ -10,9 +10,10 @@ import MullvadSettings
 import MullvadTypes
 import Network
 import Operations
-import WireGuardKitTypes  // For IPAddressRange
 import XCTest
 
+import class WireGuardKitTypes.PrivateKey
+
 @testable import MullvadMockData
 
 class StartTunnelOperationTests: XCTestCase {
diff --git a/ios/MullvadVPNTests/MullvadVPN/TunnelManager/WgKeyRotationTests.swift b/ios/MullvadVPNTests/MullvadVPN/TunnelManager/WgKeyRotationTests.swift
index 6678615ba8..5f6ba6f609 100644
--- a/ios/MullvadVPNTests/MullvadVPN/TunnelManager/WgKeyRotationTests.swift
+++ b/ios/MullvadVPNTests/MullvadVPN/TunnelManager/WgKeyRotationTests.swift
@@ -8,9 +8,10 @@
 
 import MullvadSettings
 import MullvadTypes
-import WireGuardKitTypes  // For IPAddressRange
 import XCTest
 
+import class WireGuardKitTypes.PrivateKey
+
 final class WgKeyRotationTests: XCTestCase {
     func testKeyRotationLifecycle() {
         let data = StoredDeviceData.mock(
diff --git a/ios/PacketTunnel/PostQuantum/MultiHopEphemeralPeerExchanger.swift b/ios/PacketTunnel/PostQuantum/MultiHopEphemeralPeerExchanger.swift
index 93c897a45e..2acbea53ea 100644
--- a/ios/PacketTunnel/PostQuantum/MultiHopEphemeralPeerExchanger.swift
+++ b/ios/PacketTunnel/PostQuantum/MultiHopEphemeralPeerExchanger.swift
@@ -11,7 +11,9 @@ import MullvadRustRuntime
 import MullvadSettings
 import MullvadTypes
 import PacketTunnelCore
-import WireGuardKitTypes  // IPAddressRange
+
+import class WireGuardKitTypes.PreSharedKey
+import class WireGuardKitTypes.PrivateKey
 
 final class MultiHopEphemeralPeerExchanger: EphemeralPeerExchangingProtocol {
     let entry: SelectedRelay
diff --git a/ios/PacketTunnel/PostQuantum/SingleHopEphemeralPeerExchanger.swift b/ios/PacketTunnel/PostQuantum/SingleHopEphemeralPeerExchanger.swift
index c869864c71..471e2f869b 100644
--- a/ios/PacketTunnel/PostQuantum/SingleHopEphemeralPeerExchanger.swift
+++ b/ios/PacketTunnel/PostQuantum/SingleHopEphemeralPeerExchanger.swift
@@ -11,7 +11,9 @@ import MullvadRustRuntime
 import MullvadSettings
 import MullvadTypes
 import PacketTunnelCore
-import WireGuardKitTypes  // IPAddressRange
+
+import class WireGuardKitTypes.PreSharedKey
+import class WireGuardKitTypes.PrivateKey
 
 struct SingleHopEphemeralPeerExchanger: EphemeralPeerExchangingProtocol {
     let exit: SelectedRelay
diff --git a/ios/PacketTunnel/WireGuardAdapter/WgAdapter.swift b/ios/PacketTunnel/WireGuardAdapter/WgAdapter.swift
index 329754f106..70325ade86 100644
--- a/ios/PacketTunnel/WireGuardAdapter/WgAdapter.swift
+++ b/ios/PacketTunnel/WireGuardAdapter/WgAdapter.swift
@@ -132,10 +132,16 @@ extension WgAdapter: TunnelDeviceInfoProtocol {
     }
 }
 
+private extension MullvadTypes.IPAddressRange {
+    var asWireGuardKitType: WireGuardKitTypes.IPAddressRange {
+        WireGuardKitTypes.IPAddressRange(from: description)!
+    }
+}
+
 private extension TunnelAdapterConfiguration {
     var asWgConfig: TunnelConfiguration {
         var interfaceConfig = InterfaceConfiguration(privateKey: privateKey.wgKey)
-        interfaceConfig.addresses = interfaceAddresses
+        interfaceConfig.addresses = interfaceAddresses.map { $0.asWireGuardKitType }
         interfaceConfig.dns = dns.map { DNSServer(address: $0) }
         interfaceConfig.listenPort = 0
 
@@ -143,7 +149,7 @@ private extension TunnelAdapterConfiguration {
         if let peer {
             var peerConfig = PeerConfiguration(publicKey: peer.publicKey.wgKey)
             peerConfig.endpoint = peer.endpoint.wgEndpoint
-            peerConfig.allowedIPs = allowedIPs
+            peerConfig.allowedIPs = allowedIPs.map { $0.asWireGuardKitType }
             peerConfig.preSharedKey = peer.preSharedKey?.wgKey
             peers.append(peerConfig)
         }
diff --git a/ios/PacketTunnelCore/Actor/ConfigurationBuilder.swift b/ios/PacketTunnelCore/Actor/ConfigurationBuilder.swift
index 777618fdc7..fa212cdc86 100644
--- a/ios/PacketTunnelCore/Actor/ConfigurationBuilder.swift
+++ b/ios/PacketTunnelCore/Actor/ConfigurationBuilder.swift
@@ -9,7 +9,10 @@
 import Foundation
 import MullvadTypes
 import Network
-import WireGuardKitTypes  // For IPAddressRange
+
+import class WireGuardKitTypes.PreSharedKey
+import class WireGuardKitTypes.PrivateKey
+import class WireGuardKitTypes.PublicKey
 
 /// Error returned when there is an endpoint but its public key is invalid.
 public struct PublicKeyError: LocalizedError {
diff --git a/ios/PacketTunnelCore/Actor/ConnectionConfigurationBuilder.swift b/ios/PacketTunnelCore/Actor/ConnectionConfigurationBuilder.swift
index ba89545a32..9c8af2297d 100644
--- a/ios/PacketTunnelCore/Actor/ConnectionConfigurationBuilder.swift
+++ b/ios/PacketTunnelCore/Actor/ConnectionConfigurationBuilder.swift
@@ -9,7 +9,8 @@
 import Foundation
 import MullvadTypes
 import Network
-import WireGuardKitTypes  // For IPAddressRange
+
+import class WireGuardKitTypes.PrivateKey
 
 protocol Configuration {
     var name: String { get }
diff --git a/ios/PacketTunnelCore/Actor/EphemeralPeerNegotiationState.swift b/ios/PacketTunnelCore/Actor/EphemeralPeerNegotiationState.swift
index cb3dba7978..f4c40cfcd6 100644
--- a/ios/PacketTunnelCore/Actor/EphemeralPeerNegotiationState.swift
+++ b/ios/PacketTunnelCore/Actor/EphemeralPeerNegotiationState.swift
@@ -8,7 +8,9 @@
 
 import MullvadREST
 import MullvadTypes
-@preconcurrency import WireGuardKitTypes  // For IPAddressRange
+
+@preconcurrency import class WireGuardKitTypes.PreSharedKey
+@preconcurrency import class WireGuardKitTypes.PrivateKey
 
 public enum EphemeralPeerNegotiationState: Equatable, Sendable {
     case single(EphemeralPeerRelayConfiguration)
diff --git a/ios/PacketTunnelCore/Actor/PacketTunnelActor+ErrorState.swift b/ios/PacketTunnelCore/Actor/PacketTunnelActor+ErrorState.swift
index 74b747e0c8..068a2d2e3a 100644
--- a/ios/PacketTunnelCore/Actor/PacketTunnelActor+ErrorState.swift
+++ b/ios/PacketTunnelCore/Actor/PacketTunnelActor+ErrorState.swift
@@ -9,7 +9,9 @@
 import Foundation
 import MullvadTypes
 import Network
-import WireGuardKitTypes  // For IPAddressRange
+
+import class WireGuardKitTypes.PrivateKey
+import class WireGuardKitTypes.PublicKey
 
 extension PacketTunnelActor {
     /**
diff --git a/ios/PacketTunnelCore/Actor/Protocols/SettingsReaderProtocol.swift b/ios/PacketTunnelCore/Actor/Protocols/SettingsReaderProtocol.swift
index f0b060b97a..1817a3e3e6 100644
--- a/ios/PacketTunnelCore/Actor/Protocols/SettingsReaderProtocol.swift
+++ b/ios/PacketTunnelCore/Actor/Protocols/SettingsReaderProtocol.swift
@@ -10,7 +10,8 @@ import Foundation
 import MullvadSettings
 import MullvadTypes
 import Network
-@preconcurrency import WireGuardKitTypes  // For IPAddressRange
+
+@preconcurrency import class WireGuardKitTypes.PrivateKey
 
 /// A type that implements a reader that can return settings required by `PacketTunnelActor` in order to configure the tunnel.
 public protocol SettingsReaderProtocol {
diff --git a/ios/PacketTunnelCore/Actor/Protocols/TunnelAdapterProtocol.swift b/ios/PacketTunnelCore/Actor/Protocols/TunnelAdapterProtocol.swift
index e3685df781..a06a42af12 100644
--- a/ios/PacketTunnelCore/Actor/Protocols/TunnelAdapterProtocol.swift
+++ b/ios/PacketTunnelCore/Actor/Protocols/TunnelAdapterProtocol.swift
@@ -10,7 +10,11 @@ import Foundation
 import MullvadTypes
 import Network
 import NetworkExtension
-@preconcurrency import WireGuardKitTypes  // For IPAddressRange, DaitaConfiguration
+
+@preconcurrency import struct WireGuardKitTypes.DaitaConfiguration
+@preconcurrency import class WireGuardKitTypes.PreSharedKey
+@preconcurrency import class WireGuardKitTypes.PrivateKey
+@preconcurrency import class WireGuardKitTypes.PublicKey
 
 /// Protocol describing interface for any kind of adapter implementing a VPN tunnel.
 public protocol TunnelAdapterProtocol: Sendable {
diff --git a/ios/PacketTunnelCoreTests/Mocks/SettingsReaderStub.swift b/ios/PacketTunnelCoreTests/Mocks/SettingsReaderStub.swift
index 743e57263d..090b19d6f6 100644
--- a/ios/PacketTunnelCoreTests/Mocks/SettingsReaderStub.swift
+++ b/ios/PacketTunnelCoreTests/Mocks/SettingsReaderStub.swift
@@ -9,7 +9,8 @@
 import Foundation
 import MullvadTypes
 import PacketTunnelCore
-import WireGuardKitTypes  // For IPAddressRange
+
+import class WireGuardKitTypes.PrivateKey
 
 @testable import MullvadSettings
 
diff --git a/ios/PacketTunnelCoreTests/PacketTunnelActorTests.swift b/ios/PacketTunnelCoreTests/PacketTunnelActorTests.swift
index 94bcd8f1b0..561b3d0f18 100644
--- a/ios/PacketTunnelCoreTests/PacketTunnelActorTests.swift
+++ b/ios/PacketTunnelCoreTests/PacketTunnelActorTests.swift
@@ -9,9 +9,10 @@
 @preconcurrency import Combine
 import MullvadTypes
 import Network
-import WireGuardKitTypes  // For IPAddressRange
 import XCTest
 
+import class WireGuardKitTypes.PrivateKey
+
 @testable import MullvadMockData
 @testable import MullvadREST
 @testable import MullvadSettings
author	Emīls <emils@mullvad.net>	2026-04-07 16:01:43 +0200
committer	Jon Petersson <jon.petersson@mullvad.net>	2026-04-13 13:19:02 +0200
commit	17aef424c77788244d86381d56aba7f391de5270 (patch)
tree	18f1837d81d24dae8f813ec5209436a7725e64fe
parent	6b125665a5b490c1c284356686c3aa8d0ff30d88 (diff)
download	mullvadvpn-17aef424c77788244d86381d56aba7f391de5270.tar.xz mullvadvpn-17aef424c77788244d86381d56aba7f391de5270.zip