Added no-keepalive option, removed webkit. Fixed #49

Cargo.toml

@@ -3,7 +3,7 @@ members = ["snxcore", "snxctl", "snx-rs", "snx-rs-gui"]
 resolver = "2"
 
 [workspace.package]
-version = "2.5.0"
+version = "2.6.0"
 license = "AGPL-3.0"
 edition = "2021"
 authors = ["Dmitry Pankratov <dmitry@pankratov.net>"]

README.md

@@ -18,7 +18,7 @@ This project contains the source code for an unofficial Linux client for Check P
 * Username/password authentication with MFA support
 * Certificate authentication via provided client certificate (PFX, PEM, or HW token)
 * HW token support via PKCS11 (only with IPSec tunnel)
-* GTK frontend with tray icon and optional WebKit webview for SAML authentication
+* GTK frontend with tray icon
 * SSL tunnel via Linux TUN device
 * IPSec tunnel via Linux native kernel XFRM interface
 * Store passwords in the keychain using Secret Service API
@@ -35,7 +35,6 @@ This project contains the source code for an unofficial Linux client for Check P
 * iproute2 (the `ip` command)
 * D-Bus
 * GTK3 and libappindicator3 for the GUI frontend
-* webkit2gtk for the optional WebKit webview
 
 ## Differences between SSL and IPSec tunnels
 
@@ -154,15 +153,11 @@ Before opening a PR, make sure to reformat the sources with the `cargo fmt` comm
 
 ## Building from Sources
 
-By default, the WebKit integration is not enabled and the system browser will be used for SAML authentication.
-It is controlled by the feature flag `webkit2gtk` which can be enabled with `--features=webkit2gtk` cargo parameter.
-
 The easiest way to build the project is using the distrobox:
 
 * Provision distrobox container: `distrobox create --image ubuntu:22.04 --name snx-ubuntu`
 * Enter the container: `distrobox enter snx-ubuntu`
 * Install the required dependencies: `sudo apt install build-essential pkg-config libssl-dev libgtk-3-dev`
-* For WebKit webview feature, install the webkit2gtk dependencies: `sudo apt install libsoup-3.0-dev libwebkit2gtk-4.1-dev libjavascriptcoregtk-4.1-dev`
 * Install a recent [Rust compiler](https://rustup.rs)
 * Run `cargo build` to build the debug version, or `cargo build --release` to build the release version
 * If the GUI frontend is not needed, build it with `cargo build --release --workspace --exclude snx-rs-gui`
@@ -174,3 +169,4 @@ Special thanks to the [cpyvpn](https://gitlab.com/cpvpn/cpyvpn) project for insp
 ## License
 
 Licensed under the [GNU Affero General Public License version 3](https://opensource.org/license/agpl-v3/).
+c

options.md

@@ -29,3 +29,4 @@
 | `ike-port=500`                            | IKE communication port, either 500 or 4500, default is 500                                                                                            |
 | `ike-persist=true\|false`                 | Save IKE session to disk and try to reconnect automatically after application restart                                                                 |
 | `log-level=<log_level>`                   | Logging level: error, warn, debug, info, trace. Default is info. Note: trace-level log includes request and response dumps with sensitive information |
+| `no-keepalive=true\|false`                | Disable keepalive packets for IPSec. Some Check Point servers block the keepalive requests.                                                           |

snx-rs-gui/Cargo.toml

@@ -13,7 +13,6 @@ publish.workspace = true
 [dependencies]
 snxcore = { path = "../snxcore" }
 tray-icon = { version = "0.19", default-features = false }
-webkit2gtk = { version = "2", features = ["v2_32"], optional = true }
 gtk = "0.18"
 png = "0.17"
 async-channel = "2"
@@ -27,6 +26,3 @@ clap = { version = "4", features = ["derive"] }
 hex = "0.4"
 zbus = { version = "4.2", default-features = false, features = ["tokio"] }
 futures = "0.3"
-
-[features]
-webkit2gtk = ["dep:webkit2gtk"]

snx-rs-gui/src/main.rs

@@ -20,10 +20,6 @@ mod prompt;
 mod settings;
 mod theme;
 mod tray;
-
-#[cfg(feature = "webkit2gtk")]
-mod webkit;
-
 const PING_DURATION: Duration = Duration::from_secs(1);
 
 fn main() -> anyhow::Result<()> {

snx-rs-gui/src/settings.rs

@@ -59,6 +59,7 @@ struct MyWidgets {
     esp_lifetime: gtk::Entry,
     ike_port: gtk::Entry,
     ike_persist: gtk::CheckButton,
+    no_keepalive: gtk::CheckButton,
     error: gtk::Label,
 }
 
@@ -215,6 +216,7 @@ impl SettingsDialog {
             .build();
         let ike_port = gtk::Entry::builder().text(params.ike_port.to_string()).build();
         let ike_persist = gtk::CheckButton::builder().active(params.ike_persist).build();
+        let no_keepalive = gtk::CheckButton::builder().active(params.no_keepalive).build();
 
         let provider = gtk::CssProvider::new();
         provider.load_from_data(CSS_ERROR.as_bytes()).unwrap();
@@ -344,6 +346,7 @@ impl SettingsDialog {
             esp_lifetime,
             ike_port,
             ike_persist,
+            no_keepalive,
             error,
         });
 
@@ -463,6 +466,7 @@ impl SettingsDialog {
         params.esp_lifetime = Duration::from_secs(self.widgets.esp_lifetime.text().parse()?);
         params.ike_port = self.widgets.ike_port.text().parse()?;
         params.ike_persist = self.widgets.ike_persist.is_active();
+        params.no_keepalive = self.widgets.no_keepalive.is_active();
 
         params.save()?;
 
@@ -639,6 +643,10 @@ impl SettingsDialog {
         ike_persist.pack_start(&self.widgets.ike_persist, false, true, 0);
         misc_box.pack_start(&ike_persist, false, true, 6);
 
+        let no_keepalive = self.form_box("Disable keepalive packets");
+        no_keepalive.pack_start(&self.widgets.no_keepalive, false, true, 0);
+        misc_box.pack_start(&no_keepalive, false, true, 6);
+
         misc_box
     }
 

snx-rs-gui/src/tray.rs

@@ -18,12 +18,6 @@ use snxcore::{
 
 const TITLE: &str = "SNX-RS VPN client";
 
-#[cfg(feature = "webkit2gtk")]
-fn browser(params: Arc<TunnelParams>) -> impl BrowserController {
-    crate::webkit::WebkitBrowser(params)
-}
-
-#[cfg(not(feature = "webkit2gtk"))]
 fn browser(_params: Arc<TunnelParams>) -> impl BrowserController {
     snxcore::browser::SystemBrowser
 }