diff options
| author | jim-p <jimp@pfsense.org> | 2016-08-17 15:41:41 -0400 |
|---|---|---|
| committer | jim-p <jimp@pfsense.org> | 2016-08-17 15:41:41 -0400 |
| commit | 13ac08b8c500cd05f2a351d0d0d37f0d00514a55 (patch) | |
| tree | b681aefa5302f649ee2bf3a6518b3bbba8d3c309 | |
| parent | 4b1b6bed60f634985341bfc60f60d4dd3dbbd72a (diff) | |
| download | pfsense-13ac08b8c500cd05f2a351d0d0d37f0d00514a55.zip pfsense-13ac08b8c500cd05f2a351d0d0d37f0d00514a55.tar.gz | |
Add an option to push "block-outside-dns" to clients of an RA OpenVPN. Fixes #6719
| -rw-r--r-- | src/etc/inc/openvpn.inc | 3 | ||||
| -rw-r--r-- | src/usr/local/www/vpn_openvpn_server.php | 11 |
2 files changed, 14 insertions, 0 deletions
diff --git a/src/etc/inc/openvpn.inc b/src/etc/inc/openvpn.inc index 5bf8d42..cf48ce8 100644 --- a/src/etc/inc/openvpn.inc +++ b/src/etc/inc/openvpn.inc @@ -556,6 +556,9 @@ function openvpn_add_dhcpopts(& $settings, & $conf) { $conf .= "push \"dhcp-option DNS {$settings['dns_server4']}\"\n"; } + if (!empty($settings['push_blockoutsidedns'])) { + $conf .= "push \"block-outside-dns\"\n"; + } if (!empty($settings['push_register_dns'])) { $conf .= "push \"register-dns\"\n"; } diff --git a/src/usr/local/www/vpn_openvpn_server.php b/src/usr/local/www/vpn_openvpn_server.php index e7b2af3..6a750bb 100644 --- a/src/usr/local/www/vpn_openvpn_server.php +++ b/src/usr/local/www/vpn_openvpn_server.php @@ -268,6 +268,7 @@ if ($_GET['act'] == "edit") { $pconfig['verbosity_level'] = 1; // Default verbosity is 1 } + $pconfig['push_blockoutsidedns'] = $a_server[$id]['push_blockoutsidedns']; $pconfig['push_register_dns'] = $a_server[$id]['push_register_dns']; } } @@ -534,6 +535,9 @@ if ($_POST) { $server['dns_server4'] = $pconfig['dns_server4']; } + if ($pconfig['push_blockoutsidedns']) { + $server['push_blockoutsidedns'] = $pconfig['push_blockoutsidedns']; + } if ($pconfig['push_register_dns']) { $server['push_register_dns'] = $pconfig['push_register_dns']; } @@ -1066,6 +1070,13 @@ if ($act=="new" || $act=="edit"): )); $section->addInput(new Form_Checkbox( + 'push_blockoutsidedns', + 'Block Outside DNS', + 'Make Windows 10 Clients Block access to DNS servers except across OpenVPN while connected, forcing clients to use only VPN DNS servers.', + $pconfig['push_blockoutsidedns'] + ))->setHelp('Requires Windows 10 and OpenVPN 2.3.9 or later. Only Windows 10 is prone to DNS leakage in this way, other clients will ignore the option as they are not affected.'); + + $section->addInput(new Form_Checkbox( 'push_register_dns', 'Force DNS cache update', 'Run "net stop dnscache", "net start dnscache", "ipconfig /flushdns" and "ipconfig /registerdns" on connection initiation.', |
