diff options
author | jim-p <jimp@pfsense.org> | 2016-08-17 15:41:41 -0400 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2016-08-17 15:42:32 -0400 |
commit | 01c2735c0f18707559cca73df6b880b456a012d8 (patch) | |
tree | 75b41633d99a4dc72556ffe4eaf8b4f1e717bf15 /src/usr/local/www/vpn_openvpn_server.php | |
parent | 613d95e37c24fe1e5149d43b9c3add8d49c693e5 (diff) | |
download | pfsense-01c2735c0f18707559cca73df6b880b456a012d8.zip pfsense-01c2735c0f18707559cca73df6b880b456a012d8.tar.gz |
Add an option to push "block-outside-dns" to clients of an RA OpenVPN. Fixes #6719
Diffstat (limited to 'src/usr/local/www/vpn_openvpn_server.php')
-rw-r--r-- | src/usr/local/www/vpn_openvpn_server.php | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/src/usr/local/www/vpn_openvpn_server.php b/src/usr/local/www/vpn_openvpn_server.php index 94f8011..140e248 100644 --- a/src/usr/local/www/vpn_openvpn_server.php +++ b/src/usr/local/www/vpn_openvpn_server.php @@ -236,6 +236,7 @@ if ($_GET['act'] == "edit") { $pconfig['verbosity_level'] = 1; // Default verbosity is 1 } + $pconfig['push_blockoutsidedns'] = $a_server[$id]['push_blockoutsidedns']; $pconfig['push_register_dns'] = $a_server[$id]['push_register_dns']; } } @@ -502,6 +503,9 @@ if ($_POST) { $server['dns_server4'] = $pconfig['dns_server4']; } + if ($pconfig['push_blockoutsidedns']) { + $server['push_blockoutsidedns'] = $pconfig['push_blockoutsidedns']; + } if ($pconfig['push_register_dns']) { $server['push_register_dns'] = $pconfig['push_register_dns']; } @@ -1034,6 +1038,13 @@ if ($act=="new" || $act=="edit"): )); $section->addInput(new Form_Checkbox( + 'push_blockoutsidedns', + 'Block Outside DNS', + 'Make Windows 10 Clients Block access to DNS servers except across OpenVPN while connected, forcing clients to use only VPN DNS servers.', + $pconfig['push_blockoutsidedns'] + ))->setHelp('Requires Windows 10 and OpenVPN 2.3.9 or later. Only Windows 10 is prone to DNS leakage in this way, other clients will ignore the option as they are not affected.'); + + $section->addInput(new Form_Checkbox( 'push_register_dns', 'Force DNS cache update', 'Run "net stop dnscache", "net start dnscache", "ipconfig /flushdns" and "ipconfig /registerdns" on connection initiation.', |