diff options
author | jim-p <jimp@pfsense.org> | 2016-08-17 15:41:41 -0400 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2016-08-17 15:42:32 -0400 |
commit | 01c2735c0f18707559cca73df6b880b456a012d8 (patch) | |
tree | 75b41633d99a4dc72556ffe4eaf8b4f1e717bf15 /src | |
parent | 613d95e37c24fe1e5149d43b9c3add8d49c693e5 (diff) | |
download | pfsense-01c2735c0f18707559cca73df6b880b456a012d8.zip pfsense-01c2735c0f18707559cca73df6b880b456a012d8.tar.gz |
Add an option to push "block-outside-dns" to clients of an RA OpenVPN. Fixes #6719
Diffstat (limited to 'src')
-rw-r--r-- | src/etc/inc/openvpn.inc | 3 | ||||
-rw-r--r-- | src/usr/local/www/vpn_openvpn_server.php | 11 |
2 files changed, 14 insertions, 0 deletions
diff --git a/src/etc/inc/openvpn.inc b/src/etc/inc/openvpn.inc index 91dc59e..1d2a95b 100644 --- a/src/etc/inc/openvpn.inc +++ b/src/etc/inc/openvpn.inc @@ -524,6 +524,9 @@ function openvpn_add_dhcpopts(& $settings, & $conf) { $conf .= "push \"dhcp-option DNS {$settings['dns_server4']}\"\n"; } + if (!empty($settings['push_blockoutsidedns'])) { + $conf .= "push \"block-outside-dns\"\n"; + } if (!empty($settings['push_register_dns'])) { $conf .= "push \"register-dns\"\n"; } diff --git a/src/usr/local/www/vpn_openvpn_server.php b/src/usr/local/www/vpn_openvpn_server.php index 94f8011..140e248 100644 --- a/src/usr/local/www/vpn_openvpn_server.php +++ b/src/usr/local/www/vpn_openvpn_server.php @@ -236,6 +236,7 @@ if ($_GET['act'] == "edit") { $pconfig['verbosity_level'] = 1; // Default verbosity is 1 } + $pconfig['push_blockoutsidedns'] = $a_server[$id]['push_blockoutsidedns']; $pconfig['push_register_dns'] = $a_server[$id]['push_register_dns']; } } @@ -502,6 +503,9 @@ if ($_POST) { $server['dns_server4'] = $pconfig['dns_server4']; } + if ($pconfig['push_blockoutsidedns']) { + $server['push_blockoutsidedns'] = $pconfig['push_blockoutsidedns']; + } if ($pconfig['push_register_dns']) { $server['push_register_dns'] = $pconfig['push_register_dns']; } @@ -1034,6 +1038,13 @@ if ($act=="new" || $act=="edit"): )); $section->addInput(new Form_Checkbox( + 'push_blockoutsidedns', + 'Block Outside DNS', + 'Make Windows 10 Clients Block access to DNS servers except across OpenVPN while connected, forcing clients to use only VPN DNS servers.', + $pconfig['push_blockoutsidedns'] + ))->setHelp('Requires Windows 10 and OpenVPN 2.3.9 or later. Only Windows 10 is prone to DNS leakage in this way, other clients will ignore the option as they are not affected.'); + + $section->addInput(new Form_Checkbox( 'push_register_dns', 'Force DNS cache update', 'Run "net stop dnscache", "net start dnscache", "ipconfig /flushdns" and "ipconfig /registerdns" on connection initiation.', |