summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/etc/inc/openvpn.inc3
-rw-r--r--src/usr/local/www/vpn_openvpn_server.php11
2 files changed, 14 insertions, 0 deletions
diff --git a/src/etc/inc/openvpn.inc b/src/etc/inc/openvpn.inc
index 5bf8d42..cf48ce8 100644
--- a/src/etc/inc/openvpn.inc
+++ b/src/etc/inc/openvpn.inc
@@ -556,6 +556,9 @@ function openvpn_add_dhcpopts(& $settings, & $conf) {
$conf .= "push \"dhcp-option DNS {$settings['dns_server4']}\"\n";
}
+ if (!empty($settings['push_blockoutsidedns'])) {
+ $conf .= "push \"block-outside-dns\"\n";
+ }
if (!empty($settings['push_register_dns'])) {
$conf .= "push \"register-dns\"\n";
}
diff --git a/src/usr/local/www/vpn_openvpn_server.php b/src/usr/local/www/vpn_openvpn_server.php
index e7b2af3..6a750bb 100644
--- a/src/usr/local/www/vpn_openvpn_server.php
+++ b/src/usr/local/www/vpn_openvpn_server.php
@@ -268,6 +268,7 @@ if ($_GET['act'] == "edit") {
$pconfig['verbosity_level'] = 1; // Default verbosity is 1
}
+ $pconfig['push_blockoutsidedns'] = $a_server[$id]['push_blockoutsidedns'];
$pconfig['push_register_dns'] = $a_server[$id]['push_register_dns'];
}
}
@@ -534,6 +535,9 @@ if ($_POST) {
$server['dns_server4'] = $pconfig['dns_server4'];
}
+ if ($pconfig['push_blockoutsidedns']) {
+ $server['push_blockoutsidedns'] = $pconfig['push_blockoutsidedns'];
+ }
if ($pconfig['push_register_dns']) {
$server['push_register_dns'] = $pconfig['push_register_dns'];
}
@@ -1066,6 +1070,13 @@ if ($act=="new" || $act=="edit"):
));
$section->addInput(new Form_Checkbox(
+ 'push_blockoutsidedns',
+ 'Block Outside DNS',
+ 'Make Windows 10 Clients Block access to DNS servers except across OpenVPN while connected, forcing clients to use only VPN DNS servers.',
+ $pconfig['push_blockoutsidedns']
+ ))->setHelp('Requires Windows 10 and OpenVPN 2.3.9 or later. Only Windows 10 is prone to DNS leakage in this way, other clients will ignore the option as they are not affected.');
+
+ $section->addInput(new Form_Checkbox(
'push_register_dns',
'Force DNS cache update',
'Run "net stop dnscache", "net start dnscache", "ipconfig /flushdns" and "ipconfig /registerdns" on connection initiation.',
OpenPOWER on IntegriCloud