src/Cedar/Proto_OpenVPN.c: push "block-outside-dns" to clients

From https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage: --block-outside-dns Block DNS servers on other network adapters to prevent DNS leaks. This option prevents any application from accessing TCP or UDP port 53 except one inside the tunnel. It uses Windows Filtering Platform (WFP) and works on Windows Vista or later. This option is considered unknown on non-Windows platforms and unsupported on Windows XP, resulting in fatal error. You may want to use --setenv opt or --ignore-unknown-option (not suitable for Windows XP) to ignore said error. Note that pushing unknown options from server does not trigger fatal errors.
2024-09-19 18:20:40 +03:00 · 2020-04-04 08:37:19 +02:00 · 2020-04-04 08:37:19 +02:00 · b6ef9f88c9
commit b6ef9f88c9
parent c6f186bd73
1 changed files with 11 additions and 0 deletions
--- a/src/Cedar/Proto_OpenVPN.c
+++ b/src/Cedar/Proto_OpenVPN.c
@ -2460,6 +2460,17 @@ void OvsRecvPacket(OPENVPN_SERVER *s, LIST *recv_packet_list)
 									}
 								}

+								// From https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage:
+								//
+								// --block-outside-dns
+								// Block DNS servers on other network adapters to prevent DNS leaks.
+								// This option prevents any application from accessing TCP or UDP port 53 except one inside the tunnel.
+								// It uses Windows Filtering Platform (WFP) and works on Windows Vista or later.
+								// This option is considered unknown on non-Windows platforms and unsupported on Windows XP, resulting in fatal error.
+								// You may want to use --setenv opt or --ignore-unknown-option (not suitable for Windows XP) to ignore said error.
+								// Note that pushing unknown options from server does not trigger fatal errors.
+								StrCat(option_str, sizeof(option_str), ",block-outside-dns");
+
 								WriteFifo(c->SslPipe->SslInOut->SendFifo, option_str, StrSize(option_str));

 								Debug("Push Str: %s\n", option_str);