diff options
author | James Yonan <james@openvpn.net> | 2011-06-12 01:14:36 +0000 |
---|---|---|
committer | James Yonan <james@openvpn.net> | 2011-06-12 01:14:36 +0000 |
commit | 7fb0e07ec3f7c5f6514523085dbe02ea6b8933e2 (patch) | |
tree | de7e157cc9c513a1870ae9bce16b04fd908e9295 /tun.c | |
parent | 759873034018f597e52dfbbfe91ff9d20530ea91 (diff) | |
download | openvpn-7fb0e07ec3f7c5f6514523085dbe02ea6b8933e2.tar.gz openvpn-7fb0e07ec3f7c5f6514523085dbe02ea6b8933e2.tar.xz openvpn-7fb0e07ec3f7c5f6514523085dbe02ea6b8933e2.zip |
Added redirect-gateway block-local flag, with support for
Linux, Mac OS X, and Linux. This flag (which is pushable
from server) blocks client access to local LAN while VPN
session is active.
Added standalone --show-gateway option to show info about
default gateway.
Extensively refactored get_default_gateway function in
route.c to ease implementation of block-local.
Removed "Experimental" disclaimer from redirect-gateway
man page.
Version 2.1.3y.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7334 e7ae566f-a301-0410-adde-c780ea21d3b5
Diffstat (limited to 'tun.c')
-rw-r--r-- | tun.c | 17 |
1 files changed, 10 insertions, 7 deletions
@@ -270,11 +270,12 @@ check_subnet_conflict (const in_addr_t ip, const in_addr_t netmask, const char *prefix) { +#if 0 /* too many false positives */ struct gc_arena gc = gc_new (); in_addr_t lan_gw = 0; in_addr_t lan_netmask = 0; - if (get_default_gateway (&lan_gw, &lan_netmask)) + if (get_default_gateway (&lan_gw, &lan_netmask) && lan_netmask) { const in_addr_t lan_network = lan_gw & lan_netmask; const in_addr_t network = ip & netmask; @@ -292,18 +293,20 @@ check_subnet_conflict (const in_addr_t ip, } } gc_free (&gc); +#endif } void warn_on_use_of_common_subnets (void) { struct gc_arena gc = gc_new (); - in_addr_t lan_gw = 0; - in_addr_t lan_netmask = 0; + struct route_gateway_info rgi; + const int needed = (RGI_ADDR_DEFINED|RGI_NETMASK_DEFINED); - if (get_default_gateway (&lan_gw, &lan_netmask)) + get_default_gateway (&rgi); + if ((rgi.flags & needed) == needed) { - const in_addr_t lan_network = lan_gw & lan_netmask; + const in_addr_t lan_network = rgi.gateway.addr & rgi.gateway.netmask; if (lan_network == 0xC0A80000 || lan_network == 0xC0A80100) msg (M_WARN, "NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet."); } @@ -841,11 +844,11 @@ do_ifconfig (struct tuntap *tt, { struct route r; CLEAR (r); - r.defined = true; + r.flags = RT_DEFINED; r.network = tt->local & tt->remote_netmask; r.netmask = tt->remote_netmask; r.gateway = tt->local; - add_route (&r, tt, 0, es); + add_route (&r, tt, 0, NULL, es); } #elif defined(TARGET_FREEBSD)||defined(TARGET_DRAGONFLY) |