From b723833ba8038765bb22f273ad0de183329df25b Mon Sep 17 00:00:00 2001 From: james Date: Sat, 23 May 2009 10:30:10 +0000 Subject: Added "redirect-private" option which allows private subnets to be pushed to the client in such a way that they don't accidently obscure critical local addresses such as the DHCP server address and DNS server addresses. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@4436 e7ae566f-a301-0410-adde-c780ea21d3b5 --- route.c | 138 +++++++++++++++++++++++++++++++++------------------------------- 1 file changed, 72 insertions(+), 66 deletions(-) (limited to 'route.c') diff --git a/route.c b/route.c index d31b023..68b0fa3 100644 --- a/route.c +++ b/route.c @@ -543,18 +543,83 @@ redirect_default_route_to_vpn (struct route_list *rl, const struct tuntap *tt, u /* route DHCP/DNS server traffic through original default gateway */ add_bypass_routes (&rl->spec.bypass, rl->spec.net_gateway, tt, flags, es); + if (rl->flags & RG_REROUTE_GW) + { + if (rl->flags & RG_DEF1) + { + /* add new default route (1st component) */ + add_route3 (0x00000000, + 0x80000000, + rl->spec.remote_endpoint, + tt, + flags, + es); + + /* add new default route (2nd component) */ + add_route3 (0x80000000, + 0x80000000, + rl->spec.remote_endpoint, + tt, + flags, + es); + } + else + { + /* delete default route */ + del_route3 (0, + 0, + rl->spec.net_gateway, + tt, + flags, + es); + + /* add new default route */ + add_route3 (0, + 0, + rl->spec.remote_endpoint, + tt, + flags, + es); + } + } + + /* set a flag so we can undo later */ + rl->did_redirect_default_gateway = true; + } + } +} + +static void +undo_redirect_default_route_to_vpn (struct route_list *rl, const struct tuntap *tt, unsigned int flags, const struct env_set *es) +{ + if (rl->did_redirect_default_gateway) + { + /* delete remote host route */ + if (!(rl->flags & RG_LOCAL)) + del_route3 (rl->spec.remote_host, + ~0, + rl->spec.net_gateway, + tt, + flags, + es); + + /* delete special DHCP/DNS bypass route */ + del_bypass_routes (&rl->spec.bypass, rl->spec.net_gateway, tt, flags, es); + + if (rl->flags & RG_REROUTE_GW) + { if (rl->flags & RG_DEF1) { - /* add new default route (1st component) */ - add_route3 (0x00000000, + /* delete default route (1st component) */ + del_route3 (0x00000000, 0x80000000, rl->spec.remote_endpoint, tt, flags, es); - /* add new default route (2nd component) */ - add_route3 (0x80000000, + /* delete default route (2nd component) */ + del_route3 (0x80000000, 0x80000000, rl->spec.remote_endpoint, tt, @@ -566,78 +631,19 @@ redirect_default_route_to_vpn (struct route_list *rl, const struct tuntap *tt, u /* delete default route */ del_route3 (0, 0, - rl->spec.net_gateway, + rl->spec.remote_endpoint, tt, flags, es); - /* add new default route */ + /* restore original default route */ add_route3 (0, 0, - rl->spec.remote_endpoint, + rl->spec.net_gateway, tt, flags, es); } - - /* set a flag so we can undo later */ - rl->did_redirect_default_gateway = true; - } - } -} - -static void -undo_redirect_default_route_to_vpn (struct route_list *rl, const struct tuntap *tt, unsigned int flags, const struct env_set *es) -{ - if (rl->did_redirect_default_gateway) - { - /* delete remote host route */ - if (!(rl->flags & RG_LOCAL)) - del_route3 (rl->spec.remote_host, - ~0, - rl->spec.net_gateway, - tt, - flags, - es); - - /* delete special DHCP/DNS bypass route */ - del_bypass_routes (&rl->spec.bypass, rl->spec.net_gateway, tt, flags, es); - - if (rl->flags & RG_DEF1) - { - /* delete default route (1st component) */ - del_route3 (0x00000000, - 0x80000000, - rl->spec.remote_endpoint, - tt, - flags, - es); - - /* delete default route (2nd component) */ - del_route3 (0x80000000, - 0x80000000, - rl->spec.remote_endpoint, - tt, - flags, - es); - } - else - { - /* delete default route */ - del_route3 (0, - 0, - rl->spec.remote_endpoint, - tt, - flags, - es); - - /* restore original default route */ - add_route3 (0, - 0, - rl->spec.net_gateway, - tt, - flags, - es); } rl->did_redirect_default_gateway = false; -- cgit