mirror of
https://github.com/OpenVPN/openvpn.git
synced 2024-09-19 19:42:30 +02:00
bf887c95e4
In an attempt to better defend against the TunnelCrack attacks, enforce that no traffic can pass to anything else than the VPN interface when the 'block-local' flags is given with either --redirect-gateway or --redirect-private. Reuse much of the existing --block-outside-dns code, but make it more general, so that it can also block any traffic, not just port 53. Uses the Windows Filtering Platform for enforcement in addition to the routes redirecting the networks into the tunnel. Change-Id: Ic9bf797bfc7e2d471998a84cb0f071db3e4832ba Signed-off-by: Heiko Hund <heiko@ist.eigentlich.net> Acked-by: Lev Stipakov <lstipakov@gmail.com> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <20240605123856.26267-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28717.html Signed-off-by: Gert Doering <gert@greenie.muc.de> |
||
---|---|---|
.. | ||
doxygen | ||
man-sections | ||
tests | ||
android.txt | ||
CMakeLists.txt | ||
gui-notes.txt | ||
interactive-service-notes.rst | ||
keying-material-exporter.txt | ||
Makefile.am | ||
management-notes.txt | ||
openvpn-examples.5.rst | ||
openvpn.8.rst | ||
README.man | ||
README.plugins | ||
tls-crypt-v2.txt |
OpenVPN Plugins --------------- Starting with OpenVPN 2.0-beta17, compiled plugin modules are supported on any *nix OS which includes libdl or on Windows. One or more modules may be loaded into OpenVPN using the --plugin directive, and each plugin module is capable of intercepting any of the script callbacks which OpenVPN supports: (1) up (2) down (3) route-up (4) ipchange (5) tls-verify (6) auth-user-pass-verify (7) client-connect (8) client-disconnect (9) learn-address See the openvpn-plugin.h file in the top-level directory of the OpenVPN source distribution for more detailed information on the plugin interface. Included Plugins ---------------- auth-pam -- Authenticate using PAM and a split privilege execution model which functions even if root privileges or the execution environment have been altered with --user/--group/--chroot. Tested on Linux only. down-root -- Enable the running of down scripts with root privileges even if --user/--group/--chroot have been used to drop root privileges or change the execution environment. Not applicable on Windows. examples -- A simple example that demonstrates a portable plugin, i.e. one which can be built for *nix or Windows from the same source. Building Plugins ---------------- cd to the top-level directory of a plugin, and use the "make" command to build it. The examples plugin is built using a build script, not a makefile.