In case of dco-win persist tun, adapter state (index and name)
persists over lifetime on TunSetup object. Add setter/getter
for adapter state to TunSetup.
While on it, ensure that TunSetup::establish() doesn't
acquire adapter handle for dco - this is done by another
dco-specific "get_handle" method. The handle is not
really used by establish() method when using dco-win.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Signed-off-by: Christopher Ng <facboy@gmail.com>
Acked-by: Lev Stipakov <lstipakov@gmail.com>
Patchwork-Id: 2510
URL: https://patchwork.openvpn.net/patch/2510/
Message-Id: <20220607163049.10056-1-facboy@gmail.com>
Signed-off-by: David Sommerseth <davids@openvpn.net>
Remove the vars-osx64 and vars-iossim files which are no longer used.
The IOS simulator does not support the VPN API and builds for the
IOS simulator have not been done in a very long time nor are they
particular useful.
Also switch to pkg-config for jsoncpp by default.
Signed-off-by: Arne Schwabe <arne@openvpn.net>
Local DNS resolvers, such as Umbrella Roaming Client,
change DNS settings on adapters to 127.0.0.1.
This may not work with openvpn3 because:
- NRPT rule might be created for "." zone,
which redirects all DNS requests to the server
specified in rule. This takes precendence over adapters'
DNS settings.
- DNS requests might be blocked on all adapters
except TAP (tap-windows6/wintun/ovpn-dco-win) to prevent
DNS leaks.
To enable compatibility with local DNS resolvers, add
"allowLocalDnsResolvers" core config option, which,
when enabled, makes core to
- avoid creating NRPT rule for "." zone
- permit DNS requests to 127.0.0.1 / ::1
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Windows agent has been moved from common to core,
so for consistency move mac agent too.
Since agent and agent-enabled client depend on jsoncpp,
also move jsoncpp build scripts.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
The CMakeLists.txt settings from the project root directory are
inherited by the defined subdirectories automatically.
Also switch to a simpler way of setting the CMAKE_MODULE_PATH.
According to the CMake documentation, this variable is empty by
default [1] and should not need to pull in existing settings.
Finally remove the comment regarding CMake's use case, as we are
moving towards full CMake support for OpenVPN 3.
Signed-off-by: David Sommerseth <davids@openvpn.net>
We skipped bypass route installation if new host address is the same
as previous one. This didin't take into account case when network
has changed and gateway for the host could change.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
When adding bypass route to remote we always use
default gateway. This doesn't work when remote is not
reachable via default gateway (local network,
custom route - OVPN3-653).
Implement "get best gateway" logic by traversing routing
table and find gateway with longest prefix match and
highest metric.
In case of seamless tunnel and redirect-gw "get best gateway"
will return VPN gateway when adding bypass route during reconnect
to another remote. VPN tunnel is likely broken at this point
and bypass route via VPN make reconnect impossible.
Fix that by storing VPN interface index and, when finding best gateway,
filter routes which use VPN interface.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Although the init calls were protected by a mutex more than consumer of
the API will the second one if the uninit was called too early.
While at it, move from explicit init/uninit calls to RAII.
Signed-off-by: Arne Schwabe <arne@openvpn.net>
This is needed to make openvpn-gui client work with openpvn3.
openvpn-gui passes all information, required to start vpn session,
to agent via named pipe. Agent impersonates another end of pipe,
which is gui process, running under user privileges, and starts
openvpn process.
openvpn-gui generates a random password, which is written by agent
into openvpn process's stdin. That password is used by openvpn-gui to
connect to openvpn's management interface.
openvpn-gui creates an event with unique name, which it is passed
to openvpn via command line. When user disconnects VPN session, gui
sets event into signalled state. openvpn waits on event and, when it is signalled, quits.
Signed-off-by: Lev Stipakov <lev@openvpn.net>