openvpn3

mirror of https://github.com/OpenVPN/openvpn3.git synced 2024-09-19 19:52:15 +02:00

History

Heiko Hund d7606f4cfb apply --dns options the new way Previous to this --dns and DNS related --dhcp-options shared the same code to apply the settings to Windows and macOS systems. So, both options were pretty much just aliases, with --dns offering more and finer grained settings that were mostly ignored. Now --dhcp-options are applied the way they have always been and --dns does it its own - the new - way. Reason for this behavioral change is foremost that we want it to be the same between openvpn version 2 and version 3. But there are also a few new features (e.g. DNSSEC), previously not present with the --dhcp-options. The name server and split-domain configuration is exclusively set via NRPT on Windows, since it overrules any other resolver setting. If there is no split DNS configured and all domains are resolved using the pushed name server, we make sure that local domain names are still resolvable by adding so called exclude NRPT rules, that make sure local domains get resolved by their local DNS resolvers. Since Windows does not know about alternative secure transports, the 'transport' and 'sni' settings are ignored. For macOS the 'dnssec' setting is ignored in addition to that. Besides that not much does change on that platform. In case of --dns options the explicit values are used now. The API in use may be changed at a later time. Signed-off-by: Heiko Hund <heiko@openvpn.net>	2024-05-13 14:07:53 +02:00
..
mac	Replacing logging in ssl context und proto context with new logger	2024-04-17 14:48:50 +00:00
win	apply --dns options the new way	2024-05-13 14:07:53 +02:00

Heiko Hund d7606f4cfb apply --dns options the new way

Previous to this --dns and DNS related --dhcp-options shared the same
code to apply the settings to Windows and macOS systems. So, both
options were pretty much just aliases, with --dns offering more and
finer grained settings that were mostly ignored.

Now --dhcp-options are applied the way they have always been and --dns
does it its own - the new - way. Reason for this behavioral change is
foremost that we want it to be the same between openvpn version 2 and
version 3. But there are also a few new features (e.g. DNSSEC), previously
not present with the --dhcp-options.

The name server and split-domain configuration is exclusively set via
NRPT on Windows, since it overrules any other resolver setting. If there
is no split DNS configured and all domains are resolved using the pushed
name server, we make sure that local domain names are still resolvable by
adding so called exclude NRPT rules, that make sure local domains get
resolved by their local DNS resolvers.

Since Windows does not know about alternative secure transports, the
'transport' and 'sni' settings are ignored.

For macOS the 'dnssec' setting is ignored in addition to that. Besides
that not much does change on that platform. In case of --dns options the
explicit values are used now. The API in use may be changed at a later time.

Signed-off-by: Heiko Hund <heiko@openvpn.net>

2024-05-13 14:07:53 +02:00

mac

Replacing logging in ssl context und proto context with new logger

2024-04-17 14:48:50 +00:00

win

apply --dns options the new way

2024-05-13 14:07:53 +02:00