summaryrefslogtreecommitdiff
path: root/src/openvpn/options.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/openvpn/options.c')
-rw-r--r--src/openvpn/options.c94
1 files changed, 86 insertions, 8 deletions
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 7f128c3..47acd97 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -704,7 +704,8 @@ static const char usage_message[] =
" which allow multiple addresses,\n"
" --dhcp-option must be repeated.\n"
" DOMAIN name : Set DNS suffix\n"
- " DNS addr : Set domain name server address(es)\n"
+ " DNS addr : Set domain name server address(es) (IPv4)\n"
+ " DNS6 addr : Set domain name server address(es) (IPv6)\n"
" NTP : Set NTP server address(es)\n"
" NBDD : Set NBDD server address(es)\n"
" WINS addr : Set WINS server address(es)\n"
@@ -716,8 +717,8 @@ static const char usage_message[] =
"--dhcp-pre-release : Ask Windows to release the previous TAP adapter lease on\n"
" startup.\n"
"--dhcp-release : Ask Windows to release the TAP adapter lease on shutdown.\n"
- "--register-dns : Run net stop dnscache, net start dnscache, ipconfig /flushdns\n"
- " and ipconfig /registerdns on connection initiation.\n"
+ "--register-dns : Run ipconfig /flushdns and ipconfig /registerdns\n"
+ " on connection initiation.\n"
"--tap-sleep n : Sleep for n seconds after TAP adapter open before\n"
" attempting to set adapter properties.\n"
"--pause-exit : When run from a console window, pause before exiting.\n"
@@ -1642,6 +1643,8 @@ show_settings (const struct options *o)
SHOW_STR (shared_secret_file);
SHOW_INT (key_direction);
SHOW_STR (ciphername);
+ SHOW_BOOL (ncp_enabled);
+ SHOW_STR (ncp_ciphers);
SHOW_STR (authname);
SHOW_STR (prng_hash);
SHOW_INT (prng_nonce_secret_len);
@@ -2523,6 +2526,22 @@ options_postprocess_mutate_ce (struct options *o, struct connection_entry *ce)
}
+#ifdef _WIN32
+/* If iservice is in use, we need def1 method for redirect-gateway */
+static void
+remap_redirect_gateway_flags (struct options *opt)
+{
+ if (opt->routes
+ && opt->route_method == ROUTE_METHOD_SERVICE
+ && opt->routes->flags & RG_REROUTE_GW
+ && !(opt->routes->flags & RG_DEF1))
+ {
+ msg (M_INFO, "Flag 'def1' added to --redirect-gateway (iservice is in use)");
+ opt->routes->flags |= RG_DEF1;
+ }
+}
+#endif
+
static void
options_postprocess_mutate_invariant (struct options *options)
{
@@ -2552,6 +2571,8 @@ options_postprocess_mutate_invariant (struct options *options)
options->tuntap_options.ip_win32_type = IPW32_SET_MANUAL;
options->ifconfig_noexec = false;
}
+
+ remap_redirect_gateway_flags (options);
#endif
#if P2MP_SERVER
@@ -3444,6 +3465,36 @@ options_string_version (const char* s, struct gc_arena *gc)
#endif /* ENABLE_OCC */
+char *
+options_string_extract_option (const char *options_string,const char *opt_name,
+ struct gc_arena *gc)
+{
+ char *ret = NULL;
+ const size_t opt_name_len = strlen(opt_name);
+
+ const char *p = options_string;
+ while (p)
+ {
+ if (0 == strncmp(p, opt_name, opt_name_len) &&
+ strlen(p) > (opt_name_len+1) && p[opt_name_len] == ' ')
+ {
+ /* option found, extract value */
+ const char *start = &p[opt_name_len+1];
+ const char *end = strchr (p, ',');
+ size_t val_len = end ? end - start : strlen (start);
+ ret = gc_malloc (val_len+1, true, gc);
+ memcpy (ret, start, val_len);
+ break;
+ }
+ p = strchr (p, ',');
+ if (p)
+ {
+ p++; /* skip delimiter */
+ }
+ }
+ return ret;
+}
+
static void
foreign_option (struct options *o, char *argv[], int len, struct env_set *es)
{
@@ -3652,7 +3703,7 @@ usage_version (void)
show_windows_version( M_INFO|M_NOPREFIX );
#endif
msg (M_INFO|M_NOPREFIX, "Originally developed by James Yonan");
- msg (M_INFO|M_NOPREFIX, "Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>");
+ msg (M_INFO|M_NOPREFIX, "Copyright (C) 2002-2016 OpenVPN Technologies, Inc. <sales@openvpn.net>");
#ifndef ENABLE_SMALL
#ifdef CONFIGURE_DEFINES
msg (M_INFO|M_NOPREFIX, "Compile time defines: %s", CONFIGURE_DEFINES);
@@ -3935,7 +3986,7 @@ read_inline_file (struct in_src *is, const char *close_tag, struct gc_arena *gc)
ret = string_alloc (BSTR (&buf), gc);
buf_clear (&buf);
free_buf (&buf);
- CLEAR (line);
+ secure_memzero (line, sizeof (line));
return ret;
}
@@ -4050,7 +4101,7 @@ read_config_file (struct options *options,
{
msg (msglevel, "In %s:%d: Maximum recursive include levels exceeded in include attempt of file %s -- probably you have a configuration file that tries to include itself.", top_file, top_line, file);
}
- CLEAR (line);
+ secure_memzero (line, sizeof (line));
CLEAR (p);
}
@@ -4082,7 +4133,7 @@ read_config_string (const char *prefix,
}
CLEAR (p);
}
- CLEAR (line);
+ secure_memzero (line, sizeof (line));
}
void
@@ -4374,6 +4425,8 @@ add_option (struct options *options,
*/
if (streq (p[0], "setenv") && p[1] && streq (p[1], "opt") && !(permission_mask & OPT_P_PULL_MODE))
{
+ if (!p[2])
+ p[2] = "setenv opt"; /* will trigger an error that includes setenv opt */
p += 2;
msglevel_fc = M_WARN;
}
@@ -5672,6 +5725,10 @@ add_option (struct options *options,
goto err;
}
}
+#ifdef _WIN32
+ /* we need this here to handle pushed --redirect-gateway */
+ remap_redirect_gateway_flags (options);
+#endif
options->routes->flags |= RG_ENABLE;
}
else if (streq (p[0], "remote-random-hostname") && !p[1])
@@ -6406,6 +6463,20 @@ add_option (struct options *options,
{
dhcp_option_address_parse ("DNS", p[2], o->dns, &o->dns_len, msglevel);
}
+ else if (streq (p[1], "DNS6") && p[2] && ipv6_addr_safe(p[2]))
+ {
+ struct in6_addr addr;
+ foreign_option (options, p, 3, es);
+ if (o->dns6_len >= N_DHCP_ADDR)
+ {
+ msg (msglevel, "--dhcp-option DNS6: maximum of %d dns servers can be specified",
+ N_DHCP_ADDR);
+ }
+ else if (get_ipv6_addr (p[2], &addr, NULL, msglevel))
+ {
+ o->dns6[o->dns6_len++] = addr;
+ }
+ }
else if (streq (p[1], "WINS") && p[2])
{
dhcp_option_address_parse ("WINS", p[2], o->wins, &o->wins_len, msglevel);
@@ -6427,7 +6498,14 @@ add_option (struct options *options,
msg (msglevel, "--dhcp-option: unknown option type '%s' or missing or unknown parameter", p[1]);
goto err;
}
- o->dhcp_options = true;
+
+ /* flag that we have options to give to the TAP driver's DHCPv4 server
+ * - skipped for "DNS6", as that's not a DHCPv4 option
+ */
+ if (!streq (p[1], "DNS6"))
+ {
+ o->dhcp_options = true;
+ }
}
#endif
#ifdef _WIN32