From: Selva Nair <selva.nair@gmail.com>
Date: Sat, 4 Jun 2016 15:54:08 +0000 (-0400)
Subject: Make block-outside-dns work with persist-tun
X-Git-Tag: v2.3.12~12
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1aa9d281052d45f20aaa9ff28255d19faee88eb9;p=thirdparty%2Fopenvpn.git

Make block-outside-dns work with persist-tun

- Remove and recreate WFP filters during restart even when
  tun/tap is not re-opened. This is needed for resolving the remote.

See also: http://article.gmane.org/gmane.network.openvpn.user/36990

Signed-off-by: Selva Nair <selva.nair@gmail.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1465055649-13628-1-git-send-email-selva.nair@gmail.com>
URL: http://article.gmane.org/gmane.network.openvpn.devel/11787
Signed-off-by: Gert Doering <gert@greenie.muc.de>
---

diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index 21487772c..593fbf46e 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -1522,6 +1522,15 @@ do_open_tun (struct context *c)
 		     NULL,
 		     "up",
 		     c->c2.es);
+#if defined(WIN32)
+      if (c->options.block_outside_dns)
+        {
+          dmsg (D_LOW, "Blocking outside DNS");
+          if (!win_wfp_block_dns(c->c1.tuntap->adapter_index))
+            msg (M_FATAL, "Blocking DNS failed!");
+        }
+#endif
+
     }
   gc_free (&gc);
   return ret;
@@ -1651,6 +1660,15 @@ do_close_tun (struct context *c, bool force)
 					     c->sig->signal_text),
 			 "down",
 			 c->c2.es);
+
+#if defined(WIN32)
+          if (c->options.block_outside_dns)
+            {
+              if (!win_wfp_uninit())
+                  msg (M_FATAL, "Uninitialising WFP failed!");
+            }
+#endif
+
 	}
     }
   gc_free (&gc);