From 451d2177d762e93677cad52bb2360a8dfb389ac7 Mon Sep 17 00:00:00 2001
From: Selva Nair <selva.nair@gmail.com>
Date: Sat, 4 Jun 2016 11:57:13 -0400
Subject: [PATCH] Make block-outside-dns work with persist-tun

- Remove and recreate WFP filters during restart even when
  tun/tap is not re-opened. This is needed for resolving the remote.
  Patch same as for v2.3 except for passing 'msg_channel'.

See also: http://article.gmane.org/gmane.network.openvpn.user/36990

Signed-off-by: Selva Nair <selva.nair@gmail.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1465055833-13681-1-git-send-email-selva.nair@gmail.com>
URL: http://article.gmane.org/gmane.network.openvpn.devel/11788
Signed-off-by: Gert Doering <gert@greenie.muc.de>
---
 src/openvpn/init.c | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index 4b044f475..50cbf902e 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -1556,6 +1556,15 @@ do_open_tun (struct context *c)
 		     NULL,
 		     "up",
 		     c->c2.es);
+#if defined(WIN32)
+      if (c->options.block_outside_dns)
+        {
+          dmsg (D_LOW, "Blocking outside DNS");
+          if (!win_wfp_block_dns(c->c1.tuntap->adapter_index, c->options.msg_channel))
+            msg (M_FATAL, "Blocking DNS failed!");
+        }
+#endif
+
     }
 #endif
   gc_free (&gc);
@@ -1686,6 +1695,15 @@ do_close_tun (struct context *c, bool force)
 					     c->sig->signal_text),
 			 "down",
 			 c->c2.es);
+
+#if defined(WIN32)
+          if (c->options.block_outside_dns)
+            {
+              if (!win_wfp_uninit(c->options.msg_channel))
+                  msg (M_FATAL, "Uninitialising WFP failed!");
+            }
+#endif
+
 	}
     }
   gc_free (&gc);
-- 
2.47.2