OpenVPN 3 Core Library
Loading...
Searching...
No Matches
Namespaces | Classes | Typedefs | Enumerations | Functions
openvpn::TunWin Namespace Reference

DNS utilities for Windows. More...

Namespaces

namespace  Util
 

Classes

class  Client
 
class  ClientConfig
 
class  Dns
 Manage DNS search suffixes for Windows. More...
 
class  Nrpt
 Manage NRPT rules for Windows. More...
 
struct  PacketFrom
 
class  RingBuffer
 
class  Setup
 
struct  SetupBase
 
struct  SetupFactory
 
class  Tun
 
struct  TUN_REGISTER_RINGS
 
struct  TUN_RING
 
struct  TunPersistState
 
class  WFP
 Add WFP rules to block traffic from escaping the VPN. More...
 
class  WinProxySettings
 
class  WintunClient
 

Typedefs

typedef openvpn_io::windows::stream_handle TAPStream
 
typedef ScopedAsioStream< TAPStreamScopedTAPStream
 
typedef TunPersistTemplate< ScopedTAPStream, TunPersistState< RingBuffer::Ptr > > TunPersist
 
typedef TunPersistTemplate< ScopedTAPStream, TunPersistState< Util::TapNameGuidPair > > DcoTunPersist
 
using DNS = Dns< Win::Reg, Win::NetApi >
 
using NRPT = Nrpt< Win::Reg, Win::NetApi >
 
typedef openvpn_io::windows::object_handle AsioEvent
 

Enumerations

enum  Type { TapWindows6 , Wintun , OvpnDco }
 

Functions

 OPENVPN_EXCEPTION (tun_win_error)
 

Detailed Description

DNS utilities for Windows.

Name Resolution Policy Table (NRPT) utilities for Windows.

DNS search suffixes are applied to not fully qualified domain names before lookup, e.g. you try to resolve 'host' and Windows completes this to host.searchdomain1.in and host.searchdomain-n.com and looks up these two FQDNs.

The domain suffixes for completion can be configured in various ways in Windows. There are so called adapter domain suffixes which can be specified with each network adapter configuration. However, these are overridden by a so called search list, which is shared between all adapters. If you want to have more than one search suffix defined for an adapter you have to use a search list, otherwise the primary suffix is enough. In addition to that a search list can also be defined by a group policy, which overrides both previous settings. The local and group polixy search lists a located in different subkeys in the Registry. There's also a primary domain suffix, which is for the Windows AD Domain.

OpenVPN clients will apply pushed search domains this way:

  • If it is a single domain it will be added as primary domain suffix, unless there is a search list defined already. In that case the domain is added to the search list.
  • If there are multiple domains pushed and there already is a search list defined, the pushed domains will be added to the list. Otherwise a new serach list will be created. This newly created search list will also include the primary domain and all adapter domains, so that lookup of unqualified names continues to work when the VPN is connected.

NRPT rules define how DNS loop-ups are done on Windows systems. They override the traditional settings, that are done with the network adapters, so having NRPT rules in place, only those will define how DNS works.

There are two subkey in the Registry where NRPT rules can be defined. One for rules coming in via group policies and the other for locally defined rules. Group policy rules are preferred and if they exist, local rules will be ignored.

OpenVPN will find the right subkey to add its rules to. In case there is no split DNS rule defined it will also add so called bypass rules, which make sure local name resolution will still work while the VPN is connected. This is done by collecting the name server addresses from the adapter configurations and adding them as NRPT rules for the adapter's domain suffix.

NRPT rules described here: https://msdn.microsoft.com/en-us/library/ff957356.aspx

Typedef Documentation

◆ AsioEvent

typedef openvpn_io::windows::object_handle openvpn::TunWin::AsioEvent

Definition at line 53 of file ringbuffer.hpp.

◆ DcoTunPersist

typedef TunPersistTemplate<ScopedTAPStream, TunPersistState<Util::TapNameGuidPair> > openvpn::TunWin::DcoTunPersist

Definition at line 40 of file clientconfig.hpp.

◆ DNS

using openvpn::TunWin::DNS = typedef Dns<Win::Reg, Win::NetApi>

Definition at line 647 of file dns.hpp.

◆ NRPT

using openvpn::TunWin::NRPT = typedef Nrpt<Win::Reg, Win::NetApi>

Definition at line 503 of file nrpt.hpp.

◆ ScopedTAPStream

typedef ScopedAsioStream<TAPStream> openvpn::TunWin::ScopedTAPStream

Definition at line 25 of file clientconfig.hpp.

◆ TAPStream

typedef openvpn_io::windows::stream_handle openvpn::TunWin::TAPStream

Definition at line 24 of file clientconfig.hpp.

◆ TunPersist

typedef TunPersistTemplate<ScopedTAPStream, TunPersistState<RingBuffer::Ptr> > openvpn::TunWin::TunPersist

Definition at line 39 of file clientconfig.hpp.

Enumeration Type Documentation

◆ Type

enum openvpn::TunWin::Type
Enumerator
TapWindows6 
Wintun 
OvpnDco 

Definition at line 67 of file tunutil.hpp.

Function Documentation

◆ OPENVPN_EXCEPTION()

openvpn::TunWin::OPENVPN_EXCEPTION ( tun_win_error  )