OpenVPN 3 Core Library
Loading...
Searching...
No Matches
tunprop.hpp
Go to the documentation of this file.
1// OpenVPN -- An application to securely tunnel IP networks
2// over a single port, with support for SSL/TLS-based
3// session authentication and key exchange,
4// packet encryption, packet authentication, and
5// packet compression.
6//
7// Copyright (C) 2012- OpenVPN Inc.
8//
9// SPDX-License-Identifier: MPL-2.0 OR AGPL-3.0-only WITH openvpn3-openssl-exception
10//
11
12// Process tun interface properties.
13
14#ifndef OPENVPN_TUN_CLIENT_TUNPROP_H
15#define OPENVPN_TUN_CLIENT_TUNPROP_H
16
17#include <string>
18
19#include <openvpn/common/size.hpp>
20#include <openvpn/common/rc.hpp>
21#include <openvpn/common/options.hpp>
22#include <openvpn/common/split.hpp>
23#include <openvpn/common/hostport.hpp>
24#include <openvpn/tun/builder/base.hpp>
25#include <openvpn/addr/addrpair.hpp>
26#include <openvpn/client/remotelist.hpp>
27#include <openvpn/client/ipverflags.hpp>
28#include <openvpn/client/dns.hpp>
29#include <openvpn/tun/client/emuexr.hpp>
30#include <openvpn/tun/client/tunbase.hpp>
31#include <openvpn/tun/layer.hpp>
32
33namespace openvpn {
34class TunProp
35{
36 // render option flags
37 enum
38 {
39 OPT_RENDER_FLAGS = Option::RENDER_TRUNC_64 | Option::RENDER_BRACKET
40 };
41
42 // maximum route metric
43 static constexpr int MAX_ROUTE_METRIC = 1000000;
44
45 public:
46 OPENVPN_EXCEPTION(tun_prop_error);
47 OPENVPN_EXCEPTION(tun_prop_route_error);
48 OPENVPN_UNTAGGED_EXCEPTION_INHERIT(option_error, tun_prop_dns_option_error);
49 OPENVPN_UNTAGGED_EXCEPTION_INHERIT(option_error, tun_prop_dhcp_option_error);
50
51 struct Config
52 {
53 std::string session_name;
54 int mtu = 0;
55 int mtu_max = 0;
56 bool google_dns_fallback = false;
57#if defined(OPENVPN_PLATFORM_WIN) || defined(OPENVPN_PLATFORM_MAC) || defined(OPENVPN_PLATFORM_LINUX) || defined(OPENVPN_PLATFORM_IPHONE)
58 bool dhcp_search_domains_as_split_domains = true;
59#else
60 bool dhcp_search_domains_as_split_domains = false;
61#endif
62 bool allow_local_lan_access = false;
63 Layer layer{Layer::OSI_LAYER_3};
64
65 // If remote_bypass is true, obtain cached remote IPs from
66 // remote_list, and preconfigure exclude route rules for them.
67 // Note that the primary remote IP is not included in the
68 // exclusion list because existing pathways already exist
69 // (i.e. redirect-gateway) for routing this particular address.
70 // This feature is intended to work with tun_persist, so that
71 // the client is not locked out of contacting subsequent
72 // servers in the remote list after the routing configuration
73 // for the initial connection has taken effect.
74 RemoteList::Ptr remote_list;
75 bool remote_bypass = false;
76 };
77
78 struct State : public RC<thread_unsafe_refcount>
79 {
80 using Ptr = RCPtr<State>;
81
82 std::string iface_name;
83 IP::Addr vpn_ip4_addr;
84 IP::Addr vpn_ip6_addr;
85 IP::Addr vpn_ip4_gw;
86 IP::Addr vpn_ip6_gw;
87 int mtu = 0;
88 bool tun_prefix = false;
89 std::uint32_t vpn_interface_index = INVALID_ADAPTER_INDEX;
90 };
91
92 static void configure_builder(TunBuilderBase *tb,
93 State *state,
94 SessionStats *stats,
95 const IP::Addr &server_addr,
96 const Config &config,
97 const OptionList &opt,
98 const EmulateExcludeRouteFactory *eer_factory,
99 const bool quiet)
100 {
101 // if eer_factory is defined, we must emulate exclude routes
102 EmulateExcludeRoute::Ptr eer;
103 if (eer_factory)
104 eer = eer_factory->new_obj();
105
106 // do ifconfig
107 IP::Addr::VersionMask ip_ver_flags = tun_ifconfig(tb, state, opt);
108
109 // with layer 2, either IPv4 or IPv6 might be supported
110 if (config.layer() == Layer::OSI_LAYER_2)
111 ip_ver_flags |= (IP::Addr::V4_MASK | IP::Addr::V6_MASK);
112
113 // verify IPv4/IPv6
114 if (!ip_ver_flags)
115 throw tun_prop_error("one of ifconfig or ifconfig-ipv6 must be specified");
116
117 // get IP version and redirect-gateway flags
118 IPVerFlags ipv(opt, ip_ver_flags);
119
120 // add default route-metric
121 add_route_metric_default(tb, opt, quiet);
122
123 // add remote bypass routes
124 if (config.remote_list && config.remote_bypass && server_addr.defined())
125 add_remote_bypass_routes(tb, *config.remote_list, server_addr, eer.get(), quiet);
126
127 // add routes
128 if (config.allow_local_lan_access)
129 {
130 // query local lan exclude routes and then
131 // copy option list to construct a copy with the excluded routes as route options
132 OptionList excludedRoutesOptions = opt;
133 for (const auto &exRoute : tb->tun_builder_get_local_networks(false))
134 {
135 /* We abuse here the fact that OpenVPN3 core parses "route", "192.168.0.0/24", "", "net_gateway"
136 * in the same way as the correct "route 192.168.0.0.0 255.255.255.0 net_gateway statement */
137 excludedRoutesOptions.add_item(Option{"route", exRoute, "", "net_gateway"});
138 }
139
140 for (const auto &exRoute : tb->tun_builder_get_local_networks(true))
141 {
142 excludedRoutesOptions.add_item(Option{"route-ipv6", exRoute, "net_gateway"});
143 }
144
145 add_routes(tb, excludedRoutesOptions, ipv, eer.get(), quiet);
146 }
147 else
148 {
149 add_routes(tb, opt, ipv, eer.get(), quiet);
150 }
151
152
153 if (eer && server_addr.defined())
154 {
155 // Route emulation needs to know if default routes are included
156 // from redirect-gateway
157 eer->add_default_routes(ipv.rgv4(), ipv.rgv6());
158 // emulate exclude routes
159 eer->emulate(tb, ipv, server_addr);
160 }
161 else
162 {
163 // configure redirect-gateway
164 if (!tb->tun_builder_reroute_gw(ipv.rgv4(), ipv.rgv6(), ipv.api_flags()))
165 throw tun_prop_route_error("tun_builder_reroute_gw for redirect-gateway failed");
166 }
167
168 // add DNS servers and domain prefixes
169 bool dns_option_added = add_dns_options(tb, opt, quiet, config.dhcp_search_domains_as_split_domains);
170
171 // add DHCP options
172 add_dhcp_options(tb, opt, quiet);
173
174 // Allow protocols unless explicitly blocked
175 tb->tun_builder_set_allow_family(AF_INET, !opt.exists("block-ipv4"));
176 tb->tun_builder_set_allow_family(AF_INET6, !opt.exists("block-ipv6"));
177
178 // Allow access to local port 53 with --dns options unless explicitly blocked
179 tb->tun_builder_set_allow_local_dns(!opt.exists("block-outside-dns"));
180
181 // DNS fallback
182 if (ipv.rgv4() && !dns_option_added)
183 {
184 if (config.google_dns_fallback)
185 {
186 if (!quiet)
187 OPENVPN_LOG("Google DNS fallback enabled");
188 add_google_dns(tb);
189 }
190 else if (stats && (config.layer() != Layer::OSI_LAYER_2))
191 stats->error(Error::REROUTE_GW_NO_DNS);
192 }
193
194 // set remote server address
195 if (server_addr.defined()
196 && !tb->tun_builder_set_remote_address(server_addr.to_string(),
197 server_addr.version() == IP::Addr::V6))
198 throw tun_prop_error("tun_builder_set_remote_address failed");
199
200 // set layer
201 if (!tb->tun_builder_set_layer(config.layer.value()))
202 throw tun_prop_error("tun_builder_set_layer failed");
203
204 // configure MTU
205 tun_mtu(tb, state, opt, config.mtu, config.mtu_max);
206
207 // set session name
208 if (!config.session_name.empty())
209 {
210 if (!tb->tun_builder_set_session_name(config.session_name))
211 throw tun_prop_error("tun_builder_set_session_name failed");
212 }
213 }
214
215 private:
216 static void add_route_metric_default(TunBuilderBase *tb,
217 const OptionList &opt,
218 const bool quiet)
219 {
220 try
221 {
222 const Option *o = opt.get_ptr("route-metric"); // DIRECTIVE
223 if (o)
224 {
225 const int metric = o->get_num<int>(1);
226 if (metric < 0 || metric > MAX_ROUTE_METRIC)
227 throw tun_prop_error("route-metric is out of range");
228 if (!tb->tun_builder_set_route_metric_default(metric))
229 throw tun_prop_error("tun_builder_set_route_metric_default failed");
230 }
231 }
232 catch (const std::exception &e)
233 {
234 if (!quiet)
235 OPENVPN_LOG("exception processing route-metric: " << e.what());
236 }
237 }
238
239 static IP::Addr route_gateway(const OptionList &opt)
240 {
241 IP::Addr gateway;
242 const Option *o = opt.get_ptr("route-gateway"); // DIRECTIVE
243 if (o)
244 {
245 gateway = IP::Addr::from_string(o->get(1, 256), "route-gateway");
246 if (gateway.version() != IP::Addr::V4)
247 throw tun_prop_error("route-gateway is not IPv4 (IPv6 route-gateway is passed with ifconfig-ipv6 directive)");
248 }
249 return gateway;
250 }
251
252 static void tun_mtu(TunBuilderBase *tb,
253 State *state,
254 const OptionList &opt,
255 int config_mtu,
256 int config_mtu_max)
257 {
258 // MTU
259 int tun_mtu = config_mtu;
260 const Option *o = opt.get_ptr("tun-mtu");
261 if (o)
262 {
263 bool status = parse_number_validate<decltype(tun_mtu)>(o->get(1, 16),
264 16,
265 68,
266 65535,
267 &tun_mtu);
268 tun_mtu = std::min(tun_mtu, config_mtu_max);
269
270 if (!status)
271 throw option_error(ERR_INVALID_OPTION_VAL, "tun-mtu parse/range issue");
272
273 if (state)
274 state->mtu = tun_mtu;
275 }
276
277 if (tun_mtu != 0)
278 {
279 if (!tb->tun_builder_set_mtu(tun_mtu))
280 throw tun_prop_error("tun_builder_set_mtu failed");
281 }
282 }
283
284 static IP::Addr::VersionMask tun_ifconfig(TunBuilderBase *tb,
285 State *state,
286 const OptionList &opt)
287 {
288 enum Topology
289 {
290 NET30,
291 SUBNET,
292 };
293
294 IP::Addr::VersionMask ip_ver_flags = 0;
295
296 // get topology
297 Topology top = NET30;
298 {
299 const Option *o = opt.get_ptr("topology"); // DIRECTIVE
300 if (o)
301 {
302 const std::string &topstr = o->get(1, 16);
303 if (topstr == "subnet")
304 top = SUBNET;
305 else if (topstr == "net30")
306 top = NET30;
307 else
308 throw option_error(ERR_INVALID_OPTION_VAL, "only topology 'subnet' and 'net30' supported");
309 }
310 }
311
312 // configure tun interface
313 {
314 const Option *o;
315 o = opt.get_ptr("ifconfig"); // DIRECTIVE
316 if (o)
317 {
318 if (top == SUBNET)
319 {
320 const IP::AddrMaskPair pair = IP::AddrMaskPair::from_string(o->get(1, 256), o->get_optional(2, 256), "ifconfig");
321 const IP::Addr gateway = route_gateway(opt);
322 if (pair.version() != IP::Addr::V4)
323 throw tun_prop_error("ifconfig address is not IPv4 (topology subnet)");
324 if (!tb->tun_builder_add_address(pair.addr.to_string(),
325 pair.netmask.prefix_len(),
326 gateway.to_string(),
327 false, // IPv6
328 false)) // net30
329 throw tun_prop_error("tun_builder_add_address IPv4 failed (topology subnet)");
330 if (state)
331 {
332 state->vpn_ip4_addr = pair.addr;
333 state->vpn_ip4_gw = gateway;
334 }
335 ip_ver_flags |= IP::Addr::V4_MASK;
336 }
337 else if (top == NET30)
338 {
339 const IP::Addr remote = IP::Addr::from_string(o->get(2, 256));
340 const IP::Addr local = IP::Addr::from_string(o->get(1, 256));
341 const IP::Addr netmask = IP::Addr::from_string("255.255.255.252");
342 if (local.version() != IP::Addr::V4 || remote.version() != IP::Addr::V4)
343 throw tun_prop_error("ifconfig address is not IPv4 (topology net30)");
344 if ((local & netmask) != (remote & netmask))
345 throw tun_prop_error("ifconfig addresses are not in the same /30 subnet (topology net30)");
346 if (!tb->tun_builder_add_address(local.to_string(),
347 netmask.prefix_len(),
348 remote.to_string(),
349 false, // IPv6
350 true)) // net30
351 throw tun_prop_error("tun_builder_add_address IPv4 failed (topology net30)");
352 if (state)
353 {
354 state->vpn_ip4_addr = local;
355 state->vpn_ip4_gw = remote;
356 }
357 ip_ver_flags |= IP::Addr::V4_MASK;
358 }
359 else
360 throw option_error(ERR_INVALID_OPTION_VAL, "internal topology error");
361 }
362
363 o = opt.get_ptr("ifconfig-ipv6"); // DIRECTIVE
364 if (o)
365 {
366 // We don't check topology setting here since it doesn't really affect IPv6
367 const IP::AddrMaskPair pair = IP::AddrMaskPair::from_string(o->get(1, 256), "ifconfig-ipv6");
368 if (pair.version() != IP::Addr::V6)
369 throw tun_prop_error("ifconfig-ipv6 address is not IPv6");
370 std::string gateway_str;
371 if (o->size() >= 3)
372 {
373 const IP::Addr gateway = IP::Addr::from_string(o->get(2, 256), "ifconfig-ipv6");
374 if (gateway.version() != IP::Addr::V6)
375 throw tun_prop_error("ifconfig-ipv6 gateway is not IPv6");
376 gateway_str = gateway.to_string();
377 if (state)
378 state->vpn_ip6_gw = gateway;
379 }
380 if (!tb->tun_builder_add_address(pair.addr.to_string(),
381 pair.netmask.prefix_len(),
382 gateway_str,
383 true, // IPv6
384 false)) // net30
385 throw tun_prop_error("tun_builder_add_address IPv6 failed");
386 if (state)
387 state->vpn_ip6_addr = pair.addr;
388 ip_ver_flags |= IP::Addr::V6_MASK;
389 }
390
391 return ip_ver_flags;
392 }
393 }
394
395 static void add_route_tunbuilder(TunBuilderBase *tb,
396 bool add,
397 const IP::Addr &addr,
398 int prefix_length,
399 int metric,
400 bool ipv6,
401 EmulateExcludeRoute *eer)
402 {
403 const std::string addr_str = addr.to_string();
404 if (eer)
405 eer->add_route(add, addr, prefix_length);
406 else if (add)
407 {
408 if (!tb->tun_builder_add_route(addr_str, prefix_length, metric, ipv6))
409 throw tun_prop_route_error("tun_builder_add_route failed");
410 }
411 else if (!eer)
412 {
413 if (!tb->tun_builder_exclude_route(addr_str, prefix_length, metric, ipv6))
414 throw tun_prop_route_error("tun_builder_exclude_route failed");
415 }
416 }
417
418 // Check the target of a route.
419 // Return true if route should be added or false if route should be excluded.
420 static bool route_target(const Option &o, const size_t target_index)
421 {
422 if (o.size() >= (target_index + 1))
423 {
424 const std::string &target = o.ref(target_index);
425 if (target == "vpn_gateway")
426 return true;
427 if (target == "net_gateway")
428 return false;
429 throw tun_prop_route_error("route destinations other than vpn_gateway or net_gateway are not supported");
430 }
431 return true;
432 }
433
434 static void add_routes(TunBuilderBase *tb,
435 const OptionList &opt,
436 const IPVerFlags &ipv,
437 EmulateExcludeRoute *eer,
438 const bool quiet)
439 {
440 // add IPv4 routes
441 if (ipv.v4())
442 {
443 OptionList::IndexMap::const_iterator dopt = opt.map().find("route"); // DIRECTIVE
444 if (dopt != opt.map().end())
445 {
446 for (OptionList::IndexList::const_iterator i = dopt->second.begin(); i != dopt->second.end(); ++i)
447 {
448 const Option &o = opt[*i];
449 try
450 {
451 const IP::AddrMaskPair pair = IP::AddrMaskPair::from_string(o.get(1, 256), o.get_optional(2, 256), "route");
452 const int metric = o.get_num<int>(4, -1, 0, MAX_ROUTE_METRIC);
453 if (!pair.is_canonical())
454 throw tun_prop_error("route is not canonical");
455 if (pair.version() != IP::Addr::V4)
456 throw tun_prop_error("route is not IPv4");
457 const bool add = route_target(o, 3);
458 add_route_tunbuilder(tb, add, pair.addr, pair.netmask.prefix_len(), metric, false, eer);
459 }
460 catch (const std::exception &e)
461 {
462 if (!quiet)
463 OPENVPN_LOG("exception parsing IPv4 route: " << o.render(OPT_RENDER_FLAGS) << " : " << e.what());
464 }
465 }
466 }
467 }
468
469 // add IPv6 routes
470 if (ipv.v6())
471 {
472 OptionList::IndexMap::const_iterator dopt = opt.map().find("route-ipv6"); // DIRECTIVE
473 if (dopt != opt.map().end())
474 {
475 for (OptionList::IndexList::const_iterator i = dopt->second.begin(); i != dopt->second.end(); ++i)
476 {
477 const Option &o = opt[*i];
478 try
479 {
480 const IP::AddrMaskPair pair = IP::AddrMaskPair::from_string(o.get(1, 256), "route-ipv6");
481 const int metric = o.get_num<int>(3, -1, 0, MAX_ROUTE_METRIC);
482 if (!pair.is_canonical())
483 throw tun_prop_error("route is not canonical");
484 if (pair.version() != IP::Addr::V6)
485 throw tun_prop_error("route is not IPv6");
486 const bool add = route_target(o, 2);
487 add_route_tunbuilder(tb, add, pair.addr, pair.netmask.prefix_len(), metric, true, eer);
488 }
489 catch (const std::exception &e)
490 {
491 if (!quiet)
492 OPENVPN_LOG("exception parsing IPv6 route: " << o.render(OPT_RENDER_FLAGS) << " : " << e.what());
493 }
494 }
495 }
496 }
497 }
498
499 static void add_remote_bypass_routes(TunBuilderBase *tb,
500 const RemoteList &remote_list,
501 const IP::Addr &server_addr,
502 EmulateExcludeRoute *eer,
503 const bool quiet)
504 {
505 IP::AddrList addrlist;
506 remote_list.cached_ip_address_list(addrlist);
507 for (IP::AddrList::const_iterator i = addrlist.begin(); i != addrlist.end(); ++i)
508 {
509 const IP::Addr &addr = *i;
510 if (addr != server_addr)
511 {
512 try
513 {
514 const IP::Addr::Version ver = addr.version();
515 add_route_tunbuilder(tb, false, addr, IP::Addr::version_size(ver), -1, ver == IP::Addr::V6, eer);
516 }
517 catch (const std::exception &e)
518 {
519 if (!quiet)
520 OPENVPN_LOG("exception adding remote bypass route: " << addr.to_string() << " : " << e.what());
521 }
522 }
523 }
524 }
525
535 static bool add_dns_options(TunBuilderBase *tb, const OptionList &opt, bool quiet, bool use_dhcp_search_domains_as_split_domains)
536 {
537 try
538 {
539 DnsOptionsParser dns_options(opt, use_dhcp_search_domains_as_split_domains);
540 if (dns_options.servers.empty())
541 return false;
542
543 if (!tb->tun_builder_set_dns_options(dns_options))
544 throw tun_prop_dns_option_error("tun_builder_set_dns_options failed");
545
546 return true;
547 }
548 catch (const std::exception &e)
549 {
550 if (!quiet)
551 {
552 OPENVPN_LOG("exception parsing DNS settings:"
553 << e.what());
554 }
555 }
556
557 return false;
558 }
559
568 static void add_dhcp_options(TunBuilderBase *tb, const OptionList &opt, const bool quiet)
569 {
570 // Example:
571 // [dhcp-option] [WINS] [172.16.0.23]
572 // [dhcp-option] [PROXY_HTTP] [foo.bar.gov] [1234]
573 // [dhcp-option] [PROXY_HTTPS] [foo.bar.gov] [1234]
574 // [dhcp-option] [PROXY_BYPASS] [server1] [server2] ...
575 // [dhcp-option] [PROXY_AUTO_CONFIG_URL] [http://...]
576
577 OptionList::IndexMap::const_iterator dopt = opt.map().find("dhcp-option"); // DIRECTIVE
578 if (dopt != opt.map().end())
579 {
580 std::string auto_config_url;
581 std::string http_host;
582 unsigned int http_port = 0;
583 std::string https_host;
584 unsigned int https_port = 0;
585 for (OptionList::IndexList::const_iterator i = dopt->second.begin(); i != dopt->second.end(); ++i)
586 {
587 const Option &o = opt[*i];
588 try
589 {
590 const std::string &type = o.get(1, 64);
591 if (type == "DNS" || type == "DNS6" || type == "DOMAIN" || type == "DOMAIN-SEARCH" || type == "ADAPTER_DOMAIN_SUFFIX")
592 {
593 // Ignore DNS related options here
594 continue;
595 }
596 if (type == "PROXY_BYPASS")
597 {
598 o.min_args(3);
599 for (size_t j = 2; j < o.size(); ++j)
600 {
601 using strvec = std::vector<std::string>;
602 strvec v = Split::by_space<strvec, StandardLex, SpaceMatch, Split::NullLimit>(o.get(j, 256));
603 for (size_t k = 0; k < v.size(); ++k)
604 {
605 if (!tb->tun_builder_add_proxy_bypass(v[k]))
606 throw tun_prop_dhcp_option_error(ERR_INVALID_OPTION_PUSHED, "tun_builder_add_proxy_bypass");
607 }
608 }
609 }
610 else if (type == "PROXY_AUTO_CONFIG_URL")
611 {
612 o.exact_args(3);
613 auto_config_url = o.get(2, 256);
614 }
615 else if (type == "PROXY_HTTP")
616 {
617 o.exact_args(4);
618 http_host = o.get(2, 256);
619 HostPort::validate_port(o.get(3, 256), "PROXY_HTTP", &http_port);
620 }
621 else if (type == "PROXY_HTTPS")
622 {
623 o.exact_args(4);
624 https_host = o.get(2, 256);
625 HostPort::validate_port(o.get(3, 256), "PROXY_HTTPS", &https_port);
626 }
627 else if (type == "WINS")
628 {
629 o.exact_args(3);
630 const IP::Addr ip = IP::Addr::from_string(o.get(2, 256), "wins-server-ip");
631 if (ip.version() != IP::Addr::V4)
632 throw tun_prop_dhcp_option_error(ERR_INVALID_OPTION_PUSHED, "WINS addresses must be IPv4");
633 if (!tb->tun_builder_add_wins_server(ip.to_string()))
634 throw tun_prop_dhcp_option_error(ERR_INVALID_OPTION_PUSHED, "tun_builder_add_wins_server failed");
635 }
636 else if (!quiet)
637 OPENVPN_LOG("Unknown pushed DHCP option: " << o.render(OPT_RENDER_FLAGS));
638 }
639 catch (const std::exception &e)
640 {
641 if (!quiet)
642 OPENVPN_LOG("exception parsing dhcp-option: " << o.render(OPT_RENDER_FLAGS) << " : " << e.what());
643 }
644 }
645 try
646 {
647 if (!http_host.empty())
648 {
649 if (!tb->tun_builder_set_proxy_http(http_host, http_port))
650 throw tun_prop_dhcp_option_error(ERR_INVALID_OPTION_PUSHED, "tun_builder_set_proxy_http");
651 }
652 if (!https_host.empty())
653 {
654 if (!tb->tun_builder_set_proxy_https(https_host, https_port))
655 throw tun_prop_dhcp_option_error(ERR_INVALID_OPTION_PUSHED, "tun_builder_set_proxy_https");
656 }
657 if (!auto_config_url.empty())
658 {
659 if (!tb->tun_builder_set_proxy_auto_config_url(auto_config_url))
660 throw tun_prop_dhcp_option_error(ERR_INVALID_OPTION_PUSHED, "tun_builder_set_proxy_auto_config_url");
661 }
662 }
663 catch (const std::exception &e)
664 {
665 if (!quiet)
666 OPENVPN_LOG("exception setting dhcp-option for proxy: " << e.what());
667 }
668 }
669 }
670
671 static bool search_domains_exist(const OptionList &opt, const bool quiet)
672 {
673 OptionList::IndexMap::const_iterator dopt = opt.map().find("dhcp-option"); // DIRECTIVE
674 if (dopt != opt.map().end())
675 {
676 for (OptionList::IndexList::const_iterator i = dopt->second.begin(); i != dopt->second.end(); ++i)
677 {
678 const Option &o = opt[*i];
679 try
680 {
681 const std::string &type = o.get(1, 64);
682 if (type == "DOMAIN")
683 return true;
684 }
685 catch (const std::exception &e)
686 {
687 if (!quiet)
688 OPENVPN_LOG("exception parsing dhcp-option: " << o.render(OPT_RENDER_FLAGS) << " : " << e.what());
689 }
690 }
691 }
692 return false;
693 }
694
695 static void add_google_dns(TunBuilderBase *tb)
696 {
697 DnsServer server;
698 DnsOptions google_dns;
699 server.addresses = {DnsAddress("8.8.8.8"), DnsAddress("8.8.4.4")};
700 google_dns.servers[0] = std::move(server);
701 if (!tb->tun_builder_set_dns_options(google_dns))
702 throw tun_prop_dns_option_error(ERR_INVALID_OPTION_PUSHED, "tun_builder_set_dns_options failed for Google DNS");
703 }
704};
705} // namespace openvpn
706
707#endif // OPENVPN_TUN_CLIENT_TUNPROP_H
openvpn::IPVerFlags::rgv6
bool rgv6() const
Definition ipverflags.hpp:36
openvpn::IPVerFlags::rgv4
bool rgv4() const
Definition ipverflags.hpp:31
openvpn::IPVerFlags::api_flags
unsigned int api_flags() const
Definition ipverflags.hpp:72
openvpn::IP::Addr::from_string
static Addr from_string(const std::string &ipstr, const TITLE &title, const Version required_version)
Definition ip.hpp:105
openvpn::IP::Addr::version
Version version() const
Definition ip.hpp:895
openvpn::IP::Addr::VersionMask
unsigned int VersionMask
Definition ip.hpp:53
openvpn::IP::Addr::to_string
std::string to_string() const
Definition ip.hpp:528
openvpn::IP::Addr::defined
bool defined() const
Definition ip.hpp:872
openvpn::IP::Addr::prefix_len
unsigned int prefix_len() const
Definition ip.hpp:968
openvpn::IP::Addr::version_size
static unsigned int version_size(Version v)
Definition ip.hpp:1028
openvpn::OptionList::map
const IndexMap & map() const
Definition options.hpp:1541
openvpn::OptionList::add_item
void add_item(const Option &opt)
Definition options.hpp:1530
openvpn::OptionList::get_ptr
const Option * get_ptr(const std::string &name) const
Definition options.hpp:1174
openvpn::OptionList::exists
bool exists(const std::string &name) const
Definition options.hpp:1308
openvpn::Option::exact_args
void exact_args(const size_t n) const
Definition options.hpp:135
openvpn::Option::get_optional
std::string get_optional(const size_t index, const size_t max_len) const
Definition options.hpp:191
openvpn::Option::get
const std::string & get(const size_t index, const size_t max_len) const
Definition options.hpp:184
openvpn::Option::get_num
T get_num(const size_t idx) const
Definition options.hpp:216
openvpn::Option::size
size_t size() const
Definition options.hpp:320
openvpn::Option::min_args
void min_args(const size_t n) const
Definition options.hpp:128
openvpn::Option::ref
const std::string & ref(const size_t i) const
Definition options.hpp:346
openvpn::Option::render
std::string render(const unsigned int flags) const
Definition options.hpp:257
openvpn::RCPtr::get
T * get() const noexcept
Returns the raw pointer to the object T, or nullptr.
Definition rc.hpp:321
openvpn::RC
Reference count base class for objects tracked by RCPtr. Disallows copying and assignment.
Definition rc.hpp:908
openvpn::RemoteList::cached_ip_address_list
void cached_ip_address_list(IP::AddrList &addrlist) const
Definition remotelist.hpp:733
openvpn::SessionStats::error
virtual void error(const size_t type, const std::string *text=nullptr)
Definition sessionstats.hpp:53
openvpn::TunBuilderBase
TunBuilder methods, loosely based on the Android VpnService.Builder abstraction.
Definition base.hpp:42
openvpn::TunBuilderBase::tun_builder_set_dns_options
virtual bool tun_builder_set_dns_options(const DnsOptions &dns)
Callback to set DNS related options to VPN interface.
Definition base.hpp:195
openvpn::TunBuilderBase::tun_builder_add_address
virtual bool tun_builder_add_address(const std::string &address, int prefix_length, const std::string &gateway, bool ipv6, bool net30)
Callback to add a network address to the VPN interface.
Definition base.hpp:101
openvpn::TunBuilderBase::tun_builder_add_route
virtual bool tun_builder_add_route(const std::string &address, int prefix_length, int metric, bool ipv6)
Callback to add a route to the VPN interface.
Definition base.hpp:158
openvpn::TunBuilderBase::tun_builder_set_route_metric_default
virtual bool tun_builder_set_route_metric_default(int metric)
Optional callback to set default value for route metric.
Definition base.hpp:122
openvpn::TunBuilderBase::tun_builder_set_proxy_http
virtual bool tun_builder_set_proxy_http(const std::string &host, int port)
Callback to set the HTTP proxy.
Definition base.hpp:271
openvpn::TunBuilderBase::tun_builder_reroute_gw
virtual bool tun_builder_reroute_gw(bool ipv4, bool ipv6, unsigned int flags)
Callback to reroute the default gateway to the VPN interface.
Definition base.hpp:139
openvpn::TunBuilderBase::tun_builder_add_wins_server
virtual bool tun_builder_add_wins_server(const std::string &address)
Callback to add a Windows WINS server to the VPN interface.
Definition base.hpp:305
openvpn::TunBuilderBase::tun_builder_set_layer
virtual bool tun_builder_set_layer(int layer)
Optional callback that indicates OSI layer to be used.
Definition base.hpp:67
openvpn::TunBuilderBase::tun_builder_get_local_networks
virtual std::vector< std::string > tun_builder_get_local_networks(bool ipv6)
Retrieves a list of local networks to exclude from the VPN network.
Definition base.hpp:395
openvpn::TunBuilderBase::tun_builder_add_proxy_bypass
virtual bool tun_builder_add_proxy_bypass(const std::string &bypass_host)
Callback to add a host which should bypass the proxy.
Definition base.hpp:240
openvpn::TunBuilderBase::tun_builder_set_allow_family
virtual bool tun_builder_set_allow_family(int af, bool allow)
Indicates whether traffic of a certain address family (AF_INET or AF_INET6) should be blocked or allo...
Definition base.hpp:329
openvpn::TunBuilderBase::tun_builder_set_proxy_https
virtual bool tun_builder_set_proxy_https(const std::string &host, int port)
Set the HTTPS proxy for the TunBuilder session.
Definition base.hpp:287
openvpn::TunBuilderBase::tun_builder_exclude_route
virtual bool tun_builder_exclude_route(const std::string &address, int prefix_length, int metric, bool ipv6)
Callback to exclude route from VPN interface.
Definition base.hpp:178
openvpn::TunBuilderBase::tun_builder_set_allow_local_dns
virtual bool tun_builder_set_allow_local_dns(bool allow)
Optional callback that indicates whether local DNS traffic should be blocked or allowed to prevent DN...
Definition base.hpp:347
openvpn::TunBuilderBase::tun_builder_set_mtu
virtual bool tun_builder_set_mtu(int mtu)
Callback to set the MTU of the VPN interface.
Definition base.hpp:211
openvpn::TunBuilderBase::tun_builder_set_remote_address
virtual bool tun_builder_set_remote_address(const std::string &address, bool ipv6)
Callback to set the address of the remote server.
Definition base.hpp:83
openvpn::TunBuilderBase::tun_builder_set_proxy_auto_config_url
virtual bool tun_builder_set_proxy_auto_config_url(const std::string &url)
Callback to set the proxy "Auto Config URL".
Definition base.hpp:255
openvpn::TunBuilderBase::tun_builder_set_session_name
virtual bool tun_builder_set_session_name(const std::string &name)
Sets the session name for the TunBuilder.
Definition base.hpp:226
openvpn::TunProp::configure_builder
static void configure_builder(TunBuilderBase *tb, State *state, SessionStats *stats, const IP::Addr &server_addr, const Config &config, const OptionList &opt, const EmulateExcludeRouteFactory *eer_factory, const bool quiet)
Definition tunprop.hpp:92
openvpn::TunProp::OPENVPN_UNTAGGED_EXCEPTION_INHERIT
OPENVPN_UNTAGGED_EXCEPTION_INHERIT(option_error, tun_prop_dns_option_error)
openvpn::TunProp::add_route_tunbuilder
static void add_route_tunbuilder(TunBuilderBase *tb, bool add, const IP::Addr &addr, int prefix_length, int metric, bool ipv6, EmulateExcludeRoute *eer)
Definition tunprop.hpp:395
openvpn::TunProp::route_gateway
static IP::Addr route_gateway(const OptionList &opt)
Definition tunprop.hpp:239
openvpn::TunProp::OPENVPN_EXCEPTION
OPENVPN_EXCEPTION(tun_prop_error)
openvpn::TunProp::add_google_dns
static void add_google_dns(TunBuilderBase *tb)
Definition tunprop.hpp:695
openvpn::TunProp::add_remote_bypass_routes
static void add_remote_bypass_routes(TunBuilderBase *tb, const RemoteList &remote_list, const IP::Addr &server_addr, EmulateExcludeRoute *eer, const bool quiet)
Definition tunprop.hpp:499
openvpn::TunProp::tun_mtu
static void tun_mtu(TunBuilderBase *tb, State *state, const OptionList &opt, int config_mtu, int config_mtu_max)
Definition tunprop.hpp:252
openvpn::TunProp::add_route_metric_default
static void add_route_metric_default(TunBuilderBase *tb, const OptionList &opt, const bool quiet)
Definition tunprop.hpp:216
openvpn::TunProp::route_target
static bool route_target(const Option &o, const size_t target_index)
Definition tunprop.hpp:420
openvpn::TunProp::OPENVPN_UNTAGGED_EXCEPTION_INHERIT
OPENVPN_UNTAGGED_EXCEPTION_INHERIT(option_error, tun_prop_dhcp_option_error)
openvpn::TunProp::search_domains_exist
static bool search_domains_exist(const OptionList &opt, const bool quiet)
Definition tunprop.hpp:671
openvpn::TunProp::MAX_ROUTE_METRIC
static constexpr int MAX_ROUTE_METRIC
Definition tunprop.hpp:43
openvpn::TunProp::OPENVPN_EXCEPTION
OPENVPN_EXCEPTION(tun_prop_route_error)
openvpn::TunProp::add_dns_options
static bool add_dns_options(TunBuilderBase *tb, const OptionList &opt, bool quiet, bool use_dhcp_search_domains_as_split_domains)
Configure tun builder to use DNS related options if defined.
Definition tunprop.hpp:535
openvpn::TunProp::add_routes
static void add_routes(TunBuilderBase *tb, const OptionList &opt, const IPVerFlags &ipv, EmulateExcludeRoute *eer, const bool quiet)
Definition tunprop.hpp:434
openvpn::TunProp::tun_ifconfig
static IP::Addr::VersionMask tun_ifconfig(TunBuilderBase *tb, State *state, const OptionList &opt)
Definition tunprop.hpp:284
openvpn::TunProp::add_dhcp_options
static void add_dhcp_options(TunBuilderBase *tb, const OptionList &opt, const bool quiet)
Parse options for WINS and HTTP Proxy –dhcp-option(s) and add them to the tunbuilder (tb) passed.
Definition tunprop.hpp:568
OPENVPN_LOG
#define OPENVPN_LOG(args)
Definition logdatetime.hpp:23
openvpn::Error::REROUTE_GW_NO_DNS
@ REROUTE_GW_NO_DNS
Definition error.hpp:46
openvpn::HostPort::validate_port
void validate_port(const std::string &port, const std::string &title, unsigned int *value=nullptr)
Definition hostport.hpp:34
openvpn::INVALID_ADAPTER_INDEX
constexpr std::uint32_t INVALID_ADAPTER_INDEX
Definition tunbase.hpp:29
openvpn::DnsAddress
A name server address and optional port.
Definition dns_options.hpp:40
openvpn::DnsOptions
All DNS options set with the –dns or –dhcp-option directive.
Definition dns_options.hpp:531
openvpn::DnsOptions::servers
std::map< int, DnsServer > servers
List of DNS servers to use, according to the list of priority.
Definition dns_options.hpp:631
openvpn::DnsServer
DNS settings for a name server.
Definition dns_options.hpp:216
openvpn::DnsServer::addresses
std::vector< DnsAddress > addresses
Parsed from –dns server n address ADDRESS[:PORT] [...] or –dhcp-option DNS/DNS6.
Definition dns_options.hpp:511
openvpn::EmulateExcludeRouteFactory::new_obj
virtual EmulateExcludeRoute::Ptr new_obj() const =0
openvpn::EmulateExcludeRoute::add_route
virtual void add_route(const bool add, const IP::Addr &addr, const int prefix_len)=0
openvpn::IP::AddrMaskPair::from_string
static AddrMaskPair from_string(const std::string &s1, const std::string &s2, const char *title=nullptr)
Definition addrpair.hpp:99
openvpn::IP::AddrMaskPair::version
Addr::Version version() const
Definition addrpair.hpp:162
openvpn::TunProp::Config::remote_list
RemoteList::Ptr remote_list
Definition tunprop.hpp:74
openvpn::TunProp::Config::dhcp_search_domains_as_split_domains
bool dhcp_search_domains_as_split_domains
Definition tunprop.hpp:60
openvpn::TunProp::Config::session_name
std::string session_name
Definition tunprop.hpp:53
openvpn::TunProp::State::vpn_interface_index
std::uint32_t vpn_interface_index
Definition tunprop.hpp:89
openvpn::TunProp::State::iface_name
std::string iface_name
Definition tunprop.hpp:82
metric
const auto metric
Definition test_capture.cpp:915
ipv6
remote_address ipv6
Definition test_capture.cpp:120
add_routes
std::vector< TunBuilderCapture::Route > add_routes
Definition test_capture.cpp:1127
dns_options
DnsOptions dns_options
Definition test_capture.cpp:940
config
static const char config[]
Definition test_parseargv.cpp:65
add
static void add(const Time &t1, const Time::Duration &d1)
Definition test_time.cpp:135