OpenVPN 3 Core Library
Loading...
Searching...
No Matches
tunprop.hpp
Go to the documentation of this file.
1// OpenVPN -- An application to securely tunnel IP networks
2// over a single port, with support for SSL/TLS-based
3// session authentication and key exchange,
4// packet encryption, packet authentication, and
5// packet compression.
6//
7// Copyright (C) 2012- OpenVPN Inc.
8//
9// SPDX-License-Identifier: MPL-2.0 OR AGPL-3.0-only WITH openvpn3-openssl-exception
10//
11
12// Process tun interface properties.
13
14#ifndef OPENVPN_TUN_CLIENT_TUNPROP_H
15#define OPENVPN_TUN_CLIENT_TUNPROP_H
16
17#include <string>
18
19#include <openvpn/common/size.hpp>
20#include <openvpn/common/rc.hpp>
21#include <openvpn/common/options.hpp>
22#include <openvpn/common/split.hpp>
23#include <openvpn/common/hostport.hpp>
24#include <openvpn/tun/builder/base.hpp>
25#include <openvpn/addr/addrpair.hpp>
26#include <openvpn/client/remotelist.hpp>
27#include <openvpn/client/ipverflags.hpp>
28#include <openvpn/client/dns.hpp>
29#include <openvpn/tun/client/emuexr.hpp>
30#include <openvpn/tun/client/tunbase.hpp>
31#include <openvpn/tun/layer.hpp>
32
33namespace openvpn {
34class TunProp
35{
36 // render option flags
37 enum
38 {
39 OPT_RENDER_FLAGS = Option::RENDER_TRUNC_64 | Option::RENDER_BRACKET
40 };
41
42 // maximum route metric
43 static constexpr int MAX_ROUTE_METRIC = 1000000;
44
45 public:
46 OPENVPN_EXCEPTION(tun_prop_error);
47 OPENVPN_EXCEPTION(tun_prop_route_error);
48 OPENVPN_UNTAGGED_EXCEPTION_INHERIT(option_error, tun_prop_dns_option_error);
49 OPENVPN_UNTAGGED_EXCEPTION_INHERIT(option_error, tun_prop_dhcp_option_error);
50
51 struct Config
52 {
53 std::string session_name;
54 int mtu = 0;
55 int mtu_max = 0;
56 bool google_dns_fallback = false;
57#if defined(OPENVPN_PLATFORM_WIN) || defined(OPENVPN_PLATFORM_MAC) || defined(OPENVPN_PLATFORM_LINUX) || defined(OPENVPN_PLATFORM_IPHONE)
58 bool dhcp_search_domains_as_split_domains = true;
59#else
60 bool dhcp_search_domains_as_split_domains = false;
61#endif
62 bool allow_local_lan_access = false;
63 Layer layer{Layer::OSI_LAYER_3};
64
65 // If remote_bypass is true, obtain cached remote IPs from
66 // remote_list, and preconfigure exclude route rules for them.
67 // Note that the primary remote IP is not included in the
68 // exclusion list because existing pathways already exist
69 // (i.e. redirect-gateway) for routing this particular address.
70 // This feature is intended to work with tun_persist, so that
71 // the client is not locked out of contacting subsequent
72 // servers in the remote list after the routing configuration
73 // for the initial connection has taken effect.
74 RemoteList::Ptr remote_list;
75 bool remote_bypass = false;
76 };
77
78 struct State : public RC<thread_unsafe_refcount>
79 {
80 typedef RCPtr<State> Ptr;
81
82 std::string iface_name;
83 IP::Addr vpn_ip4_addr;
84 IP::Addr vpn_ip6_addr;
85 IP::Addr vpn_ip4_gw;
86 IP::Addr vpn_ip6_gw;
87 int mtu = 0;
88 bool tun_prefix = false;
89 std::uint32_t vpn_interface_index = INVALID_ADAPTER_INDEX;
90 };
91
92 static void configure_builder(TunBuilderBase *tb,
93 State *state,
94 SessionStats *stats,
95 const IP::Addr &server_addr,
96 const Config &config,
97 const OptionList &opt,
98 const EmulateExcludeRouteFactory *eer_factory,
99 const bool quiet)
100 {
101 // if eer_factory is defined, we must emulate exclude routes
102 EmulateExcludeRoute::Ptr eer;
103 if (eer_factory)
104 eer = eer_factory->new_obj();
105
106 // do ifconfig
107 IP::Addr::VersionMask ip_ver_flags = tun_ifconfig(tb, state, opt);
108
109 // with layer 2, either IPv4 or IPv6 might be supported
110 if (config.layer() == Layer::OSI_LAYER_2)
111 ip_ver_flags |= (IP::Addr::V4_MASK | IP::Addr::V6_MASK);
112
113 // verify IPv4/IPv6
114 if (!ip_ver_flags)
115 throw tun_prop_error("one of ifconfig or ifconfig-ipv6 must be specified");
116
117 // get IP version and redirect-gateway flags
118 IPVerFlags ipv(opt, ip_ver_flags);
119
120 // add default route-metric
121 add_route_metric_default(tb, opt, quiet);
122
123 // add remote bypass routes
124 if (config.remote_list && config.remote_bypass && server_addr.defined())
125 add_remote_bypass_routes(tb, *config.remote_list, server_addr, eer.get(), quiet);
126
127 // add routes
128 if (config.allow_local_lan_access)
129 {
130 // query local lan exclude routes and then
131 // copy option list to construct a copy with the excluded routes as route options
132 OptionList excludedRoutesOptions = opt;
133 for (const auto &exRoute : tb->tun_builder_get_local_networks(false))
134 {
135 /* We abuse here the fact that OpenVPN3 core parses "route", "192.168.0.0/24", "", "net_gateway"
136 * in the same way as the correct "route 192.168.0.0.0 255.255.255.0 net_gateway statement */
137 excludedRoutesOptions.add_item(Option{"route", exRoute, "", "net_gateway"});
138 }
139
140 for (const auto &exRoute : tb->tun_builder_get_local_networks(true))
141 {
142 excludedRoutesOptions.add_item(Option{"route-ipv6", exRoute, "net_gateway"});
143 }
144
145 add_routes(tb, excludedRoutesOptions, ipv, eer.get(), quiet);
146 }
147 else
148 {
149 add_routes(tb, opt, ipv, eer.get(), quiet);
150 }
151
152
153 if (eer && server_addr.defined())
154 {
155 // Route emulation needs to know if default routes are included
156 // from redirect-gateway
157 eer->add_default_routes(ipv.rgv4(), ipv.rgv6());
158 // emulate exclude routes
159 eer->emulate(tb, ipv, server_addr);
160 }
161 else
162 {
163 // configure redirect-gateway
164 if (!tb->tun_builder_reroute_gw(ipv.rgv4(), ipv.rgv6(), ipv.api_flags()))
165 throw tun_prop_route_error("tun_builder_reroute_gw for redirect-gateway failed");
166 }
167
168 // add DNS servers and domain prefixes
169 bool dns_option_added = add_dns_options(tb, opt, quiet, config.dhcp_search_domains_as_split_domains);
170
171 // add DHCP options
172 add_dhcp_options(tb, opt, quiet);
173
174 // Allow protocols unless explicitly blocked
175 tb->tun_builder_set_allow_family(AF_INET, !opt.exists("block-ipv4"));
176 tb->tun_builder_set_allow_family(AF_INET6, !opt.exists("block-ipv6"));
177
178 // Allow access to local port 53 with --dns options unless explicitly blocked
179 tb->tun_builder_set_allow_local_dns(!opt.exists("block-outside-dns"));
180
181 // DNS fallback
182 if (ipv.rgv4() && !dns_option_added)
183 {
184 if (config.google_dns_fallback)
185 {
186 if (!quiet)
187 OPENVPN_LOG("Google DNS fallback enabled");
188 add_google_dns(tb);
189 }
190 else if (stats && (config.layer() != Layer::OSI_LAYER_2))
191 stats->error(Error::REROUTE_GW_NO_DNS);
192 }
193
194 // set remote server address
195 if (server_addr.defined()
196 && !tb->tun_builder_set_remote_address(server_addr.to_string(),
197 server_addr.version() == IP::Addr::V6))
198 throw tun_prop_error("tun_builder_set_remote_address failed");
199
200 // set layer
201 if (!tb->tun_builder_set_layer(config.layer.value()))
202 throw tun_prop_error("tun_builder_set_layer failed");
203
204 // configure MTU
205 tun_mtu(tb, state, opt, config.mtu, config.mtu_max);
206
207 // set session name
208 if (!config.session_name.empty())
209 {
210 if (!tb->tun_builder_set_session_name(config.session_name))
211 throw tun_prop_error("tun_builder_set_session_name failed");
212 }
213 }
214
215 private:
216 static void add_route_metric_default(TunBuilderBase *tb,
217 const OptionList &opt,
218 const bool quiet)
219 {
220 try
221 {
222 const Option *o = opt.get_ptr("route-metric"); // DIRECTIVE
223 if (o)
224 {
225 const int metric = o->get_num<int>(1);
226 if (metric < 0 || metric > MAX_ROUTE_METRIC)
227 throw tun_prop_error("route-metric is out of range");
228 if (!tb->tun_builder_set_route_metric_default(metric))
229 throw tun_prop_error("tun_builder_set_route_metric_default failed");
230 }
231 }
232 catch (const std::exception &e)
233 {
234 if (!quiet)
235 OPENVPN_LOG("exception processing route-metric: " << e.what());
236 }
237 }
238
239 static IP::Addr route_gateway(const OptionList &opt)
240 {
241 IP::Addr gateway;
242 const Option *o = opt.get_ptr("route-gateway"); // DIRECTIVE
243 if (o)
244 {
245 gateway = IP::Addr::from_string(o->get(1, 256), "route-gateway");
246 if (gateway.version() != IP::Addr::V4)
247 throw tun_prop_error("route-gateway is not IPv4 (IPv6 route-gateway is passed with ifconfig-ipv6 directive)");
248 }
249 return gateway;
250 }
251
252 static void tun_mtu(TunBuilderBase *tb,
253 State *state,
254 const OptionList &opt,
255 int config_mtu,
256 int config_mtu_max)
257 {
258 // MTU
259 int tun_mtu = config_mtu;
260 const Option *o = opt.get_ptr("tun-mtu");
261 if (o)
262 {
263 bool status = parse_number_validate<decltype(tun_mtu)>(o->get(1, 16),
264 16,
265 68,
266 65535,
267 &tun_mtu);
268 tun_mtu = std::min(tun_mtu, config_mtu_max);
269
270 if (!status)
271 throw option_error(ERR_INVALID_OPTION_VAL, "tun-mtu parse/range issue");
272
273 if (state)
274 state->mtu = tun_mtu;
275 }
276
277 if (tun_mtu != 0)
278 {
279 if (!tb->tun_builder_set_mtu(tun_mtu))
280 throw tun_prop_error("tun_builder_set_mtu failed");
281 }
282 }
283
284 static IP::Addr::VersionMask tun_ifconfig(TunBuilderBase *tb,
285 State *state,
286 const OptionList &opt)
287 {
288 enum Topology
289 {
290 NET30,
291 SUBNET,
292 };
293
294 IP::Addr::VersionMask ip_ver_flags = 0;
295
296 // get topology
297 Topology top = NET30;
298 {
299 const Option *o = opt.get_ptr("topology"); // DIRECTIVE
300 if (o)
301 {
302 const std::string &topstr = o->get(1, 16);
303 if (topstr == "subnet")
304 top = SUBNET;
305 else if (topstr == "net30")
306 top = NET30;
307 else
308 throw option_error(ERR_INVALID_OPTION_VAL, "only topology 'subnet' and 'net30' supported");
309 }
310 }
311
312 // configure tun interface
313 {
314 const Option *o;
315 o = opt.get_ptr("ifconfig"); // DIRECTIVE
316 if (o)
317 {
318 if (top == SUBNET)
319 {
320 const IP::AddrMaskPair pair = IP::AddrMaskPair::from_string(o->get(1, 256), o->get_optional(2, 256), "ifconfig");
321 const IP::Addr gateway = route_gateway(opt);
322 if (pair.version() != IP::Addr::V4)
323 throw tun_prop_error("ifconfig address is not IPv4 (topology subnet)");
324 if (!tb->tun_builder_add_address(pair.addr.to_string(),
325 pair.netmask.prefix_len(),
326 gateway.to_string(),
327 false, // IPv6
328 false)) // net30
329 throw tun_prop_error("tun_builder_add_address IPv4 failed (topology subnet)");
330 if (state)
331 {
332 state->vpn_ip4_addr = pair.addr;
333 state->vpn_ip4_gw = gateway;
334 }
335 ip_ver_flags |= IP::Addr::V4_MASK;
336 }
337 else if (top == NET30)
338 {
339 const IP::Addr remote = IP::Addr::from_string(o->get(2, 256));
340 const IP::Addr local = IP::Addr::from_string(o->get(1, 256));
341 const IP::Addr netmask = IP::Addr::from_string("255.255.255.252");
342 if (local.version() != IP::Addr::V4 || remote.version() != IP::Addr::V4)
343 throw tun_prop_error("ifconfig address is not IPv4 (topology net30)");
344 if ((local & netmask) != (remote & netmask))
345 throw tun_prop_error("ifconfig addresses are not in the same /30 subnet (topology net30)");
346 if (!tb->tun_builder_add_address(local.to_string(),
347 netmask.prefix_len(),
348 remote.to_string(),
349 false, // IPv6
350 true)) // net30
351 throw tun_prop_error("tun_builder_add_address IPv4 failed (topology net30)");
352 if (state)
353 {
354 state->vpn_ip4_addr = local;
355 state->vpn_ip4_gw = remote;
356 }
357 ip_ver_flags |= IP::Addr::V4_MASK;
358 }
359 else
360 throw option_error(ERR_INVALID_OPTION_VAL, "internal topology error");
361 }
362
363 o = opt.get_ptr("ifconfig-ipv6"); // DIRECTIVE
364 if (o)
365 {
366 // We don't check topology setting here since it doesn't really affect IPv6
367 const IP::AddrMaskPair pair = IP::AddrMaskPair::from_string(o->get(1, 256), "ifconfig-ipv6");
368 if (pair.version() != IP::Addr::V6)
369 throw tun_prop_error("ifconfig-ipv6 address is not IPv6");
370 std::string gateway_str;
371 if (o->size() >= 3)
372 {
373 const IP::Addr gateway = IP::Addr::from_string(o->get(2, 256), "ifconfig-ipv6");
374 if (gateway.version() != IP::Addr::V6)
375 throw tun_prop_error("ifconfig-ipv6 gateway is not IPv6");
376 gateway_str = gateway.to_string();
377 if (state)
378 state->vpn_ip6_gw = gateway;
379 }
380 if (!tb->tun_builder_add_address(pair.addr.to_string(),
381 pair.netmask.prefix_len(),
382 gateway_str,
383 true, // IPv6
384 false)) // net30
385 throw tun_prop_error("tun_builder_add_address IPv6 failed");
386 if (state)
387 state->vpn_ip6_addr = pair.addr;
388 ip_ver_flags |= IP::Addr::V6_MASK;
389 }
390
391 return ip_ver_flags;
392 }
393 }
394
395 static void add_route_tunbuilder(TunBuilderBase *tb,
396 bool add,
397 const IP::Addr &addr,
398 int prefix_length,
399 int metric,
400 bool ipv6,
401 EmulateExcludeRoute *eer)
402 {
403 const std::string addr_str = addr.to_string();
404 if (eer)
405 eer->add_route(add, addr, prefix_length);
406 else if (add)
407 {
408 if (!tb->tun_builder_add_route(addr_str, prefix_length, metric, ipv6))
409 throw tun_prop_route_error("tun_builder_add_route failed");
410 }
411 else if (!eer)
412 {
413 if (!tb->tun_builder_exclude_route(addr_str, prefix_length, metric, ipv6))
414 throw tun_prop_route_error("tun_builder_exclude_route failed");
415 }
416 }
417
418 // Check the target of a route.
419 // Return true if route should be added or false if route should be excluded.
420 static bool route_target(const Option &o, const size_t target_index)
421 {
422 if (o.size() >= (target_index + 1))
423 {
424 const std::string &target = o.ref(target_index);
425 if (target == "vpn_gateway")
426 return true;
427 else if (target == "net_gateway")
428 return false;
429 else
430 throw tun_prop_route_error("route destinations other than vpn_gateway or net_gateway are not supported");
431 }
432 else
433 return true;
434 }
435
436 static void add_routes(TunBuilderBase *tb,
437 const OptionList &opt,
438 const IPVerFlags &ipv,
439 EmulateExcludeRoute *eer,
440 const bool quiet)
441 {
442 // add IPv4 routes
443 if (ipv.v4())
444 {
445 OptionList::IndexMap::const_iterator dopt = opt.map().find("route"); // DIRECTIVE
446 if (dopt != opt.map().end())
447 {
448 for (OptionList::IndexList::const_iterator i = dopt->second.begin(); i != dopt->second.end(); ++i)
449 {
450 const Option &o = opt[*i];
451 try
452 {
453 const IP::AddrMaskPair pair = IP::AddrMaskPair::from_string(o.get(1, 256), o.get_optional(2, 256), "route");
454 const int metric = o.get_num<int>(4, -1, 0, MAX_ROUTE_METRIC);
455 if (!pair.is_canonical())
456 throw tun_prop_error("route is not canonical");
457 if (pair.version() != IP::Addr::V4)
458 throw tun_prop_error("route is not IPv4");
459 const bool add = route_target(o, 3);
460 add_route_tunbuilder(tb, add, pair.addr, pair.netmask.prefix_len(), metric, false, eer);
461 }
462 catch (const std::exception &e)
463 {
464 if (!quiet)
465 OPENVPN_LOG("exception parsing IPv4 route: " << o.render(OPT_RENDER_FLAGS) << " : " << e.what());
466 }
467 }
468 }
469 }
470
471 // add IPv6 routes
472 if (ipv.v6())
473 {
474 OptionList::IndexMap::const_iterator dopt = opt.map().find("route-ipv6"); // DIRECTIVE
475 if (dopt != opt.map().end())
476 {
477 for (OptionList::IndexList::const_iterator i = dopt->second.begin(); i != dopt->second.end(); ++i)
478 {
479 const Option &o = opt[*i];
480 try
481 {
482 const IP::AddrMaskPair pair = IP::AddrMaskPair::from_string(o.get(1, 256), "route-ipv6");
483 const int metric = o.get_num<int>(3, -1, 0, MAX_ROUTE_METRIC);
484 if (!pair.is_canonical())
485 throw tun_prop_error("route is not canonical");
486 if (pair.version() != IP::Addr::V6)
487 throw tun_prop_error("route is not IPv6");
488 const bool add = route_target(o, 2);
489 add_route_tunbuilder(tb, add, pair.addr, pair.netmask.prefix_len(), metric, true, eer);
490 }
491 catch (const std::exception &e)
492 {
493 if (!quiet)
494 OPENVPN_LOG("exception parsing IPv6 route: " << o.render(OPT_RENDER_FLAGS) << " : " << e.what());
495 }
496 }
497 }
498 }
499 }
500
501 static void add_remote_bypass_routes(TunBuilderBase *tb,
502 const RemoteList &remote_list,
503 const IP::Addr &server_addr,
504 EmulateExcludeRoute *eer,
505 const bool quiet)
506 {
507 IP::AddrList addrlist;
508 remote_list.cached_ip_address_list(addrlist);
509 for (IP::AddrList::const_iterator i = addrlist.begin(); i != addrlist.end(); ++i)
510 {
511 const IP::Addr &addr = *i;
512 if (addr != server_addr)
513 {
514 try
515 {
516 const IP::Addr::Version ver = addr.version();
517 add_route_tunbuilder(tb, false, addr, IP::Addr::version_size(ver), -1, ver == IP::Addr::V6, eer);
518 }
519 catch (const std::exception &e)
520 {
521 if (!quiet)
522 OPENVPN_LOG("exception adding remote bypass route: " << addr.to_string() << " : " << e.what());
523 }
524 }
525 }
526 }
527
537 static bool add_dns_options(TunBuilderBase *tb, const OptionList &opt, bool quiet, bool use_dhcp_search_domains_as_split_domains)
538 {
539 try
540 {
541 DnsOptionsParser dns_options(opt, use_dhcp_search_domains_as_split_domains);
542 if (dns_options.servers.empty())
543 return false;
544
545 if (!tb->tun_builder_set_dns_options(dns_options))
546 throw tun_prop_dns_option_error("tun_builder_set_dns_options failed");
547
548 return true;
549 }
550 catch (const std::exception &e)
551 {
552 if (!quiet)
553 {
554 OPENVPN_LOG("exception parsing DNS settings:"
555 << e.what());
556 }
557 }
558
559 return false;
560 }
561
570 static void add_dhcp_options(TunBuilderBase *tb, const OptionList &opt, const bool quiet)
571 {
572 // Example:
573 // [dhcp-option] [WINS] [172.16.0.23]
574 // [dhcp-option] [PROXY_HTTP] [foo.bar.gov] [1234]
575 // [dhcp-option] [PROXY_HTTPS] [foo.bar.gov] [1234]
576 // [dhcp-option] [PROXY_BYPASS] [server1] [server2] ...
577 // [dhcp-option] [PROXY_AUTO_CONFIG_URL] [http://...]
578
579 OptionList::IndexMap::const_iterator dopt = opt.map().find("dhcp-option"); // DIRECTIVE
580 if (dopt != opt.map().end())
581 {
582 std::string auto_config_url;
583 std::string http_host;
584 unsigned int http_port = 0;
585 std::string https_host;
586 unsigned int https_port = 0;
587 for (OptionList::IndexList::const_iterator i = dopt->second.begin(); i != dopt->second.end(); ++i)
588 {
589 const Option &o = opt[*i];
590 try
591 {
592 const std::string &type = o.get(1, 64);
593 if (type == "DNS" || type == "DNS6" || type == "DOMAIN" || type == "DOMAIN-SEARCH" || type == "ADAPTER_DOMAIN_SUFFIX")
594 {
595 // Ignore DNS related options here
596 continue;
597 }
598 else if (type == "PROXY_BYPASS")
599 {
600 o.min_args(3);
601 for (size_t j = 2; j < o.size(); ++j)
602 {
603 typedef std::vector<std::string> strvec;
604 strvec v = Split::by_space<strvec, StandardLex, SpaceMatch, Split::NullLimit>(o.get(j, 256));
605 for (size_t k = 0; k < v.size(); ++k)
606 {
607 if (!tb->tun_builder_add_proxy_bypass(v[k]))
608 throw tun_prop_dhcp_option_error(ERR_INVALID_OPTION_PUSHED, "tun_builder_add_proxy_bypass");
609 }
610 }
611 }
612 else if (type == "PROXY_AUTO_CONFIG_URL")
613 {
614 o.exact_args(3);
615 auto_config_url = o.get(2, 256);
616 }
617 else if (type == "PROXY_HTTP")
618 {
619 o.exact_args(4);
620 http_host = o.get(2, 256);
621 HostPort::validate_port(o.get(3, 256), "PROXY_HTTP", &http_port);
622 }
623 else if (type == "PROXY_HTTPS")
624 {
625 o.exact_args(4);
626 https_host = o.get(2, 256);
627 HostPort::validate_port(o.get(3, 256), "PROXY_HTTPS", &https_port);
628 }
629 else if (type == "WINS")
630 {
631 o.exact_args(3);
632 const IP::Addr ip = IP::Addr::from_string(o.get(2, 256), "wins-server-ip");
633 if (ip.version() != IP::Addr::V4)
634 throw tun_prop_dhcp_option_error(ERR_INVALID_OPTION_PUSHED, "WINS addresses must be IPv4");
635 if (!tb->tun_builder_add_wins_server(ip.to_string()))
636 throw tun_prop_dhcp_option_error(ERR_INVALID_OPTION_PUSHED, "tun_builder_add_wins_server failed");
637 }
638 else if (!quiet)
639 OPENVPN_LOG("Unknown pushed DHCP option: " << o.render(OPT_RENDER_FLAGS));
640 }
641 catch (const std::exception &e)
642 {
643 if (!quiet)
644 OPENVPN_LOG("exception parsing dhcp-option: " << o.render(OPT_RENDER_FLAGS) << " : " << e.what());
645 }
646 }
647 try
648 {
649 if (!http_host.empty())
650 {
651 if (!tb->tun_builder_set_proxy_http(http_host, http_port))
652 throw tun_prop_dhcp_option_error(ERR_INVALID_OPTION_PUSHED, "tun_builder_set_proxy_http");
653 }
654 if (!https_host.empty())
655 {
656 if (!tb->tun_builder_set_proxy_https(https_host, https_port))
657 throw tun_prop_dhcp_option_error(ERR_INVALID_OPTION_PUSHED, "tun_builder_set_proxy_https");
658 }
659 if (!auto_config_url.empty())
660 {
661 if (!tb->tun_builder_set_proxy_auto_config_url(auto_config_url))
662 throw tun_prop_dhcp_option_error(ERR_INVALID_OPTION_PUSHED, "tun_builder_set_proxy_auto_config_url");
663 }
664 }
665 catch (const std::exception &e)
666 {
667 if (!quiet)
668 OPENVPN_LOG("exception setting dhcp-option for proxy: " << e.what());
669 }
670 }
671 }
672
673 static bool search_domains_exist(const OptionList &opt, const bool quiet)
674 {
675 OptionList::IndexMap::const_iterator dopt = opt.map().find("dhcp-option"); // DIRECTIVE
676 if (dopt != opt.map().end())
677 {
678 for (OptionList::IndexList::const_iterator i = dopt->second.begin(); i != dopt->second.end(); ++i)
679 {
680 const Option &o = opt[*i];
681 try
682 {
683 const std::string &type = o.get(1, 64);
684 if (type == "DOMAIN")
685 return true;
686 }
687 catch (const std::exception &e)
688 {
689 if (!quiet)
690 OPENVPN_LOG("exception parsing dhcp-option: " << o.render(OPT_RENDER_FLAGS) << " : " << e.what());
691 }
692 }
693 }
694 return false;
695 }
696
697 static void add_google_dns(TunBuilderBase *tb)
698 {
699 DnsServer server;
700 DnsOptions google_dns;
701 server.addresses = {{{"8.8.8.8"}, 0}, {{"8.8.4.4"}, 0}};
702 google_dns.servers[0] = std::move(server);
703 if (!tb->tun_builder_set_dns_options(google_dns))
704 throw tun_prop_dns_option_error(ERR_INVALID_OPTION_PUSHED, "tun_builder_set_dns_options failed for Google DNS");
705 }
706};
707} // namespace openvpn
708
709#endif // OPENVPN_TUN_CLIENT_TUNPROP_H
openvpn::IPVerFlags::rgv6
bool rgv6() const
Definition ipverflags.hpp:36
openvpn::IPVerFlags::rgv4
bool rgv4() const
Definition ipverflags.hpp:31
openvpn::IPVerFlags::api_flags
unsigned int api_flags() const
Definition ipverflags.hpp:72
openvpn::IP::Addr::from_string
static Addr from_string(const std::string &ipstr, const TITLE &title, const Version required_version)
Definition ip.hpp:105
openvpn::IP::Addr::version
Version version() const
Definition ip.hpp:895
openvpn::IP::Addr::to_string
std::string to_string() const
Definition ip.hpp:528
openvpn::IP::Addr::defined
bool defined() const
Definition ip.hpp:872
openvpn::IP::Addr::VersionMask
unsigned int VersionMask
Definition ip.hpp:53
openvpn::IP::Addr::prefix_len
unsigned int prefix_len() const
Definition ip.hpp:968
openvpn::IP::Addr::version_size
static unsigned int version_size(Version v)
Definition ip.hpp:1028
openvpn::OptionList::map
const IndexMap & map() const
Definition options.hpp:1562
openvpn::OptionList::add_item
void add_item(const Option &opt)
Definition options.hpp:1551
openvpn::OptionList::get_ptr
const Option * get_ptr(const std::string &name) const
Definition options.hpp:1186
openvpn::OptionList::exists
bool exists(const std::string &name) const
Definition options.hpp:1325
openvpn::Option::exact_args
void exact_args(const size_t n) const
Definition options.hpp:136
openvpn::Option::get_optional
std::string get_optional(const size_t index, const size_t max_len) const
Definition options.hpp:194
openvpn::Option::get
const std::string & get(const size_t index, const size_t max_len) const
Definition options.hpp:187
openvpn::Option::get_num
T get_num(const size_t idx) const
Definition options.hpp:222
openvpn::Option::size
size_t size() const
Definition options.hpp:327
openvpn::Option::min_args
void min_args(const size_t n) const
Definition options.hpp:129
openvpn::Option::ref
const std::string & ref(const size_t i) const
Definition options.hpp:353
openvpn::Option::render
std::string render(const unsigned int flags) const
Definition options.hpp:264
openvpn::RCPtr::get
T * get() const noexcept
Returns the raw pointer to the object T, or nullptr.
Definition rc.hpp:321
openvpn::RC
Reference count base class for objects tracked by RCPtr. Disallows copying and assignment.
Definition rc.hpp:912
openvpn::RemoteList::cached_ip_address_list
void cached_ip_address_list(IP::AddrList &addrlist) const
Definition remotelist.hpp:735
openvpn::SessionStats::error
virtual void error(const size_t type, const std::string *text=nullptr)
Definition sessionstats.hpp:53
openvpn::TunBuilderBase
TunBuilder methods, loosely based on the Android VpnService.Builder abstraction.
Definition base.hpp:42
openvpn::TunBuilderBase::tun_builder_set_dns_options
virtual bool tun_builder_set_dns_options(const DnsOptions &dns)
Callback to set DNS related options to VPN interface.
Definition base.hpp:195
openvpn::TunBuilderBase::tun_builder_add_address
virtual bool tun_builder_add_address(const std::string &address, int prefix_length, const std::string &gateway, bool ipv6, bool net30)
Callback to add a network address to the VPN interface.
Definition base.hpp:101
openvpn::TunBuilderBase::tun_builder_add_route
virtual bool tun_builder_add_route(const std::string &address, int prefix_length, int metric, bool ipv6)
Callback to add a route to the VPN interface.
Definition base.hpp:158
openvpn::TunBuilderBase::tun_builder_set_route_metric_default
virtual bool tun_builder_set_route_metric_default(int metric)
Optional callback to set default value for route metric.
Definition base.hpp:122
openvpn::TunBuilderBase::tun_builder_set_proxy_http
virtual bool tun_builder_set_proxy_http(const std::string &host, int port)
Callback to set the HTTP proxy.
Definition base.hpp:271
openvpn::TunBuilderBase::tun_builder_reroute_gw
virtual bool tun_builder_reroute_gw(bool ipv4, bool ipv6, unsigned int flags)
Callback to reroute the default gateway to the VPN interface.
Definition base.hpp:139
openvpn::TunBuilderBase::tun_builder_add_wins_server
virtual bool tun_builder_add_wins_server(const std::string &address)
Callback to add a Windows WINS server to the VPN interface.
Definition base.hpp:305
openvpn::TunBuilderBase::tun_builder_set_layer
virtual bool tun_builder_set_layer(int layer)
Optional callback that indicates OSI layer to be used.
Definition base.hpp:67
openvpn::TunBuilderBase::tun_builder_get_local_networks
virtual std::vector< std::string > tun_builder_get_local_networks(bool ipv6)
Retrieves a list of local networks to exclude from the VPN network.
Definition base.hpp:395
openvpn::TunBuilderBase::tun_builder_add_proxy_bypass
virtual bool tun_builder_add_proxy_bypass(const std::string &bypass_host)
Callback to add a host which should bypass the proxy.
Definition base.hpp:240
openvpn::TunBuilderBase::tun_builder_set_allow_family
virtual bool tun_builder_set_allow_family(int af, bool allow)
Indicates whether traffic of a certain address family (AF_INET or AF_INET6) should be blocked or allo...
Definition base.hpp:329
openvpn::TunBuilderBase::tun_builder_set_proxy_https
virtual bool tun_builder_set_proxy_https(const std::string &host, int port)
Set the HTTPS proxy for the TunBuilder session.
Definition base.hpp:287
openvpn::TunBuilderBase::tun_builder_exclude_route
virtual bool tun_builder_exclude_route(const std::string &address, int prefix_length, int metric, bool ipv6)
Callback to exclude route from VPN interface.
Definition base.hpp:178
openvpn::TunBuilderBase::tun_builder_set_allow_local_dns
virtual bool tun_builder_set_allow_local_dns(bool allow)
Optional callback that indicates whether local DNS traffic should be blocked or allowed to prevent DN...
Definition base.hpp:347
openvpn::TunBuilderBase::tun_builder_set_mtu
virtual bool tun_builder_set_mtu(int mtu)
Callback to set the MTU of the VPN interface.
Definition base.hpp:211
openvpn::TunBuilderBase::tun_builder_set_remote_address
virtual bool tun_builder_set_remote_address(const std::string &address, bool ipv6)
Callback to set the address of the remote server.
Definition base.hpp:83
openvpn::TunBuilderBase::tun_builder_set_proxy_auto_config_url
virtual bool tun_builder_set_proxy_auto_config_url(const std::string &url)
Callback to set the proxy "Auto Config URL".
Definition base.hpp:255
openvpn::TunBuilderBase::tun_builder_set_session_name
virtual bool tun_builder_set_session_name(const std::string &name)
Sets the session name for the TunBuilder.
Definition base.hpp:226
openvpn::TunProp::configure_builder
static void configure_builder(TunBuilderBase *tb, State *state, SessionStats *stats, const IP::Addr &server_addr, const Config &config, const OptionList &opt, const EmulateExcludeRouteFactory *eer_factory, const bool quiet)
Definition tunprop.hpp:92
openvpn::TunProp::OPENVPN_UNTAGGED_EXCEPTION_INHERIT
OPENVPN_UNTAGGED_EXCEPTION_INHERIT(option_error, tun_prop_dns_option_error)
openvpn::TunProp::add_route_tunbuilder
static void add_route_tunbuilder(TunBuilderBase *tb, bool add, const IP::Addr &addr, int prefix_length, int metric, bool ipv6, EmulateExcludeRoute *eer)
Definition tunprop.hpp:395
openvpn::TunProp::route_gateway
static IP::Addr route_gateway(const OptionList &opt)
Definition tunprop.hpp:239
openvpn::TunProp::OPENVPN_EXCEPTION
OPENVPN_EXCEPTION(tun_prop_error)
openvpn::TunProp::add_google_dns
static void add_google_dns(TunBuilderBase *tb)
Definition tunprop.hpp:697
openvpn::TunProp::add_remote_bypass_routes
static void add_remote_bypass_routes(TunBuilderBase *tb, const RemoteList &remote_list, const IP::Addr &server_addr, EmulateExcludeRoute *eer, const bool quiet)
Definition tunprop.hpp:501
openvpn::TunProp::tun_mtu
static void tun_mtu(TunBuilderBase *tb, State *state, const OptionList &opt, int config_mtu, int config_mtu_max)
Definition tunprop.hpp:252
openvpn::TunProp::add_route_metric_default
static void add_route_metric_default(TunBuilderBase *tb, const OptionList &opt, const bool quiet)
Definition tunprop.hpp:216
openvpn::TunProp::route_target
static bool route_target(const Option &o, const size_t target_index)
Definition tunprop.hpp:420
openvpn::TunProp::OPENVPN_UNTAGGED_EXCEPTION_INHERIT
OPENVPN_UNTAGGED_EXCEPTION_INHERIT(option_error, tun_prop_dhcp_option_error)
openvpn::TunProp::search_domains_exist
static bool search_domains_exist(const OptionList &opt, const bool quiet)
Definition tunprop.hpp:673
openvpn::TunProp::MAX_ROUTE_METRIC
static constexpr int MAX_ROUTE_METRIC
Definition tunprop.hpp:43
openvpn::TunProp::OPENVPN_EXCEPTION
OPENVPN_EXCEPTION(tun_prop_route_error)
openvpn::TunProp::add_dns_options
static bool add_dns_options(TunBuilderBase *tb, const OptionList &opt, bool quiet, bool use_dhcp_search_domains_as_split_domains)
Configure tun builder to use DNS related options if defined.
Definition tunprop.hpp:537
openvpn::TunProp::add_routes
static void add_routes(TunBuilderBase *tb, const OptionList &opt, const IPVerFlags &ipv, EmulateExcludeRoute *eer, const bool quiet)
Definition tunprop.hpp:436
openvpn::TunProp::tun_ifconfig
static IP::Addr::VersionMask tun_ifconfig(TunBuilderBase *tb, State *state, const OptionList &opt)
Definition tunprop.hpp:284
openvpn::TunProp::add_dhcp_options
static void add_dhcp_options(TunBuilderBase *tb, const OptionList &opt, const bool quiet)
Parse options for WINS and HTTP Proxy –dhcp-option(s) and add them to the tunbuilder (tb) passed.
Definition tunprop.hpp:570
OPENVPN_LOG
#define OPENVPN_LOG(args)
Definition logdatetime.hpp:23
openvpn::Error::REROUTE_GW_NO_DNS
@ REROUTE_GW_NO_DNS
Definition error.hpp:46
openvpn::HostPort::validate_port
void validate_port(const std::string &port, const std::string &title, unsigned int *value=nullptr)
Definition hostport.hpp:34
openvpn::INVALID_ADAPTER_INDEX
constexpr std::uint32_t INVALID_ADAPTER_INDEX
Definition tunbase.hpp:29
openvpn::DnsOptions
All DNS options set with the –dns or –dhcp-option directive.
Definition dns_options.hpp:304
openvpn::DnsOptions::servers
std::map< int, DnsServer > servers
Definition dns_options.hpp:360
openvpn::DnsServer
DNS settings for a name server.
Definition dns_options.hpp:134
openvpn::DnsServer::addresses
std::vector< DnsAddress > addresses
Definition dns_options.hpp:292
openvpn::EmulateExcludeRouteFactory::new_obj
virtual EmulateExcludeRoute::Ptr new_obj() const =0
openvpn::EmulateExcludeRoute::add_route
virtual void add_route(const bool add, const IP::Addr &addr, const int prefix_len)=0
openvpn::IP::AddrMaskPair::from_string
static AddrMaskPair from_string(const std::string &s1, const std::string &s2, const char *title=nullptr)
Definition addrpair.hpp:99
openvpn::IP::AddrMaskPair::version
Addr::Version version() const
Definition addrpair.hpp:164
openvpn::TunProp::Config::remote_list
RemoteList::Ptr remote_list
Definition tunprop.hpp:74
openvpn::TunProp::Config::dhcp_search_domains_as_split_domains
bool dhcp_search_domains_as_split_domains
Definition tunprop.hpp:60
openvpn::TunProp::Config::session_name
std::string session_name
Definition tunprop.hpp:53
openvpn::TunProp::State::Ptr
RCPtr< State > Ptr
Definition tunprop.hpp:80
openvpn::TunProp::State::vpn_interface_index
std::uint32_t vpn_interface_index
Definition tunprop.hpp:89
openvpn::TunProp::State::iface_name
std::string iface_name
Definition tunprop.hpp:82
metric
const auto metric
Definition test_capture.cpp:904
ipv6
remote_address ipv6
Definition test_capture.cpp:109
add_routes
std::vector< TunBuilderCapture::Route > add_routes
Definition test_capture.cpp:1114
dns_options
DnsOptions dns_options
Definition test_capture.cpp:928
config
static const char config[]
Definition test_parseargv.cpp:65
add
static void add(const Time &t1, const Time::Duration &d1)
Definition test_time.cpp:136