Re: [Openvpn-devel] [PATCH v3-master] Add Windows DNS Leak fix using WFP ('block-outside-dns').

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi,

I feel some of the errors may have to be treated as  FATAL. I understand
this patch was discussed in the last IRC meeting, so may be I'm
misunderstanding this, please bear with me.

I presume, the main purpose of the option is to work around something seen
as a serious security issue for some people (dns leak). If so, when a user
specifies --block-outside-dns, and we fail to block it, shouldn't we exit?

On Tue, Nov 17, 2015 at 5:14 PM, ValdikSS <ia...@va...> wrote:

> +      if (c->options.block_outside_dns)
> +      {
> +          if (!win_wfp_init())
> +            msg (M_NONFATAL, "Initialising WFP failed!");
> +            else
> +            {
> +                dmsg (D_LOW, "Blocking outside DNS");
> +                if (!win_wfp_block_dns(c->c1.tuntap->adapter_index))
> +                    msg (M_NONFATAL, "Blocking DNS failed!");
>

M_FATAL here and a few other places?

Further, if there is an error during the set up of a filter, all previously
setup filters should be removed, This may become a non-issue if errors are
made FATAL.

Selva

Re: [Openvpn-devel] [PATCH v3-master] Add Windows DNS Leak fix using WFP ('block-outside-dns').

Robust and flexible VPN network tunnelling

Re: [Openvpn-devel] [PATCH v3-master] Add Windows DNS Leak fix using WFP ('block-outside-dns').