git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@4436 e7ae566f-a301-0410-adde-c780ea21d3b5
james authored on 2009/05/23 19:30:10... | ... |
@@ -182,7 +182,7 @@ static const char usage_message[] = |
182 | 182 |
" by server EXCEPT for routes.\n" |
183 | 183 |
"--allow-pull-fqdn : Allow client to pull DNS names from server for\n" |
184 | 184 |
" --ifconfig, --route, and --route-gateway.\n" |
185 |
- "--redirect-gateway [flags]: (Experimental) Automatically execute routing\n" |
|
185 |
+ "--redirect-gateway [flags]: Automatically execute routing\n" |
|
186 | 186 |
" commands to redirect all outgoing IP traffic through the\n" |
187 | 187 |
" VPN. Add 'local' flag if both " PACKAGE_NAME " servers are directly\n" |
188 | 188 |
" connected via a common subnet, such as with WiFi.\n" |
... | ... |
@@ -190,6 +190,8 @@ static const char usage_message[] = |
190 | 190 |
" and 128.0.0.0/1 rather than 0.0.0.0/0. Add 'bypass-dhcp'\n" |
191 | 191 |
" flag to add a direct route to DHCP server, bypassing tunnel.\n" |
192 | 192 |
" Add 'bypass-dns' flag to similarly bypass tunnel for DNS.\n" |
193 |
+ "--redirect-private [flags]: Like --redirect-gateway, but omit actually changing\n" |
|
194 |
+ " the default gateway. Useful when pushing private subnets.\n" |
|
193 | 195 |
"--setenv name value : Set a custom environmental variable to pass to script.\n" |
194 | 196 |
"--setenv FORWARD_COMPATIBLE 1 : Relax config file syntax checking to allow\n" |
195 | 197 |
" directives for future OpenVPN versions to be ignored.\n" |
... | ... |
@@ -4391,13 +4393,15 @@ add_option (struct options *options, |
4391 | 4391 |
VERIFY_PERMISSION (OPT_P_GENERAL); |
4392 | 4392 |
options->allow_pull_fqdn = true; |
4393 | 4393 |
} |
4394 |
- else if (streq (p[0], "redirect-gateway")) |
|
4394 |
+ else if (streq (p[0], "redirect-gateway") || streq (p[0], "redirect-private")) |
|
4395 | 4395 |
{ |
4396 | 4396 |
int j; |
4397 | 4397 |
VERIFY_PERMISSION (OPT_P_ROUTE); |
4398 | 4398 |
rol_check_alloc (options); |
4399 | 4399 |
for (j = 1; j < MAX_PARMS && p[j] != NULL; ++j) |
4400 | 4400 |
{ |
4401 |
+ if (streq (p[0], "redirect-gateway")) |
|
4402 |
+ options->routes->flags |= RG_REROUTE_GW; |
|
4401 | 4403 |
if (streq (p[j], "local")) |
4402 | 4404 |
options->routes->flags |= RG_LOCAL; |
4403 | 4405 |
else if (streq (p[j], "def1")) |
... | ... |
@@ -4408,7 +4412,7 @@ add_option (struct options *options, |
4408 | 4408 |
options->routes->flags |= RG_BYPASS_DNS; |
4409 | 4409 |
else |
4410 | 4410 |
{ |
4411 |
- msg (msglevel, "unknown --redirect-gateway flag: %s", p[j]); |
|
4411 |
+ msg (msglevel, "unknown --%s flag: %s", p[0], p[j]); |
|
4412 | 4412 |
goto err; |
4413 | 4413 |
} |
4414 | 4414 |
} |
... | ... |
@@ -543,18 +543,83 @@ redirect_default_route_to_vpn (struct route_list *rl, const struct tuntap *tt, u |
543 | 543 |
/* route DHCP/DNS server traffic through original default gateway */ |
544 | 544 |
add_bypass_routes (&rl->spec.bypass, rl->spec.net_gateway, tt, flags, es); |
545 | 545 |
|
546 |
+ if (rl->flags & RG_REROUTE_GW) |
|
547 |
+ { |
|
548 |
+ if (rl->flags & RG_DEF1) |
|
549 |
+ { |
|
550 |
+ /* add new default route (1st component) */ |
|
551 |
+ add_route3 (0x00000000, |
|
552 |
+ 0x80000000, |
|
553 |
+ rl->spec.remote_endpoint, |
|
554 |
+ tt, |
|
555 |
+ flags, |
|
556 |
+ es); |
|
557 |
+ |
|
558 |
+ /* add new default route (2nd component) */ |
|
559 |
+ add_route3 (0x80000000, |
|
560 |
+ 0x80000000, |
|
561 |
+ rl->spec.remote_endpoint, |
|
562 |
+ tt, |
|
563 |
+ flags, |
|
564 |
+ es); |
|
565 |
+ } |
|
566 |
+ else |
|
567 |
+ { |
|
568 |
+ /* delete default route */ |
|
569 |
+ del_route3 (0, |
|
570 |
+ 0, |
|
571 |
+ rl->spec.net_gateway, |
|
572 |
+ tt, |
|
573 |
+ flags, |
|
574 |
+ es); |
|
575 |
+ |
|
576 |
+ /* add new default route */ |
|
577 |
+ add_route3 (0, |
|
578 |
+ 0, |
|
579 |
+ rl->spec.remote_endpoint, |
|
580 |
+ tt, |
|
581 |
+ flags, |
|
582 |
+ es); |
|
583 |
+ } |
|
584 |
+ } |
|
585 |
+ |
|
586 |
+ /* set a flag so we can undo later */ |
|
587 |
+ rl->did_redirect_default_gateway = true; |
|
588 |
+ } |
|
589 |
+ } |
|
590 |
+} |
|
591 |
+ |
|
592 |
+static void |
|
593 |
+undo_redirect_default_route_to_vpn (struct route_list *rl, const struct tuntap *tt, unsigned int flags, const struct env_set *es) |
|
594 |
+{ |
|
595 |
+ if (rl->did_redirect_default_gateway) |
|
596 |
+ { |
|
597 |
+ /* delete remote host route */ |
|
598 |
+ if (!(rl->flags & RG_LOCAL)) |
|
599 |
+ del_route3 (rl->spec.remote_host, |
|
600 |
+ ~0, |
|
601 |
+ rl->spec.net_gateway, |
|
602 |
+ tt, |
|
603 |
+ flags, |
|
604 |
+ es); |
|
605 |
+ |
|
606 |
+ /* delete special DHCP/DNS bypass route */ |
|
607 |
+ del_bypass_routes (&rl->spec.bypass, rl->spec.net_gateway, tt, flags, es); |
|
608 |
+ |
|
609 |
+ if (rl->flags & RG_REROUTE_GW) |
|
610 |
+ { |
|
546 | 611 |
if (rl->flags & RG_DEF1) |
547 | 612 |
{ |
548 |
- /* add new default route (1st component) */ |
|
549 |
- add_route3 (0x00000000, |
|
613 |
+ /* delete default route (1st component) */ |
|
614 |
+ del_route3 (0x00000000, |
|
550 | 615 |
0x80000000, |
551 | 616 |
rl->spec.remote_endpoint, |
552 | 617 |
tt, |
553 | 618 |
flags, |
554 | 619 |
es); |
555 | 620 |
|
556 |
- /* add new default route (2nd component) */ |
|
557 |
- add_route3 (0x80000000, |
|
621 |
+ /* delete default route (2nd component) */ |
|
622 |
+ del_route3 (0x80000000, |
|
558 | 623 |
0x80000000, |
559 | 624 |
rl->spec.remote_endpoint, |
560 | 625 |
tt, |
... | ... |
@@ -566,78 +631,19 @@ redirect_default_route_to_vpn (struct route_list *rl, const struct tuntap *tt, u |
566 | 566 |
/* delete default route */ |
567 | 567 |
del_route3 (0, |
568 | 568 |
0, |
569 |
- rl->spec.net_gateway, |
|
569 |
+ rl->spec.remote_endpoint, |
|
570 | 570 |
tt, |
571 | 571 |
flags, |
572 | 572 |
es); |
573 | 573 |
|
574 |
- /* add new default route */ |
|
574 |
+ /* restore original default route */ |
|
575 | 575 |
add_route3 (0, |
576 | 576 |
0, |
577 |
- rl->spec.remote_endpoint, |
|
577 |
+ rl->spec.net_gateway, |
|
578 | 578 |
tt, |
579 | 579 |
flags, |
580 | 580 |
es); |
581 | 581 |
} |
582 |
- |
|
583 |
- /* set a flag so we can undo later */ |
|
584 |
- rl->did_redirect_default_gateway = true; |
|
585 |
- } |
|
586 |
- } |
|
587 |
-} |
|
588 |
- |
|
589 |
-static void |
|
590 |
-undo_redirect_default_route_to_vpn (struct route_list *rl, const struct tuntap *tt, unsigned int flags, const struct env_set *es) |
|
591 |
-{ |
|
592 |
- if (rl->did_redirect_default_gateway) |
|
593 |
- { |
|
594 |
- /* delete remote host route */ |
|
595 |
- if (!(rl->flags & RG_LOCAL)) |
|
596 |
- del_route3 (rl->spec.remote_host, |
|
597 |
- ~0, |
|
598 |
- rl->spec.net_gateway, |
|
599 |
- tt, |
|
600 |
- flags, |
|
601 |
- es); |
|
602 |
- |
|
603 |
- /* delete special DHCP/DNS bypass route */ |
|
604 |
- del_bypass_routes (&rl->spec.bypass, rl->spec.net_gateway, tt, flags, es); |
|
605 |
- |
|
606 |
- if (rl->flags & RG_DEF1) |
|
607 |
- { |
|
608 |
- /* delete default route (1st component) */ |
|
609 |
- del_route3 (0x00000000, |
|
610 |
- 0x80000000, |
|
611 |
- rl->spec.remote_endpoint, |
|
612 |
- tt, |
|
613 |
- flags, |
|
614 |
- es); |
|
615 |
- |
|
616 |
- /* delete default route (2nd component) */ |
|
617 |
- del_route3 (0x80000000, |
|
618 |
- 0x80000000, |
|
619 |
- rl->spec.remote_endpoint, |
|
620 |
- tt, |
|
621 |
- flags, |
|
622 |
- es); |
|
623 |
- } |
|
624 |
- else |
|
625 |
- { |
|
626 |
- /* delete default route */ |
|
627 |
- del_route3 (0, |
|
628 |
- 0, |
|
629 |
- rl->spec.remote_endpoint, |
|
630 |
- tt, |
|
631 |
- flags, |
|
632 |
- es); |
|
633 |
- |
|
634 |
- /* restore original default route */ |
|
635 |
- add_route3 (0, |
|
636 |
- 0, |
|
637 |
- rl->spec.net_gateway, |
|
638 |
- tt, |
|
639 |
- flags, |
|
640 |
- es); |
|
641 | 582 |
} |
642 | 583 |
|
643 | 584 |
rl->did_redirect_default_gateway = false; |