mirrors/openvpn
0
0
Fork 0
mirror of https://github.com/OpenVPN/openvpn.git synced 2024-11-23 01:34:06 +08:00
Code Issues Packages Projects Releases Wiki Activity
master
openvpn/include
History
Heiko Hund bf887c95e4 Windows: enforce 'block-local' with WFP filters 
In an attempt to better defend against the TunnelCrack attacks, enforce
that no traffic can pass to anything else than the VPN interface when
the 'block-local' flags is given with either --redirect-gateway or
--redirect-private.

Reuse much of the existing --block-outside-dns code, but make it more
general, so that it can also block any traffic, not just port 53.

Uses the Windows Filtering Platform for enforcement in addition to the
routes redirecting the networks into the tunnel.

Change-Id: Ic9bf797bfc7e2d471998a84cb0f071db3e4832ba
Signed-off-by: Heiko Hund <heiko@ist.eigentlich.net>
Acked-by: Lev Stipakov <lstipakov@gmail.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20240605123856.26267-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28717.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
2024-06-05 19:22:43 +02:00
..
Makefile.am Update Copyright statements to 2024 2024-03-18 18:46:26 +01:00
openvpn-msg.h Windows: enforce 'block-local' with WFP filters 2024-06-05 19:22:43 +02:00
openvpn-plugin.h.in Update Copyright statements to 2024 2024-03-18 18:46:26 +01:00