2026-02-10 00:37:00 +08:00 · 2015-11-10 13:19:17 +01:00
parent f10b7e0055
commit 65004a55df
9 changed files with 38 additions and 8 deletions
							
							
								
							
							
						
@@ -158,11 +158,6 @@ max-clients = 16
# multiple times). Unset or set to zero for unlimited.
max-same-clients = 2
# When the server has a dynamic DNS address (that may change),
# should set that to true to ask the client to resolve again on
# reconnects.
#listen-host-is-dyndns = true
# When the server receives connections from a proxy, like haproxy
# which supports the proxy protocol, set this to obtain the correct
# client addresses. The proxy protocol (v2) would then be expected in
							
								
							
							
								
							
							
						
@@ -405,6 +400,10 @@ ipv4-netmask = 255.255.255.0
#ipv6-subnet-prefix = 128
#ipv6-subnet-prefix = 64
# Whether to tunnel all DNS queries via the VPN. This is the default
# when a default route is set.
#tunnel-all-dns = true
# The advertized DNS server. Use multiple lines for
# multiple servers.
# dns = fc00::4be0
							
								
							
							
								
							
							
						
@@ -481,7 +480,7 @@ no-route = 192.168.5.0/255.255.255.0
# The options allowed in the configuration files are dns, nbns,
#  ipv?-network, ipv4-netmask, rx/tx-per-sec, iroute, route, no-route,
#  explicit-ipv4, explicit-ipv6, net-priority, deny-roaming, no-udp, 
#  keepalive, dpd, mobile-dpd, max-same-clients,
#  keepalive, dpd, mobile-dpd, max-same-clients, tunnel-all-dns,
#  user-profile, cgroup, stats-report-time, and session-timeout.
#
# Note that the 'iroute' option allows to add routes on the server
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -117,6 +117,7 @@ static struct cfg_options available_options[] = {
	{ .name = "occtl-socket-file", .type = OPTION_STRING, .mandatory = 0 },
	{ .name = "banner", .type = OPTION_STRING, .mandatory = 0 },
	{ .name = "use-seccomp", .type = OPTION_BOOLEAN, .mandatory = 0 },
	{ .name = "tunnel-all-dns", .type = OPTION_BOOLEAN, .mandatory = 0 },
	{ .name = "isolate-workers", .type = OPTION_BOOLEAN, .mandatory = 0 },
	{ .name = "predictable-ips", .type = OPTION_BOOLEAN, .mandatory = 0 },
	{ .name = "session-control", .type = OPTION_BOOLEAN, .mandatory = 0 },
							
								
							
							
								
							
							
						
@@ -750,6 +751,8 @@ size_t urlfw_size = 0;
	}
#endif
	READ_TF("tunnel-all-dns", config->tunnel_all_dns, 0);
	READ_NUMERIC("keepalive", config->keepalive);
	READ_NUMERIC("dpd", config->dpd);
	if (config->dpd == 0)
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -50,6 +50,7 @@ message auth_reply_msg
	optional uint32 dpd = 34;
	optional uint32 mobile_dpd = 35;
	optional uint32 keepalive = 36;
	optional uint32 tunnel_all_dns = 37;
}
/* RESUME_FETCH_REQ + RESUME_DELETE_REQ */
							
								
							
							
								
							
							
						
@@ -260,6 +261,7 @@ message sec_auth_session_reply_msg
	optional uint32 mobile_dpd = 31;
	optional uint32 keepalive = 32;
	optional uint32 max_same_clients = 33;
	optional uint32 tunnel_all_dns = 34;
}
/* SEC_BAN_IP: sent from sec-mod to main */
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -143,6 +143,11 @@ int send_cookie_auth_reply(main_server_st* s, struct proc_st* proc,
			msg.no_udp = proc->config.no_udp;
		}
		if (proc->config.tunnel_all_dns != 0) {
			msg.has_tunnel_all_dns = 1;
			msg.tunnel_all_dns = proc->config.tunnel_all_dns;
		}
		if (proc->config.xml_config_file != NULL) {
			msg.xml_config_file = proc->config.xml_config_file;
		}
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -247,6 +247,9 @@ int session_open(main_server_st * s, struct proc_st *proc, const uint8_t *cookie
	if (msg->has_dpd)
		proc->config.dpd = msg->dpd;
	if (msg->has_tunnel_all_dns)
		proc->config.tunnel_all_dns = msg->tunnel_all_dns;
	if (msg->has_keepalive)
		proc->config.keepalive = msg->keepalive;
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -488,6 +488,10 @@ ipv6-network = fda9:4efe:7e3b:03ea::/48
#ipv6-subnet-prefix = 128
#ipv6-subnet-prefix = 64
# Whether to tunnel all DNS queries via the VPN. This is the default
# when a default route is set.
#tunnel-all-dns = true
# The advertized DNS server. Use multiple lines for
# multiple servers.
# dns = fc00::4be0
							
								
							
							
								
							
							
						
@@ -565,7 +569,7 @@ no-route = 192.168.5.0/255.255.255.0
# The options allowed in the configuration files are dns, nbns,
#  ipv?-network, ipv4-netmask, rx/tx-per-sec, iroute, route, no-route,
#  explicit-ipv4, explicit-ipv6, net-priority, deny-roaming, no-udp, 
#  keepalive, dpd, mobile-dpd, max-same-clients,
#  keepalive, dpd, mobile-dpd, max-same-clients, tunnel-all-dns,
#  user-profile, cgroup, stats-report-time, and session-timeout.
#
# Note that the 'iroute' option allows to add routes on the server
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -45,6 +45,7 @@ struct cfg_options {
static struct cfg_options available_options[] = {
	{ .name = "no-udp", .type = OPTION_BOOLEAN },
	{ .name = "tunnel-all-dns", .type = OPTION_BOOLEAN },
	{ .name = "deny-roaming", .type = OPTION_BOOLEAN },
	{ .name = "route", .type = OPTION_MULTI_LINE },
	{ .name = "no-route", .type = OPTION_MULTI_LINE },
							
								
							
							
								
							
							
						
@@ -180,6 +181,7 @@ unsigned j;
	} while((val = optionNextValue(pov, prev)) != NULL);
	READ_TF("no-udp", msg->no_udp, msg->has_no_udp);
	READ_TF("tunnel_all_dns", msg->tunnel_all_dns, msg->has_tunnel_all_dns);
	READ_TF("deny-roaming", msg->deny_roaming, msg->has_deny_roaming);
	READ_RAW_MULTI_LINE("route", msg->routes, msg->n_routes);
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -216,6 +216,7 @@ struct group_cfg_st {
	size_t tx_per_sec;
	unsigned max_same_clients;
	unsigned tunnel_all_dns;
	unsigned dpd;
	unsigned keepalive;
	unsigned mobile_dpd;
							
								
							
							
								
							
							
						
@@ -355,6 +356,7 @@ struct cfg_st {
	unsigned max_clients;
	unsigned max_same_clients;
	unsigned use_utmp;
	unsigned tunnel_all_dns;
	unsigned use_dbus; /* whether the D-BUS service is registered */
	unsigned use_occtl; /* whether support for the occtl tool will be enabled */
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -1611,8 +1611,19 @@ static int connect_handler(worker_st * ws)
		ret = send_routes(ws, req, ws->routes, ws->routes_size, 1);
		SEND_ERR(ret);
	} else {
		/* default route */
		ws->config->tunnel_all_dns = 1;
	}
	if (ws->config->tunnel_all_dns) {
		ret = cstp_puts(ws, "X-CSTP-Tunnel-All-DNS: true\r\n");
	} else {
		ret = cstp_puts(ws, "X-CSTP-Tunnel-All-DNS: false\r\n");
	}
	SEND_ERR(ret);
	ret = send_routes(ws, req, ws->vinfo.no_routes, ws->vinfo.no_routes_size, 0);
	SEND_ERR(ret);
							
								
							
							
								
							
							
						
@@ -1685,7 +1696,6 @@ static int connect_handler(worker_st * ws)
		       "X-CSTP-Disconnected-Timeout: none\r\n"
		       "X-CSTP-Keep: true\r\n"
		       "X-CSTP-TCP-Keepalive: true\r\n"
		       "X-CSTP-Tunnel-All-DNS: false\r\n"
		       "X-CSTP-License: accept\r\n");
	SEND_ERR(ret);