[NetworkManager-openvpn] Added option for allow-pull-fqdn
- From: Thomas Haller <thaller src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [NetworkManager-openvpn] Added option for allow-pull-fqdn
- Date: Mon, 14 Sep 2020 11:54:42 +0000 (UTC)
commit e83b4f89962854f75475ef0fe86f938746c684db
Author: Ralph Benjamin Ruijs <ralph ruijs ing com>
Date: Mon Jul 13 22:23:09 2020 +0200
Added option for allow-pull-fqdn
This allows the server to push routes that include DNS-names and not
just ips/networks. OpenVPN will then resolve those names and add the
routes accordingly.
As an example `push route google.com` will result in all traffic to
google.com be redirected over the vpn. The `up` scripts do not need
any special handling as they are passed the resolved options:
route_network_13=ip_1_of_google
route_network_12=ip_2_of_google
Co-authored-by: Florian Apolloner <florian apolloner eu>
https://gitlab.gnome.org/GNOME/NetworkManager-openvpn/-/merge_requests/28
properties/import-export.c | 10 ++++++++++
properties/nm-openvpn-dialog.ui | 31 +++++++++++++++++++++++++------
properties/nm-openvpn-editor.c | 6 ++++++
shared/nm-service-defines.h | 1 +
shared/utils.h | 1 +
src/nm-openvpn-service.c | 5 +++++
6 files changed, 48 insertions(+), 6 deletions(-)
---
diff --git a/properties/import-export.c b/properties/import-export.c
index 816cd3d4..8260d83a 100644
--- a/properties/import-export.c
+++ b/properties/import-export.c
@@ -1193,6 +1193,13 @@ do_import (const char *path, const char *contents, gsize contents_len, GError **
continue;
}
+ if (NM_IN_STRSET (params[0], NMV_OVPN_TAG_ALLOW_PULL_FQDN)) {
+ if (!args_params_check_nargs_n (params, 0, &line_error))
+ goto handle_line_error;
+ setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_ALLOW_PULL_FQDN, "yes");
+ continue;
+ }
+
if (NM_IN_STRSET (params[0], NMV_OVPN_TAG_TUN_IPV6)) {
if (!args_params_check_nargs_n (params, 0, &line_error))
goto handle_line_error;
@@ -1958,6 +1965,9 @@ do_export_create (NMConnection *connection, const char *path, GError **error)
if (nm_streq0 (nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_REMOTE_RANDOM_HOSTNAME), "yes"))
args_write_line (f, NMV_OVPN_TAG_REMOTE_RANDOM_HOSTNAME);
+ if (nm_streq0 (nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_ALLOW_PULL_FQDN), "yes"))
+ args_write_line (f, NMV_OVPN_TAG_ALLOW_PULL_FQDN);
+
if (nm_streq0 (nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_TUN_IPV6), "yes"))
args_write_line (f, NMV_OVPN_TAG_TUN_IPV6);
diff --git a/properties/nm-openvpn-dialog.ui b/properties/nm-openvpn-dialog.ui
index bd1ad1d0..cffbc2d6 100644
--- a/properties/nm-openvpn-dialog.ui
+++ b/properties/nm-openvpn-dialog.ui
@@ -1316,6 +1316,25 @@ config: remote-random</property>
<property name="position">8</property>
</packing>
</child>
+ <child>
+ <object class="GtkCheckButton" id="allow_pull_fqdn_checkbutton">
+ <property name="label" translatable="yes">Allow Pull FQDN</property>
+ <property name="use_action_appearance">False</property>
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="receives_default">False</property>
+ <property name="tooltip_text" translatable="yes">Allow client to pull DNS names from
server
+config: allow-pull-fqdn</property>
+ <property name="use_underline">True</property>
+ <property name="xalign">0</property>
+ <property name="draw_indicator">True</property>
+ </object>
+ <packing>
+ <property name="expand">False</property>
+ <property name="fill">True</property>
+ <property name="position">9</property>
+ </packing>
+ </child>
<child>
<object class="GtkCheckButton" id="remote_random_hostname_checkbutton">
<property name="label" translatable="yes">_Prefix remote DNS name with random
string</property>
@@ -1332,7 +1351,7 @@ config: remote-random-hostname</property>
<packing>
<property name="expand">False</property>
<property name="fill">True</property>
- <property name="position">9</property>
+ <property name="position">10</property>
</packing>
</child>
<child>
@@ -1351,7 +1370,7 @@ config: tun-ipv6</property>
<packing>
<property name="expand">False</property>
<property name="fill">True</property>
- <property name="position">10</property>
+ <property name="position">11</property>
</packing>
</child>
<child>
@@ -1398,7 +1417,7 @@ config: ping <n></property>
<packing>
<property name="expand">False</property>
<property name="fill">True</property>
- <property name="position">11</property>
+ <property name="position">12</property>
</packing>
</child>
<child>
@@ -1465,7 +1484,7 @@ config: ping-exit | ping-restart <n></property>
<packing>
<property name="expand">False</property>
<property name="fill">True</property>
- <property name="position">12</property>
+ <property name="position">13</property>
</packing>
</child>
<child>
@@ -1487,7 +1506,7 @@ config: float</property>
<packing>
<property name="expand">False</property>
<property name="fill">True</property>
- <property name="position">13</property>
+ <property name="position">14</property>
</packing>
</child>
<child>
@@ -1534,7 +1553,7 @@ config: max-routes <n></property>
<packing>
<property name="expand">False</property>
<property name="fill">True</property>
- <property name="position">14</property>
+ <property name="position">15</property>
</packing>
</child>
</object>
diff --git a/properties/nm-openvpn-editor.c b/properties/nm-openvpn-editor.c
index d1ebe43f..c89ba8f8 100644
--- a/properties/nm-openvpn-editor.c
+++ b/properties/nm-openvpn-editor.c
@@ -646,6 +646,7 @@ sk_file_chooser_filter_new (void)
}
static const char *const advanced_keys[] = {
+ NM_OPENVPN_KEY_ALLOW_PULL_FQDN,
NM_OPENVPN_KEY_AUTH,
NM_OPENVPN_KEY_CIPHER,
NM_OPENVPN_KEY_COMPRESS,
@@ -1602,6 +1603,7 @@ advanced_dialog_new (GHashTable *hash, const char *contype)
_builder_init_toggle_button (builder, "remote_random_checkbutton", _hash_get_boolean (hash,
NM_OPENVPN_KEY_REMOTE_RANDOM));
_builder_init_toggle_button (builder, "remote_random_hostname_checkbutton", _hash_get_boolean (hash,
NM_OPENVPN_KEY_REMOTE_RANDOM_HOSTNAME));
+ _builder_init_toggle_button (builder, "allow_pull_fqdn_checkbutton", _hash_get_boolean (hash,
NM_OPENVPN_KEY_ALLOW_PULL_FQDN));
_builder_init_toggle_button (builder, "tun_ipv6_checkbutton", _hash_get_boolean (hash,
NM_OPENVPN_KEY_TUN_IPV6));
widget = GTK_WIDGET (gtk_builder_get_object (builder, "cipher_combo"));
@@ -1961,6 +1963,10 @@ advanced_dialog_new_hash_from_dialog (GtkWidget *dialog)
if (gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget)))
g_hash_table_insert (hash, NM_OPENVPN_KEY_REMOTE_RANDOM_HOSTNAME, g_strdup ("yes"));
+ widget = GTK_WIDGET (gtk_builder_get_object (builder, "allow_pull_fqdn_checkbutton"));
+ if (gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget)))
+ g_hash_table_insert (hash, NM_OPENVPN_KEY_ALLOW_PULL_FQDN, g_strdup ("yes"));
+
widget = GTK_WIDGET (gtk_builder_get_object (builder, "tun_ipv6_checkbutton"));
if (gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget)))
g_hash_table_insert (hash, NM_OPENVPN_KEY_TUN_IPV6, g_strdup ("yes"));
diff --git a/shared/nm-service-defines.h b/shared/nm-service-defines.h
index 4a858b4c..46b4104b 100644
--- a/shared/nm-service-defines.h
+++ b/shared/nm-service-defines.h
@@ -29,6 +29,7 @@
#define NM_DBUS_INTERFACE_OPENVPN "org.freedesktop.NetworkManager.openvpn"
#define NM_DBUS_PATH_OPENVPN "/org/freedesktop/NetworkManager/openvpn"
+#define NM_OPENVPN_KEY_ALLOW_PULL_FQDN "allow-pull-fqdn"
#define NM_OPENVPN_KEY_AUTH "auth"
#define NM_OPENVPN_KEY_CA "ca"
#define NM_OPENVPN_KEY_CERT "cert"
diff --git a/shared/utils.h b/shared/utils.h
index b532b5d3..477ad709 100644
--- a/shared/utils.h
+++ b/shared/utils.h
@@ -23,6 +23,7 @@
#ifndef UTILS_H
#define UTILS_H
+#define NMV_OVPN_TAG_ALLOW_PULL_FQDN "allow-pull-fqdn"
#define NMV_OVPN_TAG_AUTH "auth"
#define NMV_OVPN_TAG_AUTH_NOCACHE "auth-nocache"
#define NMV_OVPN_TAG_NCP_DISABLE "ncp-disable"
diff --git a/src/nm-openvpn-service.c b/src/nm-openvpn-service.c
index 27ff30e7..e9fa084c 100644
--- a/src/nm-openvpn-service.c
+++ b/src/nm-openvpn-service.c
@@ -138,6 +138,7 @@ typedef struct {
} ValidProperty;
static const ValidProperty valid_properties[] = {
+ { NM_OPENVPN_KEY_ALLOW_PULL_FQDN, G_TYPE_BOOLEAN, 0, 0, FALSE },
{ NM_OPENVPN_KEY_AUTH, G_TYPE_STRING, 0, 0, FALSE },
{ NM_OPENVPN_KEY_CA, G_TYPE_STRING, 0, 0, FALSE },
{ NM_OPENVPN_KEY_CERT, G_TYPE_STRING, 0, 0, FALSE },
@@ -1454,6 +1455,10 @@ nm_openvpn_start_openvpn_binary (NMOpenvpnPlugin *plugin,
if (nm_streq0 (tmp, "yes"))
args_add_strv (args, "--remote-random-hostname");
+ tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_ALLOW_PULL_FQDN);
+ if (nm_streq0 (tmp, "yes"))
+ args_add_strv (args, "--allow-pull-fqdn");
+
tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_TUN_IPV6);
if (nm_streq0 (tmp, "yes"))
args_add_strv (args, "--tun-ipv6");
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]