upstream/openvpn
1
0
Fork 0
mirror of https://github.com/OpenVPN/openvpn.git synced 2026-05-28 04:03:29 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

fix macOS dns-updown handling of parallel full redirects

Browse source 
The script didn't handle scenarios well where two or more parallel VPN
connections want to replace the default DNS server. The DNS configuration
has a chance to get broken by the connections going down in a different
order than they came up in.

Disallowing all but the first connection to modify the default DNS server
will effectively prevent this issue. While it may break DNS for the
latter connections, it is the best we can do without knowing specifics
about the configurations.

Change-Id: I7b413578a8fc0c65fca26f72b901a9f7bc34b137
Signed-off-by: Heiko Hund <heiko@ist.eigentlich.net>
Acked-by: Arne Schwabe <arne-openvpn@rfc2549.org>
Message-Id: <20250626091959.23505-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg31988.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
This commit is contained in:
Heiko Hund 2025-06-26 11:19:52 +02:00 committed by Gert Doering
parent 6c2bd6be4f
commit 7a2b814fee
1 changed files with 9 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
distro/dns-scripts/macos-dns-updown.sh
View file

@ -30,6 +30,7 @@
itf_dns_key="State:/Network/Service/openvpn-${dev}/DNS"
dns_backup_key="State:/Network/Service/openvpn-${dev}/DnsBackup"
dns_backup_key_pattern="State:/Network/Service/openvpn-.*/DnsBackup"
function primary_dns_key {
local uuid=$(echo "show State:/Network/Global/IPv4" | /usr/sbin/scutil | grep "PrimaryService" | cut -d: -f2 | xargs)
@ -166,6 +167,11 @@ function set_dns {
echo -e "${cmds}" | /usr/sbin/scutil
set_search_domains "$search_domains"
else
echo list ${dns_backup_key_pattern} | /usr/sbin/scutil | grep -q 'no key' || {
echo "setting DNS failed, already redirecting to another tunnel"
exit 1
}
local cmds=""
cmds+="get $(primary_dns_key)\n"
cmds+="set ${dns_backup_key}\n"
@ -200,6 +206,9 @@ function unset_dns {
echo "remove ${itf_dns_key}" | /usr/sbin/scutil
unset_search_domains "$search_domains"
else
# Do not unset if this tunnel did not set/backup DNS before
echo list ${dns_backup_key} | /usr/sbin/scutil | grep -qv 'no key' || return
local cmds=""
cmds+="get ${dns_backup_key}\n"
cmds+="set $(primary_dns_key)\n"