[Bug 199529] [security/openvpn] Added client.up/client.down to port to help prevent DNS leaks
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Sat Apr 18 23:38:40 UTC 2015
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=199529
Bug ID: 199529
Summary: [security/openvpn] Added client.up/client.down to port
to help prevent DNS leaks
Product: Ports & Packages
Version: Latest
Hardware: Any
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: Individual Port(s)
Assignee: mandree at FreeBSD.org
Reporter: yuri at rawbw.com
Flags: maintainer-feedback?(mandree at FreeBSD.org)
Assignee: mandree at FreeBSD.org
Created attachment 155712
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=155712&action=edit
patch
OpenVPN suffers from DNS leaks. Currently port leaks DNS all the time if user
connects by running 'openvpn spec.ovpn'. client.up/client.down that are
supposed to be used for DNS resolution adjustment weren't even included in the
port.
This patch does two things:
1. Adds client.up/client.down to the port
2. Fixes client.up: removes '-p' option, because the new DNS doesn't take
effect for when 'private' DNS added. In case of VPN DNS shouldn't be private
CAVEAT: Even with this patch some DNS queries still fall through to the old
server (left on the second position in /etc/resolv.conf). I am not sure if
there is the cure for that, except for disabling resolvconf(8) altogether.
Also, pkg-message is long, much longer than 80 characters, but I think it is
much more important to have user informed about the correct command line to
prevent DNS leaks than to keep the line within 80 characters.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-ports-bugs
mailing list