mirror of
https://github.com/OpenVPN/openvpn.git
synced 2026-02-03 20:39:40 -05:00
fef5c4b4e8
This introduces a new script hook, the dns-updown, and implements such a command script for a few popular systems (and a default for the not so popular ones). Like the name suggests this hook is soleley for dealing with modifying how names are resolved when the VPN pushes some --dns settings. The default dns updown command is part of the distribution and is installed with openvpn. You can change the path the command is located at as a compile time option, defaults to libexecdir. You can compile-time disable that the default dns-updown hook is run by passing --disable-dns-updown-by-default to configure or ccmake ENABLE_DNS_UPDOWN_BY_DEFAULT to OFF. There's also a new runtime option --dns-updown, which can run a custom command, force running the default when disabled or disable execution of the dns-updown altogether. Change-Id: Ifbe4ffb44d3bfcaa50adb38cacb3436fcdc71b10 Signed-off-by: Heiko Hund <heiko@ist.eigentlich.net> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <20250514135334.14377-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg31639.html Signed-off-by: Gert Doering <gert@greenie.muc.de> |
||
|---|---|---|
| .. | ||
| doxygen | ||
| man-sections | ||
| tests | ||
| android.txt | ||
| CMakeLists.txt | ||
| gui-notes.txt | ||
| interactive-service-notes.rst | ||
| keying-material-exporter.txt | ||
| Makefile.am | ||
| management-notes.txt | ||
| openvpn-examples.5.rst | ||
| openvpn.8.rst | ||
| README.man | ||
| README.plugins | ||
| t_server_null.rst | ||
| tls-crypt-v2.txt | ||
OpenVPN Plugins
---------------
Starting with OpenVPN 2.0-beta17, compiled plugin modules are
supported on any *nix OS which includes libdl or on Windows.
One or more modules may be loaded into OpenVPN using
the --plugin directive, and each plugin module is capable of
intercepting any of the script callbacks which OpenVPN supports:
(1) up
(2) down
(3) route-up
(4) ipchange
(5) tls-verify
(6) auth-user-pass-verify
(7) client-connect
(8) client-disconnect
(9) learn-address
See the openvpn-plugin.h file in the top-level directory of the
OpenVPN source distribution for more detailed information
on the plugin interface.
Included Plugins
----------------
auth-pam -- Authenticate using PAM and a split privilege
execution model which functions even if
root privileges or the execution environment
have been altered with --user/--group/--chroot.
Tested on Linux only.
down-root -- Enable the running of down scripts with root privileges
even if --user/--group/--chroot have been used
to drop root privileges or change the execution
environment. Not applicable on Windows.
examples -- A simple example that demonstrates a portable
plugin, i.e. one which can be built for *nix
or Windows from the same source.
Building Plugins
----------------
cd to the top-level directory of a plugin, and use the
"make" command to build it. The examples plugin is
built using a build script, not a makefile.