diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2014-07-16 14:01:12 +0200 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2014-07-22 11:10:36 +0200 |
| commit | c66f5f844d0e19e5785e223e756d2fd6955e8f24 (patch) | |
| tree | 3c9b331c2695f54f34c8b562d2ad74151cb057c4 /src | |
| parent | 36aab70ab068a8552cf3bc4f80187fc178a2aaf7 (diff) | |
| download | strongswan-c66f5f844d0e19e5785e223e756d2fd6955e8f24.tar.bz2 strongswan-c66f5f844d0e19e5785e223e756d2fd6955e8f24.tar.xz | |
android: Recreate the TUN device without DNS when reestablishing IKE_SAs
This enables DNS resolution while reestablishing if the VPN gateway pushed
DNS servers to the client that are only reachable via VPN.
Diffstat (limited to 'src')
| -rw-r--r-- | src/frontends/android/jni/libandroidbridge/backend/android_service.c | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/src/frontends/android/jni/libandroidbridge/backend/android_service.c b/src/frontends/android/jni/libandroidbridge/backend/android_service.c index 113056532..73738c22e 100644 --- a/src/frontends/android/jni/libandroidbridge/backend/android_service.c +++ b/src/frontends/android/jni/libandroidbridge/backend/android_service.c @@ -350,6 +350,36 @@ static bool setup_tun_device(private_android_service_t *this, } /** + * Setup a new TUN device based on the existing one, but without DNS server. + */ +static bool setup_tun_device_without_dns(private_android_service_t *this) +{ + vpnservice_builder_t *builder; + int tunfd; + + DBG1(DBG_DMN, "setting up TUN device without DNS"); + + builder = charonservice->get_vpnservice_builder(charonservice); + + tunfd = builder->establish_no_dns(builder); + if (tunfd == -1) + { + return FALSE; + } + + this->lock->write_lock(this->lock); + if (this->tunfd > 0) + { /* close previously opened TUN device, this should always be the case */ + close(this->tunfd); + } + this->tunfd = tunfd; + this->lock->unlock(this->lock); + + DBG1(DBG_DMN, "successfully created TUN device without DNS"); + return TRUE; +} + +/** * Close the current tun device */ static void close_tun_device(private_android_service_t *this) @@ -479,6 +509,14 @@ METHOD(listener_t, ike_reestablish_pre, bool, this->lock->write_lock(this->lock); this->use_dns_proxy = TRUE; this->lock->unlock(this->lock); + /* if DNS servers are installed that are only reachable through the VPN + * the DNS proxy doesn't help, so uninstall DNS servers */ + if (!setup_tun_device_without_dns(this)) + { + DBG1(DBG_DMN, "failed to setup TUN device without DNS"); + charonservice->update_status(charonservice, + CHARONSERVICE_GENERIC_ERROR); + } } return TRUE; } |