Hi, A second pair of installers contain a patch which makes the new > --block-outside-dns work with Windows Vista: > > < > http://build.openvpn.net/downloads/temp/openvpn-install-2.3_blockoutsidedns-I601-i686.exe > > > < > http://build.openvpn.net/downloads/temp/openvpn-install-2.3_blockoutsidedns-I601-x86_64.exe > > >
I tested this on Windows 10. While it works same as before as far as blocking dns is concerned, the filter that allows openvpn.exe to do name resolution through all interfaces does not appear to work. When a openvpn connection is running with block-outside-dns and no DNS server is defined on the TAP adapter, all dns queries fail as expected. But starting a second openvpn.exe also fails at name resolution although the apparent purpose of the permit filter is to allow that traffic through the LAN or any other interface > @@ -1236,26 +1237,44 @@ win_wfp_block_dns (const NET_IFINDEX index) > Condition[0].conditionValue.uint16 = 53; > > Condition[1].fieldKey = FWPM_CONDITION_ALE_APP_ID; > - Condition[1].matchType = FWP_MATCH_NOT_EQUAL; > + Condition[1].matchType = FWP_MATCH_EQUAL; > Condition[1].conditionValue.type = FWP_BYTE_BLOB_TYPE; > Condition[1].conditionValue.byteBlob = openvpnblob; > > Valdikss: Is this filter useful at all? When openvpn does name resolution, I suppose its the dns client service that would open the port 53 connection. Selva
