Created attachment 293249 [details, diff] openvpn-up-metric.patch Hello, Following bug#364907. When an interface is added to resolv conf, best if it is added with a metric. The interface metric is important so that, for example, the DNS of the VPN will be search first. An attack can be established if dns queries are redirected out side of VPN, so in VPN it is very important. The attached patch is looking for the minimum metric of openvpn provided routes and set it as the metric for openresolv. Please consider to apply. Thanks, Alon.
What are the downsides of this patch?
(In reply to comment #1) > What are the downsides of this patch? Should be none. Worse case no metric. Unless I've done something terribly wrong in sh, but it looks clean and simple. What we try to accomplish is lower risk of attacking VPN client. Thanks!
Can I help?
In the sense that, I left this around waiting for way too long: no, thanks for pinging me, I just committed it. In the sense that, hey, I just noticed you're a dev (again, apparently): please join me as an openvpn maintainer!
(In reply to comment #4) > In the sense that, I left this around waiting for way too long: no, thanks > for pinging me, I just committed it. Thanks! > In the sense that, hey, I just noticed you're a dev (again, apparently): > please join me as an openvpn maintainer! No problem, just CC me if you need help. I don't expect much change in openvpn since me rewrite the build system properly... the pace of this project is really slow.
