Merge branch 'android-dns-proxy'
authorTobias Brunner <tobias@strongswan.org>
Tue, 22 Jul 2014 09:10:59 +0000 (11:10 +0200)
committerTobias Brunner <tobias@strongswan.org>
Tue, 22 Jul 2014 09:14:00 +0000 (11:14 +0200)
commit1ddc1ec0b37355be22d55728557b88cde83292e6
tree0c2eb284b44c121ca1b49d3d30dc71f9f42bf412
parent32109a535f3f0ae3e234ebfefc7c69dfc2327c67
parentffff7219ef6af21c9497af8db49bfb3c1c9a3036
Merge branch 'android-dns-proxy'

Adds a DNS proxy feature that uses VPN-protected sockets to resolve the
VPN gateway's hostname while reestablishing the IKE_SA, which is
required because we keep the TUN device up to avoid leaking plaintext
traffic.

The TUN device is recreated without DNS servers before reestablishing in
case the VPN server pushed DNS servers to the client that are only
reachable via VPN.

Fixes #622.