fdo-mirrors/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git synced 2026-01-08 23:30:18 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

clients: set "ipv[46].dns-priority=-50" during import of WireGuard profiles

Browse source 
WireGuard's wg-quick primarily wants to avoid DNS leaks, and thus also
our import code should generate profiles that configure exclusive DNS
servers. This is done by setting "ipv[46].dns-priority" to a negative
value.

Note that if a profile leaves the DNS priority at zero (which in many
regard is the default), then the zero translates to 50 (for VPN
profiles) and 100 (for other profiles).

Instead of setting the DNS priority to -10, set it to -50. This gives
some more room so that the user can choose priorities that are worse
than the WireGuard's one, but still negative (exclusive). Also, since
the positive range defaults to 50 and 100, let's stretch the range a
bit.

Since this only affects import and creation of new profiles, such a
change in behavior seems acceptable.
This commit is contained in:
Thomas Haller 2020-09-10 11:22:45 +02:00
parent a017936223
commit 3ac7929e90
No known key found for this signature in database
GPG key ID: 29C2366E4DFC5728
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
clients/common/nm-vpn-helpers.c
View file

@ -766,7 +766,7 @@ fail_invalid_secret:
* wg-quick does, by calling `resolvconf -x`. */
g_object_set (s_ip,
NM_SETTING_IP_CONFIG_DNS_PRIORITY,
(int) -10,
(int) -50,
NULL);
if (data_addr) {