summaryrefslogtreecommitdiffhomepage
path: root/windows
diff options
context:
space:
mode:
Diffstat (limited to 'windows')
-rw-r--r--windows/winfw/src/winfw/fwcontext.cpp12
-rw-r--r--windows/winfw/src/winfw/fwcontext.h1
-rw-r--r--windows/winfw/src/winfw/winfw.cpp2
-rw-r--r--windows/winfw/src/winfw/winfw.h1
-rw-r--r--windows/winfw/src/winfw/winfw.vcxproj.filters12
5 files changed, 22 insertions, 6 deletions
diff --git a/windows/winfw/src/winfw/fwcontext.cpp b/windows/winfw/src/winfw/fwcontext.cpp
index 793f8c917d..d89437d699 100644
--- a/windows/winfw/src/winfw/fwcontext.cpp
+++ b/windows/winfw/src/winfw/fwcontext.cpp
@@ -178,6 +178,7 @@ bool FwContext::applyPolicyConnecting
const WinFwSettings &settings,
const WinFwEndpoint &relay,
const std::wstring &relayClient,
+ const std::optional<std::wstring> &tunnelInterfaceAlias,
const std::optional<PingableHosts> &pingableHosts,
const std::optional<WinFwEndpoint> &allowedEndpoint
)
@@ -193,6 +194,17 @@ bool FwContext::applyPolicyConnecting
AppendAllowedEndpointRules(ruleset, allowedEndpoint.value());
}
+ if (tunnelInterfaceAlias.has_value())
+ {
+ ruleset.emplace_back(std::make_unique<baseline::PermitVpnTunnel>(
+ *tunnelInterfaceAlias
+ ));
+
+ ruleset.emplace_back(std::make_unique<baseline::PermitVpnTunnelService>(
+ *tunnelInterfaceAlias
+ ));
+ }
+
//
// Permit pinging the gateway inside the tunnel.
//
diff --git a/windows/winfw/src/winfw/fwcontext.h b/windows/winfw/src/winfw/fwcontext.h
index bbbb1de485..cff3e3c823 100644
--- a/windows/winfw/src/winfw/fwcontext.h
+++ b/windows/winfw/src/winfw/fwcontext.h
@@ -35,6 +35,7 @@ public:
const WinFwSettings &settings,
const WinFwEndpoint &relay,
const std::wstring &relayClient,
+ const std::optional<std::wstring> &tunnelInterfaceAlias,
const std::optional<PingableHosts> &pingableHosts,
const std::optional<WinFwEndpoint> &allowedEndpoint
);
diff --git a/windows/winfw/src/winfw/winfw.cpp b/windows/winfw/src/winfw/winfw.cpp
index a3ad1737ac..119edc4ca6 100644
--- a/windows/winfw/src/winfw/winfw.cpp
+++ b/windows/winfw/src/winfw/winfw.cpp
@@ -260,6 +260,7 @@ WinFw_ApplyPolicyConnecting(
const WinFwSettings *settings,
const WinFwEndpoint *relay,
const wchar_t *relayClient,
+ const wchar_t *tunnelInterfaceAlias,
const PingableHosts *pingableHosts,
const WinFwEndpoint *allowedEndpoint
)
@@ -290,6 +291,7 @@ WinFw_ApplyPolicyConnecting(
*settings,
*relay,
relayClient,
+ tunnelInterfaceAlias != nullptr ? std::make_optional(tunnelInterfaceAlias) : std::nullopt,
ConvertPingableHosts(pingableHosts),
MakeOptional(allowedEndpoint)
) ? WINFW_POLICY_STATUS_SUCCESS : WINFW_POLICY_STATUS_GENERAL_FAILURE;
diff --git a/windows/winfw/src/winfw/winfw.h b/windows/winfw/src/winfw/winfw.h
index 308bb32645..5065582e29 100644
--- a/windows/winfw/src/winfw/winfw.h
+++ b/windows/winfw/src/winfw/winfw.h
@@ -158,6 +158,7 @@ WinFw_ApplyPolicyConnecting(
const WinFwSettings *settings,
const WinFwEndpoint *relay,
const wchar_t *relayClient,
+ const wchar_t *tunnelInterfaceAlias,
const PingableHosts *pingableHosts,
const WinFwEndpoint *allowedEndpoint
);
diff --git a/windows/winfw/src/winfw/winfw.vcxproj.filters b/windows/winfw/src/winfw/winfw.vcxproj.filters
index 7a2aa85487..bb266aa8ff 100644
--- a/windows/winfw/src/winfw/winfw.vcxproj.filters
+++ b/windows/winfw/src/winfw/winfw.vcxproj.filters
@@ -55,15 +55,15 @@
<ClCompile Include="rules\shared.cpp">
<Filter>rules</Filter>
</ClCompile>
- <ClCompile Include="rules\multi\permitvpnrelay.cpp">
- <Filter>rules\multi</Filter>
- </ClCompile>
<ClCompile Include="rules\persistent\blockall.cpp">
<Filter>rules\persistent</Filter>
</ClCompile>
<ClCompile Include="rules\baseline\permitendpoint.cpp">
<Filter>rules\baseline</Filter>
</ClCompile>
+ <ClCompile Include="rules\multi\permitvpnrelay.cpp">
+ <Filter>rules\multi</Filter>
+ </ClCompile>
</ItemGroup>
<ItemGroup>
<ClInclude Include="stdafx.h" />
@@ -129,15 +129,15 @@
<ClInclude Include="rules\shared.h">
<Filter>rules</Filter>
</ClInclude>
- <ClInclude Include="rules\multi\permitvpnrelay.h">
- <Filter>rules\multi</Filter>
- </ClInclude>
<ClInclude Include="rules\persistent\blockall.h">
<Filter>rules\persistent</Filter>
</ClInclude>
<ClInclude Include="rules\baseline\permitendpoint.h">
<Filter>rules\baseline</Filter>
</ClInclude>
+ <ClInclude Include="rules\multi\permitvpnrelay.h">
+ <Filter>rules\multi</Filter>
+ </ClInclude>
</ItemGroup>
<ItemGroup>
<Filter Include="rules">