From eb65c0649095f6b017000d6aea22329ecf9d9581 Mon Sep 17 00:00:00 2001
From: Arne Schwabe <arne@rfc2549.org>
Date: Mon, 19 Dec 2016 23:04:40 +0100
Subject: Bail out if tls-remote is defined

---
 main/build.gradle                                     |  4 ++--
 main/src/main/java/de/blinkt/openvpn/VpnProfile.java  | 19 ++++++++++++++-----
 .../java/de/blinkt/openvpn/core/ConfigParser.java     |  1 +
 main/src/main/res/values/strings.xml                  |  1 +
 4 files changed, 18 insertions(+), 7 deletions(-)

diff --git a/main/build.gradle b/main/build.gradle
index b82d777d..812b816e 100644
--- a/main/build.gradle
+++ b/main/build.gradle
@@ -27,8 +27,8 @@ android {
     defaultConfig {
         minSdkVersion 14
         targetSdkVersion 25
-        versionCode = 142
-        versionName = "0.6.61"
+        versionCode = 143
+        versionName = "0.6.62"
     }
 
     sourceSets {
diff --git a/main/src/main/java/de/blinkt/openvpn/VpnProfile.java b/main/src/main/java/de/blinkt/openvpn/VpnProfile.java
index 9147701c..d32ed27e 100644
--- a/main/src/main/java/de/blinkt/openvpn/VpnProfile.java
+++ b/main/src/main/java/de/blinkt/openvpn/VpnProfile.java
@@ -295,6 +295,7 @@ public class VpnProfile implements Serializable, Cloneable {
         }
 
         cfg += "machine-readable-output\n";
+        cfg += "allow-recursive-routing\n";
 
         // Users are confused by warnings that are misleading...
         cfg += "ifconfig-nowarn\n";
@@ -466,11 +467,17 @@ public class VpnProfile implements Serializable, Cloneable {
         cfg += routes;
 
         if (mOverrideDNS || !mUsePull) {
-            if (!TextUtils.isEmpty(mDNS1))
-                cfg += "dhcp-option DNS " + mDNS1 + "\n";
-            if (!TextUtils.isEmpty(mDNS2))
-                cfg += "dhcp-option DNS " + mDNS2 + "\n";
-            if (!TextUtils.isEmpty(mSearchDomain))
+            if (!TextUtils.isEmpty(mDNS1)) {
+                if (mDNS1.contains(":"))
+                    cfg += "dhcp-option DNS6 " + mDNS1 + "\n";
+                else
+                    cfg += "dhcp-option DNS " + mDNS1 + "\n";
+            } if (!TextUtils.isEmpty(mDNS2)) {
+                if (mDNS2.contains(":"))
+                    cfg += "dhcp-option DNS6 " + mDNS2 + "\n";
+                else
+                    cfg += "dhcp-option DNS " + mDNS2 + "\n";
+            } if (!TextUtils.isEmpty(mSearchDomain))
                 cfg += "dhcp-option DOMAIN " + mSearchDomain + "\n";
 
         }
@@ -874,6 +881,8 @@ public class VpnProfile implements Serializable, Cloneable {
                 return R.string.no_ca_cert_selected;
         }
 
+        if (mCheckRemoteCN && mX509AuthType==X509_VERIFY_TLSREMOTE)
+            return R.string.deprecated_tls_remote;
 
         if (!mUsePull || mAuthenticationType == TYPE_STATICKEYS) {
             if (mIPv4Address == null || cidrToIPAndNetmask(mIPv4Address) == null)
diff --git a/main/src/main/java/de/blinkt/openvpn/core/ConfigParser.java b/main/src/main/java/de/blinkt/openvpn/core/ConfigParser.java
index dda1fe2c..47d21bd5 100644
--- a/main/src/main/java/de/blinkt/openvpn/core/ConfigParser.java
+++ b/main/src/main/java/de/blinkt/openvpn/core/ConfigParser.java
@@ -259,6 +259,7 @@ public class ConfigParser {
             "dhcp-renew",
             "dh",
             "group",
+            "allow-recursive-routing",
             "ip-win32",
             "management-hold",
             "management",
diff --git a/main/src/main/res/values/strings.xml b/main/src/main/res/values/strings.xml
index 5b419fe5..7cfb7461 100755
--- a/main/src/main/res/values/strings.xml
+++ b/main/src/main/res/values/strings.xml
@@ -422,5 +422,6 @@
     <string name="sort">Sort</string>
     <string name="sorted_lru">Profiles sorted by last recently used</string>
     <string name="sorted_az">Profiles sorted by name</string>
+    <string name="deprecated_tls_remote">Config uses option tls-remote that was deprecated in 2.3 and finally removed in 2.4</string>
 
 </resources>
-- 
cgit v1.2.3