On 2023-03-03 16:00, Max Nikulin wrote:
On 03/03/2023 13:29, Tim Woodall wrote:On Fri, 3 Mar 2023, Max Nikulin wrote:dhclient running for enp2s0f0 should detect that VPN is active and to avoid overwriting DNS settings that direct requests to tun0.The hook can create and delete a file like rhis: tim@dirac:/etc/dhcp (none)$ cat dhclient-enter-hooks.d/nodnsupdate make_resolv_conf() { : }I agree that VPN script may add and remove dhclient hook or may write some file in /run that is read by dhclient hook. They should cooperate in some way. In more versatile configuration domain resolution may be per-interface. E.g. hosts from the corporate domain are resolved through tun0, other sites through enp2s0f0.
I agree about cooperation. BUT It would be much easier if everything is resolved through workplace's resolver whenever openconnect is active.
If I have to specify all the domains I want to be resolved using tun0 interface, It would be annoying to configure and error-prone. Because there multiple "private" different domains, in additions to private subdomains, of publicly-accessible "parent" domains.
Not to mention redirections for SSO/authentication (depending on the tool/server/where's it hosted, it not the same LDAP server), or tools which multiple servers but without load-balancer/unique URL for access. You just arrive on one of the servers. Some kind of load balancing but different FQDN for each server of the pool.
And some tools have literally multiples redirections before the home page, across different domains and subdomains