[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Forcing dhclient to not ignore tun0 interface when it's available

On Mon 06 Mar 2023 at 13:17:23 (+0100), davenull@tuxfamily.org wrote:
> On 2023-03-03 06:22, Max Nikulin wrote:
> > On 03/03/2023 10:08, Tim Woodall wrote:
> > > New to this thread, so might be totally off-piste but openvpn
> > > has hooks
> > > to run scripts like this:
> > ...
> > > This is server side but the route-up/pre-down work client side too.
> 
> Since it's workplace's VPN, which I don't have access to, I can't do
> anything which requires server-side access.
> Plus, it's a Cisco VPN. I don't anythig aout cisco stuff. I'm more
> familiar with openVPN
> 
> > > 
> > > Presumably you can do something here to renew dhcp leases or restore
> > > resolv.conf.
> > 
> > Perhaps the opposite. dhclient running for enp2s0f0 should detect that
> > VPN is active and to avoid overwriting DNS settings that direct
> > requests to tun0.
> 
> Yes, indeed. I want dhclient to NOT overwrite /etc/resolv.conf when
> VPN is active. OR to use tun05 when it tries to renew the lease
> 
> One person at work suggested to use resolvectl/resolvconf but after
> looking at it, I noticed it requires using sytemd-resolved, which
> I don't use.

  Package: resolvconf
  Depends: lsb-base (>= 4.1+Debian3), debconf (>= 0.5) | debconf-2.0

AIUI systemd-resolved is a replacement for openresolv, and it's
systemd-networkd that can work alongside openresolv.

> As an alternative, there is openresolv, which seems work without
> resolved. But I failed to find any document on how to useit with
> openconnect.

Yes, no dependencies.

Openconnect will supply openresolv with the information it needs
when the vpnc-script that we discussed earlier runs. It's at the
function "modify_resolvconf_manager", around line 690.

> The official website config page only gives parameters for some
> well-known local resolvers, including unbound.

It also covers Bind, named (a part of bind), and dnsmasq
(mentioned in that script). All these are in Debian.

> If anyone has a good documention on how to configure openresolv
> correctly to use it with openconnect.

I see that the openresolv wiki at Arch has a section on openconnect.
Obviously you may need to "bend" their pages when consulting them
for Debian.

> Thing is : years ago I used to use OpenVPN on debian on another
> computer, the DHCP client was also dhclient
> but I didn't to do any extra configuration, it just worked… The only
> differences was an older debian version,
> as the stable batk them was like Debian 7 or 8, and I was using wicd
> instead. So the network stuff probably changed since then
> 
> Therefore I have no damn idea on how to configure stuff like openresolv.

Cheers,
David.
Reply to: