[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Forcing dhclient to not ignore tun0 interface when it's available



On Tue 07 Mar 2023 at 17:17:24 (+0100), davenull@tuxfamily.org wrote:
> On 2023-03-07 05:01, David Wright wrote:
> > On Mon 06 Mar 2023 at 13:34:52 (+0100), davenull@tuxfamily.org wrote:
> > > On 2023-03-03 16:00, Max Nikulin wrote:
> > > > On 03/03/2023 13:29, Tim Woodall wrote:
> > > > > On Fri, 3 Mar 2023, Max Nikulin wrote:
> > > > > >
> > > > > > dhclient running for enp2s0f0 should detect that VPN is
> > > > > > active and to avoid overwriting DNS settings that direct
> > > > > > requests to tun0.
> > > > > >
> > > > > The hook can create and delete a file like rhis:
> > > > > tim@dirac:/etc/dhcp (none)$ cat dhclient-enter-hooks.d/nodnsupdate
> > > > > make_resolv_conf() {
> > > > >          :
> > > > > }
> > > >
> > > > I agree that VPN script may add and remove dhclient hook or may write
> > > > some file in /run that is read by dhclient hook. They should cooperate
> > > > in some way. In more versatile configuration domain resolution may be
> > > > per-interface. E.g. hosts from the corporate domain are resolved
> > > > through tun0, other sites through enp2s0f0.
> > > 
> > > I agree about cooperation. BUT  It would be much easier if everything
> > > is resolved through workplace's resolver whenever openconnect is
> > > active.
> > 
> > I don't see how your workplace's resolver can resolve addresses on
> > your own LAN.
> 
> Well, I meant resolving anything on the Internet + work's private
> network. Not on my LAN

Well, I used the LAN as an example because I know that your workplace
can't resolve it. I'm not party to what your workplace /can/ resolve.
So that's the example you got.

> Granted, I might want to exclude 192.168.0|1.0 from requests sert to
> workplace resolver. But I certainly
> don't to think about each (sub)domain and whether it's should/can be
> resolved by worksplace or
> not

You shouldn't have to. When you connect to your workplace,
it tells openresolv what it can resolve, and openresolv
retains what it knew about resolving on /your/ network
before you connected, rather than letting it be destroyed
by overwriting it. It can also reverse this process upon
disconnection. That's what this extra software is for.

Cheers,
David.


Reply to: