On Mon 06 Mar 2023 at 13:17:23 (+0100), davenull@tuxfamily.org wrote:
On 2023-03-03 06:22, Max Nikulin wrote:
> On 03/03/2023 10:08, Tim Woodall wrote:
> > New to this thread, so might be totally off-piste but openvpn
> > has hooks
> > to run scripts like this:
> ...
> > This is server side but the route-up/pre-down work client side too.
Since it's workplace's VPN, which I don't have access to, I can't do
anything which requires server-side access.
Plus, it's a Cisco VPN. I don't anything aout cisco stuff. I'm more
familiar with openVPN
> >
> > Presumably you can do something here to renew dhcp leases or restore
> > resolv.conf.
>
> Perhaps the opposite. dhclient running for enp2s0f0 should detect that
> VPN is active and to avoid overwriting DNS settings that direct
> requests to tun0.
Yes, indeed. I want dhclient to NOT overwrite /etc/resolv.conf when
VPN is active. OR to use tun05 when it tries to renew the lease
One person at work suggested to use resolvectl/resolvconf but after
looking at it, I noticed it requires using sytemd-resolved, which
I don't use.
Package: resolvconf
Depends: lsb-base (>= 4.1+Debian3), debconf (>= 0.5) | debconf-2.0
AIUI systemd-resolved is a replacement for openresolv, and it's
systemd-networkd that can work alongside openresolv.
As an alternative, there is openresolv, which seems work without
resolved. But I failed to find any document on how to useit with
openconnect.
Yes, no dependencies.
Openconnect will supply openresolv with the information it needs
when the vpnc-script that we discussed earlier runs. It's at the
function "modify_resolvconf_manager", around line 690.
The official website config page only gives parameters for some
well-known local resolvers, including unbound.
It also covers Bind, named (a part of bind), and dnsmasq
(mentioned in that script). All these are in Debian.