On 2023-03-07 16:20, Max Nikulin wrote:
On 06/03/2023 19:17, davenull wrote:On 2023-03-03 06:22, Max Nikulin wrote:Perhaps the opposite. dhclient running for enp2s0f0 should detect thatVPN is active and to avoid overwriting DNS settings that direct requests to tun0.Yes, indeed. I want dhclient to NOT overwrite /etc/resolv.conf when VPN is active. OR to use tun05 when it tries to renew the lease...If anyone has a good documention on how to configure openresolv correctly to use it with openconnect.People suggested openvpn scripts and dhclient hooks in this thread. It should be enough to write a couple of scripts that conditionally update resolv.conf. I am not sure that it is possible to provide configuration that would work out of the box. If you are seeking a ready to use recipe, perhaps you should ask openvpn community. I used network-manager-openconnect-gnome for some time and it was enough to fill some fields in a GUI form for minimal working configuration.
If it was for personal need, I wouldn't mind spending time with trial and error… but it's not.
That hook stuff might be enough for someone who either use a similar environnent/tools as the script's OR known well enough both openconnect/connmann/openresolv, as well as openVPN… So they can easily adapt such hooks to different tolls
I use neither OpenVPN¹ for work nor network-manager. So hooks need to be adapted BUT my knowledge of openconnect is limited, let alone openresolv (0 knowledge) So having some documentation "beginner-friendly" would actually make a big difference to help me achieving that in a reasonable amount of time
Not having a documentation means tinkering, and trial and error and spending (too much) time on it.
Sure it might work, but I requires more time and energy I can't afford.During remote-work, extra hours are simply ignored. So I either thinker to make things work with near 0 knowledge of these tools, or do my actual.
And I'm not planning spending my free time debugging work's related stuff (anymore, did that mistake too often). Workplace idiotic policy about both extra-hours during remote work AND on-site extra-hours if one leaves work the office after 6:30 pm (clocking terminal configured to ignore working time after that) sc***ed me more than once during incidents.
So I'm clearly being lazy this time. I'd rather find a solution which is relatively "easy and fast" to implement, than work for free
1. Because, according to workspace staff who "choose" (a.k.a listened to marketing people) cisco crap… cisco blackbox with it's binary spyware (CSD idiocy) is "more secure"…