Re: Debugging what is deleting/recreating /etc/resolv.conf with wrong configuration, on debian stable

Thu, 23 Feb 2023 02:32:11 -0800 

Hi

On 2023-02-22 18:30, Christoph Brinkhaus wrote:
Am Wed, Feb 22, 2023 at 06:12:29PM +0100 schrieb daven...@tuxfamily.org: 

========= context =========

For the context, I use a Debian 11 laptop for work. When I work 
remotely
from home, I have to use a cisco VPN. Good thing is there is 
openconnect,
which does work, and in teh case of ym work's VPN, it does wor. 
cisco's

spyware/downloaded binry, namely using the --csd-wrapper
/usr/libexec/openconnect/"

[snip]

===== end of context =====
What I want is: setting up /etc/resolv.conf ONLY
-  at system startup/initial network connexion.
- when openconnect is executed and connects to work's VPN

- when openconnect is ^C-ed and disconnects from the works VPN 
(cleaning
it's mess in the routing table, interfaces, /etc/resolv's and other 
netwwork

stuff it might have modified, makes sense)

Here's what I know:

- Whatever process does that seems does what I highly suspect to be 
DHCP [1]
requests every now and then. Home's router answers giving it's own 
address
as both gateway and DNS resolver. And said process thinks it's OK to 
delete
and recreate resolv.conf with the wrong content… breaking everything 
work's

related while the VPN is still active


If it is DHCP: You might do a countermeasure in
/etc/dhcp/dhclient.conf. On my system I have an entry as below.

interface "wlp4s0" {
supersede domain-name-servers 127.0.0.1;



Unfortunately, I can't use supersede parameter because I need to use 
different resolvers at different times/in different contexts.


I would need something more… conditional


IF openconnect is running and has modified resolv.conf, leave that file 
alone unless you are openconnect
Otherwise, when there's no VPN active, you can do normal DHCP requests 
and accept whatever currently-active network's router/DHCP tells you and 
update resolve conf accordingly



}

I run unbound as a resolver. The entry in dhcclient.conf prevents that
the entry in /etc/resolv.conf is overwritten.

[snip]

My setup is stoneage like compared to your context.
Anyhow, I hope this is at least useful as a pointer :-).

Kind regards,
Christoph
























					Reply via email to