On 2023-03-03 16:00, Max Nikulin wrote:
On 03/03/2023 13:29, Tim Woodall wrote:
On Fri, 3 Mar 2023, Max Nikulin wrote:
dhclient running for enp2s0f0 should detect that VPN is active and to
avoid overwriting DNS settings that direct requests to tun0.
The hook can create and delete a file like rhis:
tim@dirac:/etc/dhcp (none)$ cat dhclient-enter-hooks.d/nodnsupdate
make_resolv_conf() {
:
}
I agree that VPN script may add and remove dhclient hook or may write
some file in /run that is read by dhclient hook. They should cooperate
in some way. In more versatile configuration domain resolution may be
per-interface. E.g. hosts from the corporate domain are resolved
through tun0, other sites through enp2s0f0.
I agree about cooperation. BUT It would be much easier if everything is
resolved through workplace's resolver whenever openconnect is active.
If I have to specify all the domains I want to be resolved using tun0
interface,
It would be annoying to configure and error-prone. Because there
multiple "private"
different domains, in additions to private subdomains, of
publicly-accessible "parent" domains.
Not to mention redirections for SSO/authentication (depending on the
tool/server/where's it hosted, it not the same LDAP server),
or tools which multiple servers but without load-balancer/unique URL for
access. You just arrive on one of the servers.
Some kind of load balancing but different FQDN for each server of the
pool.
And some tools have literally multiples redirections before the home
page, across different domains and subdomains
