On 2023-03-07 16:20, Max Nikulin wrote:
On 06/03/2023 19:17, davenull wrote:
On 2023-03-03 06:22, Max Nikulin wrote:
Perhaps the opposite. dhclient running for enp2s0f0 should detect
that
VPN is active and to avoid overwriting DNS settings that direct
requests to tun0.
Yes, indeed. I want dhclient to NOT overwrite /etc/resolv.conf when
VPN is active. OR to use tun05 when it tries to renew the lease
...
If anyone has a good documention on how to configure openresolv
correctly to use it with openconnect.
People suggested openvpn scripts and dhclient hooks in this thread. It
should be enough to write a couple of scripts that conditionally
update resolv.conf. I am not sure that it is possible to provide
configuration that would work out of the box. If you are seeking a
ready to use recipe, perhaps you should ask openvpn community.
I used network-manager-openconnect-gnome for some time and it was
enough to fill some fields in a GUI form for minimal working
configuration.
If it was for personal need, I wouldn't mind spending time with trial
and error… but it's not.
That hook stuff might be enough for someone who either use a similar
environnent/tools as the script's
OR known well enough both openconnect/connmann/openresolv, as well as
openVPN… So they can easily adapt such hooks to different tolls
I use neither OpenVPN¹ for work nor network-manager. So hooks need to be
adapted BUT my knowledge of openconnect is limited, let alone openresolv
(0 knowledge)
So having some documentation "beginner-friendly" would actually make a
big difference to help me achieving that in a reasonable amount of time
Not having a documentation means tinkering, and trial and error and
spending (too much) time on it.
Sure it might work, but I requires more time and energy I can't afford.
During remote-work, extra hours are simply ignored. So I either thinker
to make things work with near 0 knowledge of these tools, or do my
actual.
And I'm not planning spending my free time debugging work's related
stuff (anymore, did that mistake too often).
Workplace idiotic policy about both extra-hours during remote work AND
on-site extra-hours if one leaves work the office
after 6:30 pm (clocking terminal configured to ignore working time after
that) sc***ed me more than once during incidents.
So I'm clearly being lazy this time. I'd rather find a solution which is
relatively "easy and fast" to implement, than work for free
1. Because, according to workspace staff who "choose" (a.k.a listened to
marketing people) cisco crap… cisco blackbox with it's binary spyware
(CSD idiocy) is "more secure"…
