I had an issue come up where the clients were getting DNS entries in the reverse order the server sends them when using the client.up contrib script. Since the DNS servers on our system are in order from closest->farthest network wise from the VPN server, having them backwards caused some performance issues.
I've attached a patch that puts the DNS entries in the correct order that the server sends them. Can this be updated in the next release? -- Richard Monk (rm...@redhat.com) - Security Analyst Red Hat - Centennial Office: Raleigh, NC USA +1 (919) 890 8501 GPG Key ID: 0x1EBEF129
--- client.up.orig 2010-04-21 09:19:29.423563522 -0400 +++ client.up 2010-04-21 09:37:31.434563192 -0400 @@ -7,6 +7,9 @@ # someone at boldandbusted dink com # http://www.boldandbusted.com/ +# Edit by Richard Monk <rm...@redhat.com> Apr 21, 2010 +# Load DNS entries in the same order the openVPN server provides them + # PURPOSE: This script automatically sets the proper /etc/resolv.conf entries # as pulled down from an OpenVPN server. @@ -43,6 +46,8 @@ unset dns unset opt +resolvConf="/etc/resolv.conf" + # Convert ENVs to an array while fopt=foreign_option_$i; [ -n "${!fopt}" ]; do @@ -61,14 +66,16 @@ # Now, do the work +i=1 if [ -n "${dns[*]}" ]; then - for i in "${dns[@]}"; do - sed -i -e "1,1 i nameserver ${i}" /etc/resolv.conf || die + for dnsServer in "${dns[@]}"; do + sed -i -e "${i} i nameserver ${dnsServer}" "${resolvConf}" || die + let i++ done fi if [ -n "${domain}" ]; then - sed -i -e "$j,1 i search ${domain}" /etc/resolv.conf || die + sed -i -e "$j,1 i search ${domain}" "${resolvConf}" || die fi # all done...
signature.asc
Description: OpenPGP digital signature
