[PATCH] [RFC] custom resolv.conf and route handling
Corey Hickey
bugfood-ml at fatooh.org
Wed Aug 31 22:17:46 PDT 2016
This patch implements something I have had hacked-in for years: the
ability to run vpnc/openconnect on a Linux box which functions as a
router without altering behavior of traffic from/to the router itself.
The router can provide multiple clients with routes and DNS such that
the clients are seamlessly connected to the VPN without really knowing
it.
There are other components to this setup which are not covered directly
by this patchset but which are left as an exercise to the
administrator:
* pdns-recursor set up to forward specific zones to the VPN
* dhcpd set to provide VPN-specific DNS to some/all clients on the LAN
* iproute2 to set up routing rules for some/all clients
* iptables to set up SNAT/MASQUERADE
I can document this stuff in more detail later if desired. Where would
I put the documentation though?
The tricky part here is that vpnc-script does not take arguments, nor
does it have a config file. Thus, the implementation I wrote works
entirely via hooks. This does not necessarily seem like the best way,
but it fits most closely with existing design. I wouldn't mind
reworking it if I can get some input as to what design is most
desirable.
[PATCH 1/4] minor simplification
[PATCH 2/4] allow custom resolv.conf handling via hooks
[PATCH 3/4] allow custom routing table specification via hooks
[PATCH 4/4] add a contrib script for setting up pdns-recursor
contrib/hooks/modify-resolvconf.d/pdns-forward-zones | 20 ++++++++++++++++++++
vpnc-script | 44 ++++++++++++++++++++++++++++++--------------
2 files changed, 50 insertions(+), 14 deletions(-)
Thanks,
Corey
More information about the openconnect-devel
mailing list