OpenConnect does not revert DNS after disconnecting from VPN
Daniel Lenski
dlenski at gmail.com
Sat Nov 14 15:47:15 EST 2020
You might want to use the PPA created by David Woodhouse which has
modern OpenConnect v8.10 packaged for Ubuntu 16.04 and 18.04:
https://launchpad.net/~dwmw2/+archive/ubuntu/openconnect
Dan
On Sat, Nov 14, 2020 at 12:45 PM Daniel Lenski <dlenski at gmail.com> wrote:
>
> > After trying your proposed solution, it
> > didn't work but after a bit of googling I realized that I was running
> > openconnect in the background and was using wrong signal to disconnect
> > it. kill command, by default, sends TERM signal to the process and,
> > according to openconnect manual, SIGTERM makes openconnect exit
> > immediately without logging off or running vpnc-script.
>
> This is because you are using a (very!) old version of OpenConnect.
>
> OpenConnect v8.0 and newer make SIGTERM do the same thing as SIGINT. https://gitlab.com/openconnect/openconnect/-/merge_requests/15
>
> On Sat, Nov 14, 2020 at 12:18 PM Jędrek Domański <jedrek.domanski at gmail.com> wrote:
>>
>> Thank you for your response. After trying your proposed solution, it
>> didn't work but after a bit of googling I realized that I was running
>> openconnect in the background and was using wrong signal to disconnect
>> it. kill command, by default, sends TERM signal to the process and,
>> according to openconnect manual, SIGTERM makes openconnect exit
>> immediately without logging off or running vpnc-script. So, here we
>> go, I was using the wrong signal to disconnect openconnect, that's why
>> it wasn't restoring my routes and dns. What I needed was to use
>> -SIGINT signal in kill command:
>>
>> sudo kill -SIGINT `cat /var/run/openconnect.pid`
>> NOT
>> sudo kill `cat /var/run/openconnect.pid`
>>
>> Thank you,
>> Jędrzej
>>
>> pt., 13 lis 2020 o 19:09 Daniel Lenski <dlenski at gmail.com> napisał(a):
>> >
>> > On Fri, Nov 13, 2020 at 2:41 AM Jędrek Domański
>> > <jedrek.domanski at gmail.com> wrote:
>> > >
>> > > Hello,
>> > > I am using OpenConnect on Ubuntu 16.04 to connect to my client's IT
>> > > infrustructure and am having problems after disconnecting VPN. Prior
>> > > connecting to VPN my /etc/resolv.conf looks like this:
>> > >
>> > > nameserver 127.0.1.1
>> > > search home
>> > >
>> > > After connecting to VPN my /etc/resolv.conf gets changed and I get
>> > > nameserver and search from my client's server configuration, which is
>> > > fine, however after disconnecting VPN my /etc/resolv.conf stays the
>> > > same and my internet connection speed is dramatically degraded and it
>> > > takes almost 10 seconds for every page to load. I have checked my
>> > > network configuration and have confirmed with my ISP provider that the
>> > > correct DNS servers are provided for me and that the issue comes from
>> > > openconnect not reverting the changed configuration file
>> > > /etc/resolv.conf. The nameserver I am left off with is the Google DNS
>> > > 8.8.8.8 which I get from my client's server, because they might be
>> > > using it inside of their infrastructure for some reason. I've tried it
>> > > on my Mac and after disconnecting VPN /etc/resolv.conf is reverted to
>> > > what it was prior establishing the connection. This should also happen
>> > > on Linux but it does not. Why does this not happen and how do I fix
>> > > this?
>> >
>> > Technically, this is not because of OpenConnect itself, but because of
>> > the vpnc-script
>> > (https://gitlab.com/openconnect/vpnc-scripts/blob/master/vpnc-script)
>> > which OpenConnect calls for all routing and DNS setup.
>> >
>> > Assuming you're using the version of the vpnc-script that's actually
>> > distributed with Ubuntu 16.04, it's *ancient*
>> > (https://packages.ubuntu.com/xenial/vpnc-scripts).
>> >
>> > We've made a ton of modifications and improvements to DNS handling
>> > since then (approximate diff:
>> > https://gitlab.com/openconnect/vpnc-scripts/-/compare/a64e23b1b6602095f73c4ff7fdb34cccf7149fd5...master#47d6c67f7e3c5408337ca1a557416fa846c6efc4).
>> >
>> > Most likely your Mac has a much more modern version of the vpnc-script.
>> >
>> > First thing you try is using a modern version of the vpnc-script and
>> > see if that fixes the situation. If that doesn't work, add --script
>> > "sh -x /path/to/the/vpnc-script" to your OpenConnect command-line;
>> > this will give a trace of all the commands run by the vpnc-script, and
>> > aid greatly in debugging.
>> >
>> > Dan
More information about the openconnect-devel
mailing list