[PATCH] vpnc-script: fix for Suse pre 11.1

Antonio Borneo borneo.antonio at gmail.com
Mon Dec 12 17:48:15 EST 2011 

On Tue, Dec 13, 2011 at 4:46 AM, David Woodhouse <dwmw2 at infradead.org> wrote:
> On Tue, 2011-12-13 at 04:39 +0800, Antonio Borneo wrote:
>> In this repository, vpnc-script.in has been converted
>> to vpnc-script. Doing this, the value $SCRIPTNAME has
>> changed from "vpnc" to "vpnc-script".
>> This breaks the "restore" and left /etc/resolv.conf
>> modified for the (already closed) VPN tunnel.
>
> Hm, this happens because the script changes while the VPN is
> *connected*, so it doesn't manage to tear down its own setup?

Correct, the script makes backups of resolv.conf, and uses the value
passed with "-s" to build the filename of the backup.
During "restore" the value "-s" is used to find the right backup to restore.
Using a wrong value for "-s" no backup is restored, silently...

>> Replace "-s $SCRIPTNAME" with fixed value "-s vpnc".
>
> Should it be using $TUNDEV instead, perhaps? And does it matter that it
> still says 'vpnc' when it's actually being invoked from openconnect?

Humm, I was watching the problem from vpnc point of view only.
Probably you are right, would be nice to select between "openconnect"
and "vpnc".
This value is used as name of the backup file
"/etc/resolv.conf.saved.by.$SERVICE"

> Or should we just leave it with a hard-coded 'vpnc' and not worry about
> it?

The only issue I see in this case is for an hypothetical user that
runs vpnc and openconnect at same time on this "very" old version of
Suse.
The first SW to run will create a backup. The second, using same
service name, will just change "/etc/resolv.conf" since its action is
considered as an incremental change to "/etc/resolv.conf" made by same
service.
Can we accept this risk?

We have similar issue in all the cases (not Suse) that fall using the
default modify_resolvconf_generic() in vpnc-script.
It just makes one backup file /var/run/vpnc/resolv.conf-backup and
doesn't accept vpnc and openconnect running at same time.
The second to run will just update resolv.conf.

Antonio

More information about the openconnect-devel mailing list