CISCO_DEF_DOMAIN set incorrectly by OpenConnect Juniper mode

David Woodhouse dwmw2 at
Fri Jun 19 12:25:25 PDT 2015

On Fri, 2015-06-19 at 12:13 -0400, Tom Metro wrote:
> I'm using a patched (see prior thread[1]) OpenConnect 7.05 on a VM
> running Ubuntu 14.10 to connect to a Juniper VPN server.

Yeah, really must fix that up properly. And support the Pulse protocol
properly. Been slightly distracted by real work :)

> I've observed that the stock /etc/vpnc/vpnc-script is incorrectly
> setting the list of search domains in /etc/resolv.conf. The list is
> comma (and space) delimited, yet resolvconf is documented as 
> requiring only space as the delimiter, and the commas do break the 
> functionality.
> As vpnc-script passes on the search list verbatim, I'm guessing the
> problem is that the Juniper-specific code is not setting up the
> $CISCO_DEF_DOMAIN environment variable in a way that is compatible 
> with the Cisco code.

Yeah, someone actually posted a patch for that only a few days ago. I
haven't yet had time to investigate and see how Cisco offers multiple
search domains (if at all). There's a slight possibility that we might
want the conversion from comma to space to live in generic code after

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5691 bytes
Desc: not available
URL: <>

More information about the openconnect-devel mailing list