Openconnect with Juniper SSL VPN and resolv.conf settings

Bruno Tuteleers bruno.tuteleers at
Mon Jul 11 07:52:33 PDT 2016

I am wondering if it could be because there is only 1 DNS entry defined 
on the Juniper SSL VPN for the tunnel settings, the primary is filled 
in, the secondary not.

What openconnect shows verbose (just the DNS settings, changed the 
internal IP/domains before sending)

Received MTU 1360 from server
Received DNS server
Received DNS server
Received DNS search domain mydomain.local

Could be a coincidence, but the config on the Juniper has an empty 
field/entry for the secondary DNS.

Can the "received DNS server ..." be assumed to be literally what the 
Juniper sent to the client, or could the client be filling that in for 
an empty entry?


On 07/11/16 16:27, David Woodhouse wrote:
> On Mon, 2016-07-11 at 15:48 +0200, Bruno Tuteleers wrote:
>> nameserver
> Hm, I don't see why we'd use unless the server
> explicitly asked us to. Maybe that's supposed to be treated as a
> special case which means "don't set up DNS". But I don't see why they'd
> do that.
> What does the Juniper client do in this situation?



More information about the openconnect-devel mailing list