vpnc-script resolvconf
Johannes Brechtmann
johannes.brechtmann at gmail.com
Mon Oct 3 08:40:23 PDT 2016
Hello,
I am using the vpnc-script from here:
http://git.infradead.org/users/dwmw2/vpnc-scripts.git/blob/HEAD:/vpnc-script
Everything works fine except that my /etc/resolv.conf gets overwritten after
a few minutes, because of RDNSS options in Router Advertisements which I get
on my ethernet interface.
Since this setup can lead to leaking DNS traffic, I think this should not be
the default behavior. As a fix I propose to call resolvconf with the -x flag
to set the interface as exclusive.
Diff:
--- vpnc-script.orig 2016-10-03 17:09:43.569638541 +0200
+++ vpnc-script 2016-10-03 17:10:26.705637769 +0200
@@ -569,7 +569,7 @@
NEW_RESOLVCONF="$NEW_RESOLVCONF
domain $CISCO_DEF_DOMAIN"
fi
- echo "$NEW_RESOLVCONF" | /sbin/resolvconf -a $TUNDEV
+ echo "$NEW_RESOLVCONF" | /sbin/resolvconf -x -a $TUNDEV
}
restore_resolvconf_manager() {
Please tell me if I am missing something here.
Signed-off-by: Johannes Brechtmann <johannes.brechtmann at gmail.com>
More information about the openconnect-devel
mailing list