All geek questions in one place

DHCP rewrites Cisco VPN resolv.conf on Linux

I am using an Ubuntu 8.04 machine (x86_64) to connect to my employer Cisco VPN. (The client did not compile out of the box, but I found patches to update the client for compilation on the kernels released in the last two years .) All this works fine until my DHCP client decides to resume renting and /etc/resolv.conf updates, replacing the servers VPN-related names on my shared network servers.

Is there a good way to prevent my DHCP client from updating /etc/resolv.conf while my VPN is active?

+4
source share
7 answers

If you are using Ubuntu by default in NetworkManager, try uninstalling the CiscoVPN client and use the vpnc NetworkManager plugin to connect to the Cisco VPN. This should avoid all problems, as NetworkManager is aware of your VPN connection.

+2
source

If you work without a NetworkManager that handles connections, use the resolvconf package to act as an intermediary for configuring the /etc/resolv.conf programs: sudo apt-get install resolvconf

If you use NetworkManager, it will handle this for you, so get rid of the resolvconf package: sudo apt-get remove resolvconf

I learned about this when setting up vpnc on Ubuntu last week. A search for vpn resolv.conf on ubuntuforums.org has 250 results, many of which are very related!

+5
source

I would advise following @Sean's recommendations, but if for some reason this fails, it should be possible to configure dhclient so as not to query DNS servers in / etc / dhcp3 / dhclient.conf

+1
source

chattr + i / etc / resolv.conf should work. (-i to cancel)

But it’s better to set up dhclient.conf: https://calomel.org/dhclient.html Look at the ultra-modern domain name servers and domain name.

Also see "send hostname;" If it works at your workplace, you will have a cool hostname for your PC, not some weird name assigned by DHCP servers.

+1
source

vpnc seems to be doing the right thing for my hub concentrator for the employer. I hop on and off vpn and it seems to update everything smoothly.

0
source

You can tell the DHCPclient daemon not to update resolv.conf using the command line. (-r, I think, depending on the client)

This is less dynamic because you will have to reboot / reconfigure DHCP when connecting, but not too complicated. Similarly, you can just stop the service, but you can lose your IP at the same time, so I would not recommend this.

Alternatively, you can run dhcpclient from the cron job by adding the appropriate process checks.

0
source

This problem is much more noticeable on networks with low DHCP leases. There is an error in the Ubuntu dhcp3 launchpad:

https://bugs.launchpad.net/ubuntu/+source/dhcp3/+bug/90681

What includes this patch in the description:

 --- /sbin/dhclient-script.orig 2007-03-08 19:19:56.000000000 +0000 +++ /sbin/dhclient-script 2007-03-08 19:19:46.000000000 +0000 @@ -13,6 +13,10 @@ # The alias handling in here probably still sucks. -mdz make_resolv_conf() { + # don't overwrite resolv.conf at RENEW time, since a VPN/PPTP tunnel may + # have updated it with remote DNS servers + [ "$reason" = "RENEW" ] && return + if [ -n "$new_domain_name" -o -n "$new_domain_name_servers" ]; then # Find out whether we are going to mount / rw exec 9>&0 </etc/fstab

This change to /sbin/dhcp-script stops the DHCP client from overwriting /etc/resolv.conf when it resumes the lease.

0
source

Source: https://habr.com/ru/post/1276584/

More articles:


All Articles