Am Wed, Feb 22, 2023 at 06:12:29PM +0100 schrieb daven...@tuxfamily.org:
>
> ========= context =========
> For the context, I use a Debian 11 laptop for work. When I work remotely
> from home, I have to use a cisco VPN. Good thing is there is openconnect,
> which does work, and in teh case of ym work's VPN, it does wor. cisco's
> spyware/downloaded binry, namely using the --csd-wrapper
> /usr/libexec/openconnect/"
[snip]
> ===== end of context =====
> What I want is: setting up /etc/resolv.conf ONLY
> - at system startup/initial network connexion.
> - when openconnect is executed and connects to work's VPN
> - when openconnect is ^C-ed and disconnects from the works VPN (cleaning
> it's mess in the routing table, interfaces, /etc/resolv's and other netwwork
> stuff it might have modified, makes sense)
>
> Here's what I know:
> - Whatever process does that seems does what I highly suspect to be DHCP [1]
> requests every now and then. Home's router answers giving it's own address
> as both gateway and DNS resolver. And said process thinks it's OK to delete
> and recreate resolv.conf with the wrong content… breaking everything work's
> related while the VPN is still active
If it is DHCP: You might do a countermeasure in
/etc/dhcp/dhclient.conf. On my system I have an entry as below.
interface "wlp4s0" {
supersede domain-name-servers 127.0.0.1;
}
I run unbound as a resolver. The entry in dhcclient.conf prevents that
the entry in /etc/resolv.conf is overwritten.
[snip]
My setup is stoneage like compared to your context.
Anyhow, I hope this is at least useful as a pointer :-).
Kind regards,
Christoph
--
Ist die Katze gesund
schmeckt sie dem Hund.
