Am Wed, Feb 22, 2023 at 06:12:29PM +0100 schrieb daven...@tuxfamily.org: > > ========= context ========= > For the context, I use a Debian 11 laptop for work. When I work remotely > from home, I have to use a cisco VPN. Good thing is there is openconnect, > which does work, and in teh case of ym work's VPN, it does wor. cisco's > spyware/downloaded binry, namely using the --csd-wrapper > /usr/libexec/openconnect/" [snip] > ===== end of context ===== > What I want is: setting up /etc/resolv.conf ONLY > - at system startup/initial network connexion. > - when openconnect is executed and connects to work's VPN > - when openconnect is ^C-ed and disconnects from the works VPN (cleaning > it's mess in the routing table, interfaces, /etc/resolv's and other netwwork > stuff it might have modified, makes sense) > > Here's what I know: > - Whatever process does that seems does what I highly suspect to be DHCP [1] > requests every now and then. Home's router answers giving it's own address > as both gateway and DNS resolver. And said process thinks it's OK to delete > and recreate resolv.conf with the wrong content… breaking everything work's > related while the VPN is still active
If it is DHCP: You might do a countermeasure in /etc/dhcp/dhclient.conf. On my system I have an entry as below. interface "wlp4s0" { supersede domain-name-servers 127.0.0.1; } I run unbound as a resolver. The entry in dhcclient.conf prevents that the entry in /etc/resolv.conf is overwritten. [snip] My setup is stoneage like compared to your context. Anyhow, I hope this is at least useful as a pointer :-). Kind regards, Christoph -- Ist die Katze gesund schmeckt sie dem Hund.