On Mon 06 Mar 2023 at 13:17:23 (+0100), daven...@tuxfamily.org wrote: > On 2023-03-03 06:22, Max Nikulin wrote: > > On 03/03/2023 10:08, Tim Woodall wrote: > > > New to this thread, so might be totally off-piste but openvpn > > > has hooks > > > to run scripts like this: > > ... > > > This is server side but the route-up/pre-down work client side too. > > Since it's workplace's VPN, which I don't have access to, I can't do > anything which requires server-side access. > Plus, it's a Cisco VPN. I don't anythig aout cisco stuff. I'm more > familiar with openVPN > > > > > > > Presumably you can do something here to renew dhcp leases or restore > > > resolv.conf. > > > > Perhaps the opposite. dhclient running for enp2s0f0 should detect that > > VPN is active and to avoid overwriting DNS settings that direct > > requests to tun0. > > Yes, indeed. I want dhclient to NOT overwrite /etc/resolv.conf when > VPN is active. OR to use tun05 when it tries to renew the lease > > One person at work suggested to use resolvectl/resolvconf but after > looking at it, I noticed it requires using sytemd-resolved, which > I don't use.
Package: resolvconf Depends: lsb-base (>= 4.1+Debian3), debconf (>= 0.5) | debconf-2.0 AIUI systemd-resolved is a replacement for openresolv, and it's systemd-networkd that can work alongside openresolv. > As an alternative, there is openresolv, which seems work without > resolved. But I failed to find any document on how to useit with > openconnect. Yes, no dependencies. Openconnect will supply openresolv with the information it needs when the vpnc-script that we discussed earlier runs. It's at the function "modify_resolvconf_manager", around line 690. > The official website config page only gives parameters for some > well-known local resolvers, including unbound. It also covers Bind, named (a part of bind), and dnsmasq (mentioned in that script). All these are in Debian. > If anyone has a good documention on how to configure openresolv > correctly to use it with openconnect. I see that the openresolv wiki at Arch has a section on openconnect. Obviously you may need to "bend" their pages when consulting them for Debian. > Thing is : years ago I used to use OpenVPN on debian on another > computer, the DHCP client was also dhclient > but I didn't to do any extra configuration, it just worked… The only > differences was an older debian version, > as the stable batk them was like Debian 7 or 8, and I was using wicd > instead. So the network stuff probably changed since then > > Therefore I have no damn idea on how to configure stuff like openresolv. Cheers, David.