Updating vpnc-script for openconnect and unbound

Sun, 21 Oct 2012 20:42:45 -0700 

I haven't been able to get a lot of traction with this, but I figured a
shot at this mailing list might help.

I have written a patch against the Fedora 18 version of vpnc-script to
allow it to detect that unbound is running and to set forwarders
appropriately for resolving internal IPs after a VPN connection is made.
That patch is attached.

This is very similar to work that was done on openswan here:
http://osdir.com/ml/fedora-devel-list/2012-06/msg02650.html

There is also a bug open for this here:
https://bugzilla.redhat.com/show_bug.cgi?id=865092

Feedback is more than welcome, oddest thing in the code is probably the
use of command, I chose that to be as portable as possible, other than
that it is all pretty self explanatory I think.

-Erinn

--- vpnc-script.orig	2012-10-01 14:14:52.736704348 -0600
+++ vpnc-script	2012-10-02 13:33:14.290804820 -0600
@@ -86,6 +86,9 @@
 elif [ -x /sbin/modify_resolvconf ]; then # Mandatory tool on Suse earlier than 11.1
 	MODIFYRESOLVCONF=modify_resolvconf_suse
 	RESTORERESOLVCONF=restore_resolvconf_suse
+elif command -v unbound-control > /dev/null && unbound-control status &> /dev/null; then 
+        MODIFYRESOLVCONF=modify_resolvconf_unbound
+        RESTORERESOLVCONF=restore_resolvconf_unbound
 else # Generic for any OS
 	MODIFYRESOLVCONF=modify_resolvconf_generic
 	RESTORERESOLVCONF=restore_resolvconf_generic
@@ -470,6 +473,22 @@
 	/sbin/resolvconf -d $TUNDEV
 }
 
+# === resolv.conf handling via unbound =========
+
+modify_resolvconf_unbound() {
+        if [ -n "$CISCO_DEF_DOMAIN" ]; then
+                unbound-control forward_add +i ${CISCO_DEF_DOMAIN} ${INTERNAL_IP4_DNS[@]}
+                unbound-control flush_zone ${CISCO_DEF_DOMAIN}
+        fi
+}
+
+restore_resolvconf_unbound() {
+        if [ -n "$CISCO_DEF_DOMAIN" ]; then
+                unbound-control forward_remove +i ${CISCO_DEF_DOMAIN}
+                unbound-control flush_zone ${CISCO_DEF_DOMAIN}
+        fi
+}
+
 # ========= Toplevel state handling  =======================================
 
 kernel_is_2_6_or_above() {

Attachment: signature.asc
Description: OpenPGP digital signature

-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Reply via email to