On Fri, Nov 13, 2020 at 2:41 AM Jędrek Domański <jedrek.doman...@gmail.com> wrote: > > Hello, > I am using OpenConnect on Ubuntu 16.04 to connect to my client's IT > infrustructure and am having problems after disconnecting VPN. Prior > connecting to VPN my /etc/resolv.conf looks like this: > > nameserver 127.0.1.1 > search home > > After connecting to VPN my /etc/resolv.conf gets changed and I get > nameserver and search from my client's server configuration, which is > fine, however after disconnecting VPN my /etc/resolv.conf stays the > same and my internet connection speed is dramatically degraded and it > takes almost 10 seconds for every page to load. I have checked my > network configuration and have confirmed with my ISP provider that the > correct DNS servers are provided for me and that the issue comes from > openconnect not reverting the changed configuration file > /etc/resolv.conf. The nameserver I am left off with is the Google DNS > 8.8.8.8 which I get from my client's server, because they might be > using it inside of their infrastructure for some reason. I've tried it > on my Mac and after disconnecting VPN /etc/resolv.conf is reverted to > what it was prior establishing the connection. This should also happen > on Linux but it does not. Why does this not happen and how do I fix > this?
Technically, this is not because of OpenConnect itself, but because of the vpnc-script (https://gitlab.com/openconnect/vpnc-scripts/blob/master/vpnc-script) which OpenConnect calls for all routing and DNS setup. Assuming you're using the version of the vpnc-script that's actually distributed with Ubuntu 16.04, it's *ancient* (https://packages.ubuntu.com/xenial/vpnc-scripts). We've made a ton of modifications and improvements to DNS handling since then (approximate diff: https://gitlab.com/openconnect/vpnc-scripts/-/compare/a64e23b1b6602095f73c4ff7fdb34cccf7149fd5...master#47d6c67f7e3c5408337ca1a557416fa846c6efc4). Most likely your Mac has a much more modern version of the vpnc-script. First thing you try is using a modern version of the vpnc-script and see if that fixes the situation. If that doesn't work, add --script "sh -x /path/to/the/vpnc-script" to your OpenConnect command-line; this will give a trace of all the commands run by the vpnc-script, and aid greatly in debugging. Dan _______________________________________________ openconnect-devel mailing list openconnect-devel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/openconnect-devel
