Re: Overriding connections (VPN) that abuse DNS (was: Wireless DHCP overwrites DNS settings)

[Derek Atkins <warlord MIT EDU>]

Dan Williams <dcbw redhat com> writes:

> On Sat, 2007-12-08 at 13:36 -0800, Ross Patterson wrote:
>> This is somewhat related.  I have a poorly behaved VPN connection that
>> sends NM empty DNS settings so that no DNS works when I'm connected to
>> the VPN.  I can't fix the VPN, so my current workaround is to copy
>> /etc/resolv.conf before I connect to the VPN, and then write it over the
>> /etc/resolv.conf written by NM *after* connecting to the VPN.  IOW, I
>> manually restore the original DNS configuration.  This is annoying to
>> say the least.
>> 
>> My question is, is there a way to preseve the DNS settings on *just
>> that* VPN connection so I don't have to do this dance every time?
>
> Not yet; but it can be fixed internally in NetworkManager pretty easily.
> Nobody has come up with a patch yet, and I haven't had time.
>
> Internally, the IP4 configs are essentially a stack with between 0 and 2
> configs per device.  The device's config is at #1, and the VPN config is
> at #2.  Whenever the config stack changes, settings should get merged
> with the higher numbered items taking priority over the lower numbered
> ones.  Right now, a config with a higher number blows away the config
> with the lower number entirely.

I have a VPN that also gives me incomplete DNS info.  The way I fixed
this was by writing a wrapper around /usr/bin/nm-vpnc-service-vpnc-helper
that adjusts the vpnc environment before passing it back to NM via
dbus.  In my case I needed to adjust the CISCO_DEF_DOMAIN variable.
YMMV.

-derek
-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord MIT EDU                        PGP key available