After upgrading from resolvconf to openresolv, I've observed that the resolv.conf gets overwritten back to the physical interface's resolv.conf after a few moments. Not sure why and when this happens. Anyway, before VPN is up: # ls -l reso* -rw-r--r-- 1 root root 69 Jun 18 10:55 resolv.conf (contains "wlan"-interface's nameservers) After VPN is up: # ls -l res* -rw-r--r-- 1 root users 74 Jun 18 11:01 resolv.conf (contains Cisco-IPSec connections nameservers) -rw-r--r-- 1 root root 69 Jun 18 10:55 resolv.conf.vpnbackup (contains the physical ones) After VPN has been up for a while: # ls -l res* -rw-r--r-- 1 root users 69 Jun 18 11:01 resolv.conf -rw-r--r-- 1 root root 69 Jun 18 10:55 resolv.conf.vpnbackup Exactly what is going on here? conf.d/domainname has OVERRIDE=0. With the old resolvconf the physical resolv.conf was a symlink to elsewhere - Cisco's VPN just renamed the symlink (and renamed it back after terminating VPN). Now, with openresolv apparently not using symlinks, VPN doesn't work for more than a few moments. Using cisco-vpn-3des-4.8.0, openresolv 1.5.1. Resolvconf -l lists only the wlan interface but I'm not expecting it to as Cisco is managing it's nameserver information using the .backup-file anyway. I'm not sure what condition exactly calls resolvconf to overwrite the resolv.conf file - maybe wpa_cli.sh as I'm using wpa_supplicant to connect..
I added a "ps axf" to the /sbin/resolvconf, and apparently it's being called by dhcpcd. So that's why it gets overwritten - dhcpcd wants to do that periodically it seems. 7129 ? Ss 0:00 /sbin/dhcpcd -t 0 -p -N -Y -h -m 2000 wlan 8696 ? S 0:00 \_ /bin/sh /sbin/resolvconf -a wlan 8739 ? S 0:00 \_ /bin/sh /etc/resolvconf/update.d/named a wlan 8740 ? R 0:00 \_ /bin/sh /sbin/resolvconf -v 8742 ? R 0:00 \_ /bin/sh /sbin/resolvconf -v 8743 ? R 0:00 \_ /bin/sh /sbin/resolvconf -l 8744 ? R 0:00 \_ ps axf I'm not sure how to solve this. Go back to symlink mode as in resolvconf-gentoo?
For a workaround, I changed RESOLVCONF variable in /etc/resolvconf/update.d/libc to a different file and symlinked /etc/resolv.conf to that. I think this was how it was done before.
openresolv just writes to /etc/resolv.conf - doesn't matter if it's a symlink or not from it's perspective. Having it as a symlink caused serious problems when people removed openresolv - they lost DNS due to the either the symlink dangling or removed entirely. When openresolv is installed, it is expected that IT is controlling /etc/resolv.conf
Created attachment 163506 [details, diff] Only update subscribers if resolv.conf changed See if this patch helps - if the interface definition has not changed then we don't run any subscribers.
Tested it - works. 1) When VPN is active, resolv.conf is not overwritten 2) If VPN is terminated ungracefully (eg. it doesn't clean up and restore the original resolv.conf from backup), openresolv fixes it. BTW, I love this gem in your Makefile: .in: sed -e 's:@PREFIX@:${PREFIX}:g' \ -e 's:@SYSCONFDIR@:${SYSCONFDIR}:g' \ -e 's:@VARBASE@:${VARBASE}:g' \ $@.in > $@ I kept wondering why my workaround (setting the RESOLVCONF variable) wasn't removed when I did emerge -1 openresolv to apply the patch - If only Gentoo would have similar implementations with other packages for proper config migration!-) Anyway, fixed.
OK, I've comitted this upstream now. http://git.marples.name/?p=openresolv.git;a=commitdiff;h=5251ae066f91e250fe0524a277bb7e9f07a7d9bb But before I make another release, I'd like to help a little more, as if the DHCP client obtains different nameservers OR another resolvconf interface goes up/down then you'll be in the same boat. So I'm wondering if we could make a cisco vpn subscriber (say /etc/resolvconf/update-libc.d/cisco-vpn) that sends a signal to an already running instance re-write resolv.conf (best case) or to either restart it (worst case). I don't have or use this myself, and can find no documentation for it easily. Could you help?
(In reply to comment #6) > So I'm wondering if we could make a cisco vpn subscriber (say > /etc/resolvconf/update-libc.d/cisco-vpn) that sends a signal to an already > running instance re-write resolv.conf (best case) or to either restart it > (worst case). I don't have or use this myself, and can find no documentation > for it easily. Could you help? Help, yes. Not sure how to make this example happen tho in the case of WLAN - I mean, if a layer 3 handover happens (e.g. I go to other SSID), ciscovpn goes down anyway. Of course I can simply plug in my wired interface (so it goes up and wants to rewrite resolv.conf) if this is good enough.
Well, openresolv-1.7 is out anyway, so this can be closed now as it has this change.
