Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 171697 - net-misc/vpnc - vpnc-script patch to use /sbin/resolvconf
Summary: net-misc/vpnc - vpnc-script patch to use /sbin/resolvconf
Status: RESOLVED UPSTREAM
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: New packages (show other bugs)
Hardware: All Linux
: High minor
Assignee: Hanno Böck
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2007-03-21 16:55 UTC by Gustavo Sverzut Barbieri
Modified: 2007-08-21 14:51 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
Patch to use /sbin/resolvconf if available (vpnc-script.patch,1.25 KB, patch)
2007-03-21 16:55 UTC, Gustavo Sverzut Barbieri
Details | Diff
Slight adjustment to resolvconf patch for "proper" updates (vpnc-resolvconf-patch-v2.diff,1.21 KB, patch)
2007-08-17 23:16 UTC, Mike Javorski
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Gustavo Sverzut Barbieri 2007-03-21 16:55:05 UTC
Here is a patch to make net-misc/vpnc (/etc/vpnc/vpnc-script) use /sbin/resolvconf if available.

Reproducible: Always

Steps to Reproduce:
Comment 1 Gustavo Sverzut Barbieri 2007-03-21 16:55:44 UTC
Created attachment 113983 [details, diff]
Patch to use /sbin/resolvconf if available
Comment 2 Gustavo Sverzut Barbieri 2007-03-21 16:58:04 UTC
Just to be sure, this applies to =net-misc/vpnc-0.4.0-r2 and was tested with it.
Comment 3 Christian Faulhammer (RETIRED) gentoo-dev 2007-03-22 06:53:35 UTC
(In reply to comment #2)
> Just to be sure, this applies to =net-misc/vpnc-0.4.0-r2 and was tested with
> it.

 You haven't sent it upstream?
Comment 4 Gustavo Sverzut Barbieri 2007-03-22 13:14:38 UTC
I've mailed the list right now (although I don't know if they allow non-subscribed users to post).
Comment 5 Christian Faulhammer (RETIRED) gentoo-dev 2007-05-29 07:54:27 UTC
Ok, I tested the patch.  It won't use the backup resolv.conf file generated by vpnc, so a restart of the init script fails here as my DNS server is different for VPN and non-VPN connection.  This is because the comment on the top "VPNC_GENERATED" is overwritten by resolvconf and vpnc-script won't find it anymore.
No time on my side to work on it further, so maybe you have an idea, Gustavo.
Comment 6 Christian Faulhammer (RETIRED) gentoo-dev 2007-06-27 11:15:57 UTC
In the current form not really usable.  Sorry, WONTFIX
Comment 7 Jörg Mayer 2007-08-08 07:24:23 UTC
What is going wrong? To be honest, I don't understand the problem description in which way the patch doesn't work. As I'd like to merge the patch into vpnc directly and it *looks* good to me it would be helpful to understand what is going wrong.
Comment 8 Christian Faulhammer (RETIRED) gentoo-dev 2007-08-08 07:34:45 UTC
vpnc modifies /etc/resolv.conf:

#@VPNC_GENERATED@ -- this file is generated by vpnc
# and will be overwritten by vpnc
# as long as the above mark is intact
domain foo
nameserver 127.0.0.1

It will only restore the old resolv.conf file if it finds the @VPNC_GENERATED@ mark.  My complete traffic to the internet goes out over VPN, so I rely that when shutting down the original nameserver 192.168.1.1 is restored so the start-up service vpnc finds the VPN server.  resolvconf will overwrite /etc/resolv.conf and destroy the mark, rendering it unusable on service restart.

Adding Jörg to CC, remove yourself if you don't wish that.
Comment 9 Jörg Mayer 2007-08-08 11:33:09 UTC
The GENERATED stuff is only used by the vpnc selfmade resolv.conf modification code. With the patch, that code should be completely bypassed and replaced by /sbin/resolvconf. So as long as you start and stop vpnc with the same version of the script, everything is supposed to just work (unless I completely misread the patch).
So as long as you don't update the script/package while a connections exists, everything should work as expected.
Comment 10 Christian Faulhammer (RETIRED) gentoo-dev 2007-08-14 10:32:54 UTC
Ok, I think something went badly wrong when I first tested the patch...I did take the precautions you, Jörg, outlined then, but something else must have happened.  Anyway, it works.  So bring it into upstream, if it is not in the next soon-to-come release, we will patch vpnc.
Comment 11 Jörg Mayer 2007-08-14 10:58:39 UTC
Committed to vpnc svn trunk revision 197.
Thanks!
Jörg
Comment 12 Christian Faulhammer (RETIRED) gentoo-dev 2007-08-14 12:48:39 UTC
As it will be in the next release, closing this bug as UPSTREAM.  Gustavo, thanks for the submission.
Comment 13 Mike Javorski 2007-08-17 23:16:50 UTC
Created attachment 128450 [details, diff]
Slight adjustment to resolvconf patch for "proper" updates

The dnsmasq resolvconf "handler" expects VPN-sourced entries to only provide a "domain" listing rather than a "search" listing. This patch is the same as that committed in upstream SVN (trunk/r197), save for using "domain" rather than search.

It works correctly on my machine, works EXACTLY how I want it, so only VPN related queries get passed to the VPN-sourced DNS servers.

NOTE: the dnsmasq handling does seem to require resolvconf-gentoo-1.4 to function properly
Comment 14 Jörg Mayer 2007-08-19 18:19:29 UTC
In which respect is this a "bug" in vpnc and not dnsmasq/the dnsmasq module for resolvconf? How are we going to handle the case when there is not a single domain but a domainlist?
Comment 15 Mike Javorski 2007-08-19 18:47:18 UTC
(In reply to comment #14)
> In which respect is this a "bug" in vpnc and not dnsmasq/the dnsmasq module for
> resolvconf? 

I wouldn't claim it to be a "bug" in vpnc, just an alternate version of the patch attached to this "bug" to enable resolvconf support. If it came across that way, I apologize.

As far as I know, dnsmasq has the only resolveconf "handler" that is doing this per-VPN domain/dns separation. That's why "proper" is in quotes, I don't know what is supposed to be the correct way as dnsmasq appears to be the only one doing it.


(In reply to comment #14)
> How are we going to handle the case when there is not a single
> domain but a domainlist?

I wasn't thinking about that case, as I believed the current vpnc-script (and the environmental variables it uses) to only support one domain (CISCO_DEF_DOMAIN) per VPN connection, rather than multiple. 

The better long term solution would be something added to resolvconf to handle these private networks differently, but for the here and now, it doesn't.

I am perfectly happy to just continue to patch my vpnc-script with the change so it works for me, I was just trying to help others who might be in the same situation I am.

Comment 16 Jörg Mayer 2007-08-21 14:51:37 UTC
You are right. Changed.