How to stop openconnect from changing DNS settings
Posting as an answer rather than a comment to give it some visibility. I am not sure whether there is a better way for just citing other site's answers. But https://serverfault.com/a/900825 is an answer to nearly the same question that actually works.
openconnect
calls a the script /usr/share/vpnc-scripts/vpnc-script
to change network settings (see /usr/share/doc/openconnect/html/vpnc-script.html). But you can change the script called with the -s
option. If you pass in a script like
#!/bin/bash
export INTERNAL_IP4_DNS=
. /usr/share/vpnc-scripts/vpnc-script
the function to change resolv.conf
in the original script is simply not called.
Given the script above is called noresolvconf
, you would call openconnect
like
sudo openconnect -s path/to/noresolvconf ...
Don't forget to make the script executable with
chmod +x path/to/noresolvconf
comfreak
Updated on September 18, 2022Comments
-
comfreak almost 2 years
Since my college is using this horrible Cisco AnyConnect VPN, I am trying to find my way around their client software and discovered
openconnect
. So far it works great and thanks to a different question here on StackExchange, I managed to make it stop routing all my traffic through the VPN by default and instead only send college-related traffic through the VPN.However,
openconnect
still sends all my DNS queries to the college's nameserver, as I can read in/etc/resolv.conf
. Now, because I rather use my own DNS resolver, I want to stopopenconnect
from changing the DNS settings. I can set theINTERNAL_IP4_DNS
variable which I could dynamically set through the wrapper-script I created for the routing, but that doesn't completely solve my problem, since it still modifies the file and adds the search domain from my college.Is there a way to stop
openconnect
from doing that without manipulating the vpnc-script?-
Rui F Ribeiro almost 7 yearsProbably telling
dhclient
to not modify resolv.conf, or setting chattr immutable flag for resolv.conf -
comfreak almost 7 years@RuiFRibeiro I don't want to stop all changes to this file, as it might be necessary when I physically connect to a different network. I only want to stop
openconnect
from making those changes. -
Rui F Ribeiro almost 7 yearsCreate a script to connect, do the changes, redo them on exit. A possible approach. Clunky, I agree...
-
comfreak almost 7 years@RuiFRibeiro That's basically what the vpnc-script does. I guess I could make my own version of it and remove the part where it changes the DNS settings or add a section where it undoes it after connecting. I just thought that there is a more elegant solution, since I don't think this is a rare use-case.
-
Rui F Ribeiro almost 7 yearsThere is always the change of intercepting DNS requests by iptables and sending them to another place. More complicated, and once again you have got to have a wrapper script.
-
comfreak almost 7 years@RuiFRibeiro Thanks, that's another workaround, I could try for now. I do already have a wrapper script for routing.
-