How to stop openconnect from changing DNS settings

fedora dns resolv.conf cisco openconnect
6,681

Posting as an answer rather than a comment to give it some visibility. I am not sure whether there is a better way for just citing other site's answers. But https://serverfault.com/a/900825 is an answer to nearly the same question that actually works.

openconnect calls a the script /usr/share/vpnc-scripts/vpnc-script to change network settings (see /usr/share/doc/openconnect/html/vpnc-script.html). But you can change the script called with the -s option. If you pass in a script like

#!/bin/bash
export INTERNAL_IP4_DNS=
. /usr/share/vpnc-scripts/vpnc-script

the function to change resolv.conf in the original script is simply not called.

Given the script above is called noresolvconf, you would call openconnect like

sudo openconnect -s path/to/noresolvconf ...

Don't forget to make the script executable with

chmod +x path/to/noresolvconf
Share:
6,681
comfreak
Author by

comfreak

Updated on September 18, 2022

Comments

  • comfreak
    comfreak almost 2 years

    Since my college is using this horrible Cisco AnyConnect VPN, I am trying to find my way around their client software and discovered openconnect. So far it works great and thanks to a different question here on StackExchange, I managed to make it stop routing all my traffic through the VPN by default and instead only send college-related traffic through the VPN.

    However, openconnect still sends all my DNS queries to the college's nameserver, as I can read in /etc/resolv.conf. Now, because I rather use my own DNS resolver, I want to stop openconnect from changing the DNS settings. I can set the INTERNAL_IP4_DNS variable which I could dynamically set through the wrapper-script I created for the routing, but that doesn't completely solve my problem, since it still modifies the file and adds the search domain from my college.

    Is there a way to stop openconnect from doing that without manipulating the vpnc-script?

    • Rui F Ribeiro
      Rui F Ribeiro almost 7 years
      Probably telling dhclient to not modify resolv.conf, or setting chattr immutable flag for resolv.conf
    • comfreak
      comfreak almost 7 years
      @RuiFRibeiro I don't want to stop all changes to this file, as it might be necessary when I physically connect to a different network. I only want to stop openconnect from making those changes.
    • Rui F Ribeiro
      Rui F Ribeiro almost 7 years
      Create a script to connect, do the changes, redo them on exit. A possible approach. Clunky, I agree...
    • comfreak
      comfreak almost 7 years
      @RuiFRibeiro That's basically what the vpnc-script does. I guess I could make my own version of it and remove the part where it changes the DNS settings or add a section where it undoes it after connecting. I just thought that there is a more elegant solution, since I don't think this is a rare use-case.
    • Rui F Ribeiro
      Rui F Ribeiro almost 7 years
      There is always the change of intercepting DNS requests by iptables and sending them to another place. More complicated, and once again you have got to have a wrapper script.
    • comfreak
      comfreak almost 7 years
      @RuiFRibeiro Thanks, that's another workaround, I could try for now. I do already have a wrapper script for routing.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Ubuntu 16.04 Cannot resolve hostnames
Setting DNS via NetworkManager/nm-applet doesn't update the /etc/resolv.conf (17.10)
Change DNS to Coudflare 1.1.1.1 on Ubuntu 17.10
I deleted my resolv.conf how do I get it back or how do I create it again
18.04 Unable to connect to server due to "Temporary failure in name resolution"
make netplan write resolve.conf
resolveconf -u keeps adding an unwanted search domain to resolve.conf
How do I set a static DNS nameserver address on Ubuntu Server?
Accidentally deleted /etc/resolv.conf and now can't access any domain
resolv.conf - No DNS servers known