[TriLUG] NetExtender VPN Client on Linux leaves resolv.conf clobbered
Ed Blackman via TriLUG
trilug at trilug.org
Wed Aug 19 23:33:05 EDT 2020
NetExtender should definitely be restoring changes it makes on startup when it stops. But anyway, since they won't...
If NetExtender can be convinced to modify a different file than /etc/resolv.conf, then you might be able to use resolvconf (https://en.wikipedia.org/wiki/Resolvconf) to handle the resolv.conf changes.
If it can't modify a different file, but can be convinced to print its config (including nameserver details), you might be able to set up resolveconf, mark /etc/resolv.conf as immutable (so NetExtender can't muck with it), and use post-device-up scripting to feed the right resolv entries to resolvconf.
A brief search doesn't turn up the NetExtender man page online, so I can just offer these as suggestions for further research.
Ed
On Mon, Aug 17, 2020 at 10:10:55AM -0400, Brian via TriLUG wrote:
> Hi Gang,
>
> I spent a fruitless hour with a support technician at SonicWall to get to
> the conclusion of "it's not our problem" so here's the situation:
>
> I'm using the Linux SonicWall NetExtender client (command-line version) to
> connect to my workplace's VPN. The tunnel works perfectly. However, the
> problem is when I close down the tunnel.
>
> NetExtender rewrites /etc/resolv.conf on connection according to the
> tunnel's settings. The problem is it doesn't restore the original content
> when it exits; resolv.conf still points to a nameserver that is only
> accessible over the VPN, and my name resolution is broken until I reset that
> file, either by hand or by renewing the DHCP lease for my ethernet
> connection.
>
> I would've expected it to be NetExtender's responsibility to reset that file
> back to its previous state, but the SonicWall tech guy insists that it's the
> OS's job.
>
> Is he correct? And if he is, how do I even troubleshoot why it's not
> happening on my computer?
>
> In the mean time, I've just written a script that copies the original to a
> safe place and then copies it back after NetExtender exits, but I shouldn't
> have to do that (and it requires privilege escalation)...
>
> Many thanks,
> -Brian
> --
> This message was sent to: Ed Blackman <ed at edgewood.to>
> To unsubscribe, send a blank message to trilug-leave at trilug.org from that address.
> TriLUG mailing list : https://www.trilug.org/mailman/listinfo/trilug
> Unsubscribe or edit options on the web : https://www.trilug.org/mailman/options/trilug/ed%40edgewood.to
> Welcome to TriLUG: https://trilug.org/welcome
--
Ed Blackman
More information about the TriLUG
mailing list