[TriLUG] NetExtender VPN Client on Linux leaves resolv.conf clobbered

Ed Blackman via TriLUG trilug at trilug.org
Wed Aug 19 23:33:05 EDT 2020 

NetExtender should definitely be restoring changes it makes on startup when it stops.  But anyway, since they won't...

If NetExtender can be convinced to modify a different file than /etc/resolv.conf, then you might be able to use resolvconf (https://en.wikipedia.org/wiki/Resolvconf) to handle the resolv.conf changes.

If it can't modify a different file, but can be convinced to print its config (including nameserver details), you might be able to set up resolveconf, mark /etc/resolv.conf as immutable (so NetExtender can't muck with it), and use post-device-up scripting to feed the right resolv entries to resolvconf.

A brief search doesn't turn up the NetExtender man page online, so I can just offer these as suggestions for further research.

Ed

On Mon, Aug 17, 2020 at 10:10:55AM -0400, Brian via TriLUG wrote:
> Hi Gang,
> 
> I spent a fruitless hour with a support technician at SonicWall to get to
> the conclusion of "it's not our problem" so here's the situation:
> 
> I'm using the Linux SonicWall NetExtender client (command-line version) to
> connect to my workplace's VPN.  The tunnel works perfectly.  However, the
> problem is when I close down the tunnel.
> 
> NetExtender rewrites /etc/resolv.conf on connection according to the
> tunnel's settings.  The problem is it doesn't restore the original content
> when it exits; resolv.conf still points to a nameserver that is only
> accessible over the VPN, and my name resolution is broken until I reset that
> file, either by hand or by renewing the DHCP lease for my ethernet
> connection.
> 
> I would've expected it to be NetExtender's responsibility to reset that file
> back to its previous state, but the SonicWall tech guy insists that it's the
> OS's job.
> 
> Is he correct?  And if he is, how do I even troubleshoot why it's not
> happening on my computer?
> 
> In the mean time, I've just written a script that copies the original to a
> safe place and then copies it back after NetExtender exits, but I shouldn't
> have to do that (and it requires privilege escalation)...
> 
> Many thanks,
> -Brian
> -- 
> This message was sent to: Ed Blackman <ed at edgewood.to>
> To unsubscribe, send a blank message to trilug-leave at trilug.org from that address.
> TriLUG mailing list : https://www.trilug.org/mailman/listinfo/trilug
> Unsubscribe or edit options on the web  : https://www.trilug.org/mailman/options/trilug/ed%40edgewood.to
> Welcome to TriLUG: https://trilug.org/welcome

-- 
Ed Blackman

More information about the TriLUG mailing list