[FFE] vpnc, network-manager-vpnc don't support split DNS VPN attribute

Here's a patch which queries the VPN server for the list of split DNS domains and passes it onto the vpnc-script. I've tested that it works with my company's VPN server, which lists several internal domain names under the split-dns attribute.

However, it's not currently possible for a NetworkManager VPN plugin to pass multiple domains back to NM, so that API will need to be enhanced somehow.

Nice job, Evan. Thanks for looking into this!

This will need a Feature Freeze exception to be uploaded to Precise; but it would be really good to include.

This sounds more like a bug fix to me. LGTM, and this was tested already.

The fix for network-manager-vpnc is now in Precise; so I'll close that task: https://launchpad.net/ubuntu/+source/network-manager-vpnc/0.9.4.0-0ubuntu1

Evan, if you can please upload your vpnc patch ;)

This bug was fixed in the package vpnc - 0.5.3r512-2ubuntu1

---------------
vpnc (0.5.3r512-2ubuntu1) precise; urgency=low

  * Added fetch-split-dns-prop.patch to fetch split DNS property from
    Cisco VPN servers. (LP: #954747)
 -- Evan Broder <email address hidden> Tue, 13 Mar 2012 23:26:42 -0700

See https://bugs.launchpad.net/ubuntu/+source/vpnc/+bug/992543 - this patch appears to break dpkg-buildpackage.

There were changes in the packages that break the process you are using, yes, but it has nothing to do with that patch specifically; see Stefano's responses in the linked bug for details.

Hi,

I'm still having some issues with the split-dns feature on 12.04 despite having updated the packages to the latest versions.
I'm providing the configurations I'm using, I might well be the one who did something wrong, I apologize in that case :) I'm changing the ips and domains with fake stuff.

This is the cisco asa 5510 configuration:

group-policy DfltGrpPolicy attributes
dns-server value <internal-dns1> <internal-dns2>
default-domain value <cooldomain1.com>
split-dns value <cooldomain1.com> <cooldomain2.com>

Here's the content of /run/nm-dns-dnsmasq.conf when the tunnel is up:

server=/<cooldomain1.com>/<internal-dns1>
server=/10.in-addr.arpa/<internal-dns1>
server=/16.172.in-addr.arpa/<internal-dns1>
server=8.8.8.8

It looks like the nm-dns-dnsmasq.conf is missing a line for the other domain, like:
server=/<cooldomain2.com>/<internal-dns1>

These are the installed packages:
network-manager 0.9.4.0-0ubuntu4.1
network-manager-gnome 0.9.4.1-0ubuntu2
network-manager-openconnect 0.9.4.0-0ubuntu1
network-manager-openconnect-gnome 0.9.4.0-0ubuntu1
network-manager-vpnc 0.9.4.0-0ubuntu1
network-manager-vpnc-gnome 0.9.4.0-0ubuntu1
dnsmasq-base 2.59-4

Any clue? Thanks

As far as I know this should work. A very similar configuration on my Cisco 881 (admittedly, it's not an ASA) works just fine like this and properly adds the extra domain. Is vpnc also at the right version, which should be 0.5.3r512-2ubuntu1?

If it is, I'd like to suggest you file a separate bug for your issue, and make sure to notify me with the bug number here or by email -- then we'll debug the network-manager-vpnc plugin directly to figure out what is going wrong.

Thanks Mathieu. Here it is #1034298.