Ubuntu
network-manager-openconnect package

openconnect: vpnc does not interoperate with resolvconf

Bug #694425 reported by Paul Smith
32
This bug affects 6 people
Affects Status Importance Assigned to Milestone
network-manager-openconnect (Ubuntu)
Expired
Medium
Unassigned
vpnc (Ubuntu)
Expired
Medium
Unassigned

Bug Description

Binary package hint: openconnect

I have to connect to multiple VPNs, even at the same time, so I've installed the resolvconf package to manage the resolv.conf file. Many applications, such as dhclient etc., in Ubuntu recognize that resolvconf is installed and will proceed accordingly. However, openconnect does not seem to recognize this and removes the /etc/resolv.conf symlink (which it's supposed to be to get resolvconf package to work). It also doesn't appear to set the DNS environment using resolvconf as it should.

What would be really, really nice is that if openconnect (or any utility that needs to change /etc/resolv.conf but this bug is about openconnect) provided a shell script that managed /etc/resolv.conf, rather than putting that handling into the code itself. This would not be a big deal performance-wise since it only happens at connection establishment, and it gives a lot of flexibility to manage these files as needed.

Revision history for this message
dwmw2 (dwmw2) wrote :

OpenConnect doesn't touch /etc/resolv.conf at all. This is probably vpnc-script, which in Ubuntu may be shipped as part of the vpnc package, or may be in a separate vpnc-script package.

The one shipped with vpnc is hopelessly out of date and doesn't work with current kernels; Ubuntu *should* be shipping the one from http://git.infradead.org/users/dwmw2/vpnc-scripts.git

But I'm slightly confused; both versions should both use /sbin/resolvconf by preference, before falling back to touching the file manually. Does resolvconf provide the /sbin/resolvconf executable? That's what vpnc-script checks for.

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in openconnect (Ubuntu):
status: New → Confirmed
Changed in vpnc (Ubuntu):
status: New → Confirmed
Revision history for this message
John McFarlane (jmcfarlane) wrote :

On my machine (12.04 openconnect as launched by NetworkManager appears to be using:

--script /usr/lib/NetworkManager/nm-openconnect-service-openconnect-helper

So might this issue be related to that guy? For full context I found this dns resolution issue to be specific to 12.04 (tested it on 2 machines that had working dns resolution through the vpn before, and not after the upgrade).

Thomas Hood (jdthood)
summary: - openconnect does not interoperate with resolvconf
+ openconnect: vpnc does not interoperate with resolvconf
Revision history for this message
Mathieu Trudel-Lapierre (cyphermox) wrote :

That would make it a bug in network-manager-openconnect. Reassigning...

I can't test this on my own though, so I'll have to rely on others to verify whether this is still the issue in 12.04 and in the development release.

affects: openconnect (Ubuntu) → network-manager-openconnect (Ubuntu)
Changed in network-manager-openconnect (Ubuntu):
importance: Undecided → Medium
status: Confirmed → Triaged
Mathieu Trudel-Lapierre (cyphermox)
Changed in vpnc (Ubuntu):
status: Confirmed → In Progress
importance: Undecided → Medium
assignee: nobody → Mathieu Trudel-Lapierre (mathieu-tl)
Revision history for this message
Mike Miller (mtmiller) wrote :

I do not see anything broken on 12.04 with network-manager-openconnect.

Before connecting, LAN DNS works. While connected to the VPN, both LAN and VPN DNS resolution work. After disconnecting, LAN DNS works again.

Looking into dynamic configuration files, the contents of /run/resolvconf/interface/NetworkManager update correctly, as does /var/run/nm-dns-dnsmasq.conf.

Revision history for this message
Mathieu Trudel-Lapierre (cyphermox) wrote :

I was going to set vpnc-scripts to be used by vpnc, but I think this first requires more discussion, and above all should be done in Debian as well (and the vpnc copy of vpnc-scripts should go). For now, it looks sufficiently up to date to not really be an issue with resolvconf, as far as I can tell.

Since this bug was opened I guess things have changed. Is the original reported issue still present?

Changed in vpnc (Ubuntu):
assignee: Mathieu Trudel-Lapierre (mathieu-tl) → nobody
status: In Progress → Incomplete
Changed in network-manager-openconnect (Ubuntu):
status: Triaged → Incomplete
Revision history for this message
Florian Schlichting (fschlich) wrote :

In Debian, vpnc is going to make use of the vpnc-script provided by the new vpnc-scripts package as soon as wheezy is out of the door. I was too short on time and about to leave for a long summer holiday AFK immediately before the freeze, so Mike and I agreed that he should go forth preparing everything for openconnect, and I would follow behind with vpnc after the release of wheezy.

There shouldn't be any difference between those two vpnc-scripts yet regarding resolvconf, and yes there were many changes to vpnc-script since the time this bug was opened.

Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for network-manager-openconnect (Ubuntu) because there has been no activity for 60 days.]

Changed in network-manager-openconnect (Ubuntu):
status: Incomplete → Expired
Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for vpnc (Ubuntu) because there has been no activity for 60 days.]

Changed in vpnc (Ubuntu):
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.