On Tue, Dec 13, 2011 at 4:46 AM, David Woodhouse <dwmw2 at infradead.org> wrote: > On Tue, 2011-12-13 at 04:39 +0800, Antonio Borneo wrote: >> In this repository, vpnc-script.in has been converted >> to vpnc-script. Doing this, the value $SCRIPTNAME has >> changed from "vpnc" to "vpnc-script". >> This breaks the "restore" and left /etc/resolv.conf >> modified for the (already closed) VPN tunnel. > > Hm, this happens because the script changes while the VPN is > *connected*, so it doesn't manage to tear down its own setup? Correct, the script makes backups of resolv.conf, and uses the value passed with "-s" to build the filename of the backup. During "restore" the value "-s" is used to find the right backup to restore. Using a wrong value for "-s" no backup is restored, silently... >> Replace "-s $SCRIPTNAME" with fixed value "-s vpnc". > > Should it be using $TUNDEV instead, perhaps? And does it matter that it > still says 'vpnc' when it's actually being invoked from openconnect? Humm, I was watching the problem from vpnc point of view only. Probably you are right, would be nice to select between "openconnect" and "vpnc". This value is used as name of the backup file "/etc/resolv.conf.saved.by.$SERVICE" > Or should we just leave it with a hard-coded 'vpnc' and not worry about > it? The only issue I see in this case is for an hypothetical user that runs vpnc and openconnect at same time on this "very" old version of Suse. The first SW to run will create a backup. The second, using same service name, will just change "/etc/resolv.conf" since its action is considered as an incremental change to "/etc/resolv.conf" made by same service. Can we accept this risk? We have similar issue in all the cases (not Suse) that fall using the default modify_resolvconf_generic() in vpnc-script. It just makes one backup file /var/run/vpnc/resolv.conf-backup and doesn't accept vpnc and openconnect running at same time. The second to run will just update resolv.conf. Antonio