Attempt to determine if dnsmasq is being used to manage name resolution
and, if so, update the configuration with VPN-supplied DNS information.
Signed-off-by: Joe MacDonald <joe_macdonald at mentor.com>
---
Adding any level of dnsmasq interaction makes it pretty easy to set up
best-effort split-horizon DNS. This does depend on having resolvconf
managing things as well, but the concept should apply equally well to a
non-resolvconf scenario. It just seemed easiest and least invasive to
create / remove the dnsmasq.d configuration piece in the
*_resolvconf_manager() functions. I try to err on the side of asking the
VPN DNS more often rather than less but still use the
previously-configured resolver for what looks like non-VPN traffic.
vpnc-script | 54 +++++++++++++++++++++++++++++++++++++++++++++++-------
1 file changed, 47 insertions(+), 7 deletions(-)
diff --git a/vpnc-script b/vpnc-script
index 79cf6e2..bbde4cd 100755
--- a/vpnc-script
+++ b/vpnc-script
@@ -360,6 +360,22 @@ fi
# =========== resolv.conf handling for any OS =========================
+do_restart_dnsmasq() {
+ SERVICE=`which service`
+ if [ -x $SERVICE ] ; then
+ $SERVICE dnsmasq restart
+ else
+ if [ -x /etc/init.d/dnsmasq ] ; then
+ /etc/init.d/dnsmasq restart
+ else
+ SYSTEMCTL=`which systemctl`
+ if [ -x $SYSTEMCTL ] ; then
+ $SYSTEMCTL restart dnsmasq
+ fi
+ fi
+ fi
+}
+
modify_resolvconf_generic() {
grep '^#@VPNC_GENERATED@' /etc/resolv.conf > /dev/null 2>&1 || cp -- /etc/resolv.conf "$RESOLV_CONF_BACKUP"
NEW_RESOLVCONF="#@VPNC_GENERATED@ -- this file is generated by vpnc
@@ -542,19 +558,43 @@ restore_resolvconf_openwrt() {
modify_resolvconf_manager() {
NEW_RESOLVCONF=""
- for i in $INTERNAL_IP4_DNS; do
- NEW_RESOLVCONF="$NEW_RESOLVCONF
+ if [[ -d /etc/dnsmasq.d/ && `pgrep dnsmasq` ]] ;
+ then
+ # the system has dnsmasq installed and appears to be using it so inform
+ # dnsmasq about the new servers and domains
+ if [ -n "$CISCO_DEF_DOMAIN" ]; then
+ # limit searching the VPN servers for only VPN addresses, but it is
+ # better to cast too wide a net on this than miss VPN address lookups.
+ VPN_DNS=`echo $CISCO_DEF_DOMAIN | awk -F. '{ print "/" $(NF-1) "." $NF "/" }'`
+ fi
+ for i in $INTERNAL_IP4_DNS; do
+ NEW_RESOLVCONF="$NEW_RESOLVCONF
+server=$VPN_DNS$i"
+ done
+ echo "$NEW_RESOLVCONF" > /etc/dnsmasq.d/$TUNDEV.conf
+ # inform dnsmasq that there is a new configuraiton fragment to consider.
+ do_restart_dnsmasq
+ else
+ for i in $INTERNAL_IP4_DNS; do
+ NEW_RESOLVCONF="$NEW_RESOLVCONF
nameserver $i"
- done
- if [ -n "$CISCO_DEF_DOMAIN" ]; then
- NEW_RESOLVCONF="$NEW_RESOLVCONF
+ done
+ if [ -n "$CISCO_DEF_DOMAIN" ]; then
+ NEW_RESOLVCONF="$NEW_RESOLVCONF
domain $CISCO_DEF_DOMAIN"
+ fi
+ echo "$NEW_RESOLVCONF" | /sbin/resolvconf -a $TUNDEV
fi
- echo "$NEW_RESOLVCONF" | /sbin/resolvconf -a $TUNDEV
}
restore_resolvconf_manager() {
- /sbin/resolvconf -d $TUNDEV
+ if [[ -d /etc/dnsmasq.d/ && `pgrep dnsmasq` ]] ;
+ then
+ rm -f /etc/dnsmasq.d/$TUNDEV.conf
+ do_restart_dnsmasq
+ else
+ /sbin/resolvconf -d $TUNDEV
+ fi
}
# ========= Toplevel state handling =======================================
--
1.7.10.4
