David Woodhouse <dwmw2 <at> infradead.org> writes:
>
> On Thu, 2014-07-03 at 16:52 +0100, Burton, Ross wrote:
> > On 3 July 2014 11:42, David Woodhouse <dwmw2 <at> infradead.org> wrote:
> > > Hm, odd. Did you ever come up with a coherent solution to this?
> > > Arguably, it's OK to do something which "breaks split DNS" in the case
> > > when you weren't using split DNS, so we could make that line
> > > conditional. But isn't DNS still going to be broken in the 'split' case,
> > > and never give you answers for hosts on the VPN?
> >
> > My coherent solution is currently to use my other Linux or Windows
> > machines, depending on what bit of the VPN I need to access, and will
> > be installing the commercial VPN tools along with numerous other
> > "approved" applications soon...
> >
> > I considered filing a bug but as I wasn't actually using vpnc, I can
> > see it being ignored.
>
> There's an openconnect port too, and the use cases are identical so I'm
> fairly sure it'll bite vpnc users too.
>
Hi,
I have a rather complex set of VPN needs and google queries led me
here. I routinely need to connect to 3 or more VPNs simultaneously.
Additionally, I need DNS queries to be answered from servers on the
appropriate VPN. In Linux, I solved this by installing bind9 with
a custom config, removing resolvconf, pointing resolv.conf to
localhost and making it immutable.
Is there a better way?
I downloaded the above linked version of vpnc-script and according
to scutil, it looks like it's doing the right thing? I see DNS
servers for the various VPNs, but fail to resolve. For example:
Wards-MacBook-Pro:tmp jeward$ ps -ef|grep vpn
0 107 1 0 10:28AM ?? 2:36.88
/opt/cisco/anyconnect/bin/vpnagentd -execv_instance 0 18108
1 0 11:56AM ?? 0:00.05 vpnc core
DNS configuration
resolver #1
search domain[0] : ibm.com search domain[1] : lotus.com search
domain[2] : s81c.com search domain[3] : ibmmodules.com search
domain[4] : coremetrics.com nameserver[0] : 10.0.1.1 if_index :
4 (en0) flags : Request A records reach : Reachable,Directly
Reachable Address
resolver #2
domain : coremetrics.com nameserver[0] : 10.4.200.11 nameserver[1]
: 10.4.200.10 flags : Request A records reach : Reachable
order : 100800
Wards-MacBook-Pro:tmp jeward$ host infmgt1.prod.coremetrics.com
Host infmgt1.prod.coremetrics.com not found: 3(NXDOMAIN)
If I specify the appropriate DNS server, it resolves:
Wards-MacBook-Pro:tmp jeward$ host infmgt1.prod.coremetrics.com
Host infmgt1.prod.coremetrics.com not found: 3(NXDOMAIN)
Wards-MacBook-Pro:tmp jeward$ nslookup infmgt1.mgt 10.4.200.11
Server: 10.4.200.11 Address: 10.4.200.11#53
Name: infmgt1.mgt.coremetrics.com Address: 10.4.200.10
It seems I'm very close... Any help?
Thanks in advance,
James
