[gentoo-user] Openconnect overwriting /etc/resolv.conf

[gentoo-user] Openconnect overwriting /etc/resolv.conf

[Alexander Kapshuk]

Been using openconnect for a few years now.
I currently have net-misc/openconnect-7.06-r1 installed.
This morning, when logged in at a remote site, I noticed that when
clicking, or typing, nothing would happen. Which somehow seemed to
result in a similar behavior back on the local system, i.e. attempting
to type commands in terminal had stopped working.

Having rebooted my system and poked around system log and config
files, I noticed that my /etc/resolv.conf got overwritten by
openconnect. Further investigation indicated that it is done by design
via this script: /etc/openconnect/openconnect.sh.
I do not know if this is a recent change in openconnect's behaviour, I
had no trouble of this sort doing remote work on the same system
yesterday.

An ad-hoc solution I have found online and applied to my environment is this:
http://serverfault.com/questions/331299/how-can-i-stop-openconnect-from-changing-etc-resolv-conf
chattr +i /etc/resolv.conf

This seems to have helped. I can click and type both on remote systems
and the local one with no trouble at all.

Anyone else experienced this?
What are your thoughts and suggestions on the matter?

Thanks.

Re: [gentoo-user] Openconnect overwriting /etc/resolv.conf

[Mike Gilbert]

On Tue, Dec 13, 2016 at 6:05 AM, Alexander Kapshuk
<alexander.kapshuk@gmail.com> wrote:
> Been using openconnect for a few years now.
> I currently have net-misc/openconnect-7.06-r1 installed.
> This morning, when logged in at a remote site, I noticed that when
> clicking, or typing, nothing would happen. Which somehow seemed to
> result in a similar behavior back on the local system, i.e. attempting
> to type commands in terminal had stopped working.
>
> Having rebooted my system and poked around system log and config
> files, I noticed that my /etc/resolv.conf got overwritten by
> openconnect. Further investigation indicated that it is done by design
> via this script: /etc/openconnect/openconnect.sh.
> I do not know if this is a recent change in openconnect's behaviour, I
> had no trouble of this sort doing remote work on the same system
> yesterday.
>
> An ad-hoc solution I have found online and applied to my environment is this:
> http://serverfault.com/questions/331299/how-can-i-stop-openconnect-from-changing-etc-resolv-conf
> chattr +i /etc/resolv.conf
>
> This seems to have helped. I can click and type both on remote systems
> and the local one with no trouble at all.
>
> Anyone else experienced this?
> What are your thoughts and suggestions on the matter?

You could install net-dns/openresolv, and set resolvconf=NO in
/etc/resolvconf.conf. openconnect.sh will automatically utilize
openresolv if it is installed, and that config setting prevents
openresolve from making any updates.

An uglier solution is to edit /etc/openconnect/openconnect.sh, and
comment out the following lines:

In do_connect():

    if [ -n "$INTERNAL_IP4_DNS" ]; then
        $MODIFYRESOLVCONF
    fi

In do_disconnect():

    if [ -n "$INTERNAL_IP4_DNS" ]; then
        $RESTORERESOLVCONF
    fi

Re: [gentoo-user] Openconnect overwriting /etc/resolv.conf

[Alexander Kapshuk]

On Wed, Dec 14, 2016 at 1:19 AM, Mike Gilbert <floppym@gentoo.org> wrote:
> On Tue, Dec 13, 2016 at 6:05 AM, Alexander Kapshuk
> <alexander.kapshuk@gmail.com> wrote:
>> Been using openconnect for a few years now.
>> I currently have net-misc/openconnect-7.06-r1 installed.
>> This morning, when logged in at a remote site, I noticed that when
>> clicking, or typing, nothing would happen. Which somehow seemed to
>> result in a similar behavior back on the local system, i.e. attempting
>> to type commands in terminal had stopped working.
>>
>> Having rebooted my system and poked around system log and config
>> files, I noticed that my /etc/resolv.conf got overwritten by
>> openconnect. Further investigation indicated that it is done by design
>> via this script: /etc/openconnect/openconnect.sh.
>> I do not know if this is a recent change in openconnect's behaviour, I
>> had no trouble of this sort doing remote work on the same system
>> yesterday.
>>
>> An ad-hoc solution I have found online and applied to my environment is this:
>> http://serverfault.com/questions/331299/how-can-i-stop-openconnect-from-changing-etc-resolv-conf
>> chattr +i /etc/resolv.conf
>>
>> This seems to have helped. I can click and type both on remote systems
>> and the local one with no trouble at all.
>>
>> Anyone else experienced this?
>> What are your thoughts and suggestions on the matter?
>
> You could install net-dns/openresolv, and set resolvconf=NO in
> /etc/resolvconf.conf. openconnect.sh will automatically utilize
> openresolv if it is installed, and that config setting prevents
> openresolve from making any updates.
>
> An uglier solution is to edit /etc/openconnect/openconnect.sh, and
> comment out the following lines:
>
> In do_connect():
>
>     if [ -n "$INTERNAL_IP4_DNS" ]; then
>         $MODIFYRESOLVCONF
>     fi
>
> In do_disconnect():
>
>     if [ -n "$INTERNAL_IP4_DNS" ]; then
>         $RESTORERESOLVCONF
>     fi
>

I went ahead with the former suggestion, which worked as advertised for me.

Thanks very much.