Mailing List Archive: vpnc: devel

Split DNS

Index | Next | Previous | View Threaded

dwmw2 at infradead

Jun 13, 2012, 12:56 AM

Post #1 of 3 (438 views)
Permalink

Split DNS

In AnyConnect the server seems to offer an X-CSTP-Split-DNS: header,
which can appear multiple times, with search domains for the client to
use. I'm exporting these in $CISCO_SPLIT_DNS, space-separated.

I see that there's an ISAKMP_MODECFG_ATTRIB_CISCO_SPLIT_DNS, but we
don't seem to *do* anything with it. Like the IPv6 attributes which we
also ignore, just make vpnc clear the environment variable.

We really ought to make vpnc *support* these, given that we know how to
recognise them. But that's left as an exercise for someone who actually
has access to a server.

diff --git a/vpnc.c b/vpnc.c
index 91cf6d6..c9214ea 100644
--- a/vpnc.c
+++ b/vpnc.c
@@ -927,6 +927,7 @@ static int do_config_to_env(struct sa_block *s, struct isakmp_attribute *a)

unsetenv("CISCO_BANNER");
unsetenv("CISCO_DEF_DOMAIN");
+ unsetenv("CISCO_SPLIT_DNS");
unsetenv("CISCO_SPLIT_INC");
unsetenv("CISCO_IPV6_SPLIT_INC");
unsetenv("INTERNAL_IP4_NBNS");

--
dwmw2

Attachments:

smime.p7s (6.03 KB)

dwmw2 at infradead

Jun 13, 2012, 2:02 AM

Post #2 of 3 (405 views)
Permalink

Re: Split DNS [In reply to]

On Wed, 2012-06-13 at 08:56 +0100, David Woodhouse wrote:
> In AnyConnect the server seems to offer an X-CSTP-Split-DNS: header,
> which can appear multiple times, with search domains for the client to
> use. I'm exporting these in $CISCO_SPLIT_DNS, space-separated.
>
> I see that there's an ISAKMP_MODECFG_ATTRIB_CISCO_SPLIT_DNS, but we
> don't seem to *do* anything with it. Like the IPv6 attributes which we
> also ignore, just make vpnc clear the environment variable.
>
> We really ought to make vpnc *support* these, given that we know how to
> recognise them. But that's left as an exercise for someone who actually
> has access to a server.

I've just seen http://bugs.launchpad.net/ubuntu/+source/vpnc/+bug/954747
which adds similar support to vpnc, and noticed the patch that was sent
to this list in March. It's not entirely clear if the result is
space-separated there. Evan?

Is there a corresponding patch for vpnc-script already?

--
dwmw2

Attachments:

smime.p7s (6.03 KB)

evan at ebroder

Jun 13, 2012, 2:53 PM

Post #3 of 3 (415 views)
Permalink

Re: Split DNS [In reply to]

On Wed, Jun 13, 2012 at 2:02 AM, David Woodhouse <dwmw2 [at] infradead> wrote:
> On Wed, 2012-06-13 at 08:56 +0100, David Woodhouse wrote:
>> In AnyConnect the server seems to offer an X-CSTP-Split-DNS: header,
>> which can appear multiple times, with search domains for the client to
>> use. I'm exporting these in $CISCO_SPLIT_DNS, space-separated.
>>
>> I see that there's an ISAKMP_MODECFG_ATTRIB_CISCO_SPLIT_DNS, but we
>> don't seem to *do* anything with it. Like the IPv6 attributes which we
>> also ignore, just make vpnc clear the environment variable.
>>
>> We really ought to make vpnc *support* these, given that we know how to
>> recognise them. But that's left as an exercise for someone who actually
>> has access to a server.
>
> I've just seen http://bugs.launchpad.net/ubuntu/+source/vpnc/+bug/954747
> which adds similar support to vpnc, and noticed the patch that was sent
> to this list in March. It's not entirely clear if the result is
> space-separated there. Evan?
>
> Is there a corresponding patch for vpnc-script already?

Hi Dave -
With vpnc, I found that the list was comma-separated. I was mostly
interested in the NetworkManager integration, so I didn't write a real
patch for vpnc-script (though I did update the comments at the top). I
did get a patch into network-manager-vpnc:
http://git.gnome.org/browse/network-manager-vpnc/commit/?id=237e625883d251cb922d90c8cd7fa91fb9cc6c08

- Evan
_______________________________________________
vpnc-devel mailing list
vpnc-devel [at] unix-ag
https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
http://www.unix-ag.uni-kl.de/~massar/vpnc/

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads