I had a quite annoying problem on my laptop, that I solved using cfengine.
When the VPN software runs, it creates a virtual tun0 interface and changes a few things in the network configuration (e.g.: routes, /etc/resolv.conf,…). A problem arises when the DHCP lease is renewed on the physical interface, eth0 or wlan0: in fact, resolv.conf gets rewritten, and I can't resolve internal network addresses any more until I put a valid resolv.conf back in place.
A few days ago, while on vacation, I finally adapted my existing policies to run on my laptop. One of the policies keeps an eye on resolv.conf while I am on VPN, and rewrites it if dhclient does the smartass. I am testing it today for the first time, and I am really pleased to find this message in my mailbox:
Subject: community [cooper/192.168.0.5] Date: Thu, 19 Jul 2012 20:46:34 +0200 From: cfengine@localhost To: bronto@localhost R: Repaired resolver configuration in /etc/resolv.conf
So I'm pretty safe: if dhclient messes with my resolver, cfengine will set it back in <5 minutes time. Isn't that nice? 😉
Oh, and of course it does more than that. Depending on the location I am in, and whether I am in VPN or not, it reconfigures ntpd and restarts it, so that I always use the best configuration. But I don't want to bother you with the gory details, so I'll stop here 😉
3 thoughts on “cfengine vs vpn: 1-0”
Anonymous writes:i bet you are the guy who scratches his left side of head with the right hand
Anonymous writes:It should really support resolvconf/openresolv. This is one bug in a long line of others. See for example http://www.codelibre.net/~rleigh/juniper-linux-vpn
Originally posted by anonymous:
Thanks a lot Roger, it was an interesting reading indeed.