My main laptop is running Ubuntu 12.10 64bit desktop. To access my corporate intranet I need to run a proprietary VPN solution (Lotus Mobility Client, or LMC) which works very well - it actually has some great features. However, as you would expect, LMC is not integrated with Network Manager at all, and writes directly to /etc/resolv.conf, inserting the VPN domain at the head of the search list, and the VPN nameservers before any existing ones. As usual, this causes problems with local name resolution when I am working from my home network.
So for the last couple of days I've been trying to make my VPN play nice with resolvconf and the new local resolver (dnsmasq), trying to get the resolver to handle the VPN smoothly. Since the VPN is proprietary, my options for configuration are limited. The best I can do (as far as I can tell) is to prevent it from updating /etc/resolv.conf at all, and I can have it start a program of my choice when the VPN is established. Since I know the nameservers and domain within my corporate intranet that the VPN would configure, surely I can configure them manually?
After reading all the resolvconf documentation I could find, and the design brief for the DNS resolver changes in 12.04, and the various outstanding bugs, I decided my best option would be to set the VPN to not update /etc/resolv.conf, and have a script invoked by the VPN client use resolvconf to update the resolver manually.
The VPN creates an interface called "wc0", see:
Code:
$ ifconfig -a -s
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0 1500 0 2584463 0 0 0 4905490 0 0 0 BMRU
lo 16436 0 81161 0 0 0 81161 0 0 0 LRU
wc0 1348 0 11 0 0 0 44 0 0 0 MOPRU
wlan0 1500 0 31160 0 0 0 835 0 0 0 BMRU
I generated a file called resolv.wc0 containing something analogous to:
Code:
search abc.com
nameserver 1.2.3.4
nameserver 1.2.3.5
I then established the VPN, and ran the command "sudo resolvconf -a wc0.lmc < resolv.wc0".
abc.com is added to the search terms in /run/resolvconf/resolv.conf, which is linked to by /etc/resolv.conf, as it should be. Clearly there is no change to the nameserver entry, which still contains 127.0.1.1, which is serviced by dnsmasq. However, attempting to ping a known server (server.abc.com) inside my VPN intranet results in failure to resolve the name. Issuing dig @1.2.3.4 server.abc.com resolves it perfectly, so I have a working connection over the VPN, and the nameservers are up. It appears that the resolver (dnsmasq) is not being updated properly by resolvconf.
Running "sudo resolvconf -d wc0.lmc" undoes my manual changes, removing abc.com from the search terms in /run/resolvconf/resolv.conf again. But this leaves me out of ideas, and open to suggestions on what I need to do differently to make name resolution within my VPN work. HELP!
Bookmarks