vpnc and resolv.conf

I am using vpnc, which works fine, except it rewrites (temporarily) my
resolv.conf. I don't need DNS resolution with vpn, because I connect
to one and only one host using IP address. On the other hand I'd like
to use my network normally, access Internet, etc. Currently I am
solving the problem by overwriting vpnc generated resolv.conf with
backup of my original file. Everything works as desired, but the
solution look a little ... well, dumb. Is there any elegant way to
solve this ?

TIA

In <1479b035-b3c2-43d7-98b7-(E-Mail Removed)> blueparty <(E-Mail Removed)> writes:

> I am using vpnc, which works fine, except it rewrites (temporarily) my
> resolv.conf.
> [...]
> Is there any elegant way to solve this ?

Thankfully it's been 2 1/2 years since I needed to use vnpc, but IIRC
"DNSUpdate no" in /etc/vpnc/default.conf did the trick.

Eddi ._._.
--
e-mail: dk3uz AT arrl DOT net | AMPRNET: (E-Mail Removed)
Linux/m68k, the best U**x ever to hit an Atari!

> * *Thankfully it's been 2 1/2 years since I needed to use vnpc, but IIRC

I can see why you say that...

> "DNSUpdate no" in /etc/vpnc/default.conf did the trick.
>

That parameter does not exist in my version of vpnc. From Google I can
see that it stopped working in older versions, while it was still
present. Interesting, program totally ignores file permissions. I
tried to make resolv.conf unwritable, but, since vpnc must be run with
root privileges, it simply overrides that. That's strange, because
most source codes I examined checked if the file was writable in the
same time when the checked if the file exists.

Well, thanks for the answer, anyway.

blueparty <(E-Mail Removed)> wrote:
> That parameter [DNSUpdate] does not exist in my version of vpnc. From
> Google I can see that it stopped working in older versions, while it was
> still present.

According to the README file included in the Debian distribution, this
parameter is indeed deprecated, but it was managed by the "vpnc-connect"
wrapper script anyway.

Taking a quick look through the new "vpnc-wrapper" script, it seems
to me that if you add this line as the second line of that script
(i.e. underneath the #!/bin/sh line), it will prevent updates to the
/etc/resolv.conf file:

INTERNAL_IP4_DNS=


Personally, I'd rather the maintainers had kept the DNSUpdate parameter.
Sigh.

Chris

blueparty <(E-Mail Removed)> wrote in news:55a02bf0-f9f5-
4308-9dd9-(E-Mail Removed):

>> "DNSUpdate no" in /etc/vpnc/default.conf did the trick.
>>
>
> That parameter does not exist in my version of vpnc. From Google I can
> see that it stopped working in older versions, while it was still
> present. Interesting, program totally ignores file permissions. I
> tried to make resolv.conf unwritable, but, since vpnc must be run with
> root privileges, it simply overrides that. That's strange, because
> most source codes I examined checked if the file was writable in the
> same time when the checked if the file exists.

Make the resolv.conf you wish to preserve immutable. man chattr
--
buck

In <55a02bf0-f9f5-4308-9dd9-(E-Mail Removed)> blueparty <(E-Mail Removed)> writes:

>> Thankfully it's been 2 1/2 years since I needed to use vnpc, but IIRC

> I can see why you say that...

Not really. When I needed to use vpnc it was always preceeded by my
being dragged out of bed in the middle of the night because some
customer's dirtware was misbehaving.

>> "DNSUpdate no" in /etc/vpnc/default.conf did the trick.

> That parameter does not exist in my version of vpnc.
> [...]

Well, then I regret being unable to help you.

Eddi ._._.
--
e-mail: dk3uz AT arrl DOT net | AMPRNET: (E-Mail Removed)
Linux/m68k, the best U**x ever to hit an Atari!

wow such a nice and good thread being continue here,,as well as also you are providing good info,,and i will must say its just due to yours all the efforts and hard work which can be seen here..good work,,good luck..