DHCP clients and VPN connections
Evan Hunt
Evan_Hunt at isc.org
Fri Apr 4 18:23:13 UTC 2008
> There's a few suggestions for workarounds in the bug report followups, but I
> don't think any of them are particularly ideal.
>
> Does anyone have any suggestions on how to deal with this scenario?
I agree with David that dbus is a good long-term solution to this problem,
but as a stupider, shorter-term workaround, how about this:
You configure one interface on your system to be "primary for config".
When dhclient runs on *that* interface, the hook script updates
resolv.conf, and includes a comment containing the PID of dhclient:
# NOCLOBBER vpn0 dhclient 1234
search foo.com
nameserver 10.1.1.3
When dhclient runs on any other interface, it checks resolv.conf for the
NOCLOBBER comment. If it isn't there, or if it is but the PID no longer
exists or isn't dhclient, then the script updates resolv.conf *without*
adding a comment.
So, let's say you've set primary-config to "vpn0". You run dhclient on
eth0, resolv.conf is updated. Run it on vpn0, resolv.conf is updated
again, and the comment is added. When eth0 is renewed, resolv.conf is
*not* updated, because now there's a NOCLOBBER in there. When vpn0 is
renewed, resolv.conf *is* updated.
(If you wanted to get crazy, you could even set up a hierarchy of
interfaces--vpn0 can override anyone, eth1 can override eth0, etc.)
Minor remaining issue: What to do when you tear down vpn0. Force a renew
on eth0? Restore the previous resolv.conf from a cache? I can think of a
few different ways to handle it, not sure which is best.
--
Evan Hunt -- evan_hunt at isc.org
Internet Systems Consortium, Inc.
More information about the dhcp-users
mailing list