As stated in a previous question I want to connect to 2 VPN servers at the same time and for each connection specify the IPs of computers I want to reach with it.
One of this VPN connection is done with vpnc and a default.conf file, and the other one is done with a Cisco client (I am not able, for now at least to connect with vpnc because I don't have the IPSecrete element required to connect).
I am ok with the connection done through vpnc: I am able to connect configure the targeted IPs to use the created interface as following:
#!/bin/sh
#Get default gateway
DEFGW=`ip route list | grep default | awk -F' ' '{print $3 }'`
DEVICE=`ip route list | grep default | awk -F' ' '{print $5 }'`
echo "Default Gatway is: $DEFGW on device $DEVICE"
echo "Starting vpnc"
sudo vpnc
echo "Adding routes to known computers through VPN network interface"
sudo route add -net 132.181.11.0 netmask 255.255.255.0 dev tun0
echo "Adding all other routes through standard network interface"
sudo route del default
sudo route add default gw $DEFGW dev $DEVICE
Now, before running the two connections simultaneously, I am trying to do the same with the Cisco client but I am facing on problem with resolv.conf. This file is modified by the VPN client with a domain value and to DNS servers values. Running the following script result in DNS resolutions errors (reported by chrome)
#!/bin/sh
#Get default gateway
DEFGW=`ip route list | grep default | awk -F' ' '{print $3 }'`
DEVICE=`ip route list | grep default | awk -F' ' '{print $5 }'`
echo "Default Gatway is: $DEFGW on device $DEVICE"
echo "Starting cisco"
sudo /opt/cisco/vpn/bin/vpn connect 134.214.244.203
echo "Adding routes to computers through VPN network interface"
sudo route add -net 132.212.146.156 netmask 255.255.255.255 dev cscotun0
echo "Adding all other routes through standard network interface"
sudo route del default
sudo route add default gw $DEFGW dev $DEVICE
Any help and comments on this, and solve the issue are welcome.
Thanks
Best Answer
/etc/resolv.confdefines how the computer resolves host names (e.g. which, if any, default domain names are searched when you try to resolve a non-FQDN hostname....lookup for a barewwwbecomeswww.yourdomain.example.com), and which name servers are used to do the lookup.One of the reasons, and the most likely, that VPN clients might modify /etc/resolv.conf is to make the VPN client computer use a particular nameserver for hostname resolution - e.g. if the VPN router runs a caching name-server.
There is nothing stopping you from changing /etc/resolv.conf back to what you want it to be, and the VPN client software may even provide you with some automated method of doing that (otherwise just cp a backup copy of resolv.conf back into place)....but you may have difficulty resolving some names (e.g. some domains are set up with public and private views - outsiders see only "public" names, while insiders - including VPN clients - see all the internal, private names as well).
One way to solve this would be to cp not a backup copy of the original resolv.conf, but a modified copy with both your preferred name-servers and search domains as well as what the VPN client software wants.