On Wed, Jan 17, 2018 at 9:46 AM, David Woodhouse <[email protected]> wrote: > On Wed, 2018-01-17 at 09:41 +0100, Nikos Mavrogiannopoulos wrote: >> Hi, >> I got a report in ocserv that openconnect would not see an IPv6 DNS >> address. Checking it further it seems that openconnect client would >> only set INTERNAL_IP4_DNS with the contents of whatever the servers >> provided (ipv4 or ipv6 address). As ocserv may send an IPv6 address, >> that would be wrong. >> >> The attached patch can make openconnect set INTERNAL_IP6_DNS instead, >> however vpnc-script doesn't seem to anything with that variable. >> >> Is there already some handling of IPv6 DNS addresses that I'm missing, >> or it is not supported at this point? > > The INTERNAL_IP4_DNS variable is misnamed. > > For addresses and routes it makes sense to have separate configuration > for IPv6 vs. Legacy IP. > > There is no such distinction for DNS. You don't have separate DNS > servers for IPv6 lookups vs. legacy lookups. All the DNS servers go > into the *same* list.
Makes sense. It seems there is some confusion about that in vpnc-script. I'm attaching this small patch which clarifies that there. regards, Nikos
From f97154ea8d2c5ba222e71b3aa307738c19e39ec3 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos <[email protected]> Date: Wed, 17 Jan 2018 11:40:22 +0100 Subject: [PATCH] Document the fact that INTERNAL_IP4_DNS contains all servers Moreover, fix the accidental use of INTERNAL_IP6_DNS when deleting routes. Signed-off-by: Nikos Mavrogiannopoulos <[email protected]> --- vpnc-script | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/vpnc-script b/vpnc-script index ae13947..5a841d0 100755 --- a/vpnc-script +++ b/vpnc-script @@ -29,11 +29,10 @@ #* INTERNAL_IP4_NETMASK -- netmask (often unset) #* INTERNAL_IP4_NETMASKLEN -- netmask length (often unset) #* INTERNAL_IP4_NETADDR -- address of network (only present if netmask is set) -#* INTERNAL_IP4_DNS -- list of dns servers +#* INTERNAL_IP4_DNS -- list of dns servers (IPv4 and IPv6) #* INTERNAL_IP4_NBNS -- list of wins servers #* INTERNAL_IP6_ADDRESS -- IPv6 address #* INTERNAL_IP6_NETMASK -- IPv6 netmask -#* INTERNAL_IP6_DNS -- IPv6 list of dns servers #* CISCO_DEF_DOMAIN -- default domain name #* CISCO_BANNER -- banner from server #* CISCO_SPLIT_INC -- number of networks in split-network-list @@ -811,8 +810,10 @@ do_disconnect() { fi i=`expr $i + 1` done - for i in $INTERNAL_IP6_DNS ; do - del_ipv6_network_route "$i" "128" + for i in $INTERNAL_IP4_DNS ; do + if echo "$i" | grep : >/dev/null; then + del_ipv6_network_route "$i" "128" + fi done elif [ -n "$INTERNAL_IP6_NETMASK" -o -n "$INTERNAL_IP6_ADDRESS" ]; then reset_ipv6_default_route -- 2.14.3
_______________________________________________ openconnect-devel mailing list [email protected] http://lists.infradead.org/mailman/listinfo/openconnect-devel
