On Fri, Mar 01, 2019 at 01:47:22PM -0800, Otto Kratik wrote: > On Tuesday, February 19, 2019 at 2:53:22 PM UTC-5, Jon deps wrote: > > > https://www.qubes-os.org/doc/vpn/ > > > > I believe it would be helpful if you indicate which method you have > > used to create the VPN per the URL there .... > > > > > > perhaps it is more obvious to others .... > > > Thanks for your reply - sorry I somehow missed seeing it earlier. I managed > to sort of figure out what is going on and sort of fix it. > > I am using the super-simple method of just invoking "openvpn whatever.ovpn" > from terminal within an AppVM itself, rather than creating a dedicated proxy > or gateway as suggested in the docs. What is happening is the following.. > > Initially before connecting to the vpn, the file /etc/resolv.conf contains > the default Qubes sys-net dns entries, namely: > > nameserver 10.139.1.1 > nameserver 10.139.1.2 > > > When the vpn connects, it uses update-resolv-conf to overwrite the contents > of that file. It places some comment-text near the top and changes the > nameserver entries to its own, which is good and wanted of course. No > complaints. > > When terminating the vpn connection by any means available (I tried several > different ones), openvpn again automatically updates that /etc/resolv.conf > file, but *only* to remove the entries it placed there, nothing more. The > comment-text is left intact and the nameserver entries are simply deleted, > resulting in a more or less empty and useless file and no DNS resolution > whatsoever. The script does not seem to store and remember the previous > entries that were there before (sys-net defaults) and replace them when > finished. It just erases everything and leaves it like that. > > Thus after disconnecting the vpn I have to go back into that file and > manually re-add the sys-net entries to regain DNS resolution functionality. > Ultimately I'm just going to write a short bash script that puts the needed > entries back after disconnection, which I'll run at termination every time. > > I don't know enough about openvpn to instruct it to "always run this extra > script upon disconnection", though I'm sure there must be a relatively easy > way to do so. >
Call it with --down <cmd> to have a script run when the tunnel closes. If you check the man page, there are a variety of different options for running scripts/commands at different events, but I suspect that will fit the bill. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20190302020753.fufcx25cdx2k5r6c%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
