Hi all,

I'm running vpnc from my Debian GNU/Linux 6.0.3 (squeeze) laptop. I managed to set up the vpn tunnel towards my office network, but the dns resolution is broken.

After the vpn is established, I can see that vpnc modified my resolv.conf in order to use my office dns servers.

This is my resolv.conf during vpn connection:

root@produzione:/etc/vpnc# cat /etc/resolv.conf
#@VPNC_GENERATED@ -- this file is generated by vpnc
# and will be overwritten by vpnc
# as long as the above mark is intact
# Generated by NetworkManager
domain eu.didata.local
search WAG320N
nameserver 10.159.3.195
nameserver 10.159.225.11


The vpn tunnel is working fine, since I can ping some private ip addr used in my company, but I cannot browse the office intranet due to this resolution problem.

It seems like the system is still using normal dns (not the vpn-given dns), despite the modified resolv.conf.

Another detail: on my laptop I virtualized Win 7. From windows I can connect to the office vpn (with the cisco vpn client) and all is working fine. The dns obtained after vpn is established are the same that vpnc writes into resolv.conf!

As you can see, this is the Windows 7 virtual interface created by cisco vpn client while connected to the office vpn:

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . : eu.didata.local
Description . . . . . . . . . . . : Cisco Systems VPN Adapter
Physical Address. . . . . . . . . : 00-05-9A-3C-78-00
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 10.249.252.226(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.254.0
Default Gateway . . . . . . . . . : 10.249.252.1
DNS Servers . . . . . . . . . . . : 10.159.3.195
10.159.225.11
NetBIOS over Tcpip. . . . . . . . : Enabled

How can I fix this?

Thank you in advance,

pastoreerrante

Here this works fine:
1. prohibit dynamic resolv.conf updates (stop resolvconf or chattr +i the file)
Here mine:
nameserver 127.0.0.1
search my-home.dyndns-at-home.com ad.my-work.at my-work.at

setup a local dns server ("caching-only" should do, but you may create entries for your
local network hosts) and add the forwarders
from w0rkplace like here:

zone "my-work.at" {
type forward;
forwarders { 172.18.64.49; 172.18.64.50; };
};

Obviously you should use the appropriate IPs here.

Hi Woodypecke, thank you for the fast reply!

Can you explain to me why the dns in the vpnc-modified resolv.conf are not working at all? I mean, if I have company dns in my resolv.conf, shouldn't firefox and all my system use those in order to provide names resolution? I don't understand why it's not working.

The first time I set up the vpn connection, all was working fine but the second time I tried to bring up the tunnel the names resolution was suddenly broken. From this I deduce I don't really need a dns server on my laptop.

Thank you in advance,

pastoreerrante

Ok, now it's working!

the working resolv.conf is this one:

root@produzione:/home/daniele# cat /etc/resolv.conf
#@VPNC_GENERATED@ -- this file is generated by vpnc
# and will be overwritten by vpnc
# as long as the above mark is intact
# Generated by NetworkManager
nameserver 10.159.3.195
nameserver 10.159.225.11
search eu.didata.local


I don't know why now vpnc modified my resolv.conf in this way.

Thank you!

then please mark thread as solved.