DNS resolution and VPNC

I have been trying to use VPNC as a replacement for Cisco VPN client (since I cant’ get it working on 2.6.25). I’ve run into a problem with the name resolution.

I am able to connect and have access to resources on my companies network. But I have to know the IP address of everything and that doesn’t work. I’ve checked /etc/resolv.conf and it shows the updated settings to reflect the internal DNS servers but any time I try to access by name it is unable to resolve. Also, when I do an nslookup I get an error ‘unable to parse /etc/resolv.conf’

Has anyone run into this, and if so, how did you resolve it?

Thanks

Because I only need to connect to a small set of hosts, I simply put the mappings in /etc/hosts. It doesn’t answer your question but it worked for me. BTW sounds like you have a syntax error in /etc/resolv.conf.

I had checked the /etc/resolv.conf to see if there was an error. It appeared fine. It was auto-edited by vpnc. Upon exiting, it restored to the previous and then name resolution worked on my internal network.

If I could get either this or vpnclient to work I’d be fine but so far no dice.

Host:~$ more /etc/resolv.conf
#@VPNC_GENERATED@ – this file is generated by vpnc

and will be overwritten by vpnc

as long as the above mark is intact

generated by NetworkManager, do not edit!

domain domain_not_set.invalid inin.com

search domain_not_set.invalid

nameserver 10.10.1.2
nameserver 10.10.1.29

Any thoughts/ideas would be appreciated.

Perhaps the vpnc script made /etc/resolv.conf not world readable?

Thanks for responding to this. I’ve gotten the cisco client to work so I’m not going to bother trying to figure this out anymore. I do appreciate the ideas though. I’ve not had much luck getting help on this forum in the past. Hopefully this has changed since I last was on here.

Thanks again.

Well Cisco VPN Client isn’t something a lot of OpenSUSE users deal with. I didn’t like CVC because it was too intrusive (inserted itself as a module into the kernel, IIRC) and killed all my other routes. I suppose it could be construed as security but I prefer to continue to have access to my LAN while using VPN, so I stayed with vpnc.

I agree with the local access point. I wish it would work that way. If I had a way to direct the traffic then that would be fine.

If the DNS stuff would work fine then I would definitely use VPNC, as my home network only consists of a few systems I could definitely write those in my hosts file and be satisfied.

I reinstalled the Gnome version from KDE and I’ll try it again to see if I see a different behavior. I’ve already noticed some differences with the network stuff from KDE so I’ll see how this goes.

I would check that bit about the /etc/resolv.conf file permissions. If that file is not readable by world, DNS resolution isn’t going to work for any non-root apps.

Hi all,
I have the same problem with VPNC and DNS resolv. I have checked, and the rights to resolv.conf file is:

Owner: Read and Write
Group: Can read
Others: Can read

I have tried to run nslookup both as an ordinary user and from root, but same problem. If anybody has any ideas I would be really grateful.

Kind regards,
Harald

Are those permissions while vpnc is running?

Yes, this is while vpnc is still running. I can (logged in as myself) read the resolv.conf file.

Harald

Ok, try this. While vpnc is running and has changed /etc/resolv.conf, run this:

strace host www.google.com > strace.out 2>&1

This will generate a lot of output in strace.out. Look for the open of /etc/resolv.conf and see if it succeeded and what follows.

Here are the results:

open("/etc/resolv.conf", O_RDONLY) = 5
fstat(5, {st_mode=S_IFREG|0644, st_size=249, …}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5a6e14c000
read(5, “#@VPNC_GENERATED@ – this file i”…, 4096) = 249
read(5, “”, 4096) = 0
close(5) = 0
munmap(0x7f5a6e14c000, 4096) = 0
write(2, "host: ", 6host: ) = 6
write(2, “parse of /etc/resolv.conf failed”, 32parse of /etc/resolv.conf failed) = 32
write(2, "
", 1
) = 1
exit_group(1) = ?

Looks like he manages to open it, but then fails to read the contents.

Harald

Ok it looks like a parse problem. What does /etc/resolv.conf contain? We can probably fix it by editing the vpnc scripts.

Here is the resolv.conf file:

**#@VPNC_GENERATED@ – this file is generated by vpnc

and will be overwritten by vpnc

as long as the above mark is intact

generated by NetworkManager, do not edit!

domain lan meno.local

search lan

nameserver 10.16.1.64

nameserver 10.16.1.65**

Hope this helps

Harald

Looking at the man page for resolv.conf, it seems that the domain line is illegal, it should contain only one domain, not both lan and meno.local. However the search line can contain a list. Also the man page says that the domain and search directives are mutually exclusive and the last one wins.

Try removing the domain line and add meno.local to the search line and see if that gives you what you want, while vpnc is running. If that works, then you have to hack the vpnc script to generate the right commands. It seems as if the script intended to treat domain like search and vice versa. This would be a vpnc package bug.

Hi,
i’m working by suse10.2 and must install and configure vpn for connect to internet ,
i installed very package for create a vpn client connection for example pptpconfig and that DEPENDENCE but ,

but i want create new vpn connetion there is no item by this name (pptp tunnel)
pls see this SITE

and this in the my system,
http://www.sharemation.com:80/majid1364/VP.jpg
how to install or insert “pptp tunnel” to this menu?

Hello, sorry for the late response.

I tried to remove the domain line and add meno.local to the search line, and it sort of worked. I get all external adresses up when I ping them, but not local ones (in the meno.local domain). Funny thing, when I do a NSLOOKUP it works fine, and I get the IP address, but not when I ping the same server.

Harald

Well pings can be blocked, or are you saying that the ping program doesn’t resolve the address?

Sorry, should have been more specific. Ping can’t resolve IP address, but NSLOOKUP can. Which I find a bit strange.

Harald