In the following scripts the original "/etc/resolv.conf' is saved, and a new one is generated, using the nameservers passed by the VPN server.
After the VPN connection has been terminated, the original resolv.conf is restored.
The relevant code of the new startup script
Code:
# ============== active code
/usr/local/sbin/openvpn \
--config ${CONFIG} \
--verb 4 \
--script-security 2 execve \
--ifconfig-noexec \
--up /etc/openvpn/up \
--down /etc/openvpn/up # yes, 'up', we handle everything in one script
# EXPLANTION OF OPTIONS (see 'man openvpn' for the details)
# -----------------------------------------------------------------------------------------------
# --config : specifies the configuration file supplied by the VPN service
# --verb : the verbosity level
# --script-security 2 execve : allow scripts to be executed
# --ifconfig-noexec : do not execute/run/do an 'ifconfig' on the device we are using
# --up : specify the name of the script where we do our own 'ifconfig'
# --down : script after tun0 has been torn down
# -----------------------------------------------------------------------------------------------
The new 'up' script :
Code:
#!/bin/sh
# $Id: up,v 1.5 2011/02/11 04:00:21 root Exp $
_log_environment() {
LOG="/var/log/OpenVPN-up-$(date '+%m%d_%H%M').log"
cat <<-END >> ${LOG}
DATE: $(date '+%Y%m%d_%H%M')
-------- Available environment variables --------
$(env | sort)
----------------------------------------
END
}
_do_ifconfig() {
/sbin/ifconfig ${dev} ${ifconfig_local} netmask ${ifconfig_netmask} mtu ${tun_mtu}
cat <<-END
Configuration of ${dev} :
# ifconfig ${dev}
$(ifconfig $dev)
---------------------------------------------
END
}
_show_resolv.conf() {
cat <<-END
Contents of /etc/resolv.conf
-------------------------------------------
$(cat /etc/resolv.conf)
-------------------------------------------
$(ls -l /etc/resolv.conf*)
-------------------------------------------
END
}
_create_new_resolv.conf() {
TEMP=resolv.conf.TEMP
install -o root -g wheel -m u=rw,g=r,o=r /dev/null ${TEMP}
cat <<-END >>${TEMP}
# $(date) : resolv.conf generated for OpenVPN connection
lookup file bind
END
# --- environment variables wich hold nameserver addresses
#foreign_option_1='dhcp-option DNS 80.254.79.157'
#foreign_option_2='dhcp-option DNS 80.254.77.39'
if [ ! X"${foreign_option_1}" = X ] ; then
if (echo ${foreign_option_1} | grep 'dhcp-option DNS' >/dev/null ) ; then
echo ${foreign_option_1} | sed -e 's/^..*DNS/nameserver/' >> ${TEMP}
fi
fi
if [ ! X"${foreign_option_2}" = X ] ; then
if (echo ${foreign_option_2} | grep 'dhcp-option DNS' >/dev/null ) ; then
echo ${foreign_option_2} | sed -e 's/^..*DNS/nameserver/' >> ${TEMP}
fi
fi
# get nr of 'nameserver ww.xx.yy.zz' lines
count=$(egrep -c '^nameserver +[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+' ${TEMP})
if [ ${count} -gt 0 ] ; then
if [ -f /etc/resolv.conf ]; then
cat /etc/resolv.conf > /etc/resolv.conf.beforeVPN
fi
install -S -m u=rw,g=r,o=r ${TEMP} /etc/resolv.conf && echo 'resolv.conf for VPN installed'
fi
}
_restore_resolv.conf() {
if [ -f /etc/resolv.conf -a -f /etc/resolv.conf.beforeVPN ] ; then
printf "\nSaving 'resolv.conf used during VPN ... "
install -S -m u=rw,g=r,o=r /etc/resolv.conf /etc/resolv.conf.duringVPN && echo OK
printf "\nRestoring original pre-VPN 'resolv.conf' ... "
install -S -m u=rw,g=r,o=r /etc/resolv.conf.beforeVPN /etc/resolv.conf && echo OK
else
echo Sorry: Cannot restore original resolv.conf
echo ------------------------------------------
ls -l /etc/resolv.conf*
echo -----------------------
fi
}
# ==================== active code
_log_environment
if [ ${script_context} = "init" -a ${script_type} = 'up' ] ; then
_do_ifconfig
echo 'Setting up resolv.conf ....'
_show_resolv.conf
_create_new_resolv.conf
_show_resolv.conf
fi
if [ ${script_context} = "init" -a ${script_type} = 'down' ] ; then
echo 'Restoring previous resolv.conf ....'
_show_resolv.conf
_restore_resolv.conf
_show_resolv.conf
fi
# --- EOF --
EDIT: specified the exact file permissions for 'install(1)' so we don't get the default 'x' (eXecute) permissions.
Code:
RCS file: RCS/up,v
retrieving revision 1.4
diff -u -r1.4 up
--- up 2011/02/11 02:19:03 1.4
+++ up 2011/02/11 03:46:44
@@ -67,7 +67,7 @@
if [ -f /etc/resolv.conf ]; then
cat /etc/resolv.conf > /etc/resolv.conf.beforeVPN
fi
- install -S ${TEMP} /etc/resolv.conf && echo 'resolv.conf for VPN installed'
+ install -S -m u=rw,g=r,o=r ${TEMP} /etc/resolv.conf && echo 'resolv.conf for VPN installed'
fi
}
@@ -77,9 +77,9 @@
if [ -f /etc/resolv.conf -a -f /etc/resolv.conf.beforeVPN ] ; then
printf "\nSaving 'resolv.conf used during VPN ... "
- install -S /etc/resolv.conf /etc/resolv.conf.duringVPN && echo OK
+ install -S -m u=rw,g=r,o=r /etc/resolv.conf /etc/resolv.conf.duringVPN && echo OK
printf "\nRestoring original pre-VPN 'resolv.conf' ... "
- install -S /etc/resolv.conf.beforeVPN /etc/resolv.conf && echo OK
+ install -S -m u=rw,g=r,o=r /etc/resolv.conf.beforeVPN /etc/resolv.conf && echo OK
else
echo Sorry: Cannot restore original resolv.conf
echo ------------------------------------------
Another reason for not pasting the files but to download the now corrected versions.