Openconnect: using your own DNS
After setting up a VPN using Openconnect, local sites stop resolving.
Stop using the DNS server belonging to the VPN; instead, use your own DNS server and hardcode servers you want to reach through the VPN in your /etc/hosts file.
- You are using Openconnect (the replacement for the Cisco tool AnyConnect) on a Unix machine;
- You trust the DNS server you are connected to, perhaps because you are working in a trusted network, perhaps because you are connected through another VPN to a trusted DNS server;
- There are only a few hosts you want to reach through the VPN;
- This was written for Openconnect 3.20, but it should work for newer versions too.
Openconnect uses a shell script to initialize all network settings. Those settings are provided through environment variables. What we will do is provide our own script; it will unset the DNS environment variables and call the original script.
Create a script vpnc-script-no-dns and put it somewhere logical (for example, /etc/openconnect/):
# Replace the path below with the location where the original script is located
exec /usr/share/vpnc-scripts/vpnc-script "$@"
Make sure you call openconnect with the parameter --script=/etc/openconnect/vpnc-script-no-dns (replacing the patch as needed).
Put any hosts you want to reach through the VPN in /etc/hosts.