Jump to Navigation

Openconnect: using your own DNS


After setting up a VPN using Openconnect, local sites stop resolving.


Stop using the DNS server belonging to the VPN; instead, use your own DNS server and hardcode servers you want to reach through the VPN in your /etc/hosts file.


  • You are using Openconnect (the replacement for the Cisco tool AnyConnect) on a Unix machine;
  • You trust the DNS server you are connected to, perhaps because you are working in a trusted network, perhaps because you are connected through another VPN to a trusted DNS server;
  • There are only a few hosts you want to reach through the VPN;
  • This was written for Openconnect 3.20, but it should work for newer versions too.


Openconnect uses a shell script to initialize all network settings. Those settings are provided through environment variables. What we will do is provide our own script; it will unset the DNS environment variables and call the original script.


Create a script vpnc-script-no-dns and put it somewhere logical (for example, /etc/openconnect/):

# Replace the path below with the location where the original script is located
exec /usr/share/vpnc-scripts/vpnc-script "$@"

Make sure you call openconnect with the parameter --script=/etc/openconnect/vpnc-script-no-dns (replacing the patch as needed).

Put any hosts you want to reach through the VPN in /etc/hosts.

Technical_article | by Dr. Radut