Description of problem: /etc/vpnc/vpnc-script incorrectly writes an /etc/resolv.conf with multiple domains on the "domain" line instead of putting them on the "search" line. This causes "host" to barf. For example, this is a vpnc-script-generated resolv.conf: domain cisco.com lab.cisco.com search cisco.com nameserver 192.168.y.z nameserver 64.x.y.z Version-Release number of selected component (if applicable): vpnc-0.5.1-5.fc9.i386 How reproducible: Always Steps to Reproduce: 1. vpnc into a gateway that provides two search domains 2. the search domains will be placed on the "domain" line instead of the "search" line of resolv.conf Actual results: > host foo host: parse of /etc/resolv.conf failed Expected results: > host foo foo.cisco.com is an alias for foo1.cisco.com. foo1.cisco.com has address 64.x.y.z
Created attachment 305368 [details] Fixed vpnc-script This vpnc-script separates the cases for domain*) and search*). This avoids appending to an existing domain line.
I do not have Brian Long's problem of getting two search domians that Brian Long mentioned. My problem is that I have been using vpnc in Fedora 9 (2.6.25-14.fc9.i686) successfully with no problem. However, recently I updated the kernel to Fedora9 (2.6.25.6-55.fc9.i686) together with many other updates last week. Then when I start the vpnc procedure, I get the following message: /etc/vpnc/vpnc-script: line 99: /sbin/ip: Permission denied /etc/vpnc/vpnc-script: line 100: /sbin/ip: Permission denied /etc/vpnc/vpnc-script: line 104: /sbin/ifconfig: Permission denied /etc/vpnc/vpnc-script: line 123: /sbin/ip: Permission denied /etc/vpnc/vpnc-script: line 123: /sbin/ip: Permission denied /etc/vpnc/vpnc-script: line 124: /sbin/ip: Permission denied /etc/vpnc/vpnc-script: line 133: /sbin/ip: Permission denied /etc/vpnc/vpnc-script: line 134: /sbin/ip: Permission denied /etc/vpnc/vpnc-script: line 135: /sbin/ip: Permission denied VPNC started in background (pid: 3127)... and the vpnc connection does not work. I tried to boot the system with the older kernel of Fedora 9 (2.6.25-14.fc9.i686), but now the same error message comes out. How do we fix this bug? C. Y. Wong
re comment #2: This seems like problem with SELinux policy in regards to vpnc. Can you please open a new bug against vpnc with this report and attach dump of 'ausearch -m AVC' and put dwalsh(@redhat.com) to cc of the new bug?
As for the original report. It is questionable whether the domain line should be changed at all. I think it should not and just the search line should be modified or added when it is not present.
That's acceptable to me.
vpnc-0.5.1-6.fc9 has been submitted as an update for Fedora 9
Fedora 8 too, please?
vpnc-0.5.1-6.fc9 has been pushed to the Fedora 9 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update vpnc'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F9/FEDORA-2008-6782
Fedora 8 too, please? TIA.
vpnc-0.5.1-6.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.