Bug 865092 - Patch: Add support for unbound to vpnc-script
Patch: Add support for unbound to vpnc-script
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: vpnc (Show other bugs)
20
All Linux
unspecified Severity medium
: ---
: ---
Assigned To: Christian Krause
Fedora Extras Quality Assurance
: Reopened
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-10-10 15:42 EDT by Erinn Looney-Triggs
Modified: 2014-03-07 01:42 EST (History)
4 users (show)

See Also:
Fixed In Version: vpnc-0.5.3-20.svn457.fc20
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-03-07 01:31:44 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Patch for vpnc-script against Fedora 18 (1.28 KB, patch)
2012-10-10 15:42 EDT, Erinn Looney-Triggs
no flags Details | Diff
Corrected patch (1.28 KB, patch)
2012-10-21 23:40 EDT, Erinn Looney-Triggs
no flags Details | Diff
Final version of patch (1.35 KB, patch)
2012-10-24 02:41 EDT, Erinn Looney-Triggs
no flags Details | Diff

  None (edit)
Description Erinn Looney-Triggs 2012-10-10 15:42:50 EDT
Created attachment 625124 [details]
Patch for vpnc-script against Fedora 18

I have written up a small patch to add support for unbound into the vpnc-script. I can't find a real good "upstream" for this script, I have submitted the same patch to David Woodhouse against his copy of vpnc-script, which isn't the same as Fedora's. 

The change is small, essentially it checks if unbound is installed and running, if so it configures unbound to forward requests for the VPN's domain to the VPN supplied DNS servers. 

This is adds just a small piece to the work that was done here for Fedora 17: https://fedoraproject.org/wiki/Features/DNSSEC_on_workstations

NetworkManager doesn't seem to use the vpnc-script (at least for openconnect) so I imagine in order to get that working something would need to be done along the lines of the dnsmasq support that is in the latest NetworkManager releases.

-Erinn
Comment 1 Erinn Looney-Triggs 2012-10-21 23:40:11 EDT
Created attachment 631221 [details]
Corrected patch

Corrected the patch to actually add the lines instead of remove them, oops. 

-Erinn
Comment 2 Paul Wouters 2012-10-22 12:42:22 EDT
Note your attached patch is based on an older version of the openswan
patch. You should add "unbound-control flush_requestlist" as well when
the tunnel goes up or down, so the outstanding queries are also dropped.

Other then that, I recommend this patch goes in :)
Comment 3 Erinn Looney-Triggs 2012-10-24 02:41:28 EDT
Created attachment 632555 [details]
Final version of patch

Thanks, added that command. 

-Erinn
Comment 4 Erinn Looney-Triggs 2013-09-22 10:53:33 EDT
Can we please get this merged in for Fedora 20?

-Erinn
Comment 5 Fedora Update System 2013-09-24 17:00:50 EDT
vpnc-0.5.3-19.svn457.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/vpnc-0.5.3-19.svn457.fc20
Comment 6 Fedora Update System 2013-09-24 17:02:10 EDT
vpnc-0.5.3-18.svn457.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/vpnc-0.5.3-18.svn457.fc19
Comment 7 Fedora Update System 2013-09-26 02:04:36 EDT
Package vpnc-0.5.3-18.svn457.fc19:
* should fix your issue,
* was pushed to the Fedora 19 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing vpnc-0.5.3-18.svn457.fc19'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2013-17610/vpnc-0.5.3-18.svn457.fc19
then log in and leave karma (feedback).
Comment 8 Fedora Update System 2013-10-03 21:55:32 EDT
vpnc-0.5.3-18.svn457.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 9 Fedora Update System 2013-10-03 21:59:37 EDT
vpnc-0.5.3-19.svn457.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 10 Erinn Looney-Triggs 2013-11-15 12:51:41 EST
For me with a clean install of Fedora 20 Beta the vpnc-script does not have the unbound changes:

erinn@thin-mint2 ~ $ cat /etc/fedora-release 
Fedora release 20 (Heisenbug)
erinn@thin-mint2 ~ $ rpm -q vpnc-script
vpnc-script-0.5.3-19.svn457.fc20.noarch
erinn@thin-mint2 ~ $ grep -i unbound /etc/vpnc/vpnc-script

Not sure what happened, but it doesn't seem to appear.
Comment 11 Paul Wouters 2013-11-15 13:00:24 EST
confirmed. patch was listed but not applied. Will build updated packages.
Comment 12 Erinn Looney-Triggs 2014-02-20 13:56:51 EST
Just wanted to nudge this along again. If we can get the patch into the vpnc-script that would be great.

-Erinn
Comment 13 Fedora Update System 2014-02-25 13:00:03 EST
vpnc-0.5.3-20.svn457.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/vpnc-0.5.3-20.svn457.fc20
Comment 14 Fedora Update System 2014-02-25 13:15:46 EST
vpnc-0.5.3-19.svn457.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/vpnc-0.5.3-19.svn457.fc19
Comment 15 lnie 2014-02-26 02:05:31 EST
vpnc-0.5.3-20.svn457.fc20 works
Comment 16 Fedora Update System 2014-02-26 08:55:44 EST
Package vpnc-0.5.3-19.svn457.fc19:
* should fix your issue,
* was pushed to the Fedora 19 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing vpnc-0.5.3-19.svn457.fc19'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2014-3097/vpnc-0.5.3-19.svn457.fc19
then log in and leave karma (feedback).
Comment 17 Fedora Update System 2014-03-07 01:31:44 EST
vpnc-0.5.3-19.svn457.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 18 Fedora Update System 2014-03-07 01:42:02 EST
vpnc-0.5.3-20.svn457.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.