Created attachment 625124 [details] Patch for vpnc-script against Fedora 18 I have written up a small patch to add support for unbound into the vpnc-script. I can't find a real good "upstream" for this script, I have submitted the same patch to David Woodhouse against his copy of vpnc-script, which isn't the same as Fedora's. The change is small, essentially it checks if unbound is installed and running, if so it configures unbound to forward requests for the VPN's domain to the VPN supplied DNS servers. This is adds just a small piece to the work that was done here for Fedora 17: https://fedoraproject.org/wiki/Features/DNSSEC_on_workstations NetworkManager doesn't seem to use the vpnc-script (at least for openconnect) so I imagine in order to get that working something would need to be done along the lines of the dnsmasq support that is in the latest NetworkManager releases. -Erinn
Created attachment 631221 [details] Corrected patch Corrected the patch to actually add the lines instead of remove them, oops. -Erinn
Note your attached patch is based on an older version of the openswan patch. You should add "unbound-control flush_requestlist" as well when the tunnel goes up or down, so the outstanding queries are also dropped. Other then that, I recommend this patch goes in :)
Created attachment 632555 [details] Final version of patch Thanks, added that command. -Erinn
Can we please get this merged in for Fedora 20? -Erinn
vpnc-0.5.3-19.svn457.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/vpnc-0.5.3-19.svn457.fc20
vpnc-0.5.3-18.svn457.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/vpnc-0.5.3-18.svn457.fc19
Package vpnc-0.5.3-18.svn457.fc19: * should fix your issue, * was pushed to the Fedora 19 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing vpnc-0.5.3-18.svn457.fc19' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2013-17610/vpnc-0.5.3-18.svn457.fc19 then log in and leave karma (feedback).
vpnc-0.5.3-18.svn457.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
vpnc-0.5.3-19.svn457.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
For me with a clean install of Fedora 20 Beta the vpnc-script does not have the unbound changes: erinn@thin-mint2 ~ $ cat /etc/fedora-release Fedora release 20 (Heisenbug) erinn@thin-mint2 ~ $ rpm -q vpnc-script vpnc-script-0.5.3-19.svn457.fc20.noarch erinn@thin-mint2 ~ $ grep -i unbound /etc/vpnc/vpnc-script Not sure what happened, but it doesn't seem to appear.
confirmed. patch was listed but not applied. Will build updated packages.
Just wanted to nudge this along again. If we can get the patch into the vpnc-script that would be great. -Erinn
vpnc-0.5.3-20.svn457.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/vpnc-0.5.3-20.svn457.fc20
vpnc-0.5.3-19.svn457.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/vpnc-0.5.3-19.svn457.fc19
vpnc-0.5.3-20.svn457.fc20 works
Package vpnc-0.5.3-19.svn457.fc19: * should fix your issue, * was pushed to the Fedora 19 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing vpnc-0.5.3-19.svn457.fc19' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2014-3097/vpnc-0.5.3-19.svn457.fc19 then log in and leave karma (feedback).
vpnc-0.5.3-19.svn457.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
vpnc-0.5.3-20.svn457.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.