Comments (8)
dlenski
commented on September 18, 2024
1
I've pushed a new dnspython branch, which uses https://github.com/rthalley/dnspython to do the DNS lookups instead of dig.
Should be easier to maintain, less error-prone, and faster to do the lookups.
@m0ngr31 @gmacon @jeLee6gi @joelbu … would be great to have some of you test this branch if you're still using vpn-slice.
from vpn-slice.
jeLee6gi
commented on September 18, 2024
1
Works like a charm for my relative simple usecase (same as in #45)
from vpn-slice.
gmacon
commented on September 18, 2024
1
This is working for me.
from vpn-slice.
dlenski
commented on September 18, 2024
It's not writing to /etc/hosts because it's getting timed-out while looking up the hosts, hence why you have helping warning messages about failing dig processes. (That's the tool used to do the DNS lookups.)
Why is dig failing? I have no idea… ¯_(ツ)_/¯
What happens if you add --dump -v to the vpn-slice arguments to make it print out more details about the routing configuration passed in by OpenConnect?
from vpn-slice.
m0ngr31
commented on September 18, 2024
Here's what I get with those flags:
Established DTLS connection (using GnuTLS). Ciphersuite (DTLS0.9)-(RSA)-(AES-256-CBC)-(SHA1).
WARNING: IPv6 address or netmask set, but this version of vpn-slice has only rudimentary support for them.
Called by /usr/sbin/openconnect (PID 37345) with environment variables for vpnc-script:
reason => reason=<reasons.pre_init: 1>
VPNGATEWAY => gateway=IPv4Address('XXX.XXX.XXX.149')
CISCO_DEF_DOMAIN => domain=['corp.XXXXXX.com']
INTERNAL_IP4_ADDRESS => myaddr=IPv4Address('172.135.4.22')
INTERNAL_IP4_MTU => mtu=1406
INTERNAL_IP4_NETMASK => netmask=IPv4Address('255.255.224.0')
INTERNAL_IP4_NETMASKLEN => netmasklen=19
INTERNAL_IP4_NETADDR => network=IPv4Network('172.135.0.0/19')
INTERNAL_IP4_DNS => dns=[IPv4Address('X.X.X.X'), IPv4Address('XXX.XXX.XXX.XXX')]
INTERNAL_IP6_ADDRESS => myaddr6=IPv6Address('XXXX:XXXX:XXXX:XXXX::1085')
INTERNAL_IP6_NETMASK => netmask6=IPv6Interface('XXXX:XXXX:XXXX:XXXX::1085/64')
WARNING: IPv6 address or netmask set, but this version of vpn-slice has only rudimentary support for them.
Called by /usr/sbin/openconnect (PID 37345) with environment variables for vpnc-script:
reason => reason=<reasons.connect: 2>
VPNGATEWAY => gateway=IPv4Address('XXX.XXX.XXX.XXX')
TUNDEV => tundev='tun0'
CISCO_DEF_DOMAIN => domain=['corp.XXXXXX.com']
INTERNAL_IP4_ADDRESS => myaddr=IPv4Address('172.135.4.22')
INTERNAL_IP4_MTU => mtu=1406
INTERNAL_IP4_NETMASK => netmask=IPv4Address('255.255.224.0')
INTERNAL_IP4_NETMASKLEN => netmasklen=19
INTERNAL_IP4_NETADDR => network=IPv4Network('172.135.0.0/19')
INTERNAL_IP4_DNS => dns=[IPv4Address('10.73.97.6'), IPv4Address('XXX.XXX.XXX.XXX')]
INTERNAL_IP6_ADDRESS => myaddr6=IPv6Address('XXXX:XXXX:XXXX:XXXX::1085')
INTERNAL_IP6_NETMASK => netmask6=IPv6Interface('XXXX:XXXX:XXXX:XXXX::1085/64')
Blocked incoming traffic from VPN interface with iptables.
Added routes for 2 nameservers, 0 subnets, 0 aliases.
Restored routes for 0 excluded subnets.
Adding /etc/hosts entries for 2 nameservers...
XX.XX.XX.XX = dns0.tun0
XXX.XXX.XXX.XXX = dns1.tun0
Looking up 113 hosts using VPN DNS servers...
WARNING: Lookup for XXX.XXX.com on VPN DNS servers failed.
I left a working Manjaro install to this. It also had the same issue on Ubuntu 19.10 when I tried that yesterday as well. Just fyi.
from vpn-slice.
m0ngr31
commented on September 18, 2024
I also just tried this with 18.04 with the same results. Was there an update to the package that could have broken this?
I installed v0.11 and it works fine again. So it's probably just been a while since I had updated and the new updates don't work on my corp VPN.
from vpn-slice.
dlenski
commented on September 18, 2024
I installed
v0.11and it works fine again. So it's probably just been a while since I had updated and the new updates don't work on my corp VPN.
I see that your VPN is offering IPv6 addresses and IPv6 DNS servers.
We've added some IPv6 support (see #6, #30 which were in v0.11; 1e5c92b, #39 were added in v0.13). Unfortunately I cannot thoroughly test the IPv6 support since I do not have access to a VPN that supports IPv6 myself.
Likely there is something wrong with the dig command line we're using to do the DNS lookup in your case. Please test 3a4bbdb, where I've added additional logging of the exact DNS lookup command line in the case where it fails.
from vpn-slice.
dlenski
commented on September 18, 2024
Thanks @jeLee6gi and @gmacon. Will merge it soon!
from vpn-slice.
Related Issues (20)
- Eliminate deprecated route cache flushing
- Connect WSL2 with openconnect and vpn-slice, to use windows apps like a pro HOT 1
- Use syscall instead of subprocess HOT 2
- Connect to IP on non http/s ports HOT 3
- current `vpn-slice` fails with `(22, 'Invalid argument')` HOT 6
- vpn-slice fails to install on Fedora 37 HOT 2
- Cannot read/write /etc/hosts with no-ns-hosts option HOT 2
- Please release a new version of the master branch HOT 5
- Split DNS check incorrectly uses ResolveConfSplitDNSProvider on Fedora 37 HOT 7
- vpn-slice==0.16.1 raise PackageNotFoundError(name) HOT 4
- Question (not bug): Kerberos SSO over VPN-Slice HOT 2
- Specifying a route with a non-default port HOT 2
- loading stuck HOT 1
- WARNING: no split dns provider available; can't split dns HOT 1
- Exclude hosts by name HOT 1
- Routes cleanup on disconnect HOT 2
- --dump option causes crash when using one or more host-to-ip aliases
- Split DNS not working when using `--background` flag HOT 6
- hostname args ineffective in background mode on openconnect HOT 12
- New issue with openconnect/vpn-slice due to env change? HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from vpn-slice.