[clug-talk] VPN name resolution question

John Jardine john_e_jardine at spamcop.net
Tue Apr 7 14:15:31 PDT 2009


On Tue, 2009-04-07 at 14:23 -0600, Shawn wrote:
> Royce's question regarding name resolution triggered a neuron for me...
> 
> When I establish a VPN connection to a remote network, I need name 
> resolution to work for servers there.  At the moment the only way to do 
> this seems to be to change my /etc/resolv.conf file to use their 
> nameserver.  But that means that all name requests are now going through 
> their network - even for things that have nothing to do with their network.
> 
> I have set up a script to establish the VPN connection, backup my 
> resolv.conf file and replace it with one that has the remote name 
> server.  But there's probably a better way.
> 
> Any tips?
Different VPNs will give you different behaviours.  Some VPNs are used
to enable access to an additional resource - the machine(s) on the other
end of the VPN.  Other VPNs essentially capture your machine and attach
it to the VPN'd network.

In the first scenario you can use dnsmasq (as per Simons suggestion).  I
have done something like this within my home office to spoof my external
public network.  That allows me to move my laptop between my office and
externally with no change in the URLs I use to access multiple Apache
Virtual Hosts. I know I'm kinda pimping myself here but check:
http://herd-of-neurons.com/node/6

The second scenario captures all traffic, including DNS, so resolution
of VPN'd resources is not normally a problem.  Where you have a problem
is accessing your local resources (shares/printers etc).  The only way I
ever found around that was to start a VM.  Then VPN from the VM and
split my workload appropriately.


> 
> Shawn
> 
> _______________________________________________
> clug-talk mailing list
> clug-talk at clug.ca
> http://clug.ca/mailman/listinfo/clug-talk_clug.ca
> Mailing List Guidelines (http://clug.ca/ml_guidelines.php)
> **Please remove these lines when replying




More information about the clug-talk mailing list