💾 Archived View for zigford.org › openfortivpn-on-gentoo-with-openrc.gmi captured on 2023-03-20 at 17:41:22. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
Sharing linux/windows scripts and tips
April 14, 2021 — Jesse Harris
I recently setup a low-powered HP Stream laptop with Gentoo. Given it's lower spec, I opted for configuring it with a more conservative set of packages and decided to try OpenRC instead of systemd.
One of the default use flags for systemd, is resolvconf. On my other systems with Systemd, connecting to a FortiNet VPN usually results in DNS being automatically configured.
The Openfortivpn client uses resolvconf, but with OpenRC I don't have it installed, so I went about exploring how to configure the openfortivpn and ppp client to setup DNS automatically.
~~~
The man page for openfortivpn shows all the command line options which are also settable via the config file, which defaults to /etc/openfortivpn/config
The following settings caught my eye in the man page:
This option tries to update /etc/resolv.conf either by using resolvconf or by openfortivpn itself trying to prepend dns settings to /etc/resolv.conf.
I tried this option first and found that even without resolvconf installed,/etc/resolv.conf was correctly updated, however within seconds, the file had been overwritten and resolving hostnames with the vpn dns was no longer possible.
This tells openfortivpn to use resolvconf to configure DNS. I could install it, but I wanted to learn more about what hooks could be used to configure the DNS without it.
This option is passed to net-dialup/ppp and there is a matching usepeerdns option described in the pppd man page. In summary, the nameserver addresses are passed to /etc/ppp/ip-up scripts and added to /etc/ppp/resolv.conf. The ip-up script is responsible for launching scripts in /etc/ppp/ip-up.d/, and a quick peek in there shows a few scripts, one of which 40-dns.sh writes the /etc/ppp/resolv.conf.
Inspecting resolv.conf itself reveals dhcpcd is the culprid:
# Generated by dhcpcd from wlo1.dhcp
# /etc/resolv.conf.head can replace this line
The second line is the most interesting. I can use the ip-up and ip-down scripts to write and remove a symlink to /etc/ppp/resolv.conf
Here is the very basic script I have used:
/etc/ppp/ip-up.d/60-resolvconf.sh
#!/bin/sh
# symlink /etc/ppp/resolv.conf to /etc/resolv.conf.head
if [ ! -L /etc/resolv.conf.head ] && [ -f /etc/ppp/resolv.conf ]; then
ln -s /etc/ppp/resolv.conf /etc/resolv.conf.head
fi
/etc/ppp/ip-down.d/60-resolvconf.sh
#!/bin/sh
# remove symlink /etc/resolv.conf.head
if [ -L /etc/resolv.conf.head ]; then
rm /etc/resolv.conf.head
fi
With these scripts in place, everytime I launch openfortivpn, DNS is setup correctly.
Tags:
Generated with bashblog, a single bash script to easily create blogs like this one