In AnyConnect the server seems to offer an X-CSTP-Split-DNS: header,
which can appear multiple times, with search domains for the client to
use. I'm exporting these in $CISCO_SPLIT_DNS, space-separated.
I see that there's an ISAKMP_MODECFG_ATTRIB_CISCO_SPLIT_DNS, but we
don't seem to *do* anything with it. Like the IPv6 attributes which we
also ignore, just make vpnc clear the environment variable.
We really ought to make vpnc *support* these, given that we know how to
recognise them. But that's left as an exercise for someone who actually
has access to a server.
diff --git a/vpnc.c b/vpnc.c
index 91cf6d6..c9214ea 100644
--- a/vpnc.c
+++ b/vpnc.c
@@ -927,6 +927,7 @@ static int do_config_to_env(struct sa_block *s, struct isakmp_attribute *a)
unsetenv("CISCO_BANNER");
unsetenv("CISCO_DEF_DOMAIN");
+ unsetenv("CISCO_SPLIT_DNS");
unsetenv("CISCO_SPLIT_INC");
unsetenv("CISCO_IPV6_SPLIT_INC");
unsetenv("INTERNAL_IP4_NBNS");
--
dwmw2
which can appear multiple times, with search domains for the client to
use. I'm exporting these in $CISCO_SPLIT_DNS, space-separated.
I see that there's an ISAKMP_MODECFG_ATTRIB_CISCO_SPLIT_DNS, but we
don't seem to *do* anything with it. Like the IPv6 attributes which we
also ignore, just make vpnc clear the environment variable.
We really ought to make vpnc *support* these, given that we know how to
recognise them. But that's left as an exercise for someone who actually
has access to a server.
diff --git a/vpnc.c b/vpnc.c
index 91cf6d6..c9214ea 100644
--- a/vpnc.c
+++ b/vpnc.c
@@ -927,6 +927,7 @@ static int do_config_to_env(struct sa_block *s, struct isakmp_attribute *a)
unsetenv("CISCO_BANNER");
unsetenv("CISCO_DEF_DOMAIN");
+ unsetenv("CISCO_SPLIT_DNS");
unsetenv("CISCO_SPLIT_INC");
unsetenv("CISCO_IPV6_SPLIT_INC");
unsetenv("INTERNAL_IP4_NBNS");
--
dwmw2
Attached Files:
-
smime.p7s (6.03 KB)