Network manager and split DNS for a VPN?

[Paul Smith]

On Wed, 2017-04-12 at 19:30 +1000, Karl Auer wrote:
> On Tue, 2017-04-11 at 19:53 -0400, Paul Smith wrote:
> > You can run "sudo killall -HUP NetworkManager" to fix it
> 
> Well spin my nipple-nuts and send me to Alaska; that does work a treat.
> Well done. It doesn't fix the failure to add the additional domain to
> the search list, but its a heap better than no split at all. I look
> forward to the next LTS release.

I got a notice that the new dnsmasq-base was released via SRU to xenial-
updates today.  So if you're running 16.04 LTS you should be able to run
"sudo apt update && sudo apt upgrade" and get a fix for this problem.

I'm not sure what the story is with fixes for Yakkety or Zesty.  For
Yakkety you can fix it now, by enabling the -proposed repository.

> > you can add a script to force that to happen every time you bring up
> > a VPN interface
> 
> Can you suggest where that script should be located or hooked in? No
> option within NetworkManager that I can see. udev beckons, but is
> brittle and tricky. ifupdown?

Sure, easy: just create a script in /etc/NetworkManager/dispatcher.d:

  $ sudo -s

  # (echo '#!/bin/sh'; \
      echo '[ "$1 $2" != "tun0 up" ] || killall -HUP NetworkManager') \
      > /etc/NetworkManager/dispatcher.d/99resetnm

  # chmod 755 /etc/NetworkManager/dispatcher.d/99resetnm

Note that this assumes that your VPN device using tun not tap, and
always uses tun0.  You can check the VPN config and/or run "ifconfig -a"
when the VPN is running, to see what devices are being used.

The next time you start an interface this script will be run.  Delete
that file when you no longer need it (when you have the new dnsmasq
package).