DNS settings from server are not being applied

[richardash1981]

When I connect to my employer's SonicWall VPN, no DNS servers / search domains are propagated, which means that most remote network resources are not reachable. If I manually set up the DNS servers then the connection works.

This is not a terribly recent SonicWall system, it works with V8.0 clients (which newer appliances do not).

Exploring a bit further, I found that this is because the DNS settings are being sent by the server in the HTTPS response, but are not supplied via PPP - even though usepeerdns is set in the pppd options.

INFO     Logging in...
DEBUG    Starting new HTTPS connection (1): <Hostname>:443
send: b'POST /cgi-bin/userLogin HTTP/1.1\r\nHost: <Hostname>\r\nAccept-Encoding: identity\r\nUser-Agent: Dell SonicWALL NetExtender for Linux 8.1.789\r\nX-NE-SESSIONPROMPT: true\r\nContent-Length: 72\r\nContent-Type: application/x-www-form-urlencoded\r\n\r\n'
send: b'username=<user>&password=<password>&domain=<domain>&login=true'
reply: 'HTTP/1.0 200 OK\r\n'
header: Server: SonicWALL SSLVPN Web Server
header: X-NE-tfresult: 0
header: MC-bookmarks: 1
header: Set-Cookie: swap=YzVkYTIxOTBzcGlyaXNwYQ==; path=/;
header: Connection: close
header: Content-Type: text/html; charset=UTF-8
DEBUG    https://<Hostname>:443 "POST /cgi-bin/userLogin HTTP/1.1" 200 None
INFO     Starting session...
DEBUG    Resetting dropped connection: <Hostname>
send: b'GET /cgi-bin/sslvpnclient?launchplatform=mac&neProto=3&supportipv6=no HTTP/1.1\r\nHost: <Hostname>\r\nAccept-Encoding: identity\r\nUser-Agent: Dell SonicWALL NetExtender for Linux 8.1.789\r\nCookie: swap=YzVkYTIxOTBzcGlyaXNwYQ==\r\n\r\n'
reply: 'HTTP/1.0 200 OK\r\n'
header: Server: SonicWALL SSLVPN Web Server
header: Set-Cookie: swap=c5da2190spirispa; path=/;
header: Connection: close
header: Content-Type: text/html; charset=UTF-8
DEBUG    https://<Hostname>:443 "GET /cgi-bin/sslvpnclient?launchplatform=mac&neProto=3&supportipv6=no HTTP/1.1" 200 None
DEBUG    Server response follows:
DEBUG    <html><head><title>SonicWALL - Virtual Office</title><meta http-equiv='pragma' content='no-cache'><meta http-equiv='cache-control' content='no-cache'><meta http-equiv='cache-control' content='must-revalidate'><meta http-equiv='Content-Type' content='text/html;charset=UTF-8'><link href='/styleblueblackgrey.css' rel=stylesheet type='text/css'><script>function neLauncherInit(){
NELaunchX1.userName = "<user>";
NELaunchX1.domainName = "LocalDomain";
SessionId = QkMO6MFoLUdjNiCNLyakRw==;
Route = 172.16.0.0/255.255.0.0
Route = 10.21.21.9/255.255.255.255
Route = 192.168.21.0/255.255.255.0
Route = 10.10.184.42/255.255.255.255
Route = 46.137.162.66/255.255.255.255
Route = 46.137.110.80/255.255.255.255
dns1 = 172.16.252.200
dns2 = 172.16.252.201
ipv6Support = no
dnsSuffix = <domain>
dnsSuffixes =<domain>
pppFrameEncoded = 0;
PppPref = async
TunnelAllMode = 0;
ExitAfterDisconnect = 0;
UninstallAfterExit = 0;
NoProfileCreate = 0;
AllowSavePassword = 1;
AllowSaveUser = 1;
AllowSavePasswordInKeychain = 1
AllowSavePasswordInKeystore = 1
ClientIPLower = "10.20.20.2";
ClientIPHigh = "10.20.20.254";
}</script></head></html>
DEBUG    End server response.
DEBUG    srv_option 'NELaunchX1.userName' = '"ra";'
DEBUG    srv_option 'NELaunchX1.domainName' = '"LocalDomain";'
DEBUG    srv_option 'SessionId' = 'QkMO6MFoLUdjNiCNLyakRw==;'
DEBUG    srv_option 'Route' = '172.16.0.0/255.255.0.0'
DEBUG    srv_option 'Route' = '10.21.21.9/255.255.255.255'
DEBUG    srv_option 'Route' = '192.168.21.0/255.255.255.0'
DEBUG    srv_option 'Route' = '10.10.184.42/255.255.255.255'
DEBUG    srv_option 'Route' = '46.137.162.66/255.255.255.255'
DEBUG    srv_option 'Route' = '46.137.110.80/255.255.255.255'
DEBUG    srv_option 'dns1' = '172.16.252.200'
DEBUG    srv_option 'dns2' = '172.16.252.201'
DEBUG    srv_option 'ipv6Support' = 'no'
DEBUG    srv_option 'dnsSuffix' = '<domain>'
WARNING  Unexpected line in session start message: 'dnsSuffixes =<domain>'
INFO     Duplicated srv_options value dnsSuffix = <domain>
DEBUG    srv_option 'dnsSuffix' = '<domain>'
DEBUG    srv_option 'pppFrameEncoded' = '0;'
DEBUG    srv_option 'PppPref' = 'async'
DEBUG    srv_option 'TunnelAllMode' = '0;'
DEBUG    srv_option 'ExitAfterDisconnect' = '0;'
DEBUG    srv_option 'UninstallAfterExit' = '0;'
DEBUG    srv_option 'NoProfileCreate' = '0;'
DEBUG    srv_option 'AllowSavePassword' = '1;'
DEBUG    srv_option 'AllowSaveUser' = '1;'
DEBUG    srv_option 'AllowSavePasswordInKeychain' = '1'
DEBUG    srv_option 'AllowSavePasswordInKeystore' = '1'
DEBUG    srv_option 'ClientIPLower' = '"10.20.20.2";'
DEBUG    srv_option 'ClientIPHigh' = '"10.20.20.254";'
INFO     Dialing up tunnel...
pppd: pppd options in effect:
pppd: debug debug               # (from command line)
pppd: logfd 2           # (from command line)
pppd: ktune             # (from command line)
pppd: dump              # (from command line)
pppd: nomp              # (from command line)
pppd: noauth            # (from command line)
pppd: lock              # (from /etc/ppp/options)
pppd: local             # (from command line)
pppd: lcp-echo-failure 2                # (from command line)
pppd: lcp-echo-interval 10              # (from command line)
pppd: noipdefault               # (from command line)
pppd: usepeerdns                # (from command line)
pppd: +ipv6             # (from /etc/ppp/options)
pppd: noccp             # (from command line)
pppd: using channel 2
pppd: Using interface ppp0
pppd: Connect: ppp0 <--> /dev/pts/4
pppd: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0xf49a6715> <pcomp> <accomp>]
pppd: rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0xfe428ad2>]
pppd: sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0xfe428ad2>]
pppd: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0xf49a6715> <pcomp> <accomp>]
pppd: rcvd [LCP ConfRej id=0x1 <pcomp>]
pppd: sent [LCP ConfReq id=0x2 <asyncmap 0x0> <magic 0xf49a6715> <accomp>]
pppd: rcvd [LCP ConfAck id=0x2 <asyncmap 0x0> <magic 0xf49a6715> <accomp>]
pppd: sent [LCP EchoReq id=0x0 magic=0xf49a6715]
pppd: sent [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns2 0.0.0.0>]
pppd: sent [IPV6CP ConfReq id=0x1 <addr fe80::182e:9a60:90f4:7231>]
pppd: rcvd [IPCP ConfReq id=0x1 <addr 192.0.2.1> <ms-dns1 0.0.0.0> <ms-dns2 0.0.0.0>]
pppd: sent [IPCP ConfRej id=0x1 <ms-dns1 0.0.0.0> <ms-dns2 0.0.0.0>]
pppd: rcvd [CCP ConfReq id=0x1 <mppe -H -M -S -L -D +C>]
pppd: Unsupported protocol 'Compression Control Protocol' (0x80fd) received
pppd: sent [LCP ProtRej id=0x3 80 fd 01 01 00 0a 12 06 00 00 00 01]
pppd: rcvd [LCP EchoRep id=0x0 magic=0xfe428ad2]
pppd: rcvd [IPCP ConfRej id=0x1 <compress VJ 0f 01>]
pppd: sent [IPCP ConfReq id=0x2 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns2 0.0.0.0>]
pppd: rcvd [LCP ProtRej id=0x1 80 57 01 01 00 0e 01 0a 18 2e 9a 60 90 f4 72 31]
pppd: Protocol-Reject for 'IPv6 Control Protocol' (0x8057) received
pppd: rcvd [IPCP ConfReq id=0x2 <addr 192.0.2.1>]
pppd: sent [IPCP ConfAck id=0x2 <addr 192.0.2.1>]
pppd: rcvd [IPCP ConfNak id=0x2 <addr 10.20.20.25>]
pppd: sent [IPCP ConfReq id=0x3 <addr 10.20.20.25> <ms-dns1 0.0.0.0> <ms-dns2 0.0.0.0>]
pppd: rcvd [IPCP ConfAck id=0x3 <addr 10.20.20.25> <ms-dns1 0.0.0.0> <ms-dns2 0.0.0.0>]
pppd: local  IP address 10.20.20.25
pppd: remote IP address 192.0.2.1
INFO     Remote routing configured, VPN is up
pppd: Script /etc/ppp/ip-up started (pid 7895)
pppd: Script /etc/ppp/ip-up finished (pid 7895), status = 0x1
pppd: sent [LCP EchoReq id=0x1 magic=0xf49a6715]
pppd: rcvd [LCP EchoRep id=0x1 magic=0xfe428ad2]

[richardash1981]

My system is running net-dns/openresolv https://roy.marples.name/projects/openresolv/, so from that point of view the "solution" is to process the information from the server (in the HTTPS response) into a command line call to /sbin/resolvconf -a ppp0 with the data piped to standard input.
This won't suit everyone however (and should probably be accompanied by removing usepeerdns from the pppd options), so needs to be configurable?