[Vpn-help] DNS Fix perhaps

[mgrooms]

On Fri, 26 Oct 2007 13:11:46 -0500, Peter Eisch <peter at boku.net> wrote:
> 
> On 10/26/07 1:02 PM, "mgrooms" <mgrooms at shrew.net> wrote:
> 
>> Very impressive piece of investigative work!!! This gives me a wealth of
>> ammunition with respect to getting this problem resolved. I will invest
>> some time in researching this over the weekend which will hopefully
> yield
>> something useful for you and Peter as soon as time permits :)
>>
> 
> Along this line, could you consider user-configurable hooks that could
> execute BAT scripts that happen at the moments of tunnel up, tunnel down,
> tunnel failed to connect?  Suppose I wanted to add/remove a mount or such
> things.
> 

Peter,

Normally I think this would be handled by a domain login script. But since
vpn enabled domain login wont be available until the 2.3 time frame, this
sounds like a useful and reasonably simple feature to include for the near
term. It would also be beneficial in the long term for simplifying
connectivity to file servers that are not governed by AD or a Domain
controller.

One of my biggest goals is to allow the client to be centrally
administrable as much as possible via options supplied by the gateway
during modecfg. If this were to be a feature of the client, I would like to
be able to push these scripts from racoon via modecfg. Of course, there
would be a client side override for this feature like every other site
configuration option available. Fortunately, as I am an ipsec tools
maintainer, adding support for this should be a fairly trivial task :)
There may even be a Cisco unity attribute defined for handling this which
we use quite liberally throughout the racoon modecfg source code. If not,
an ipsec tools specific IKE vendor attribute can always be defined to
handle it. I will add this to my list of things to investigate during the
2.1 development cycle.

Thanks again,

-Matthew