pabsan-0/forticlient-dns-dispatcher.sh

## forticlient-dns-dispatcher.sh
#!/bin/bash
#
# FortiClient VPN DNS configuration script.
# Helps with DNS wipes happening arbitrarity with Ubuntu 22.04 and Forticlient 7.2.5,
# appearing to the user that the VPN works just sometimes. Tune the TODO fields in the script.
# Run either manually or via NetworkManager dispatcher:
# https://wiki.archlinux.org/title/NetworkManager#Dispatcher_scripts
#
# Save this script as:
# /etc/NetworkManager/dispatcher.d/90-forticlient-dns
#
# Verify that the forticlient network has DNS and subdomains with resolvectl
#  Verify that `getent hosts REMOTE` resolves DNS properly

LOG="/home/psantanago/forticlient-dns-dispatcher.logs"
exec >> $LOG 2>&1
set -x

echo
date
echo "Running script $0 $*"

# Network manager will poppulate $1 and $2, manual runs will use the defaults
IFACE=${1-"$(resolvectl | grep fct | sed 's/.*(\(.*\))/\1/')"}  # Either forti interface or empty
STATE=${2-"up"}  # Either Up or the interface wont already exist so we dont care as a user

# Hardcoded for simplicity
DNS_SERVERS=("") # TODO: TUNE ME. Your local DNS servers. Reuse the ones in `resolvectl`
DOMAINS=("") # TODO: TUNE ME. Force-mapping of paths to the interface.
             # Use the ~company.com to grab all subdomains in company.com

apply_forti_dns() {
    local iface=${1-$(resolvectl | grep fctvpn | sed 's/.*(\(fctvpn.*\))/\1/')}

    if [ -z "$iface" ]; then
        echo "Forticlient interface removed, no changes pending"
    else
        /usr/bin/resolvectl dns "$iface" "${DNS_SERVERS[@]}"
        /usr/bin/resolvectl domain "$iface" "${DOMAINS[@]}"
        /usr/bin/resolvectl status "$iface"
    fi
}

# VPN came up
if [[ "$IFACE" == fctvpn* && "$STATE" == "up" ]]; then
    apply_forti_dns "$IFACE"
    exit 0
fi

# Any DHCP change may wipe DNS — reassert
if [[ "$STATE" == dhcp4-change || "$STATE" == dhcp6-change ]]; then
    apply_forti_dns
    exit 0
fi
	#!/bin/bash
	#
	# FortiClient VPN DNS configuration script.
	# Helps with DNS wipes happening arbitrarity with Ubuntu 22.04 and Forticlient 7.2.5,
	# appearing to the user that the VPN works just sometimes. Tune the TODO fields in the script.
	# Run either manually or via NetworkManager dispatcher:
	# https://wiki.archlinux.org/title/NetworkManager#Dispatcher_scripts
	#
	# Save this script as:
	# /etc/NetworkManager/dispatcher.d/90-forticlient-dns
	#
	# Verify that the forticlient network has DNS and subdomains with resolvectl
	# Verify that `getent hosts REMOTE` resolves DNS properly

	LOG="/home/psantanago/forticlient-dns-dispatcher.logs"
	exec >> $LOG 2>&1
	set -x

	echo
	date
	echo "Running script $0 $*"

	# Network manager will poppulate $1 and $2, manual runs will use the defaults
	IFACE=${1-"$(resolvectl \| grep fct \| sed 's/.(\(.\))/\1/')"} # Either forti interface or empty
	STATE=${2-"up"} # Either Up or the interface wont already exist so we dont care as a user

	# Hardcoded for simplicity
	DNS_SERVERS=("") # TODO: TUNE ME. Your local DNS servers. Reuse the ones in `resolvectl`
	DOMAINS=("") # TODO: TUNE ME. Force-mapping of paths to the interface.
	# Use the ~company.com to grab all subdomains in company.com

	apply_forti_dns() {
	local iface=${1-$(resolvectl \| grep fctvpn \| sed 's/.(\(fctvpn.\))/\1/')}

	if [ -z "$iface" ]; then
	echo "Forticlient interface removed, no changes pending"
	else
	/usr/bin/resolvectl dns "$iface" "${DNS_SERVERS[@]}"
	/usr/bin/resolvectl domain "$iface" "${DOMAINS[@]}"
	/usr/bin/resolvectl status "$iface"
	fi
	}

	# VPN came up
	if [[ "$IFACE" == fctvpn* && "$STATE" == "up" ]]; then
	apply_forti_dns "$IFACE"
	exit 0
	fi

	# Any DHCP change may wipe DNS — reassert
	if [[ "$STATE" == dhcp4-change \|\| "$STATE" == dhcp6-change ]]; then
	apply_forti_dns
	exit 0
	fi
No results found