tun0 configuration via script using nmcli

Question

Background

For work I have to use Appgate SDP which is a VPN client. It creates a tun0 device, adds a bunch (300+) routes and is supposed to setup the DNS servers with domain search for tun0. At some point in the last week the DNS configuration stopped working and I could no longer resolve server names to IP addresses. I suspect some update, either NetworkManager or resolved, could have caused this but I don't really know.

Technically this is an issue that Appgate should solve, however in the meantime if I can script a solution that would be best for me at this point.

Partial solution

Using a small script with nmcli I was able to configure the DNS and search domain on tun0 and my DNS resolution was working again.

nmcli con mod tun0 ipv4.dns "10.x.x.x"
ncmli con mod tun0 ip4.dns-search "~example.com"

The only issue with this approach is that all of the routes added by Appgate are gone after running my script. I checked the Appgate logs and this application uses the ip route add way to add those routes which is not persisted after running nmcli.

Question

Is there some way I could parse and re-add those routes with nmcli?

# Setup DNS for tun0
nmcli con mod tun0 ipv4.dns "10.x.x.x"
ncmli con mod tun0 ip4.dns-search "~example.com"
# Code to parse the current tun0 routes into memory

. . . 

# Add routes for tun0
for route in "${routes[@]}"
do
    nmcli con mod tun0 +ipv4.routes "route"
done

Bonus

At this point every time I use Appgate I only really need tun0. Can I simply just route all traffic through tun0 when connected to Appgate and then reset all routing to eth0 when I exit Appgate?

Wouldn't you first have to read the current routes and then setup the DNS which removes the routes? — Esa Jokinen, Aug 18 '23 at 16:37
@EsaJokinen. You are absolutely correct and I have actually created and tested a working script. I just haven't had time to update my answer yet :) — John the Ripper, Aug 18 '23 at 17:36
That's not a question anymore, but an answer. Please post it as an answer instead of an edit. :) — Esa Jokinen, Aug 18 '23 at 17:43

score 0 · Accepted Answer · answered Aug 18 '23 at 17:47

Google fu and some trial and error and I was able to get a working script

As Esa pointed out in their comment my script should grab the routes before adding the DNS because if I add the DNS it will delete all of the routes.

So after some testing I came up with this:

# Code to parse the current tun0 routes into memory
rts=($(route | grep tun0 | awk '{print $1}'))

# Setup DNS for tun0
nmcli con mod tun0 ipv4.dns "10.x.x.x"
ncmli con mod tun0 ip4.dns-search "~example.com"

# Add routes for tun0
for i in "${rts[@]}"
do
    nmcli con mod tun0 +ipv4.routes "$i/32"
done

# Reapply rules
nmcli device reapply tun0

tun0 configuration via script using nmcli

1 Answers1