Project

General

Profile

Bug #11304

DNS-Problems after Configuring VPN-WireGuard with IPv4 & IPv6 Address

Added by Stephan Hartenauer 3 months ago. Updated 3 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
WireGuard
Target version:
Start date:
01/23/2021
Due date:
% Done:

100%

Estimated time:
Affected Version:
2.5.x
Affected Architecture:
All
Release Notes:
Default

Description

VPN / WireGuard / Tunnels
Address: 172.16.16.1/24 -> Everything ist OK

Also allowed is a Comma separated list of CIDR addresses assigned to interface
Address: 172.16.16.1/24, fd42:42:42::1/64 -> DNS is not working anymore

Service unbound DNS Resolver stops working

Services / DNS Resolver / General Settings
Save
The following input errors were detected:
⦁ The generated config file cannot be parsed by unbound. Please correct the following errors:
⦁ /var/unbound/test/access_lists.conf:7: error: expected deny, refuse, deny_non_local, refuse_non_local, allow, allow_setrd or allow_snoop in access control action
⦁ /var/unbound/test/access_lists.conf:7: error: unknown keyword 'allow'
⦁ read /var/unbound/test/unbound.conf failed: 2 errors in configuration file

pfSense_WireGuard_Bug.pdf (138 KB) pfSense_WireGuard_Bug.pdf Stephan Hartenauer, 01/23/2021 03:54 PM

Associated revisions

Revision 7fe0979b (diff)
Added by Jim Pingle 3 months ago

Rework WireGuard tonatsubnets/unbound ACL entries. Fixes #11304

History

#1 Updated by Jim Pingle 3 months ago

  • Status changed from New to In Progress
  • Assignee set to Jim Pingle

#2 Updated by Jim Pingle 3 months ago

  • Status changed from In Progress to Feedback
  • % Done changed from 0 to 100

#3 Updated by Jim Pingle 3 months ago

  • Status changed from Feedback to Resolved

Could easily replicate the problem on previous snapshot, current snapshot is working well. The entries in the DNS resolver access_lists.conf are formatted correctly and appear in the new expected order (sorted).

Also available in: Atom PDF