Bug #11416: OpenVPN IPv4 Tunnel Network incorrectly allows hostnames - pfSense - pfSense bugtracker

Custom queries

2.4.5-p1 - Resolved/Closed
2.5.0 - Resolved/Closed
2.5.1 - Resolved/Closed
2.5.2 - Resolved/Closed
2.6.0 - Resolved/Closed
2.7.0 - Resolved/Closed
2.7.1 - All Open Issues
2.7.1 - Resolved/Closed
2.7.2 - Resolved/Closed
2.8.0 - All Open Bugs
2.8.0 - All Open Features
2.8.0 - All Open Issues
2.8.0 - All Open Regressions
2.8.0 - Feedback
2.8.0 - Needs Attention
2.8.0 - New/Confirmed
2.8.0 - Pull Requests
2.8.0 - Regressions affecting 2.7.0
2.8.0 - Resolved/Closed
21.02.2/2.5.1 - Resolved/Closed
21.05 Plus - All Closed Issues
21.05.1 Plus Target - All Closed Issues
21.05.1 Target - All Closed Issues
22.01 Plus - All Closed Issues
22.01 Target - All Closed Issues
22.05 Plus - All Closed Issues
22.05 Target - All Closed Issues
23.01 Plus - All Closed Issues
23.01 Target - All Closed Issues
23.05 Plus - All Closed Issues
23.05 Target - All Closed Issues
23.05.1 Plus - All Closed Issues
23.05.1 Target - All Closed Issues
23.09 Plus - All Closed Issues
23.09 Target - All Closed Issues
23.09.1 Plus - All Closed Issues
23.09.1 Plus - All Open Issues
23.09.1 Target - All Closed Issues
23.09.1 Target - All Open Issues
24.03 Plus - All Closed Issues
24.03 Plus - All Open Issues
24.03 Plus - Feedback Issues
24.03 Plus - Needs Attention/Work
24.03 Plus - New/Confirmed/In Progress Issues
24.03 Plus - Pull Request Review
24.03 Plus - Waiting on Merge
24.03 Target - All Closed Issues
24.03 Target - All Open Issues
All Open Issues assigned to Me
All Open Pull Requests
Any Target - All Open Regressions
Any Target - Feedback Issues
CE-Next - All Closed Issues (Move to specific target)
CE-Next - All Open Issues
CE-Next - Feedback (Likely needs target changed)
New Issues by Category - Future Target
New Issues by Category - No Target
New Issues by Category - No Target+Future
No Target - All Open Issues (Base Only)
No Target - New Issues (Base Only)
No Target - New Issues (Base and Packages)
Release Notes - Plus Target Version (DO NOT EDIT)
Release Notes - Target Version (DO NOT EDIT)

Actions

Copy link

Bug #11416

closed

OpenVPN IPv4 Tunnel Network incorrectly allows hostnames

Added by Danilo Zrenjanin about 3 years ago. Updated about 2 years ago.

Status:

Resolved

Priority:

Normal

Assignee:

Viktor Gurov

Category:

OpenVPN

Target version:

2.7.0

Start date:

02/13/2021

Due date:

% Done:

Estimated time:

Plus Target Version:

22.05

Release Notes:

Affected Version:

All

Affected Architecture:

Description

If you enter a host address instead of a network address into the IPv4 Tunnel Network field, the setup will be accepted, but the OpenVPN service will not start.

Status/OpenVpn
Unable to contact daemon

Files

tunnel_network.jpg (28.3 KB) tunnel_network.jpg

Alhusein Zawi, 04/16/2022 06:01 PM

Related issues

Related to Regression #13274: OpenVPN override IPv4 tunnel network field changing value improperly

Resolved

Jim Pingle

Actions

Issue # Delay: days Cancel

History
Notes
Property changes
Associated revisions

Actions

Copy link

Updated by Jim Pingle about 3 years ago

Status changed from New to Feedback
Target version set to CE-Next

By "host address" do you mean a single IP address without a CIDR mask ("x.x.x.x") or an FQDN?

Actions

Copy link

Updated by Danilo Zrenjanin about 3 years ago

A single host address with a CIDR mask. e.g., 10.0.8.1/24.

Actions

Copy link

Updated by Jim Pingle about 3 years ago

Status changed from Feedback to New

OK so you literally meant a host address inside a network, and not the network address.

We could do one of two things here:

Have input validation reject the input if the address is not the network address for the subnet (harsh)
Change the host address the user input into the appropriate network address on save (easier for the user, but the change may surprise them)

I'm leaning toward the latter approach, and note under the field that it should be/will be changed to a network address

Actions

Copy link

Updated by Viktor Gurov over 2 years ago

openvpn_validate_tunnel_network() implemented in #2668 do not allow to enter IP addresses

I think this issue can be closed

Actions

Copy link

Updated by Jim Pingle over 2 years ago

I'm not seeing any change in behavior from before here. On a 2.6.0 snapshot I can still enter a host IP address inside the tunnel network (e.g. 10.6.29.1/24) and the GUI accepts it as the tunnel network.

Actions

Copy link

Updated by Danilo Zrenjanin over 2 years ago

Yes, I can confirm it's not fixed yet.

Tested against:

2.6.0-BETA (amd64)
built on Thu Dec 16 06:22:38 UTC 2021
FreeBSD 12.3-STABLE

It still allows entering a host address which breaks the OpenVPN service.

I entered 10.0.8.1/24

[error] Unable to contact daemon Service not running? 0 0 B 0 B

Actions

Copy link

Updated by Viktor Gurov about 2 years ago

Assignee set to Viktor Gurov

fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/601

Actions

Copy link

Updated by Jim Pingle about 2 years ago

Status changed from New to Pull Request Review
Target version changed from CE-Next to 2.7.0
Plus Target Version set to 22.05

Actions

Copy link

Updated by Viktor Gurov about 2 years ago

Status changed from Pull Request Review to Feedback

Merged

Actions

Copy link

#10

Updated by Jim Pingle about 2 years ago

Subject changed from OpenVPN IPv4 Tunnel Network check to OpenVPN IPv4 Tunnel Network incorrectly allows hostnames

Updating subject for release notes.

Actions

Copy link

#11

Updated by Alhusein Zawi about 2 years ago

File tunnel_network.jpg tunnel_network.jpg added
Status changed from Feedback to Resolved

Fixed

the host address will be changed to be the the network address in IPv4 Tunnel Network.

I entered 10.0.8.1/24 and it was changed to be 10.0.8.0/24 and 10.10.10.1/24 to be 10.10.10.0/24.

openvpn service was up and running

2.7.0.a.20220416.0600

Actions

Copy link

#12

Updated by Jim Pingle almost 2 years ago

Related to Regression #13274: OpenVPN override IPv4 tunnel network field changing value improperly added

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

pfSense

Custom queries

Bug #11416

OpenVPN IPv4 Tunnel Network incorrectly allows hostnames

Updated by Jim Pingle about 3 years ago

Updated by Danilo Zrenjanin about 3 years ago

Updated by Jim Pingle about 3 years ago

Updated by Viktor Gurov over 2 years ago

Updated by Jim Pingle over 2 years ago

Updated by Danilo Zrenjanin over 2 years ago

Updated by Viktor Gurov about 2 years ago

Updated by Jim Pingle about 2 years ago

Updated by Viktor Gurov about 2 years ago

Updated by Jim Pingle about 2 years ago

Updated by Alhusein Zawi about 2 years ago

Updated by Jim Pingle almost 2 years ago