Regression #12333
closed
DNS resolver using incorrect variable name when making ACL for OpenVPN IPv6 Tunnel Network
100%
Description
When creating the automatic list of access-control.conf entries for the DNS Resolver, the block of code which processes OpenVPN IPv6 tunnel networks is using an incorrect variable.
source:src/etc/inc/unbound.inc#L942 is currently this:
$aclnets[] = implode('/', openvpn_gen_tunnel_network($settings['tunnel_networkv6']));
When it should be this:
$aclnets[] = implode('/', openvpn_gen_tunnel_network($ovpnent['tunnel_networkv6']));
The incorrect variable results in an empty entry in the array. Then later on when the actual list of entries is formed, the empty entry is used which results in an invalid directive for the DNS Resolver.
In addition to correcting the main problem, we should also add a safety belt check at that step to avoid breaking the configuration in this way.
To me, fix already in progress.
Updated by Jim Pingle over 3 years ago
- Status changed from New to Feedback
- % Done changed from 0 to 100
Applied in changeset e9705a77d3cca7e7a6868b4f2829ac1e5c7a0e0e.
Updated by Jim Pingle over 3 years ago
- Tracker changed from Bug to Regression
- Release Notes changed from Default to Force Exclusion
This was apparently a recent regression from changes made in #2668. Excluding from release notes since it was not a problem in a release.
Updated by Jim Pingle over 3 years ago
- Status changed from Feedback to Resolved
Working correctly on current snapshots. I hit this on ~5 VMs when it was broken but all are OK on today's snapshot.
Updated by Jim Pingle about 3 years ago
- Plus Target Version changed from 21.09 to 22.01