Bug #12925
closedFQDN in network alias is omitted from OpenVPN networks list
100%
Description
I implemented this new feature (https://redmine.pfsense.org/issues/2668) on our OpenVPN server but have noticed some odd behavior.
On the configuration hint for IP Networks Aliases it says "Hostnames (FQDNs) may also be specified, using a /32 mask for IPv4 or /128 for IPv6"
If I add a hostname with a /32, I can see the relevant IP added to the alias if I look at Diagnostics -> Tables, but any entries using FQDN are excluded from the OS routing table updates when the client connects (windows 11).
If I instead put in the IP address with a /32, I can no longer see the entry in the tables list, but OpenVPN updates the routing table as expected.
Related issues
Updated by Viktor Gurov almost 3 years ago
- Assignee set to Viktor Gurov
Updated by Jim Pingle almost 3 years ago
- Project changed from pfSense Plus to pfSense
- Category changed from OpenVPN to OpenVPN
- Status changed from New to Pull Request Review
- Target version set to 2.7.0
- Affected Plus Version deleted (
22.01) - Plus Target Version set to 22.05
Updated by Adrien Carlyle almost 3 years ago
Viktor Gurov wrote in #note-1:
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/667
That was fast!
Any chance this is something that I'm able to test on our production system?
Updated by Viktor Gurov almost 3 years ago
- Status changed from Pull Request Review to Feedback
- % Done changed from 0 to 100
Applied in changeset 60c0b333c7ee5b951ad659a42693a1070a762ec1.
Updated by Viktor Gurov almost 3 years ago
Adrien Carlyle wrote in #note-3:
Viktor Gurov wrote in #note-1:
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/667That was fast!
Any chance this is something that I'm able to test on our production system?
You can install the System Patches package:
https://docs.netgate.com/pfsense/en/latest/development/system-patches.html
and apply patch id 60c0b333c7ee5b951ad659a42693a1070a762ec1 to test this fix
Updated by Adrien Carlyle almost 3 years ago
I applied the patch and rebooted the system. There is no change in behavior.
Is there anything I can run on the appliance and provide to you to assist in tracking this down?
Updated by Viktor Gurov almost 3 years ago
Adrien Carlyle wrote in #note-6:
I applied the patch and rebooted the system. There is no change in behavior.
If there anything I can run on the appliance and provide to you to assist in tracking this down?
It looks like it can't resolve FQDNs on boot.
Does it works as expected after clicking the "save" button on the OpenVPN server configuration page?
Updated by Adrien Carlyle almost 3 years ago
I just noticed that this now shows in my OpenVPN client log when I try to connect while an FQDN entry is present in the alias.
2022-03-10 14:12:27 ROUTE: route addition failed using service: The parameter is incorrect. [status=87 if_index=22]
Updated by Adrien Carlyle almost 3 years ago
I tracked this down, the FQDN entry isn't being resolved and passed to openvpn with a /32 mask
This is an FQDN/32 entry:
2022-03-10 14:30:01 C:\WINDOWS\system32\route.exe ADD 20.106.150.151 MASK 0.0.0.0 10.201.254.1
2022-03-10 14:30:01 ROUTE: route addition failed using service: The parameter is incorrect. [status=87 if_index=22]
2022-03-10 14:30:01 Route addition via service failed
This is an IP/32 entry:
2022-03-10 14:30:01 C:\WINDOWS\system32\route.exe ADD 52.179.208.82 MASK 255.255.255.255 10.201.254.1
2022-03-10 14:30:01 Route addition via service succeeded
Updated by Viktor Gurov almost 3 years ago
- Status changed from Feedback to New
Adrien Carlyle wrote in #note-9:
I tracked this down, the FQDN entry isn't being resolved and passed to openvpn with a /32 mask
This is an FQDN/32 entry:
2022-03-10 14:30:01 C:\WINDOWS\system32\route.exe ADD 20.106.150.151 MASK 0.0.0.0 10.201.254.1
2022-03-10 14:30:01 ROUTE: route addition failed using service: The parameter is incorrect. [status=87 if_index=22]
2022-03-10 14:30:01 Route addition via service failedThis is an IP/32 entry:
2022-03-10 14:30:01 C:\WINDOWS\system32\route.exe ADD 52.179.208.82 MASK 255.255.255.255 10.201.254.1
2022-03-10 14:30:01 Route addition via service succeeded
Thanks for testing!
fix is ready:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/677
Updated by Adrien Carlyle almost 3 years ago
Thanks for the quick fix. Let me know when the patch is updated and I'll re-apply and verify.
Updated by Jim Pingle almost 3 years ago
- Status changed from New to Pull Request Review
Updated by Adrien Carlyle almost 3 years ago
Does the original patch get updated or would I need to apply a second or different one to test for you all?
Updated by Viktor Gurov almost 3 years ago
- Status changed from Pull Request Review to Feedback
Updated by Viktor Gurov almost 3 years ago
Adrien Carlyle wrote in #note-13:
Does the original patch get updated or would I need to apply a second or different one to test for you all?
you need to apply patch id 065e050890508ff0c97455a6352cdb914d34ddbd after 60c0b333c7ee5b951ad659a42693a1070a762ec1
Updated by Adrien Carlyle over 2 years ago
Thank you, I've just applied both and have confirmed that it is working as expected now.
Updated by Danilo Zrenjanin over 2 years ago
- Status changed from Feedback to Resolved
Tested against:
2.7.0-DEVELOPMENT (amd64) built on Thu Mar 24 06:14:56 UTC 2022 FreeBSD 12.3-STABLE
It works as expected. Marking this ticket resolved.
Updated by Viktor Gurov over 2 years ago
- Related to Regression #12984: OpenVPN causes Crash Reports in the GUI added
Updated by Jim Pingle over 2 years ago
- Subject changed from FQDN in IP Network(s) Alias omitted from OpenVPN networks list to FQDN in network alias is omitted from OpenVPN networks list
Updating subject for release notes.