Project

General

Profile

Actions
Copy link

Bug #12991

closed

DNS Resolver ACLs are not updated when OpenVPN networks change

Added by Viktor Gurov over 2 years ago. Updated over 2 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Viktor Gurov
Category:
DNS Resolver
Target version:
2.7.0
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
22.05
Release Notes:
Default
Affected Version:
2.6.0
Affected Architecture:

Description

The access_lists.conf file doesn't get updated automatically after creating a CSO entry. After the manual unbound restart, the CSO subnet was added (#12636#note-5).
Same issue on the OpenVPN Tunnel/Local/Remote network change.

Related issues

Related to Feature #12636: Automatically create DNS Resolver ACLs for OpenVPN CSO entriesResolvedViktor Gurov

Actions
Related to Regression #13059: Error when saving changes to a disabled OpenVPN clientResolvedMarcos M

Actions
Related to Regression #13117: pfBlockerNG DNSBL unbound python mode prevents deletion of OpenVPN server and client configurationsResolvedViktor Gurov

Actions
Actions
Copy link
 #1

Updated by Viktor Gurov over 2 years ago

  • Related to Feature #12636: Automatically create DNS Resolver ACLs for OpenVPN CSO entries added
Actions
Copy link
 #2

Updated by Viktor Gurov over 2 years ago

  • Assignee set to Viktor Gurov
  • Target version set to 2.7.0
  • Plus Target Version set to 22.05
Actions
Copy link
 #3

Updated by Jim Pingle over 2 years ago

  • Status changed from New to Pull Request Review
Actions
Copy link
 #4

Updated by Viktor Gurov over 2 years ago

  • Status changed from Pull Request Review to Feedback
Actions
Copy link
 #5

Updated by Danilo Zrenjanin over 2 years ago

Tested with the patch against:

2.7.0-DEVELOPMENT (amd64)
built on Mon Mar 28 06:17:26 UTC 2022
FreeBSD 12.3-STABLE

The tunnel network from the server and SCO setup changes automatically update the access_lists.conf file. Yet, I don't think the Local/Remote networks entries should be added to the access_lists.conf file.

Please confirm.

Actions
Copy link
 #6

Updated by Viktor Gurov over 2 years ago

  • Status changed from Feedback to New

Danilo Zrenjanin wrote in #note-5:

Tested with the patch against:
[...]

The tunnel network from the server and SCO setup changes automatically update the access_lists.conf file. Yet, I don't think the Local/Remote networks entries should be added to the access_lists.conf file.

Please confirm.

fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/698

Actions
Copy link
 #7

Updated by Jim Pingle over 2 years ago

  • Status changed from New to Pull Request Review
Actions
Copy link
 #8

Updated by Viktor Gurov over 2 years ago

  • Status changed from Pull Request Review to Feedback
Actions
Copy link
 #9

Updated by Jim Pingle over 2 years ago

  • Subject changed from Unbound ACL is not updated on OpenVPN Tunnel/Local/Remote network change to DNS Resolver ACLs are not updated when OpenVPN networks change

Updating subject for release notes.

Actions
Copy link
 #10

Updated by Danilo Zrenjanin over 2 years ago

  • Status changed from Feedback to Resolved

Tested on the:

2.7.0-DEVELOPMENT (amd64)
built on Sat Apr 09 06:19:35 UTC 2022
FreeBSD 12.3-STABLE

It works as expected. Ticket resolved.

Actions
Copy link
 #11

Updated by Viktor Gurov over 2 years ago

  • Related to Regression #13059: Error when saving changes to a disabled OpenVPN client added
Actions
Copy link
 #12

Updated by Viktor Gurov over 2 years ago

  • Related to Regression #13117: pfBlockerNG DNSBL unbound python mode prevents deletion of OpenVPN server and client configurations added
Actions
Copy link

Also available in: Atom PDF