Regression #13117: pfBlockerNG DNSBL unbound python mode prevents deletion of OpenVPN server and client configurations - pfSense - pfSense bugtracker

Custom queries

2.4.5-p1 - Resolved/Closed
2.5.0 - Resolved/Closed
2.5.1 - Resolved/Closed
2.5.2 - Resolved/Closed
2.6.0 - Resolved/Closed
2.7.0 - Resolved/Closed
2.7.1 - All Open Issues
2.7.1 - Resolved/Closed
2.7.2 - Resolved/Closed
2.8.0 - All Open Bugs
2.8.0 - All Open Features
2.8.0 - All Open Issues
2.8.0 - All Open Regressions
2.8.0 - Feedback
2.8.0 - Needs Attention
2.8.0 - New/Confirmed
2.8.0 - Pull Requests
2.8.0 - Regressions affecting 2.7.0
2.8.0 - Resolved/Closed
21.02.2/2.5.1 - Resolved/Closed
21.05 Plus - All Closed Issues
21.05.1 Plus Target - All Closed Issues
21.05.1 Target - All Closed Issues
22.01 Plus - All Closed Issues
22.01 Target - All Closed Issues
22.05 Plus - All Closed Issues
22.05 Target - All Closed Issues
23.01 Plus - All Closed Issues
23.01 Target - All Closed Issues
23.05 Plus - All Closed Issues
23.05 Target - All Closed Issues
23.05.1 Plus - All Closed Issues
23.05.1 Target - All Closed Issues
23.09 Plus - All Closed Issues
23.09 Target - All Closed Issues
23.09.1 Plus - All Closed Issues
23.09.1 Target - All Closed Issues
24.03 Plus - All Closed Issues
24.03 Target - All Closed Issues
24.11 Plus - All Closed Issues
24.11 Plus - All Open Issues
24.11 Plus - Feedback Issues
24.11 Plus - Needs Attention/Work
24.11 Plus - New/Confirmed/In Progress Issues
24.11 Target - All Closed Issues
24.11 Target - All Open Issues
25.01 Plus - All Closed Issues
25.01 Plus - All Open Issues
25.01 Plus - Feedback Issues
25.01 Plus - Needs Attention/Work
25.01 Plus - New/Confirmed/In Progress Issues
25.01 Plus - Pull Request Review
25.01 Plus - Waiting on Merge
25.01 Target - All Closed Issues
25.01 Target - All Open Issues
All Open Issues assigned to Me
All Open Pull Requests
Any Target - All Open Regressions
Any Target - Feedback Issues
CE-Next - All Closed Issues (Move to specific target)
CE-Next - All Open Issues
CE-Next - Feedback (Likely needs target changed)
New Issues by Category - Future Target
New Issues by Category - No Target
New Issues by Category - No Target+Future
No Target - All Open Issues (Base Only)
No Target - New Issues (Base Only)
No Target - New Issues (Base and Packages)
Release Notes - Plus Target Version (DO NOT EDIT)
Release Notes - Target Version (DO NOT EDIT)

Actions

Copy link

Regression #13117

closed

pfBlockerNG DNSBL unbound python mode prevents deletion of OpenVPN server and client configurations

Added by Marcos M over 2 years ago. Updated over 2 years ago.

Status:

Resolved

Priority:

High

Assignee:

Viktor Gurov

Category:

OpenVPN

Target version:

2.7.0

Start date:

Due date:

% Done:

100%

Estimated time:

Plus Target Version:

22.05

Release Notes:

Force Exclusion

Affected Version:

2.7.0

Affected Architecture:

Description

Issue exists on 22.05.a.20220429.1807.
Issue not present on 22.05.a.20220426.1313.

If DNS Resolver has Enable Python Module with pfb_unbound set, OpenVPN server and client configurations cannot be edited or deleted. Cloning and editing before saving does works, but the new entry cannot be edited/deleted after saving. I tried keeping the python module option enabled while toggling other DNSBL / DNS Resolver options, but it seems only that setting triggers the issue.

Files

netflix-no-aaaa.py (1.37 KB) netflix-no-aaaa.py

Marcos M, 05/03/2022 09:49 AM

Related issues

Related to Bug #12991: DNS Resolver ACLs are not updated when OpenVPN networks change

Resolved

Viktor Gurov

Actions

Issue # Delay: days Cancel

History
Notes
Property changes
Associated revisions

Actions

Copy link

Updated by Marcos M over 2 years ago

Category changed from DNS Resolver to Unknown
Priority changed from High to Normal

It seems the issue described initially is a symptom of a race condition with writing the configuration. Still investigating.

Edit: It seems that was a separate issue preventing the edits. Deleting is still an issue:

Steps to reproduce:

Fresh install of 22.05.a.20220429.1807
Setup OpenVPN
- Create default ca
- Create a disabled OpenVPN client config with default settings pointed to bogus server
Setup pfBlockerNG
- Install pfBlockerNG-devel 3.1.0_4
- Go through pfB wizard with all default options
- Enable unbound python mode in pfB DNSBL
- Force a reload on pfB for "All"
Try to delete the OpenVPN client entry
- It does not delete; it comes back after page reload and no changes are written to config.xml
- Delete change is logged to system log and backup revision
- Edit the description; it works
Uncheck Python Module in DNS Resolver
- Deleting the OpenVPN entry now works

Actions

Copy link

Updated by Marcos M over 2 years ago

Priority changed from Normal to High

Actions

Copy link

Updated by Marcos M over 2 years ago

Subject changed from pfBlockerNG unbound python module prevents modification of existing OpenVPN server and client configurations to pfBlockerNG DNSBL unbound python mode prevents deletion of OpenVPN server and client configurations

Issue did not occur in either of these scenarios:

Tested with DNSBL python mode enabled, but using a different python script (attached).
Tested with DNSBL python mode disabled, but enabling and setting the pfb_unbound.py script in DNS Resolver.

Actions

Copy link