Bug #6938
closed
DNS with OpenVPN gateway specified is routed through wrong interface. 2.4 regression.
0%
Description
System -> General Setup -> DNS Server Settings
Setting a DNS with an OpenVPN client gateway (dynamic IP address) is causing a route through the wrong interface (lo0).
On 2.3.2: netstat -rn shows the DNS host is routed through Netif ovpnc1 (and no such host route exists when OpenVPN client service is stopped).
On 2.4 (nightly 20161116-0701): netstat -rn shows the DNS host is routed through Netif lo0 (and host route persists even when OpenVPN client service is stopped).
This incorrect host route breaks DNS over OpenVPN.
Updated by Gavin Stewart over 8 years ago
I've been trying to identify if the same issue exists when setting a DNS entry with a normal WAN gateway (with static IP address), but every time I add or remove the entry, the system locks up and needs to be rebooted (the change appears to persist though).
So apart from the system hang, it would appear that a DNS entry with a WAN gateway (with static IP address) is not causing the same incorrect host route interface as an OpenVPN client gateway.
Further testing indicates that there is a serious stability problem with 2.4 (on my KVM system), where it will frequently lock up (console unresponsive, 100% CPU seen by hypervisor) after hitting "Apply Changes". There are no console logs appearing, but there is often a good many seconds between applying a change and the system completely locking. (I guess this will be another ticket, after I can find some information on what is actually happening).
Updated by Jim Thompson over 8 years ago
- Assignee set to Renato Botelho
i think this is a freebsd bug, might be fixed.
Updated by Renato Botelho over 8 years ago
- Status changed from New to Duplicate
This is a duplicate of #6883
Updated by Gavin Stewart almost 7 years ago
This issue persists with pfSense 2.4.3_1 openvpn-2.4.4_1.
It has not been resolved as in bug #6883.
DNS servers are still routed to the wrong interface when selecting the OpenVPN client gateway.
2.4.3_1 (broken):
8.8.8.8 10.30.0.97 UGHS lo0 8.8.4.4 10.30.0.97 UGHS lo0 10.30.0.0/16 10.30.0.1 UGS ovpnc1 10.30.0.1 link#8 UH ovpnc1
2.3.5_1 (working):
8.8.8.8 10.30.0.97 UGHS ovpnc1 8.8.4.4 10.30.0.97 UGHS ovpnc1 10.30.0.0/16 10.30.0.1 UGS ovpnc1 10.30.0.1 link#8 UH ovpnc1
Updated by Jim Pingle almost 7 years ago
That isn't a bug. You can't use static routes (like DNS server gateway selection) with OpenVPN.
If you want to route an address over OpenVPN you must specify the address/network in the OpenVPN instance's "Remote Network" field.
Updated by Gavin Stewart almost 7 years ago
OK, that seems to be a workable solution.
Adding "8.8.8.8/32, 8.8.4.4/32" to "IPv4 Remote network(s)", results in the following routing table:
8.8.8.8 10.30.0.1 UGHS ovpnc1 8.8.8.8/32 10.30.0.1 UGS ovpnc1 8.8.4.4 10.30.0.1 UGHS ovpnc1 8.8.4.4/32 10.30.0.1 UGS ovpnc1 10.30.0.0/16 10.30.0.1 UGS ovpnc1 10.30.0.1 link#8 UH ovpnc1