Bug #9405
closedIPsec IPv6 dynamic FQDN Remote Gateways / util.inc resolve_retry() IPv6 support
100%
Description
Here is one I have been manually patching for years. Since ever, resolve_retry() which is used to resolve an IPSec remote gateway, never supported IPv6, making it impossible to use IPv6 FQDNs as IPSec tunnel endpoints.
Here is an example fix:
// could be used as resolve_retry() replacement today
function resolve46_retry($hostname, $protocol = 'any', $retries = 5) {
for ($i = 0; $i < $retries; $i++) {
// IPv4 or any, return IPv4 address if resolved
if($protocol != 'inet6') {
// asked for IPv4 or any, was given an IPv4 address, return it
if (is_ipaddrv4($hostname)) {
return $hostname;
}
$ip = gethostbyname($hostname);
if ($ip && $ip != $hostname) {
return $ip;
}
}
// IPv6 or any (and no IPv4 found), return IPv6 address if resolved
if($protocol != 'inet') {
// asked for IPv6 or any, was given an IPv6 address, return it
if (is_ipaddrv6($hostname)) {
return $hostname;
}
$ip = dns_get_record($hostname, DNS_AAAA)[0]['ipv6'];
if ($ip && is_ipaddrv6($ip)) {
return $ip;
}
}
sleep(1);
}
return false;
}
When 'protocol' is specified as 'inet', it will return IPv4 or nothing, if it's 'inet6', it's IPv6 or nothing, otherwise it will return any (v4 first). The 'protocol' field from Phase 1 config can readily be passed as second argument. No invocations of resolve_retry() use the retries parameter today from what I can see, unless some packages do it.
Caveat: gethostbyname() will read the hosts file, gns_get_record will not, probably should be getaddrinfo() but can't remember if PHP has that. This is better than the current situation anyway, and many people have dnsmasq on localhost.
Not much time on my hands these days so if github is the preferred vehicle for this, it may take me from days to infinity to get this up there.
Thanks
Updated by Jim Pingle over 4 years ago
- Subject changed from util.inc resolve_retry() IPv6 support to IPsec IPv6 dynamic FQDN Remote Gateways / util.inc resolve_retry() IPv6 support
- Assignee set to Jim Pingle
- Target version set to 2.5.0
Updated by Viktor Gurov over 4 years ago
Updated by Jim Pingle over 4 years ago
- Status changed from New to Pull Request Review
Updated by Renato Botelho over 4 years ago
- Status changed from Pull Request Review to Feedback
- % Done changed from 0 to 100
Pull request has been merged. Thanks!
Updated by Viktor Gurov over 4 years ago
- Status changed from Feedback to Resolved
ipv4/ipv6/both - works as expected on 2.5.0.a.20200207.2007
Updated by Viktor Gurov over 4 years ago
There is only one problem long crash report
after loosing internet connection:
PHP Errors:
[08-Feb-2020 14:06:19 Europe/Moscow] PHP Warning: dns_get_record(): DNS Query failed in /etc/inc/util.inc on line 1961
[08-Feb-2020 14:06:19 Europe/Moscow] PHP Warning: Invalid argument supplied for foreach() in /etc/inc/util.inc on line 1962
Updated by Jim Pingle over 4 years ago
- Status changed from Resolved to In Progress
Updated by Viktor Gurov over 4 years ago
Suppress dns_get_record() errors fix:
https://github.com/pfsense/pfsense/pull/4189
Updated by Jim Pingle over 4 years ago
- Status changed from In Progress to Pull Request Review
Updated by Renato Botelho over 4 years ago
- Status changed from Pull Request Review to Feedback
PR has been merged. Thanks!
Updated by Viktor Gurov over 4 years ago
- Status changed from Feedback to Resolved
now it's ok - no any crash reports
tested on 2.5.0.a.20200213.1525