Messages

Three days ago I upgraded our firewalls to 20.7.1-amd64.
Since then all logs on the firewall have frozen. When updating log settings syslog-ng core-dumps on a signal 11 (segment violation)!

[To enable these routes however, OpenVPN needs --iroute option(s) to really enable these routes (see OpenVPN documentation).]

When configuring an OpenVPN server for a peer-to-peer connection to another site, the user interface allows you to specify, under "IPv4/6 Remote Network", a (list of) far network(s) that are then automatically routed over the VPN connection. To enable these routes however, OpenVPN needs --iroute option(s) to really enable these routes (see OpenVPN documentation). These can be added on the server page under "Advanced configuration" or as a Client Specific Override, e.g.:

iroute 10.8.6.128 255.255.255.192

The user interface thus falsly suggests that specifying these networks as "IPv4/6 Remote Network" is sufficient. :(

(this sadly cost me half a day to figure out!)

An outbound NAT rule, containing Aliases, for the LAN interface no longer works after upgrading to 18.7.
It works as intended again after replacing the aliases with literal port numbers and host IPs.

Known bug?