What is ovpnc1:network ?

Started by tessus, May 31, 2022, 12:05:25 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
May 31, 2022, 12:05:25 AM
After the upgrade to 22.1.8, I see a lot of entries in my pi-hole with the hostname ovpnc1:network and ovpnc1:network.local



I am not even sure how this is possible since a colon is not a valid character in a hostname.

Why is OPNsense trying to resolve these hostnames since 22.1.8?
May 31, 2022, 11:03:50 PM #1
I still do not know where it was coming from, since my device ovpnc1 was disabled and I did not have an active VPN client connection running.

Something must have happened during the upgrade that resulted in this weird behavior. I have now deleted the device and created a new one. Problem gone. Very strange, but ok.
June 02, 2022, 10:27:29 AM #2
Well, first of all ovpnc1 is a device you created using an OpenVPN client setup. Since 22.1.8 internal aliases are created to reflect firewall address selectors such as :network expansion. This part is completely normal.

However, for one reason or another ovpnc1:network is being resolved by DNS which it shouldn't.

Is cator00r your firewall?


Cheers,
Franco
June 02, 2022, 04:05:00 PM #3
Yes, cator00r is my firewall.

I know that ovpncX are OpenVPN devices, but what confused me was the part that this "strange" hostname was being resolved, apart from the fact that the device was actually deactivated and the VPN connection was not running either.

I suspect that when creating these internal aliases, something went haywire and this device was stuck in an unrecoverable state. This is why I had to delete the device and the VPN connection to get rid of these name rsolution attempts.
June 03, 2022, 11:55:40 AM #4
Well, as I said it's strange but not unexpected or particularly harmful. I'm unable to trace the origin for this resolution attempt at the moment, but I'm sure it will be more clear if we can gather more data (maybe through other people's reports).


Cheers,
Franco
June 03, 2022, 02:25:11 PM #5
After some internal chatting about the behaviour the culprit is pfctl as shipped by FreeBSD. If the interface "ovpnc1" is not found (disabled) then it will try to treat "ovp nc1:network" as a DNS entry to resolve.

There is a POC code change for the issue here but we need to discuss with FreeBSD most likely ... https://github.com/opnsense/src/commit/a922e2e87e194


Cheers,
Franco
June 03, 2022, 06:34:32 PM #6 Last Edit: June 03, 2022, 06:38:34 PM by tessus
Thanks for the info. I don't really need a fix. I just didn't understand what was going on, b/c I didn't do anything (except upgrading from 22.1.7 to 22.1.8 ).

Now I do understand and I am happy.  :) Thanks for letting me know.
Print
Go Up Pages1
User actions