Unbound and OpenVPN, all is not all

Taomyn · March 19, 2019, 04:35:25 PM

I did find something about this in the archived area, but as I'm seeing this with 19.1 I thought it better to start a new thread.

When using OpenVPN and Unbound, it seems for the Network Interfaces option "all" does not mean "all". If I choose "all" the devices on my OpenVPN subnet are refused DNS access. If I manually choose all the networks presented, which includes the OpenVPN subnet, it works. I can see the "internal" ACL entry for it appear and disappear between "all" and manually choosing them.

I know I can add it manually as well as a separate ACL, but that simply avoids the issue when it's obvious that Unbound can do this automatically. It even states in the help text "The default behavior is to respond to queries on every available IPv4 and IPv6 address." - which is plainly does not do.

franco · March 20, 2019, 10:17:34 PM

https://github.com/opnsense/core/issues/3342

Cheers,
Franco

Taomyn · March 21, 2019, 08:59:49 AM

Thanks Franco, I will apply the patch and report any issues

Quote from: franco on March 20, 2019, 10:17:34 PM
https://github.com/opnsense/core/issues/3342

Cheers,
Franco

Unbound and OpenVPN, all is not all

Taomyn

March 19, 2019, 04:35:25 PM

franco

March 20, 2019, 10:17:34 PM #1

Taomyn

March 21, 2019, 08:59:49 AM #2