Aliasing completely broken for me recently

Started by gstuartj, April 12, 2019, 02:40:19 AM

Previous topic - Next topic
Print
Go Down Pages 1 2 3
User actions
April 15, 2019, 10:05:22 PM #15
Someone may want to open an issue on github and link this thread if they have not already.
April 16, 2019, 04:48:08 AM #16
I'm having similar issues with aliases with 19.1.6.  I've added a CIDR to an existing alias that only has about 28 other CIDRs to in order to block continuous SPAM from the new CIDR I'm adding and it as if I didn't even add it.  I keep getting SPAM from an address in the CIDR block that I added to the existing alias.  CIDR's added to the alias prior to the 19.1.6 upgrade are blocked as expected.
April 16, 2019, 08:57:28 AM #17
QuoteSomeone may want to open an issue on github and link this thread if they have not already.

https://github.com/opnsense/core/issues/3399
https://github.com/opnsense/core/commit/00b46e05752ed5e8e98b0256ce34070ea71dfb17

patch locally, using (on >= 19.1.4):
Code Select

opnsense-patch ea2f217cf

April 17, 2019, 05:28:45 AM #18
A am running 19.1.6.
After the patch the symptoms still exist.
I also ran this patch,

Code Select
opnsense-patch 50c25ea

from https://github.com/opnsense/core/issues/3214

This fixed the issue.
April 18, 2019, 08:05:05 AM #19
Quote from: AdSchellevis on April 16, 2019, 08:57:28 AM
QuoteSomeone may want to open an issue on github and link this thread if they have not already.

https://github.com/opnsense/core/issues/3399
https://github.com/opnsense/core/commit/00b46e05752ed5e8e98b0256ce34070ea71dfb17

patch locally, using (on >= 19.1.4):
Code Select

opnsense-patch ea2f217cf


If I apply patch, will I need to do anything special before next upgrade? e.g. remove patch before doing upgrade to 19.1.7
April 21, 2019, 12:15:31 PM #20
Hi,

Aliasing is totally broken here too on 19.1.6, even with both patches applied. Older aliases are still present in as pf tables while newer ones are blank. Am I the only one ?
April 21, 2019, 12:33:27 PM #21
Quote from: marin on April 21, 2019, 12:15:31 PM
Am I the only one ?

Definitely not, same issue here.

New Aliases, no matter if created manually or downloaded, are empty. For old ones, entries in pftables available.

Br
April 21, 2019, 05:01:10 PM #22
For what it is worth I had so many annoying issues (this was one) that I decided this morning to wipe my box out and start from scratch. Not only was the aliasing broken but the event reports had the wrong names - almost like the rules and names were out of sync. DNS also stopped working, neither DNSMasq nor Unbound would resolve anything.

Seems to be working OK now but it's taken all darn day to put everything back in (I didn't restore from a backup to be sure I didn't re-introduce the issues).

I think this is something to do with the upgrading process - which I have done since I can remember - this is only the second time I've done a clean install. I haven't the time spare to go figuring out what was broken but clearly things were, finding out what is made more difficult by the lack of a command prompt and file functions via the GUI.



April 21, 2019, 08:45:10 PM #23
Hi,

I've applied the patches in the following order and now it seems to work:

opnsense-patch 50c25ea
reboot
opnsense-patch ea2f217cf
reboot

br
April 22, 2019, 11:39:27 PM #24
thankyou, this worked (on 2 x boxes so far):
opnsense-patch 50c25ea
reboot
opnsense-patch ea2f217cf
reboot
April 23, 2019, 02:45:44 AM #25
Quote from: BenKenobi on April 21, 2019, 05:01:10 PM
finding out what is made more difficult by the lack of a command prompt and file functions via the GUI.

I understand where you're coming from, the 19.1.6 upgrade was pretty frustrating for me, too.  That said, the command prompt is always available via SSH and the filesystem is exposed via SFTP, provided you turn on SSH administration. I don't think they should expose that via the web UI as it would involve significant development overhead with very little benefit over the existing native services.

For what it's worth, I also reinstalled from scratch at one point to wipe out some lingering bugs, but generally speaking the config file is abstracted away enough from the rest of the system that you can usually restore it without fear of bringing back the odd glitch. In this case, for example, restored aliases worked fine.
May 30, 2019, 07:05:13 PM #26
This is still goofed up for me.  I'm not sure that I should have applied these patches to 19.1.8 but my aliasing wasn't updating in the same manner reported by others.  After applying the patches it's still not updating, but also attempting to rectify the problem by using the "Quick add address" function via the pfTables /alias_util/ replaces 100% of the other addresses listed within the particular entry at /alias/.  Described otherwise:

/alias/ entry for "poo" contains:
poo.google.com
poo.amazon.com
poo.rundmc.com

pfTables tool at /alias_util/ reflects IP addresses for the above.

Adding "100.100.100.100" using pfTables tool at /alias_util/ results in:
- "poo" entry at /alias/ containing only 100.100.100.100 (all others erased)
- pfTables tool at /alias_util/ reflects IP addresses for all previous entries + 100.100.100.100
May 30, 2019, 07:54:18 PM #27
19.1.8 should be good without any modifications, tried it on my end (again) with the following alias:

Code Select

name: test
type: Host(s)
Content: 1.1.1.1 www.nu.nl www.google.com


Applied the changes, checked the content in pfTables (/ui/firewall/alias_util/) and added a host (192.168.1.1), pfTables looks good, alias content contains "1.1.1.1 www.nu.nl www.google.com 192.168.1.1".

If you have steps we can reproduce, I'll gladly try the same steps on my end.

Please make sure you run an unmodified version of OPNsense (without previous patches applied), applying already installed patches might revert functionality.

To reinstall the core package:
Code Select

pkg install -f opnsense


May 31, 2019, 03:02:16 AM #28
Quote from: AdSchellevis on May 30, 2019, 07:54:18 PM
Applied the changes, checked the content in pfTables (/ui/firewall/alias_util/) and added a host (192.168.1.1), pfTables looks good, alias content contains "1.1.1.1 www.nu.nl www.google.com 192.168.1.1".

If you have steps we can reproduce, I'll gladly try the same steps on my end.

I was doing exactly as you described to encounter the issue and it's still occurring.  I also attempted to flush the table and re-applying, as well as adding a specific IP rather than host name for dns resolution...neither populated the pfTable. :(

Quote from: AdSchellevis on May 30, 2019, 07:54:18 PM
Please make sure you run an unmodified version of OPNsense (without previous patches applied), applying already installed patches might revert functionality.

To reinstall the core package:
Code Select

pkg install -f opnsense


This is something I've never tried.  How confident can I be in retention of settings?  I've spent hours tweaking this installation and I'd hate to lose (much less remember) the countless configuration variables. 
May 31, 2019, 09:25:28 AM #29
The configuration doesn't change on package reinstall, but you can always  create a backup of your config.xml first if you're in doubt.

If you can't reproduce my test (same items, same steps), it looks like an issue specific to your machine. Please make sure to check the contents of the test alias right after apply, to validate if your starting point is as expected.

Print
Go Up Pages 1 2 3
User actions