Alias broken

[mephistopheles]

Hi,

After altering an old alias and checking under "Firewall: Diagnose: Aliase" no IP is listed.
Doing a quick address it gives me this error:

"Eine API-Ausnahme ist aufgetreten

/usr/local/opnsense/mvc/app/models/OPNsense/Base/BaseModel.php:572: [OPNsense\Firewall\Alias:aliases.alias.f523df65-d602-4a54-ba47-d4e9253cc2ac.content] Eintrag "" ist kein(e) gültige(r) Hostname oder IP-Adresse."

Any ideas?

Thanks

[slipperyduck]

hi yeah

I have to same problem, all my Alias host references no longer work with 21.7.1 release.

I will have to manually create many rules with IP addresses to fix this.

[slipperyduck]

I think it's even worse, something funky with 21.7.1 and NAT

I've reverted back to 21.7 until this gets patched.

to revert go to the Opnsense console -> shell

opnsense-revert -r 21.7 opnsense

then reboot. This worked for me and all my Alias and NAT configs are now working again.

[franco]

There really isn't a lot in 21.7.1 that is allegedly causing this. Most issues people reported are with GeoIP and tables overflowing due to spikes in GeoIP lists (US/Canada namely).

Just make sure you use an appropriate amount of maximum table entries under Firewall: Settings: Advanced. Anything over 2 million should be a good start if GeoIP is used...


Cheers,
Franco

[mephistopheles]

I don't have any geoip lists, also table entries are over 2 milliions.
So definitely something broke.

What can I check to troubleshoot?

[errored out]

Are any of you using wireguard? If so, there is a problem where entering a dns server IP on the local tab will over-write the dns for the firewall.

If not check the dns IP on the firewall to see what is set to and also check if you are using a resolver.  Make sure all the configurations you had are still there.

[slipperyduck]

I'm not using wireguard or GeoIP.
My use-case is NAT translation no longer works for Mapping Alias hosts to OpenVPN Tunnels.

[mephistopheles]

No Wireguard in use.

It's a long time since i had to change something in the firewall.

Now alias does not work, dnsbl wihtelisting does not work, unbound cannot resolve because of alias.
Api error occurs when i add an address, so I think something is broke.

Any ideas to troubleshoot?

[chemlud]

I tried it, changed some Alias and looked, if it works correctly. Everything fine here.

In the past iirc some had problems with Aliases that resolved by deleting and re-creating the Aliases in question...

[mephistopheles]

Recreating alias and rules worked. Thanks!

Still getting api errors:

Code Select Expand

[11-Aug-2021 12:11:41 Europe/Zurich] Phalcon\Validation\Exception: [OPNsense\Firewall\Alias:aliases.alias.ff7499bb-5f1c-4edc-a96a-de2eaec49961.content] Eintrag "" ist kein(e) gültige(r) Hostname oder IP-Adresse.
in /usr/local/opnsense/mvc/app/models/OPNsense/Base/BaseModel.php:572
Stack trace:
#0 /usr/local/opnsense/mvc/app/controllers/OPNsense/Firewall/Api/AliasUtilController.php(256): OPNsense\Base\BaseModel->serializeToConfig()
#1 [internal function]: OPNsense\Firewall\Api\AliasUtilController->addAction('Vagrant')
#2 [internal function]: Phalcon\Dispatcher\AbstractDispatcher->callActionMethod(Object(OPNsense\Firewall\Api\AliasUtilController), 'addAction', Array)
#3 [internal function]: Phalcon\Dispatcher\AbstractDispatcher->dispatch()
#4 /usr/local/opnsense/www/api.php(26): Phalcon\Mvc\Application->handle('/api/firewall/a...')
#5 {main}

[slipperyduck]

ooooof, re-creating 50+ Alias and subsequent rules is going to be a mammoth task, i will have to stick to 21.7 for a while until i can arrange a long window of downtime

[errored out]

That sound painful.  Hope it works out with out any more issues (it's technology, so we all know what that means).