Issues since Update to 1.12

Started by JasMan, November 05, 2022, 12:48:21 PM

Previous topic - Next topic
Hi there,

Since the update of Zenarmor to 1.12 I've some strange issues after rebooting my OPNsense appliance:

- Wireguard tunnels don't come up
My WG tunnels are not comming up. When I do a packet capture, I see incomming and outgoing packets on the WG tunnels. But the outgoing packets have all 0.0.0.0 as source IP.

- Name queries for Zenarmors rDNS are routed through the wrong interface
Zenarmors PTR request (for client names in the report), which should be send to my internal DNS resolver 10.0.1.6, are routed through the WAN interface with destination 10.0.1.6. Therefore reverese lookup is not working anymore. But only for Zenarmor. For all other clients and servers in my network DNS is running fine.

I have to disable the "Start on boot" switch for packet inspection to solve both issues. When I start packet inspection manual after reboot, everything works fine.

Any ideas?
Thanks.

Jas Man
Duck, Duck, Duck, Duck, Duck, Duck, Duck, Duck, Goose

Not sure if it is related, but I'm seeing issues in resolving my local DNS domain where DNS queries are being blocked for that particular domain only. It usually starts after a couple of hours and can then only get it to work again when restarting Zenarmor. It will then work for like 12-20 hours before it fails again.
All other DNS works fine, only the domain I use for my internal hosts is affected... very strange.

Hi,

We are looking into the DNS issue in 1.12. A maintenance release will b published at the beginning of the next week.

Is there an update in this regard? I still have DNS problems with 1.12.1.

QuoteNot sure if it is related, but I'm seeing issues in resolving my local DNS domain where DNS queries are being blocked for that particular domain only. It usually starts after a couple of hours and can then only get it to work again when restarting Zenarmor. It will then work for like 12-20 hours before it fails again.
All other DNS works fine, only the domain I use for my internal hosts is affected... very strange.

This is probably related to the problems I'm having at the moment. I can't reach my self-hosted services through their domain ([service].[mydomain].com) after a while. Restarting ZenArmor helps.

November 20, 2022, 07:23:16 PM #4 Last Edit: June 06, 2023, 11:07:09 AM by beki
Hi pascthin,
Could you send a bug report?
https://www.zenarmor.com/docs/support/reporting-bug

Dear all,

I discovered also some issues with name resolution, first I thought its an unbound issue [1], but after restarting Zenarmor it worked again for a couple of hours.

I filed an bug report to Zenarmor and got fast feedback including a beta version for testing.
Since the beta version is installed it works, at least for the last 24hours.

[1] https://forum.opnsense.org/index.php?topic=31010.msg149550#msg149550

br