25.7.3_3 - Filtering by source ip on a wireguard interface doesn't work

Started by rarcel, September 10, 2025, 02:45:13 PM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions
September 10, 2025, 04:09:16 PM #15
The error was self-explained, I don't know why, after the update in System/Settings/General, dns servers list was empty ( it was not the case before).

My issue is resolved :)
September 10, 2025, 04:28:31 PM #16
For information, I have a 2 nodes cluster in HA, and the same thing happens on the second node.

I had to change the configuration this way to make it works again.

i'm quite sure that it was not needed before the update ( My dns server is adguard running locally on opnsense).

Moreover, without adding 127.0.0.1 as a nameserver, I had dns resolution from the cli, but not from the gui

September 10, 2025, 06:06:54 PM #17
Quote from: rarcel on September 10, 2025, 04:28:31 PMMoreover, without adding 127.0.0.1 as a nameserver, I had dns resolution from the cli, but not from the gui



do you have in one of your alias the "content" populated with nameserver in letter ? example (site.com)
if yes which "type" of alias is ? (url or host/s)
if it is url try to change to host/s
September 10, 2025, 07:13:11 PM #18
Can you try this patch?

# opnsense-patch https://github.com/opnsense/core/commit/0425834f9

Still investigating why this changed, a bit short on time this evening so far.


Cheers,
Franco
September 11, 2025, 07:14:58 AM #19
Nobody?


Cheers,
Franco
September 11, 2025, 09:14:12 AM #20
Quote from: franco on September 11, 2025, 07:14:58 AMNobody?


Cheers,
Franco

tried, but i cannot recreate the error (also reverting the configuration of the aliases before the last change).
September 11, 2025, 11:46:33 AM #21
The bug appears to have been added 7 years ago. May have explained a few unclear cases in the past. I think what 25.7.3 has done is invalidate the cached alias and caused the bug to happen. Personally, I'm very glad it was reported and fixed.

It obviously goes without saying that host aliases with no way to resolve them are a problematic combination that can come back at any time and cause indeterministic results (at least from the top).


Thanks,
Franco
September 11, 2025, 01:44:38 PM #22
Quote from: franco on September 11, 2025, 11:46:33 AMThe bug appears to have been added 7 years ago. May have explained a few unclear cases in the past. I think what 25.7.3 has done is invalidate the cached alias and caused the bug to happen. Personally, I'm very glad it was reported and fixed.

It obviously goes without saying that host aliases with no way to resolve them are a problematic combination that can come back at any time and cause indeterministic results (at least from the top).


Thanks,
Franco

👍

thank you for yor time and work!
September 11, 2025, 03:12:13 PM #23
Sorry for the late answer.

I cannot reproduce what I had yesterday by removing the dns server.

I can only tell you that I applied the patch after failing to reproduce, and it doesn't break anything on my installation
September 11, 2025, 03:34:05 PM #24
Quote from: franco on September 11, 2025, 07:14:58 AMNobody?


Cheers,
Franco

Franco,

Sorry wasn't able to break the network again before calling it a night. People get upset during TV time. Anyways, I updated to _7, changed the alias back to URL vice Host, flushed the alias via diagnostics and it refreshed correctly pulling the information. I'll watch the logs on it and let you know if it doesn't hold.

Thanks for correcting the problem.
Print
Go Up Pages 1 2
User actions