OpenVPN adapter is registered in Unbound under OPNsense FQDN

[JasMan]

Hi,

I've updated OPNsense to 18.1.12 on Friday and noticed today, that I've a lot of internal traffic that is dropped by the firewall. The source of those dropped packets are clients within my LAN subnet. The destination is always the IP of the OpenVPN server adapter.

After some investigation I found out, that Unbound has two IP addresses for the OPNsense FQDN: the management IP that I've set up for HTTPS and SSH, and the IP for the OpenVPN interface.

Code Select Expand

Name:    jaswall.mgmt.home.arpa
Addresses:  192.168.1.1
          192.168.15.1

Therefore when I access the WebGUI via the FQDN, my client get's somethimes the management IP, and sometimes the OpenVPN adapter IP. The packets to the OpenVPN adapter IP are dropped of course. The OpenVPN adapter is only for routing and DNS for the VPN clients.

When I disable my OpenVPN server, the second IP for the OPNsense FQDN in Unbound is gone.

Code Select Expand

Name:    jaswall.mgmt.home.arpa
Addresses:  192.168.1.1


I'm not sure if this was already before the update. But I've never noticed so many droppes of internal packets in my firewall.

Is there an option where I can disable this behaviour? Or is this an issue?
Thank you.

Jas Man

[JasMan]

Hey,

if nobody has an idea how to solve this, could somebody confirm this behaviour please (in conjunction with OpenVPN and Unbound DNS)? Before I open a new issue, I'll want to ensure that this is not only a misconfiguration of my OPNsense.

Thank you.
Jas

[JasMan]

Hey,

Could somebody please test if he has two addresses for the OPNsense A record in DNS when OpenVPN is enabled? Or maybe someone has an idea to solve this.
Thank you.

Jas Man

[JasMan]

For posterity:

https://github.com/opnsense/core/issues/2828

[franco]

on it :)