core
core copied to clipboard
System: Gateways: Configuration - host route behavior when address not set
Important notices
Before you add a new report, we ask you kindly to acknowledge the following:
- [x] I have read the contributing guide lines at https://github.com/opnsense/core/blob/master/CONTRIBUTING.md
- [x] I am convinced that my issue is new after having checked both open and closed issues at https://github.com/opnsense/core/issues?q=is%3Aissue
Describe the bug
When having a gateway configured with a fixed address on a dynamic configured interface, there is a chance a host route is being set before the actual service (such as OpenVPN) has had the chance to configure the device.
This may lead to errors in OpenVPN as described in the log section below.
To Reproduce
Configure a new style OpenVPN server, then update the gateway to contain the other end's ip address and enable monitoring. Next reboot the machine and witness OpenVPN not being able to start. The legacy OpenVPN's seem to be started slightly earlier, in which case such a race condition does not seem to appear.
Expected behavior
To prevent OpenVPN's ifconfig
failing, the host route should not exist (as it overlaps with the tunnel). Skipping the host route in these cases is likely the best option.
To avoid the race condition, my suggestion is to check for existence of at least an address on the device in question for the protocol chosen before pushing the host route.
Describe alternatives you considered
none
Relevant log files
Relevant log data from OpenVPN:
Exiting due to fatal error
FreeBSD ifconfig failed: external program exited with error status: 1
/sbin/ifconfig ovpnsX x.x.x.x x.x.x.x mtu 1500 netmask x.x.x.x up
Additional context
Relevant code sections: https://github.com/opnsense/core/blob/1c8677656ef026cdaec5af88daa9f6300546e2c8/src/etc/inc/plugins.inc.d/dpinger.inc#L234-L241
https://github.com/opnsense/core/blob/1c8677656ef026cdaec5af88daa9f6300546e2c8/src/etc/inc/system.inc#L527-L548
Environment
OPNsense 24.1.x (amd64).