Hi all, Hi Jim, Thanks for your fast reply!
> From: Jim Pingle > Sent: 27 July, 2016 15:37 > > On 07/27/2016 08:45 AM, Philipp Tölke wrote: >> since the update to 2.3.2 yesterday our external devices do not get >> DNS-Replies anymore. > > What version was this firewall running previously? 2.3.1 or 2.3.0. >> We have configured the DNS-Forwarder to listen on the interface and >> sockstat show it's listening on *:53. We have a rule allowing >> everything to pass to "self" on port 53. >> >> With tcpdump I can see that the queries reach the firewall but no >> responses get send out. >> >> The log of the DNS-Forwarder shows many entries like "Jul 27 14:36:22 >> dnsmasq 83840 failed to send packet: Host is down". >> >> Is this a known problem? Is there anything I can do? > > Check the system routing table. From the sound of the errors, it would > appear that the firewall routing table does not include a route back to > the VPN client subnet. Interesting: The routing table has an entry for the VPN network: Destination Gateway Flags Netif Expire [...] 10.1.2.0/24 10.1.2.2 UGS ovpns2 10.1.2.2 link#16 UH ovpns2 But since the OpenVPN is configured as "net30" the gateway 10.1.2.2 is not on the same network as most of the querying systems... Why has this worked until yesterday? Cheers, Philipp _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
