adam:ONE v4.10.0-238 Rapid Release

David · November 20, 2023, 2:33am

Version 4.10.0-238 has been published to Rapid Release on pfSense, VyOS and ASUS.

This is a release with important improvements to the prior scheduled release (4.10)

Improved dual-stack IPv4/IPv6 functionality (isblocked now always queries A as well as AAAA)
Improved retries for failed hole creations
Improved Reflex connections with improved monitoring
Added retry for failed enabler creations
A firewall rule to reject TCP 443 to This Firewall is no longer required
When deleting prior rule, a firewall rule to allow TCP 443 to This Firewall is now required in its place, if Secure DNS (DoH) is enabled
When dashboard DTTS feature is turned on or off, firewall rule changes are no longer required, provided the default tag of adamone_pass rule remains in place as the second last rule

This Rapid Release: Rollout begins 19 November 2023
Scheduled Release: delayed, replaced by Rapid Release 4.10.0-649

Use Rapid Release if you’re adventurous or directed by our support team.

Installation steps are at https://adamnet.io/rrhowto

Thank you
– Adam Networks team

edanpedragosa · November 20, 2023, 7:08am

Interesting behavior on this Rapid Release.
After updating, I can no longer access the pfsense box by its domain name.

I have two boxes in HA setup e.g. primary.gateway.lan and secondary.gateway.lan

After the update, when primary.gateway.lan is running as MASTER, access to the domain name primary.gateway.lan is not successful, secondary.gateway.lan is still accessible.

When the backup secondary.gateway.lan setup becomes MASTER, secondary.gateway.lan becomes inaccessible.

I already tried re-running adamone-setup configure with the same results.

I even set an authoritative rules but no effect too.

What is probably not working is the CARP VIP as it no longer resolves the pfsense box when it is active and running as MASTER.

Additional info:
In the logs it will say:
System - Hosts | IP version mismatch

edanpedragosa · November 20, 2023, 8:38am

Update:
A temporary work-around is to enable DNS Resolver only for Localhost.
It does not survive a restart though, the DNS Resolver needs to be restarted again after the reboot.

David · November 20, 2023, 2:50pm

@edanpedragosa thanks for reporting this. I will investigate further. Regarding your workaround, we support tight integration with built-in resolver which is still sometimes used directly by pfSense.

To survive reboot, make sure DNS Resolver is bound to interface localhost only and then create a forwarding rule for gateway.lan to be forwarded to 127.0.0.1.

The full unbound integration article is here: https://support.adamnet.works/t/dns-bindings-practices-when-combining-with-unbound/609

edanpedragosa · November 21, 2023, 1:54am

I actually followed that setup except for the section that says optional.

system · November 27, 2023, 2:33am

This topic was automatically closed after 7 days. New replies are no longer allowed.