Page 1 of 2 12 LastLast
Results 1 to 10 of 12
  1. #1
    Untangler
    Join Date
    Jan 2020
    Location
    San Jose, CA
    Posts
    86

    Default hosts tab mangles up fields from different devices (reproducible bug)

    Yesterday I came upon a strange error, where a new Linux Mint VM couldn't connect to the internet. After a long search for a linux problem it turned out that the problem was with Untangle mangling up some entries in the hosts tab.

    Background:
    - I run Untangle 15.0 on a custom device (Protectli FWB6) in router mode. I have several subnets, but the relevant one for this issue is subnet Internal (192.168.1.0/24), which uses a DHCP lease duration of 7200s.

    - I use permanent tags in the devices tab for some of my devices. In particular one of our TVs (tv-family_room) has the permanent tags "streaming-device" and "blocked", the latter, since I don't like this device phoning home. Incidentally this "blocked" tag does what it says (prohibits internet access through a firewall rule) and is the reason why I stumbled upon this problem in the first place.

    - As I understand (e.g. from https://forums.untangle.com/networki...-old-host.html ) tagged devices will not be removed from the hosts table (even when the tags can be easily reconstructed from the devices table), even though the IP address in the hosts tab is no longer valid.

    Unfortunately I found a reproducible bug under the following conditions:
    - A tagged device (with tags from the devices tab) has an hosts entry, but its DHCP IP address is expired, because the device has been turned off for a while.
    - Untangle gives out that same expired IP address to a new (unknown) device that doesn't have a entries in the devices and hosts tab, yet.

    When that happens the new device will inherit some of the fields from the tagged device (e.g. "Hostname", "Hostname (Device)") and - even worse - will also get the tags from the old device assigned.


    I was able to reproduce this the following way:

    a). Setup:
    - My tagged device is tv-family_room, my new "device" is a VM (hostname linuxmint_vm)
    - To get a well-defined start condition I made sure that the hosts entry for linuxmin_vm was expired and I deleted its entry in the devices tab, so it would be treated as a new device. Also I made sure that the tv-family_room hosts entry was expired (by manually deleting the tags and waiting a bit for the hosts entry to expire). Its entry in the devices tab had the "blocked" and "streaming-device" tags assigned with no expiration.

    b) Steps to reproduce the bug:

    - I powered up the tv-family_room, and it got a DHCP IP address ( 192.168.1.203 ) and an entry in the hosts table. Then I turned the TV off.

    - I waited two hours for the DHCP lease of tv-family_room to expire and verified that it was expired. The hosts entry was still there with the tags:
    Hosts entry for tv-family_room (after ARP entry has expired).jpg

    - I edited the DHCP range for this subnet (from 192.168.1.203 to 192.168.1.203), so Untangle would give out 192.168.1.203 as an IP address again at the next occasion. (Of course this didn't happen, when I first encountered this problem, but at that time it was just bad luck that this IP address was recycled by DHCP.)

    - I powered up the linuxmint_VM and it did get the 192.168.1.203 IP address from the DHCP server. And the hosts entry for this looks like this (note the contents of the two hostname fields and of the tagString field):
    Hosts entry for linuxmint_vm after accquiring same IP address as previously tv-family_room.jpg


    So the hosts entry for linuxmint_vm has the wrong entry in the hostnames field (tv-family_room) and has also inherited the tags from tv_family_room ("blocked", "streaming-device"), which should not have happened. (And since the "blocked" tag does what it says, I stumbled upon this bug, since the linuxmin_vm now is blocked from accessing the internet, until I manually remove those tags.)

    Thus Untangle seems to use an (expired) IP address to match up the hosts entries, rather than go by MAC address and create a new hosts entry or (if it does reuse that entry) at least zero out all the old fields.
    Last edited by tangofan; 07-17-2020 at 12:19 PM.

  2. #2
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    2,442

    Default

    Open a support ticket!

  3. #3
    Untangler
    Join Date
    Jan 2020
    Location
    San Jose, CA
    Posts
    86

    Default

    Quote Originally Posted by Jim.Alles View Post
    Open a support ticket!
    Done, thank you for the recommendation. I'm always a bit reluctant to open a support ticket without checking in here with the experts first, since any ticket will likely eat up the cost of my annual HomePro subscription multiple times. But this seems like something that shouldn't happen.

    For any Untangle employee who is curious: Ticket number is # 180156.

  4. #4
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    2,442

    Default

    Quote Originally Posted by tangofan View Post
    Done, thank you for the recommendation. I'm always a bit reluctant to open a support ticket without checking in here with the experts first, since any ticket will likely eat up the cost of my annual HomePro subscription multiple times.
    I don't speak for Untangle. I would expect that marketing weighs the cost of support versus brand loyalty and home subscriptions on a long-term aggregate basis.

    But you could flip your perspective to something like mine.

    If I don't get an immediate response like "oh that is just a glitch in the download", and I can't find anything in an old thread, somewhere:

    I am providing a valuable service to Untangle by doing this level of troubleshooting and handing the details to them. You can't be aware of any tickets that have had the same complaint. You might have just solved something that has been eluding a satisfactory 'fix'.

    They have always been responsive, even over the first ten years that I never paid them a dime.

    So never be concerned about the "cost of a ticket".
    Last edited by Jim.Alles; 07-17-2020 at 02:27 PM.
    tangofan likes this.

  5. #5
    Untangler
    Join Date
    Jan 2020
    Location
    San Jose, CA
    Posts
    86

    Default

    Quote Originally Posted by Jim.Alles View Post
    I don't speak for Untangle. I would expect that marketing weighs the cost of support versus brand loyalty and home subscriptions on a long-term aggregate basis.

    But you could flip your perspective to something like mine.

    If I don't get an immediate response like "oh that is just a glitch in the download", and I can't find anything in an old thread, somewhere:

    I am providing a valuable service to Untangle by doing this level of troubleshooting and handing the details to them. You can't be aware of any tickets that have had the same complaint. You might have just solved something that has been eluding a satisfactory 'fix'.

    They have always been responsive, even over the first ten years that I never paid them a dime.

    So never be concerned about the "cost of a ticket".
    Jim, thanks so much for for this different perspective. Much appreciated and it makes perfect sense.

    I still like to post issues like this in the forums first, just in case this may be a case of aggravated brain-fart. It doesn't happen to me all that often, but it's been known to happen from time to time.

    I'll keep this thread updated with the outcome of this to help future forum searches.
    Jim.Alles likes this.

  6. #6
    Untangler
    Join Date
    Jan 2020
    Location
    San Jose, CA
    Posts
    86

    Default

    Update: Created a ticket last Friday and support reached out yesterday, but when I tried to setup the situation again, Untangle now behaves correctly. Tried three times to reproduce the problem (that was so easy to reproduce last Friday), but no luck.

    Which may be nice in way, but I feel that it's actually more annoying than anything else. I'd rather have it fail consistently than only sporadically. At least in the former case, it's relatively easy to troubleshoot and fix the problem for good.

    Perhaps it's time to backup my 15.0 system, wipe my installation and start with a fresh 15.1 installation with a restore...
    Last edited by tangofan; 07-21-2020 at 11:19 AM.
    Jim.Alles likes this.

  7. #7
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    24,949

    Default

    It is the safest way to do the OS upgrades...
    tangofan and hpaunet like this.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  8. #8
    Untangler
    Join Date
    Jan 2020
    Location
    San Jose, CA
    Posts
    86

    Default

    Quote Originally Posted by sky-knight View Post
    It is the safest way to do the OS upgrades...
    Ok, done deal.

  9. #9
    Untangler
    Join Date
    Jan 2020
    Location
    San Jose, CA
    Posts
    86

    Default

    Quote Originally Posted by sky-knight View Post
    It is the safest way to do the OS upgrades...
    Oh, one other question on this, if I may:

    I understand that in the installation process I will need to configure a WAN and a LAN interface (so my main workstation can have network access to Untangle), but is there anything else I will need to do before restoring the configuration backup onto that fresh install?

  10. #10
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    24,949

    Default

    Quote Originally Posted by tangofan View Post
    Oh, one other question on this, if I may:

    I understand that in the installation process I will need to configure a WAN and a LAN interface (so my main workstation can have network access to Untangle), but is there anything else I will need to do before restoring the configuration backup onto that fresh install?
    Nope, just get it online enough so you can get a browser to it that has the configuration file.
    tangofan, sperman and hpaunet like this.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Page 1 of 2 12 LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2