Time using the virtual interface IP and not the WAN IP on OPT bug

PeterUK
PeterUK Posts: 2,655  Guru Member
First Anniversary 10 Comments Friend Collector First Answer
edited April 2021 in Security

ZyWALL 110 V4.35(AAAA.3)

With around 22days uptime something happened for time update where it uses the virtual interface IP on OPT and not the WAN IP by OPT.

opt

DHCP -- 82.**.**.**

255.255.254.0

opt:1

STATIC -- 192.168.252.1

255.255.254.0

opt:2

STATIC -- 192.168.137.253

255.255.255.0


Comments

  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment

    @PeterUK

    The case I checked locally, the NTP traffic flow through wan IP by OPT(not lan IP)

    OPT:

    DHCP: 10.214.X.X

    OPT:1

    Fix: 192.168.10.1

    Therefore, can you private message configuration to me for check further?

  • PeterUK
    PeterUK Posts: 2,655  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited April 2020

    The bug is intermittent without changing anything its back to go out OPT WAN IP.

    Edit now its using virtual interface  192.168.252.1 again.

    Edit2 now its going out VLAN443 which is fine but seems to be picking source IP at random, maybe make it try one source IP if it fails try another with a gateway would be better for all connections like to zyxel the device makes and time?

  • PeterUK
    PeterUK Posts: 2,655  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Still happening in V4.38 
  • PeterUK
    PeterUK Posts: 2,655  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Still happening in V4.60
  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment
    @PeterUK
    Regarding to this case,
    With FW v4.60, I have monitored it for a week, and did not found any issue.
    My test steps
    configure two virtual interface (internal IP)base on OPT

    and sync from this server

    Did you ping to NTP server continuously from local PC or OPT interface to reproduce this issue? 
  • PeterUK
    PeterUK Posts: 2,655  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited November 2020
    Did you ping to NTP server continuously from local PC or OPT interface to reproduce this issue? 

    No just at times click the Sync Now find it don't work packet capture OPT and see its trying to use one of the virtual interface IP as a source.  

    It randomly sometimes updates the time on the correct IP on OPT (or it updates by VLAN443 which is fine) and not on a virtual interface some of the time which makes it hard to see this bug, so what you could do is change when time updates to say 10mins and packet capture OPT for port 123. then you should see it try a virtual interface and fail.

    My Trunk is set with VLAN443 and OPT


Security Highlight