Windows 10 Update & pfSense Default Gateway Issue



  • Hello All,

    I've been running pfSense for years, it's never let me down. Now, confounding me, yes - and this is one of those times.

    Recently, I encountered a situation where a client, who hadn't any issues on routing, couldn't find a default gateway. Nothing changed on the pfSense on either side of two IPSec devices - both running 2.4.5-Rel. After a recent Microsoft update https://support.microsoft.com/en-us/help/4560960/windows-10-update-kb4560960, and then on Build 2004 (yes, I got to place where paving the box seemed like a good thing to try), still had the following problem:

    Client A - in a 10.X.A.1 could see both local network clients, GW and any physically adjacent network 10.X.B.1 clients. Furthermore, Client A could see any clients in a remote 10.X.C.1 network - no problem. Try to get Client A to see the plain old outside world (default route, nothing internal) and I get SYN_SENT as far as the eye can see.

    After significant debug tracing from that client, all different subnets, I learned I could solve ALL problems by setting the Gateway Interface in the Rule for that client. I didn't set a gateway for anything where a specific rule existed (IPSec, adjacent subnet, etc). All is well. Finally had two clients in 10.X.C.1 that updated to the above KB4560960, and sure enough we get them having the same type of issue (loss of Internet, all access to local network and remote trusted subnets that have routing table entries are all fine.)

    OK - What gives? Haven't had to specify a gateway on standard rules that have used defaults, well, forever.


Log in to reply