Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Bug-Related/Code-Injection Removal of Default WAN Gateway from Fresh pfSense Build

    Scheduled Pinned Locked Moved
    Routing and Multi WAN
    wan gateway
    1
    1
    435
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • O
      oustyxidioug
      last edited by

      Configuration:

      • Migration from clean community edition to latest pfSense Plus (Successful with no visible issues)
      • No additional packages installed
      • VLANs added (3 different ones)
      • Intel NICs used
      • No Admin changes to default WAN (Set at Automatic)
      • No significant firewall rule changes other than policy routing for WAN/OpenVPN as necessary
      • No NAT changes other than MANUAL Configuration selection to add path (as typically recommended by VPN-provider instructions) for routing VPN traffic through a single OpenVPN Gateway

      Symptoms:

      • VLANs and appropriate IPs for those VLANs work well after initial setup
      • No memory issues or visible hardware issues
      • The WAN Ethernet cable is sometimes purposely disconnected from modem during minor pfSense configuration changes (such as to an alias or firewall rule as needed); then it is reconnected after Admin logout
      • pfSense is purposely shutdown overnight occasionally to limit attack surface
      • Upon boot from those shutdown states, I notice that DNS is not available (connection must manually be recycled) and I notice that the default WAN gateway has been removed, with only the OpenVPN gateway remaining
      • Upon recycle of the VPN connection, the ISP-assigned address is exposed and visible even though the default gateway under the DNS Resolver is only set to VPN

      What could cause these issues: Static electrical charges during the Ethernet cable connection process? Known bugs associated with disconnecting/connecting the WAN Ethernet cabling? Or could it be an exploit that allows the bypassing of credentials, where an attacker gains control over the pfSense build?

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.