Settings unexpectedly rolling back
This has been a recurring problem of late. I don't know exactly when it started, but it's fairly recent. I'm running 2.2.4 embedded on a USB drive, but the issue was present with 2.2.3 also.
The issue is that randomly, and without warning, all of the settings on my firewall will randomly reset themselves to a previous configuration. Firewall rules, NAT policy, aliases, configured interfaces, snort config, etc will all revert to some older configuration. It just occurred as I was connected through a VPN and I suddenly lost all connection to the other network. I logged into the web GUI and found that my VPN client was still configured, but it had lost it's interface assignment and the NAT policy had been reset to automatically generated rules.
I've looked at the system logs but can't find much of anything that looks out of place, and I don't really know what to be looking for anyway.
Go to Diag>Backup/restore, Config History tab. Compare the revisions there. What's the description of the config change where the change happened?
Unfortunately pfBlockerNG has made enough changes that it's no longer in the list of 5 config changes. I'll increase that number and wait for it to happen again, I suppose.
I did just discover that while the ovpnc1 interface is still available for assignment, the actual openvpn configuration has been wiped out, so I sort of have a phantom interface that I can neither use nor delete. Just restored my previous config. We'll see how long it stays put.
Bumping this one because it's happened again.
Yesterday afternoon computers started losing their DHCP leases. Temporarily resolved by giving them a static, so routing was still working. Tried to log in and couldn't, so I tried the default admin account and password. I had previously disabled the admin account, and changed its password from the default pfsense, but those were the credentials that let me in. When I checked the User Manager, the account that I had created for admin access was gone, and the admin account was no longer disabled. I checked the DHCP server, and it seemed to be running, but wasn't giving out any leases, my Snort configuration was missing, and firewall rules were not as I had left them.
I have 88 days of uptime, so this wasn't an errant reboot to a different slice, and going to Backup/Restore -> Config History shows nothing but the regular pfBlockerNG and Snort updates going back to the 25th.
Some more investigation reveals that the admin account that I created is still present in /etc/passwd, but does not show up in or allow login to the WebCfg. Also the packages I had installed were somehow rolled back to previous versions.