PFsense 2.6.0: Fix pf-att bypass mode

As of Writing this (2/17/22), there is a bug in the latest version of pfSense with the Intel if_em.ko driver. This is causing the pf-att script to not work. Thanks to the work of neydah700 on github, the fix was found by replacing the kernel driver with a newly compiled binary that has the issue fixed. This will not be a guide on setting up PF-ATT on Pfsense 2.6, rather a guide on how to fix an already existing setup. The steps to fix are:

1. Download the new driver from github or AngrySysAdmins.

2. Copy the driver file to a directory on the router. I put it in “/boot/modules/” and used scp to copy it over to the router.

3. Change the permissions on the file with chmod 555 ./if_igb.ko.

4. Edit /boot/loader.conf. Add the following to the bottom:

if_igb_load="YES"
if_igb_name="/path/to/if_igb.ko"

5. Finally, save and reboot. That should fix the issue. I’ve only tested using the bypass method, not the wpa_supplicatant method. This worked with my BGW210

About: Ryan Parker

I'm a former captain of the Cyber Defense team, Current Infrastructure Security Specialist. I also have a side job helping small to medium business with anything technology doing everything imaginable. One of my hobbies is building out infrastructures for myself, friends, and clients. I current maintain a homelab with about 2TB of RAM, 180+ TB of storage, tons of CPU cores, and 100gbit networking backbone.


3 thoughts on “PFsense 2.6.0: Fix pf-att bypass mode”

  1. This worked for me on a fresh 2.6.0 install. I was banging my head against the wall trying to figure out why the EAPOL packets were traversing but I couldn’t get an IP address. Finally came across this post last night and was able to get it all up and running after adding the updated driver.

    Thanks!

Leave a Reply

Your email address will not be published. Required fields are marked *