So I'm a longtime OPNsense user, but today I messed up my LAN-facing interface by erroneously setting a static LAN address. After hitting "Apply changes" I noticed, oh, wait... So the interface now has 192.168.250.85 as its static address, which is wrong. But I wasn't able to reach any the webinterface via any other machine in .250.0/24. Effectively I have locked myself out.
What I want to do is set the LAN interface re1 to request an address by DHCP (as I had it before).
Since my commandline user is not in the sudoers file ( ::)) I mounted the ZFS filesystem on an Ubuntu via an external drive and can now access and write to the zroot/ROOT/default.
On a plain FreeBSD this would be e.g. in /etc/rc.conf and a simple line. But, the OPNsense does not have that. The only occurrences of the static address I can find are using grep:
/mnt/zfs/etc/hosts myhostname.network myhostname
/mnt/zfs/usr/local/etc/filter_tables.conf: <address>192.168.250.85
/mnt/zfs/usr/local/etc/filter_tables.conf:192.168.250.85
Where can I find the stored config? How can I set the LAN to request an address by DHCP?
Since I can't find a static entry where this address is assigned to re1, would rewriting those hits to the actual network address I want do any good?
So I poked around in users and groups. On the other production machines I have a wheel group, and my own user is a member. On this one, wheel can't be found in /etc/groups. So I pulled my own leg here twice.
To help fix the issue I know added my usergroup admins, which I am member of following /etc/groups, to /mnt/zfs/usr/local/etc/sudoers.d/opnsense as %admins ALL=(ALL) ALL
That should enable me to sudo su once I put the box together again and boot.
I do not know if this is what you need but there's a /conf/config.xml that seems to have the configuration.
Thank you cookiemonster for pointing me into that direction. I had been wondering where that device and setup specific configuration is stored... and in the /conf/config.xml there is the <interface> definition, indeed. I will try to fix things that way and reboot again.
FTR, the addition of the sudoers.d/opnsense as described did not work as expected. The file came up empty after boot, so my user still was without the needed permissions.
This is now SOLVED.
So I tried to modify the value for the LAN interface IP address in /conf/config.xml and on booting the device used the correct IP address. But, it did not talk over the network, probably it used not a working gateway address.
Anyhow, while at it I again added user group permissions in sudoers.d/opnsense and this time my user could obtain su. The nice menu offered to configure the LAN interface, which I did (change to DHCP again). After that everything was fine.
I now have regular access again, and learned a thing or two.