I'm stuck with my router right now, its been running flawlessly for months but I need to set a new static IP and I couldn't log into the web interface, wrong password. I couldn't remember if I setup TOTP, but the fact that I have something in my authenticator app that is called router makes me believe I did. I re-set the password with single user signin on the boot menu, and I still couldn't login to the web gui. I tried that password right on the console and I still couldn't login. I even tried resetting the password to a single letter, and tried logging in with the authenticator code before and after the letter directly on the console, still with no luck. I'm at a loss here as to what my next steps should be before I decide to just nuke the whole install and start fresh.
The solution was to delete the top flag from the config.xml. For some reason even though it was blank from the shell option 3 reset it was preventing login.
If you reset the password from single user that will be overwritten with whatever is saved in the configuration. OPNsense keeps its own database of users and creates the traditional Unix passwd database fresh at every boot.
Try (carefully) removing the password altogether from the config.xml.
Thanks. I'm still struggling. I changed the password has in the config.xml to be $2y$10$vGA7jFHBhBGJCMiYsFzVUeAMaS5RabQNwMaZMdkdDfbyxWA5ZRPIG
Which should be 'admin' and still no luck on being able to login. I confirmed that my change held through a reboot and I confirmed that the username I was changing the password for was correct. Still unable to login via web gui or console.
Quote from: leafy on April 16, 2026, 03:02:48 AMI changed the password has in the config.xml to be $2y$10$vGA7jFHBhBGJCMiYsFzVUeAMaS5RabQNwMaZMdkdDfbyxWA5ZRPIG
Which should be 'admin' and still no luck on being able to login.
Often such passwords are on some kind of "Password Blacklist" so to speak in a lot of software, but I am not sure if OPNsense does that ??
Try changing it to something simple like 'whatamessthisis' and try again.
Another option would be to mount your installation offline and change the password via
passwd :)
Quote from: nero355 on April 16, 2026, 02:29:32 PMQuote from: leafy on April 16, 2026, 03:02:48 AMI changed the password has in the config.xml to be $2y$10$vGA7jFHBhBGJCMiYsFzVUeAMaS5RabQNwMaZMdkdDfbyxWA5ZRPIG
Which should be 'admin' and still no luck on being able to login.
Often such passwords are on some kind of "Password Blacklist" so to speak in a lot of software, but I am not sure if OPNsense does that ??
Try changing it to something simple like 'whatamessthisis' and try again.
Another option would be to mount your installation offline and change the password via passwd :)
I did try that as well. And I ran pluginctl -c after to make sure the config updated to match the FreeBSD password. And I've used the opnsense-shell option 3 to reset the password too. The only thing I realized I didn't do was check the config for totp, I'm going to do that tonight. If that doesn't work I guess I'll start restoring backups from the most recent towards the initial setup.
The password reset option of the console makes this a breeze as it also sets auth server back to local. This tool is even featured via install media (separate installer option).
Cheers,
Franco
Franco that was the first thing I tried if that worked, I wouldn't have made the post.
What did fix it was deleting the blank top flag from the config.xml