Messages

There's absolutely no reason for the password to not be accepted in a clean install

Shrug... 
Ultimately, the solution was to use username "root" and the password I set up during the installation process.  I am 100% sure that I tried that and it was rejected.  After several more tries, the webgui stopped being offered entirely.  It wasn't until I rebooted the FW4B that I was able to log in with those credentials.  It was what I expected to work, so it was definitely something I tried before the reboot. 

I was able to restore from my October 2024 backup, so the box seems to be happily restored.  I haven't yet gotten around to putting it back into my actual home network tho.  If something goes wrong, I'll report back.

Thanks again all for the consult on this.

And franco - I saw your posted comment and You're Welcome!  ;-)

After doing a full install with no issues I get to the step where I plug a desktop PC into LAN and log into the WEBUI.  But the default Username and Password aren't being accepted. 

WTF?!?!  All the documentation says that the username is "root" and the password is "opnsense" but my new install wont accept these?  I even tried my pre-crash credentials but those dont work either. 

Now what?!?

... and now I cant even access 192.168.1.1.  Starting to think my FW4B might be having hardware problems

... okay rebooted the FW4B and it did let me access 192.168.1.1, and I was able to log in and restore my prior backup config.

Thanks all for the insight.  In the end, I decided a fresh install and then recovery from backup was the path of least resistance. 

Hi!

I have OPNSense installed on a Protectli FW4B.  After ignoring updates for a little while, I was running through several last night.  After the upgrade to 25.1, I got a weird message so I rebooted the FW4B.  However, it failed to come back online.  I quickly switched over to an EERO as router and now have time to troubleshoot the OPNSense situation.

I brought the box into my workstation and got it plugged into a monitor.  I'm seeing this error:
Fatal error: Uncaught Error: Call to undefined function OPNsense/Copre/simplexml_load_string() in /usr/local/opnsense/mvc/app/library/OPNsense/Core/Config.php:389.

Then I get left at the root. 

Any idea how to get this working again?  How would I navigate to find a backup so I can reinstall and restore from backup?  Is that's what's left to try at this point?

Edit / Update:  I found a config backup from October 2024.  That's probably good enough for a restore.  Should I try anything to save this install or just jump straight to reinstalling OPNsense from scratch and restore from this backup?

Well today I finally got around to restoring from backup.  I had to walk away after clicking "go" but when I got back I saw a message about OPNSense is rebooting.  Unfortunately, the dashboard was still broken.

I never actually saw it reboot, so later in the day I use the webGUI to force a reboot.  Although I still didn't actually hear the reboot beep, so maybe it wasn't actually rebooting...

So I walked over and pulled the plug.  When it came back online, the webGUI was feeling better.  I had all my dashboards back.  I was able to check for, and perform, available updates.  When the updates finished, I did hear the device beep for reboot and got all my dashboards back afterwards. 

Situation resolved, I guess.  Thanks to everyone that offered suggestions.  I will pull another backup now, just in case this is preparatory for catastrophic hardware failure.

you're going in a tangential direction to the problem

I tend to agree with this.  It doesn't seem like there's some esoteric setting blocking SSH.  I think I've had a glitch/failure of some kind.  Someone on reddit mentioned the possibility of the SSD being filled up by logs, though none of the attempts to clear logs has helped.  Maybe the plugin I installed lately caused the hard drive to fill, etc.  Without SSH (or convenient console) access, I am in a severely limited state - to only what the webGUI can do. 

Fortunately, it's still FUNCTIONAL, or this failure would have been immediately been met with a reinstall and restore from backup.  Strange as it is... 

At this point, though, I think it's time to restore from backup and see whether that brings back functionality.  I may wait until after upcoming vacation though, in case the restore from backup only makes things worse somehow...

Do you have a multi-WAN setup?  No.
Did you disable the anti-lockout rules by any chance?  No.
Any port forwarding?  Just one for Plex (not the standard port). I do have a rule for forwarding to nginx, but I keep that disabled. That's what I use the HA plugin for. I can remotely enable that port to use a service when I'm not home (which is rare).

For now my internet and WireGuard are still working, so I don't mind taking some time/effort at diagnostics. But if at a dead end, I am comforted knowing a restore from backup should resolve this.

Anything else you think I should try?

I am not seeing anything online that talks about this kind of problem.  I'm also not getting much from reddit or this forum.  Should I just restore from backup?  Anything I should know, like "definitely dont select this option that's going to ensure the problem isn't solved"?

Nevermind, I found Firewall / Log Files / Live View. 

But nothing's happening.  I have Auto refresh enabled, and I hit the refresh button.  Even before applying the filter, I see ZERO activity.

I tried an SSH connection with this page up.  The connection timed out, but the log still showed nothing. 

You ought to be able to locate the rule that enables SSH (nothing that would prevent it is not good enough when deny all is the default).
For that matter, as you attempt to ssh in, with logging enabled for default rules, you should see a pass or fail in the live view (filter on dst_port = 22 if too noisy).

As Patrick mentioned it, the interface that's relevant is the one the PC is connected to.

Can you confirm where to view the live view?

The PC is on LAN. Wouldn't the default "LAN to any" rule allow the ssh?

I don't see anything in my Firewall rules that would prevent me from accessing the box. And the same pc that's reaching it by web is the one trying via ssh.

Beyond that, according to the webgui as of now, ssh is enabled. It's allowed over LAN. It's listening to 22. Password-based login is enabled.

All of which is semi-recently (a month ago or so) arranged so I could ssh in for that home assistant plugin.  When that project concluded all I did was disable ssh entirely. Now re-enabling it isn't helping for some reason.

Other suggestions?

Yes, can confirm.  I can log into webgui from a laptop by visiting the 192.168.x.x ip address for the device.  But even after doing so, and ensuring that ssh is enabled (which I dont leave on by default), I still cant get into ssh.  My attempts to do so just time out.

I relatively-recently used ssh to get into the router to install the home assistant plugin, so I know how to enable it.  That plugin seemed to work well, but may well be the underlying cause of this problem.  I dont know, that's why I am asking for diagnostic suggestions before doing a restore from backup.

I haven't taken the time to connect a keyboard/mouse and screen.  Should I do so?  It's a mild pain to do it.  I might sooner restore from backup if the group thinks that will get me functional again.

I am open to attempting diagnostics, but my GUI doesn't seem capable.  Nothing under Interfaces/Diagnostics gives me any interesting information.  They all seem to go to "No results found!" (I checked ARP Table, got no results.  DNS Lookup doesn't do anything.  NDP Table says no results.  Netstat all 6 options are all blank.   I tried a Trace Route and just got a blank response.)  I am open to alternative suggestions for further diagnosis.

If I go with the 'fallback' restore from backup, what do I lose?  I have Wireguard settings, DuckDNS tracking my public IP, and some static IP addresses.  All of that would come back with a restore from backup, right?