Messages

1

18.7 Legacy Series / Lost access to web gui

« on: May 16, 2019, 04:00:36 pm »

We had our primary internet service and while attempting to get a backup circuit activated and connected, I lost access to the Webgui from outside and inside the network.  It it appears to have happened when I disabled the down WAN interface.

I was still able to get the network up and working with our new circuit after I completed the provider's circuit activation but still cannot gain access to the webgui.

I tried accessing the webgui from the new WAN2 interface (I had setup all the access rules before I realized that the circuit had not yet been activated)

The root password isn't working so I am going to have to wait until I can boot into single user mode so I can try to rollback the config to before I made the change but I need help.

• Where is the auto-created backups stored in the file system?
• How can I roll it back from the console so I can go back to before i disabled the interface? My last backup is over a year old)
• How can I identify why this happened?

This is not the first time this has occurred and I still cannot figure out how I can lock myself out of the Webgui.  I have the anti-lockout rules in place and active on ALL internal LAN segments

I have never seen a firewall that essential can break itself with no warning like this.  Is there a failsafe way to ensure this cannot occur in the future?

Once I get access to the filesystem, I can backup the change versions of the xml and try to provide more details of what change was made that killed this.

I would really like the ability to apply changes in RAM instead of writing to disk as a default.  This way if something breaks, a simple reboot will restore to the most recently saved config like most other routers.

2

General Discussion / Re: Lost access to Web GUI

« on: June 26, 2018, 11:20:22 pm »

Can anyone provide a way from Console to regain access to the webgui after losing for a second time and complete reinstall?

3

General Discussion / Assigned the LAN interface that the Default Name fqdn in assigned too

« on: June 19, 2018, 11:37:17 pm »

My Default Hostname and domain is getting registered to the wrong internal NIC on my opnsense firewall.  How can I assign the default host name being registered to the correct NIC on the firewall?

4

General Discussion / Re: Lost access to Web GUI

« on: June 18, 2018, 11:00:01 pm »

I ended up having to use a non-root user to view trhe old config file, copy yhe text out of puTTY and then save the config.xml file.  I then re-installed opnsense (where I found that I could of reset the root user password!) and did a clean install.  I setup the basic nic's, logged in to the default setup then recovered the old cofnig.

This got me back up where I was abloe to compelte the setup.

Couple of learned things:

- I Lost webgui again while reconfiguration to add a second internet connection.  I no longer can access the webgui AGAIN.  I cannot  reach from inside or from outside the network.  I have never experienced this fragility before....
- I wish someone had directed me to trying to reset root by using the installer usb key

I once again need to re-gain gui access and now I am on a production network and am 2000 miles away.  I am stuck with one internet interface setup without an active gateway and cannot finish  failover config

I have been less than happy with the gotcha's here.

5

General Discussion / Re: Lost access to Web GUI

« on: June 16, 2018, 03:03:46 am »

I am in console in live session off USB.
Ran the following commands:

Code: [Select]

root@OPNsense:~ # gpart show -p
=>      0  7913471   da0  BSD  (3.8G)
        0  2092240  da0a  freebsd-ufs  (1.0G)
  2092240  5821231        - free -  (2.8G)

=>      0  7913471   diskid/DISK-2242730A67134402  BSD  (3.8G)
        0  2092240  diskid/DISK-2242730A67134402a  freebsd-ufs  (1.0G)
  2092240  5821231                                 - free -  (2.8G)

=>       40  234441568    ada0  GPT  (112G)
         40     409600  ada0p1  efi  (200M)
     409640       1024  ada0p2  freebsd-boot  (512K)   <--------Is this where CONF/BACKUP is located?
     410664  215567272  ada0p3  freebsd-ufs  (103G)
  215977936   16777216  ada0p4  freebsd-swap  (8.0G)
  232755152    1686456          - free -  (823M)

=>       40  234441568    diskid/DISK-50026B7282088CF5  GPT  (112G)
         40     409600  diskid/DISK-50026B7282088CF5p1  efi  (200M)
     409640       1024  diskid/DISK-50026B7282088CF5p2  freebsd-boot  (512K)
     410664  215567272  diskid/DISK-50026B7282088CF5p3  freebsd-ufs  (103G)
  215977936   16777216  diskid/DISK-50026B7282088CF5p4  freebsd-swap  (8.0G)
  232755152    1686456                                  - free -  (823M)


I have tried mounting by:

Code: [Select]

mkdir /tmp/mounted
then tried:

Code: [Select]

root@OPNsense:~ # mount /dev/ada0p2 /tmp/mounted/
mount: /dev/ada0p2: Invalid argument

Please help.... I am on the road and set to leave in 10 hours and I need to get this firewall back up...

6

General Discussion / Re: Lost access to Web GUI

« on: June 16, 2018, 02:31:55 am »

SO I have shell in a live OPNSense boot.  I now need to be able to copy one of the backup files on the internal OPNSense ssd.

I am booted on the live image from here:
<SanDisk U3 Cruzer Micro 8.02>     at scbus1 target 0 lun 0 (pass1,da0)

How do I mount the ssd located here in rw mode
<KINGSTON SMS200S3120G 60AABBF0>   at scbus0 target 0 lun 0 (pass0,ada0)

so I can rollback the config to one of the backups?

Also can I reset the root password fro this session on the internal session?  I could also just edit the backup config.xml and replace the hashed password for root with my know user password too if that would work.

7

General Discussion / Re: Lost access to Web GUI

« on: June 16, 2018, 02:07:39 am »

If I could get to root I could restore one of the backup files by coping for backup to conf.  How is the best way to reset the root passwd?  Single User mode seems to be hanging when I attempt to boot to rest root password. Is there a way yo boot from a usb key with a live install image and restore one of the backups on the ssd on the ssd image?

I am assuming if I can get shell on the live instance, I could mount the ssd image but not sure the commands to do so.  Please advise.

8

General Discussion / Re: Lost access to Web GUI

« on: June 16, 2018, 12:18:45 am »

So I am trying to boot to single user mode and it hangs here:

Code: [Select]

Timecounters tick every 1.000 msec
nvme cam probe device init
ugen0.1: <0x8086 XHCI root HUB> at usbus0
uhub0: <0x8086 XHCI root HUB, class 9/0, rev 3.00/1.00, addr 1> on usbus0
ada0 at ahcich0 bus 0 scbus0 target 0 lun 0
ada0: <KINGSTON SMS200S3120G 60AABBF0> ATA8-ACS SATA 3.x device
ada0: Serial Number 50026B7282088CF5
ada0: 300.000MB/s transfers (SATA 2.x, UDMA6, PIO 512bytes)
ada0: Command Queueing enabled
ada0: 114473MB (234441648 512 byte sectors)
Trying to mount root from ufs:/dev/gpt/rootfs [rw]...
uhub0: 7 ports with 7 removable, self powered


9

General Discussion / Re: Lost access to Web GUI

« on: June 16, 2018, 12:14:00 am »

Thank you.  I do not have SSH access turned on, but I am able to get to the file via serial console, but it also appears that my root password is not working.  My user that I use to log into and admin the webgui and is member of the adminstrators group works for console login.

Is there a way to boot to single user mode to reset the root password to then copy the file?

10

General Discussion / Re: Lost access to Web GUI

« on: June 15, 2018, 11:34:48 pm »

I was able to copy the contents of /conf/config.xml

Now I need to see how I locked myself out and fix the config then default a restore the backup.
Where am I going to find the FW rule that locked me out?  I have a similar config from another site I could copy from but don't know where to look.

11

General Discussion / Lost access to Web GUI

« on: June 15, 2018, 11:17:15 pm »

I lost access to the web GUI after an unknown change on our FW.  Is there a way to roll back to a system state prior to the change from the CONSOLE?