May have bricked my new DEC 850

[2HgRyz13]

Newbie.

Configured the Dec 850 and updated to latest community edition (instead of Business ed it came with for a year).

In the web interface, instead of configuring igc0 lan0 and igc2 lan2 to communicate with each other just with rules, I tried to "bridge" them.

While bouncing between settings for igc0 lan0, igc2 lan2 and the new bridged interface, I messed up and disabled the igc0 lan interface Chernobyl style (I had bad feeling but kept going as I unchecked the box, saved and clicked apply). Late night config is too dangerous for me.

FAILED with CONSOLE

• I used the serial console to login, but "This account is currently not available" appeared. When I typed a wrong password intentionally, "Login incorrect" appeared instead.

• I also tried root with the password I had written down and the default password, but couldn't login ("Login incorrect").

SSH DISABLED
I recently enabled and used it to check the microcode version then disabled it again, so I know it's not an option.

Setting a manual IP for my computer and connecting to igc2, hoping the bridge might work, didn't help.

RESET HOLE
Apparently it doesn't restore to factory defaults (tried 60 seconds, but the DEC 850 just turned off). Maybe there's a button-press pattern that restores it factory defaults.

Somehere here posted in Oct 2024 that they might open their DEC 850 to reset the BIOS, which isn't my goal, but that makes me wonder if I can restore the DEC 850 to factory defaults by opening it and maybe replacing, erasing or rewritting its SSD, if removable.

I saved a backup config before I messed up the settings. But it won't do me any good if I can't get back in.

Fortunately, I have another firewall I can use.

[2HgRyz13]

Yay! I figured it out.

1. Booted into Single-user mode in the console then reset the root password.
2. Logged into the console as root.
3. Selected Restore from backup (#13)
4. Rebooted.
Yay!

Logged into the web gui as an admin (not root) on igc0 lan0. Yay!

The magic trick for me was accidentally learning that while in console view but not logged in, I could reboot the DEC 850 with a paperclip in the reset hole next to the light, which initially turns off the DEC 850 but another press turns it back on, then watch the boot info on the console. So the reset button is really a shutdown-off/on button. Unplugging the power cord probably would have done the same thing but less gracefully. I didn't realize the console view remains ready on restart.

Then I quickly pressed the spacebar to bring up boot options and poked around before settling on Single-User mode. It looked promising.

I searched online with perplexity dot ai for "what can I do in single-user mode in opnsense" and it answered, "reset the root password," among other things. Then I searched how to reset the root password in single-user mode and found and used these ZFS-based instructions
# /sbin/mount -u /
# /sbin/zfs mount -a
# opnsense-shell password

which worked! yay!

Then I could log into the console as root and use the easy menu that includes factory reset, restore from backup and other options.

I selected restore from backup (#13), which worked. Yay!

If that hadn't worked, I could have booted into the console as root again and selected restored it to factory defaults.

Chernobyl aborted.

Carry on.

Morals of the story for me:
• create another interface (icg3 lan3) just for admin
• no matter how messed up a config gets, it's always possible to log into the console and restore from backup or restore to factory defaults
• security-wise, it's best to keep the firewall locked up without access to the mini-usb console port on the front, since anyone with access could reset root, etc.

[2HgRyz13]

I also decided to leave switching to external switches and stopped trying to bridge two DEC 850 LAN interfaces.