[SOLVED] Bug when "Password protect the console menu" is unchecked

[xhark]

Hi,

I'm a pfsense user and I try OPNsense

I use this build: v15.1.6.1

But, I located a bug in system > advanced when :

• SSH -> check
• Password protect the console menu -> uncheck

Press Save. Next, the FW is out.

On console screen we can read :

Code: [Select]

Feb 22 18:39:17 getty[33056]: getty: unknown gettytab entry 'al.pc'
Again and again.

No way to access to the firewall, because SSH is not enable without key auth and web interface is down. Console screen is blocked too.

Cheers

[franco]

Oh dear, I was under the impression that this was part of FreeBSD 10.1. The fix has been applied to the src.git (again): https://github.com/opnsense/src/commit/495f3c996b00d2e96ad531a9b95bb8a7fe21cad6

My mistake entirely.

I would recommend not to fiddle with unlocking the console menu unless /etc/gettytab is patched. What is your reason for disabling that security layer?

[franco]

I tested this but I was able to still access the web interface, even after a reboot. I can see the IP before the tty goes into the error loop... Rechecking the option removed the issue. Are you sure you didn't do anything else? You might be able to recover using single user mode.

[xhark]

Sorry for the delay.

I disabled it because I was testing, not in a production environment.

I will try again to check if web access is working or not. I don't remember if I use "pfctl -d" to temporarily disable PF

[franco]

No worries. 15.1.7 is coming out today with the proper fix. You can upgrade relatively easy using the install media by choosing "Import Configuration" from the installer, then reinstall again (most likely "Quick/Easy Install").

[xhark]

You're right, web interface worked well. I upgraded with web interface to 15.1.7, but TTY message loop are still displayed.

"Import configuration" failed, so I reinstalled the new 15.1.7 from ISO and restore configuration file (.xml).

TTY issue is now solved
Thank you

note: I never receive the reply notification by email (option is ON in my profile), do you know why ? (PM if you want)

[franco]

Please note that the patch notes state you need to run a manual base upgrade from the console after upgrading the GUI to 15.1.7 (a.k.a. opnsense-update utility). The bug persists until you run the base update and reboot. But the reinstall works too, nice.

When the import fails it means it can't find any suitable disk. That is really strange?

We'll look at the email issue. Thanks for mentioning that.

[franco]

The email issue we've looked into and could not find a problem. We do know that especially Google likes to flag us as spam so maybe that's what's happening?


Cheers,
Franco