[SOLVED] Bug when "Password protect the console menu" is unchecked

Started by xhark, February 22, 2015, 06:42:21 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 22, 2015, 06:42:21 PM Last Edit: February 28, 2015, 10:26:34 AM by franco
Hi,

I'm a pfsense user and I try OPNsense :)

I use this build: v15.1.6.1

But, I located a bug in system > advanced when :

  • SSH -> check
  • Password protect the console menu -> uncheck

Press Save. Next, the FW is out.

On console screen we can read :
Code Select
Feb 22 18:39:17 getty[33056]: getty: unknown gettytab entry 'al.pc'

Again and again.

No way to access to the firewall, because SSH is not enable without key auth and web interface is down. Console screen is blocked too.

Cheers

French blogger on Blogmotion.fr
February 22, 2015, 07:28:04 PM #1
Oh dear, I was under the impression that this was part of FreeBSD 10.1. The fix has been applied to the src.git (again): https://github.com/opnsense/src/commit/495f3c996b00d2e96ad531a9b95bb8a7fe21cad6

My mistake entirely.

I would recommend not to fiddle with unlocking the console menu unless /etc/gettytab is patched. What is your reason for disabling that security layer?
February 22, 2015, 08:20:31 PM #2
I tested this but I was able to still access the web interface, even after a reboot. I can see the IP before the tty goes into the error loop... Rechecking the option removed the issue. Are you sure you didn't do anything else? You might be able to recover using single user mode.
February 28, 2015, 02:44:35 AM #3
Sorry for the delay.

I disabled it because I was testing, not in a production environment.

I will try again to check if web access is working or not. I don't remember if I use "pfctl -d" to temporarily disable PF
French blogger on Blogmotion.fr
February 28, 2015, 05:22:07 AM #4
No worries. 15.1.7 is coming out today with the proper fix. You can upgrade relatively easy using the install media by choosing "Import Configuration" from the installer, then reinstall again (most likely "Quick/Easy Install").
March 05, 2015, 10:54:01 PM #5
You're right, web interface worked well. I upgraded with web interface to 15.1.7, but TTY message loop are still displayed.

"Import configuration" failed, so I reinstalled the new 15.1.7 from ISO and restore configuration file (.xml).

TTY issue is now solved :)
Thank you

note: I never receive the reply notification by email (option is ON in my profile), do you know why ? (PM if you want)
French blogger on Blogmotion.fr
March 06, 2015, 08:03:11 AM #6
Please note that the patch notes state you need to run a manual base upgrade from the console after upgrading the GUI to 15.1.7 (a.k.a. opnsense-update utility). The bug persists until you run the base update and reboot. But the reinstall works too, nice. :)

When the import fails it means it can't find any suitable disk. That is really strange?

We'll look at the email issue. Thanks for mentioning that.
March 06, 2015, 02:00:40 PM #7
The email issue we've looked into and could not find a problem. We do know that especially Google likes to flag us as spam so maybe that's what's happening?


Cheers,
Franco
Print
Go Up Pages1
User actions