SG-2220 - Lost Password



  • Hi folks,

    I'm no expert on firewalls and network infrastructure, but I helped a small company to set up a PfSense SG-2220 that they bought.  Nothing out of the ordinary - just some port forwarding (but, I'm no expert, so it took a bit of trial and error to get everything working).  This was sometime last year.  They phoned me today - they want me to help them again, but they've managed to lose the device password, now I cannot log into it to make any changes.

    Is there anyway to reset the password back to factory settings without losing all of the other configs on the device?

    Thanks,
    rfnel



  • https://www.netgate.com/docs/sg-2220/connect-to-console.html

    If you haven't password protected the console you can simply reset the password from here.

    If you have password protected the console you will need to follow these steps:

    Reboot the pfSense box
    Choose option 4 (Single User Mode) from the loader menu (The one with the ASCII pfSense logo)
    Press enter when prompted to start /bin/sh
    Remount the drive as rewritable:

    /sbin/mount -o rw /
    Run the built-in password reset command:

    /etc/rc.initial.password
    Follow the prompts to reset the password



  • Excellent, thank you!

    I don't recall doing anything to password-protect the console, so this will hopefully be able to help me fix their issues.  They'll have to go find the mini-USB cable that came with the device though, so I don't want to get my hopes up just yet.  I suppose they can always go buy a new one if need be.

    Just with regards to the second option - since it's a PfSense device and not just a PC running PfSense, how would I boot into Single User Mode?  I'm not sure how to get a command line open on it.

    Thanks again for the help.



  • @rfnel:

    …. how would I boot into Single User Mode?  I'm not sure how to get a command line open on it.

    It's on the next screen https://www.netgate.com/docs/sg-2220/reinstall-pfsense.html
    Get that cable, and you'll be fine ^^



  • @Gertjan:

    @rfnel:

    …. how would I boot into Single User Mode?  I'm not sure how to get a command line open on it.

    It's on the next screen https://www.netgate.com/docs/sg-2220/reinstall-pfsense.html
    Get that cable, and you'll be fine ^^

    Thank you Gertjan, much appreciated!

    Final silly question (I think) - in the worst case scenario, will hitting the reset button the SG-2220 reset the entire thing back to factory settings?



  • I'm not using a "SG-2220" but yes : the password and login user will be 'known'.
    The rest goes to 'default' which means : if you have a pretty default setup (LAN - devices using DCHP) : all will be up in seconds.

    But wait for your cable.
    Take a config backup … and then "trail and error" ;)



  • @ikkuranus:

    https://www.netgate.com/docs/sg-2220/connect-to-console.html

    If you haven't password protected the console you can simply reset the password from here.

    If you have password protected the console you will need to follow these steps:

    Reboot the pfSense box
    Choose option 4 (Single User Mode) from the loader menu (The one with the ASCII pfSense logo)
    Press enter when prompted to start /bin/sh
    Remount the drive as rewritable:

    /sbin/mount -o rw /
    Run the built-in password reset command:

    /etc/rc.initial.password
    Follow the prompts to reset the password

    I'm sitting in front of it now, with a console cable plugged in and the driver installed - however, Putty connects but doesn't show the actual console - I just get a black screen that doesn't respond to keypresses at all.

    Any ideas on what I'm doing wrong?



  • https://www.netgate.com/docs/sg-2220/connect-to-console.html

    You''re using a PC ? A COM port is present and you use it when starting Putty ?

    edit : Putty as a COM (serial or RS232) client won't help you much to clarify the situation. As per instructions,, Putty connects to a COM port (created by the driver that comes along with the Serial-to-USB cable - check that this COM port was created when the drivers was installed AND the cable is connected ) and will 'open' this port ans show on screen everything that's comes in.
    Bit rater, stop bits and other parity stuff becomes important, using the wrong settings on both sides of the COM port will produce rubbish at best, nothing at worst.

    From what I understand reading the doc "SG-2220", the BIOS will init his COM port with known settings : the settings on the PC COM port should match exactly.
    That's about it.



  • @Gertjan:

    https://www.netgate.com/docs/sg-2220/connect-to-console.html

    You''re using a PC ? A COM port is present and you use it when starting Putty ?

    edit : Putty as a COM (serial or RS232) client won't help you much to clarify the situation. As per instructions,, Putty connects to a COM port (created by the driver that comes along with the Serial-to-USB cable - check that this COM port was created when the drivers was installed AND the cable is connected ) and will 'open' this port ans show on screen everything that's comes in.
    Bit rater, stop bits and other parity stuff becomes important, using the wrong settings on both sides of the COM port will produce rubbish at best, nothing at worst.

    From what I understand reading the doc "SG-2220", the BIOS will init his COM port with known settings : the settings on the PC COM port should match exactly.
    That's about it.

    Thanks Gertjan.  I found that while I couldn't access the console, I can see system logs as the PfSense is booting up.

    There appears to have been a different issue as well though - so I'm not sure how the whole solution got messed up this badly since I configured it initially.  Since I can access the boot menu, I tried to boot into single user mode to reset the password like that.  However, the mount command gave an error indicating that I need to run fsck.  I tried it using journaling first, which completed successfully but resulted in a kernel panic after I ran /etc/rc.initial.password.  That was yesterday.  This morning I gave it another shot without journaling, which worked.  I'm finally able to access the web interface again, but still no console if I connect after it booted.  It's weird.  It sounds like the plug has been pulled on it a couple of times though, resulting in a hard shutdown.

    Thanks again for your help, much appreciated!