pfSense lost my credentials



  • Yesterday I noticed the network sort of slow, later on I checked the firewall and two PPPoE link it dials were out, a third one was maintaining the network online.

    VPN links were out as well.

    I dismissed it as maybe it was a hiccup with the ISP. Much later in the night I checked again, and it was the same thing but one of the links was back online. My ISP is really reliable, what the phone support staff lack in knowledge (...) they make it up in service.

    Before going messing stuff up this time I checked the logs like a responsible person; pfSense was dialing and there was communication with the DSLAM or whatever there's at the other side but my password was being declined. I thought maybe there really was something with the ISP.

    Another while later checked again an still the same. Now getting up I tried quickly just reentering the password and the link instantly was back online. I pushed my luck doing the same to the VPN links and as before it worked.

    So, somehow pfSense forgot the passwords to the accounts, usernames were OK. Besides activating Squid, which always brings the weirdest issues to system; I hadn't change anything in the timeframe on which the links fell. To send to the devs at Netgate I'd like to get those special logs that appear automatically when there's a system crash, usually on the beta versions, but I don't know how.

    I'm not a pro on the command line but it doesn't scare me either. You can always reinstall, right? :) Any secret wizardry I can input to get those files?


  • Netgate Administrator

    I would check the config file directly in /conf/config.xml. The login credentials are stored there in the <ppps> section. I would be very surpristed to find they had changed though.
    You could also check the actual running ppp config in /var/etc/mpd_xxx.conf.
    I can't see how those would have changed either but it seems like a better possibility.

    Of course both those will be correct now if it's connecting, but if it happens again check that.

    Did you try just stopping and starting the connection attempt before re-saving the password?

    Steve



  • Sorry for the delay, I finally fell asleep. I did, on one link only. I think it was indeed Squid though. IT started [everything] deteriorating fast just a tiny bit later. Downloads were and SSH connections to local hosts would return "broken pipes". I has seen this behavior before this time I almost went insane trying to fix it, even got an SNMP tool, in itself a major undertaking because downloads kept freezing the whole network and failing to complete--finally set it up and the big red indicator that I couldn't clear was something about a DHCP ram disk, which is supposed to be full--the conclusion I kept drawing, still, I stopped DHCP and deploy another box just for DHCP.

    In the end, I gave up and decided to make the best out of a bad situation and decided to start over installing very carefully the whole network, I had already wiped a couple of times pfSense, BTW, but I was restoring from backup and that last time when I didn't I discovered the backups were snowballing the bad from before. Everything was super fast again, like unbelievably so. I kept the DHCP though, and, I added to that another 4 additional pfSense boxes, RADIUS, 2x DNS and proxied DNS (it dials VPN) these were thin clients with some weird architecture that's 64-bit "but not really", something called i586/i686, I think it's from the '90s. The 32-bit pfSense got them working again. This whole thing pushed me to get creative. :) I'm just happy to help, if I can.

    I'll keep an eye on that, already wrote it down on the file I write the history of changes I make, my memory sucks. I assume the first one is the same that's downloadable as backup--I'll find out. Anyway, thanks; I doubt it happens again but in a weird way I'm kinda hoping it does out of sheer curiosity.