Unable to access pfsense via serial cable



  • Hi Everyone,

    I am trying to access pfsense via console cable which I just bought. I have a mini pc from Pondesk with 4x Intel NICs, HDMI and a console port (USB to RJ-45). Currently it has the VGA based version installed. I am trying to access it via the console cable. I have installed the drivers for it in Windows 10 x64 Pro. I have adjusted the settings as per pfsense from device manager:

    Speed: 115200
    Data Bits: 8
    Parity Bits: None
    Stop Bits: 1

    I have enabled SSH and console connectivity from the advanced section in pfsense gui but when I try to access it via console through putty while setting it on the mentioned speed and selecting serial while setting the COM to COM5 as detected by Windows 10. Then I select start and nothing happens. I press the space bar and enter key multiple times but to no avail. Pfsense version is 2.4.4 p3.

    Any idea what I am doing wrong? The cable is brand new.
    I am also attaching the screenshot of the cable.
    51oFSg-YkoL.AC_SL1000.jpg

    I appreciate the help.



  • @smrehan00

    Is that cable compatible with whatever hardware you're using? For example, Cisco cables are different from Adtran. What does the RJ45 end connect to? Find out what the pin out is on that cable and short the Tx & Rx lines. You should then be able to use a terminal emulator app, such as Putty and see the characters echoed back.



  • @smrehan00 said in Unable to access pfsense via serial cable:

    a console port (USB to RJ-45)

    So it another NIC ?
    Shouldn't this be something like USB to RJ-45 to RS232 ?
    Like : internally (in the pfSense) device there is some UART, and its interface is ported to an (micro) USB on the outside of the box.
    To be used with an USB cable that exposes itself to your PC as a COM port (over USB) - the micro USB on the other side connects to your RS-232 port, which physicality is micro USB port.

    To make it short : what is this RJ-45 plug on your cable ?



  • @Gertjan

    That cable is likely a Cisco console cable. However, without knowing what he's plugging into, it's impossible to say if it's the right cable. There are differences in console cables. I've seen at least 3 different configurations in my work. Hopefully, he's not trying to plug it into an Ethernet port.



  • @JKnott
    @Gertjan

    Hi Guys! Thank you for responding back. Well, I am not an idiot :) and I know where to put the console cable in the console port.

    mnho-073 console.JPG

    The USB end goes into the USB port on my laptop and the rj-45 end goes into the console port.
    Can you tell me how to short the Tx and Rx lines?
    Can you share the color code for the wires required for it to work? In case the color code is not correct in my cable. I'll post the actual cable color code tomorrow as the cable is in the office and I am at home.

    Unfortunately, manufactures don't offer Rs-232 port anymore so I am stuck with the RJ-45 based console port.
    Here is the link to the serial cable which I got:

    https://www.daraz.pk/products/usb-to-rj45-for-cisco-usb-console-cable-ftdi-744664241835-i126626956-s1285112387.html?spm=a2a0e.searchlist.list.1.109060eaanGv2O&search=1



  • @smrehan00

    Here's the Cisco pin out, which likely matches your adapter. There is no standard colour code I'm aware of as different manufacturers do what they want. However, it's pins 3 & 6 that have to be connected. The easiest way to do that is with an Ethernet jack. However, those will generally need a punch tool, though some come with their own tool. You might also find some with screw terminals. If you're handy with soldering, you could make your own, with a circuit board mount connector, with which you'd then solder a jumper between 3 & 6.



  • @smrehan00 said in Unable to access pfsense via serial cable:

    don't offer Rs-232 port anymore so I am stuck with the RJ-45 based console port.

    What?
    That IS a serial RS-232 port just not on a DB-9 but an RJ-45 connector. Problem is that the pin-out of the RJ-45 is not standardised. Katron/KTI networks uses the same serial on RJ45 but with reversed RX/TX lines as compared to Cisco. That's an adaptor-mess unless you built your own cable.

    Ask the board manufacturer for the RJ-45 pin-out, maybe that's even printed in the manual.



  • @jahonix said in Unable to access pfsense via serial cable:

    DB-9

    Actually, that should be DE-9. DB-9 is used by those who don't know any better. The "D" refers to connector type, the 2nd letter the shell size and the number refers to the number of pins. So, the old 25 pin serial connectors are DB-25 and the 9 pin, DE-9.

    D-subminiature

    BTW, at one point in my career, I used to order connectors by the hundreds. I wouldn't get very far ordering the wrong item.


  • LAYER 8 Netgate

    @JKnott said in Unable to access pfsense via serial cable:

    What does the RJ45 end connect to?

    We could also argue that it is not an RJ45, but an 8P8C connector/jack.



  • @Derelict
    @JKnott
    @Gertjan
    @jahonix

    Guys do any of you have a working console cable? If yes then can you post a picture of it ? Moreover, can you post an up close zoomed in on the pin layout of the Rj-45 connector? So, I can take notes and create a new connector?


  • LAYER 8 Netgate

    It depends on how the port in your device is configured. You will need the documentation for that before anyone can help you.



  • Beyond cable incompatibility, I'd probably try 9600 and 19200 baud as well. Then again, I might just SSH over IP and call it a day.



  • @smrehan00

    I have a few for Cisco, but they are DE-9 on one end, not USB. Regardless, a picture won't tell you anything. I have used cables for Cisco, Adtran and Ciena and they weren't compatible. You need to find out the connections required for your device and compare it with the Cisco pin out I provided.



  • @Derelict said in Unable to access pfsense via serial cable:

    We could also argue that it is not an RJ45, but an 8P8C connector/jack

    RJ45 is valid, as it refers to a registered jack type. 8P8C is the connector used with it. On the other hand, DB-9 doesn't exist, at least not in the commonly used connectors.



  • @JKnott

    This is the cable pin out that I have on the cable I bought.

    20200103_160058.jpg



  • These colors are not standardised so from viewing at it we know nothing.
    You must provide the pins of the RJ-45 jack from your device.



  • @JKnott said in Unable to access pfsense via serial cable:

    Actually, that should be ...

    And what does it help with the actual problem if it's DB or DE? We are not a micron closer to a solution.



  • This https://www.amazon.com/Console-Essential-Accesory-Ubiquity-Switches/dp/B01AFNBC3K/ref=sr_1_1?keywords=Moyina&qid=1578056697&sr=8-1 is the cable ( I guess - it's the same image).
    Pin layout is present.

    Couldn't find any details about the RS-232 (RJ-45 like) plug :

    884388c1-a01a-4e7c-8d1c-ad5fde3c8977-image.png

    @smrehan00 : your turn.



  • @smrehan00 said in Unable to access pfsense via serial cable:

    This is the cable pin out that I have on the cable I bought.

    As has been said several times, there is no standard connection. I mentioned 3 brands of equipment, which all use different configurations. For us to help you, you have to provide the connections as required by your device. We simply don't know. Is there not any documentation for that computer that tells you what's required?



  • @JKnott There is nothing in the manual which shows about the pin status of console port. I will check in the system bios to see if the console port is activated via BIOS.



  • ?? You actually bought a device with very needed peripherals that are not documented (and probably not standard) .... it's time to contact their support.
    Was the device sold with an optional console cable ? Your next best choice : get this cable.



  • @smrehan00

    Well, then you'll just have to start checking to see where what is. The Cisco connection is a good starting point. Years ago, we used to use something called a "breakout box", which made it easy to test individual pins or make appropriate connections, etc.. If you have a volt meter, you can probe the pins to see which ones have voltage on them. The transmit data will be a few volts and the receive line may have a fraction of a volt on it. You can also do a continuity test, to see which wires are ground. This is something that I have done, on many occasions, to test unknown connections. You can make your own "breakout box" with a couple of RJ45 to screw terminal blocks.

    Does the manufacturer of that computer have any support available? I have been browsing the Pondesk site and don't see your computer.



  • @JKnott

    I just noticed the Pondesk site has live chat available. You can go there and ask about that console cable.



  • @smrehan00 said in Unable to access pfsense via serial cable:

    @Derelict
    @JKnott
    @Gertjan
    @jahonix

    Guys do any of you have a working console cable? If yes then can you post a picture of it ? Moreover, can you post an up close zoomed in on the pin layout of the Rj-45 connector? So, I can take notes and create a new connector?

    Let's to put my 5 cents in discussion:

    At the first You need really well engendered USB-to-serial DB9 converter: Prolific PL2303 (or it’s advanced version PL2303ta).

    “Well engendered” mean “compatible with most hardware serial interfaces which hardware manufacturer used”, no matter Cisco, Juniper, or some crappy no name router.

    Only after that a You need to make next step forward.



  • @Sergei_Shablovsky said in Unable to access pfsense via serial cable:

    At the first You need really well engendered USB-to-serial DB9 converter:

    That box requires an RJ45 connector, not DE-9. If he had a DE-9, he'd then need a DE-9 to RJ45 cable. What he absolutely must do is find out the correct connection for that box. He can do that by contacting the manufacturer, as I mentioned.

    We can't be expected to guess what that box requires, when there's so much variation in those cables.



  • @JKnott said in Unable to access pfsense via serial cable:

    @Sergei_Shablovsky said in Unable to access pfsense via serial cable:

    At the first You need really well engendered USB-to-serial DB9 converter:

    That box requires an RJ45 connector, not DE-9. If he had a DE-9, he'd then need a DE-9 to RJ45 cable. What he absolutely must do is find out the correct connection for that box. He can do that by contacting the manufacturer, as I mentioned.

    We can't be expected to guess what that box requires, when there's so much variation in those cables.

    Of course, You need additional DB-9 to RJ-45 extender cable.

    And mostly because only a few USB-to-Serial converters have a cable more than 0.8-1m long. Admins confirm to You that common length 1.5-2.5 m would be comfort in any situation.



  • @Sergei_Shablovsky said in Unable to access pfsense via serial cable:

    Of course, You need additional DB-9 to RJ-45 extender cable.

    Why does he need a DE-9 (yes, that is DE-9, not DB-9) anywhere? He has a USB port on a a computer and that box needs an RJ45, with some serial connection. Hopefully, it will be Cisco compatible, as that is what his cable appears to be.

    I have an adapter with a DE-9 and I then have to use another cable to connect to Cisco gear. I needed a different cable for Adtran and yet another for Ciena. That's what makes this so much "fun".

    However, until the OP contacts the manufacturer to find out what's needed, we are only guessing. As he mentioned, there might also be some configuration needed to even make the console work.


  • Rebel Alliance Developer Netgate

    Not to mention it may (or may not) need a null modem adapter in the mix depending on the pinout of that port, and depending on the cable connected to that port. Far too many variables that only the OEM (or testing every combination) can verify.



  • @jimp said in Unable to access pfsense via serial cable:

    need a null modem adapter in the mix depending on the pinout of that port

    Not likely. That's one way things are pretty much standard. The only exception would be on routers, where there's both console and aux ports. The console port connects to a computer and the aux to a modem, for dial in access.

    Incidentally, there's something called a Yost cable, which can be used to connect anything to anything. Cisco is similar to it.



  • @JKnott said in Unable to access pfsense via serial cable:

    @jimp said in Unable to access pfsense via serial cable:

    need a null modem adapter in the mix depending on the pinout of that port

    Not likely. That's one way things are pretty much standard. The only exception would be on routers, where there's both console and aux ports. The console port connects to a computer and the aux to a modem, for dial in access.

    Incidentally, there's something called a Yost cable, which can be used to connect anything to anything. Cisco is similar to it.

    Anyway, better to start with something that are standard and working without any problems on most appliances (I mean Prolific :)


  • LAYER 8 Netgate

    Making a serial cable requires the serial pin-outs for that specific port.

    To make a serial connection there you probably only need TXD, RXD, and signal ground - three pins.

    There are 120 combinations of 3 out of the 8 pins in any order so have fun guessing. With a multi-meter or oscilloscope you might be able to eliminate some of those.

    Documented pinouts is far easier.

    If a "cisco" console cable didn't work, the manufacturer needs to provide the pinouts and cable diagrams.

    If they don't have the required documentation, I would return it.

    Bottom line, this is not a problem for the pfSense firewall software to solve.



  • @JKnott said in Unable to access pfsense via serial cable:

    Not likely. That's one way things are pretty much standard. The only exception ...

    I used a KTI industrial switch in the past where TX/RX were reversed as compared to Cisco's pinout. Not funny.

    Just checked, they still do this on current products. From manual:
    Console Port: RS-232, DTE type
    1,2,7,8 NC
    3 RxD IN
    6 TxD OUT
    4,5 GND



  • @jahonix
    Thanks guys. I will report back once I achieve connectivity.



  • @jahonix said in Unable to access pfsense via serial cable:

    I used a KTI industrial switch in the past where TX/RX were reversed as compared to Cisco's pinout. Not funny.

    I guess I should have clarified a bit more. With serial ports, there is the DCE or modem and DTE or terminal. Those console ports tend to be DCE, with routers having both DCE and DTE ports. The console cable connects to the DCE and a modem connects to the DTE.

    Regardless, those RJ45 serial ports have no real standard, though those Yost cables are an attempt.



  • Hi, folks!

    Please look on whole situation:
    Operating System -> Device Driver -> USB-2-COM Adapter -> COM port in a target device.

    On each point possible be fault or wrong working order.
    So, the solution are simply moving forward from one poling to next to determine what exactly not working well.

    I just suggest to start from “is my usb-2-com really working” and not wasting time on something other. Another reason are -> many cheaper China-made usb-2-com adapters just piece of crap and not working properly.


Log in to reply