Unique Lockout Problem, Need ideas for getting back into device without console.

  • I have two pfSense boxes that are deployed about 800 miles from my current location. I had one of them configured as an OpenVPN server and I am able to get into it just fine. The second box is going to be configured with CARP. Anyways, here's the situation. I forgot to create a firewall rule on the second box to allow my traffic through openvpn. Therefore, I could get into the pfsense box running openvpn and my managed switches, but not the second pfSense box. Anyways, I decided to SSH into the first box, run links and configure the firewall rule directly. I discovered a sub-netting issue on the LAN interface of the second box and attempted to adjust it through the command line web browser. Well, I think it posted something funky because now I can't even see the box. Interestingly, Links didn't show the interface "Type" dropdown. Instead, it showed all of the possible fields for static, dhcp, pppoe, etc. I just made the adjustment to the static field, and submitted. And now, I can no longer ping the box from the first box. Any ideas how I can get back into it? I have physical access to the hardware (I have a non-techie friend who can move wires around and stuff), but the mobo that I'm using only has DVI and I forgot to leave my DVI-VGA adapter with him. Is there some way to possible force the box to start with default configuration with only keyboard shortcuts and no monitor?

  • Ask your friend to pull the drive and stick it into hopefully a similar machine. Otherwise install pfsense on a virtual box for yourself, and then just walk him through (resetting settings or w/e).

  • What would be the possibility of re-configuring back to factory defaults with just a keyboard and the current install (not re-installing). I could fire up the same build in virtual box and if we could find commonality in the procedure, we should be able to drive blind and get it back to square one.

  • Best bet is to walk him through using your virtual machine as a reference. Just to make sure you're at the same point, maybe ask him to reboot it.

    I believe you can use the serial port and putty and control it as well, but I'm not well versed. I've done this with cisco switches via their console port, but the concept is the same for a pfsense box that has a serial port in the back.

  • Perfect, I just figured this out. The system plays the startup chime, so I know when it's booted.

    1. Press #2 (Set Interface(s) IP Address)

    2. Press #2 (LAN)

    3. Type

    4. Press ENTER

    5. Type 24 (CIDR)

    6. Press ENTER

    7. Press n (Do you want to enable the DHCP Server on LAN? y|n)

    8. press n (Do you want to revert to HTTP as the webConfigurator protocol? y|n)

    9. Press ENTER to confirm

    10. Should be back at main menu.

Log in to reply