Recovery

From securityrouter.org, an OpenBSD-based firewall
Jump to: navigation, search

You probably read this article because something went wrong with your configuration. You have several options, depending on what have happened, and what you like to do. The most common cause is that one has forgotten the password, and need to rollback to the default configuration. Fortunately, the old configuration isn't lost, because the system maintains the configuration revisions.

Method Authentication Reboot Deletes all data
Rollback using HTTPS Password No No
Rollback using CLI Password No No
Rollback using reset button Physical access Yes No
Rollback using console Console access Yes No
Factory reset using CLI Password Yes Yes
Factory reset using console Console access Yes Yes
Reinstall/Update system partition Console access Yes No

Rollback using HTTPS

  1. Go to Configuration > Revision management
  2. Select a previous (known working) revision (so that the line highlights in blue) and press "Checkout #..."
  3. Go to Configuration > Deploy working copy
  4. Press "Deploy (commit)"

Rollback using CLI

  1. Login to the CLI
  2. Run configure
  3. Run log to find a good configuration revision number (probably the second-last)
  4. Run rollback X where X is the known working revision

Rollback using reset button

HSR-1204 jumper setting

Some models, currently HSR-1204 and ALIX[1], have a reset button that can be used to rollback to the default configuration.

  1. Reboot (possibly by disconnecting the power)
  2. Press and hold the reset button (about a minute) until either...
    • ...you hear three beeps
    • ...or the LEDs flashes three times
  3. The system is reset, but all old configuration revisions are maintained
  4. Once logged in with the default username and password (admin) you can rollback to a known working configuration as described previously

If you have an HSR-1204 that reboots (instead of resets) when pressing the reset button, you need to move jumper JP4, as illustrated in the picture to the right.

Rollback using console

  1. Connect to the console (serial, video or virtual)
  2. Reboot (possibly by disconnecting the power)
  3. Do not press 'F' when the firmware prompt appears
  4. Wait for it to start booting (takes about a minute)
  5. When you see Press any key for recovery..., do so (press any key)
  6. Run default-config which will commit a new configuration revision
  7. Run boot to boot with the new, default configuration
  8. Once logged in with the default username and password (admin) you can rollback to a known working configuration as described previously

Factory reset using CLI

  1. Login to the CLI
  2. Run do factory-reset (deletes all data, including previous configuration revisions)

Factory reset using console

  1. Connect to the console (serial, video or virtual)
  2. Reboot (possibly by disconnecting the power)
  3. When you see Press 'f' for update and recovery firmware, do so (press 'F')
  4. Wait for it to load the firmware
  5. Run reset (deletes all data, including previous configuration revisions)

Reinstall/Update system partition

  1. Connect to the console (serial, video or virtual)
  2. Reboot (possibly by disconnecting the power)
  3. When you see Press 'f' for update and recovery firmware, do so (press 'F')
  4. Wait for it to load the firmware
  5. Run update and follow the on-screen instructions
  6. Run reboot once the installation has finished