Bug #13455


Issue with Serial Console after Enabling Password protect the console menu

Added by Chris Mirchandani 3 months ago. Updated 3 months ago.

Console Menu
Target version:
Start date:
Due date:
% Done:


Estimated time:
Release Notes:
Affected Plus Version:
Affected Architecture:
4100, 6100



I don't know if this issue is related to pfSense Plus 22.05 or the Netgate 6100. I have been running pfSense CE on a Qotom-Q575G6-S05 system since 2019. Most recently I was running pfSense CE 2.6.0. I've always used the serial console and for a significant portion of this time I've been running with the "Password protect the console menu" option enabled. This weekend I set up a couple of Netgate 6100's which came with pfSense Plus 22.05 and imported my config. After this I noticed erratic behavior with the console. I haven't ruled out that my issue could be a general console issue, but it appears to be related to having the "Password protect the console menu" option enabled. Everything appears fine in the console during boot and in the initial start up because I changed hardware I had to set up VLANs on the network ports and assign network ports to the interfaces. The issue occurs after that when it gets to the login prompt and garbled text shows and more comes when you press enter. Eventually it stops responding and sometimes shows the username prompt. The only thing that gets things back is a reboot, but it's the same as before, you see all the text through boot/startup, but when it gets to the prompt garbled text. See below for an example. If I disable the "Password protect the console menu" option I don't get the garbled text and the normal data loads showing interfaces with IPs and presenting 17 numbered options from Logout to Restart PHP-FPM. This is happening on both Netgate 6100 devices.

Configuring filter for dynamic IPsec VPN hosts... done
Starting CRON... done.
Starting package sudo...done.
Starting package Cron...done.
Starting package iperf...done.
Starting package mtr-nox11...done.
Starting package nmap...done.
Starting package arping...done.
Starting package nut...done.
Netgate pfSense Plus 22.05-RELEASE amd64 Wed Jun 22 18:56:13 UTC 2022
Bootup complete
)ɕ� M�
��٢B2���j����͗ȔWV��*Q)V��$%��&\\�[X��us.oa) (ttyu0)

login: ��������������

If it's any help the Netgate 6100s are connected to a USB to Serial Adapter Hub using FTDI FT232 chips. This USB to Serial Adapter Hub is connected to a CompuLab Intense-PC that is running VyOS 1.3 and access is provided to these serial devices through the VyOS console-server configuration with uses Conserver. Basically it's a home grown Cyclades or MRV or OpenGear or simian device.

I have 3 Cisco switches, another Netgate 6100 running VyOS 1.3.0, a Juniper SRX300 and the Qotom-Q575G6-S05 connected to this setup via serial and they all work fine while requiring authentication at the console. Over the years I've also had COMMELL CMB-574-G's and Lanner, Inc LEC-2126's connected running various versions of pfSense, OPNSense, VyOS, and other MISC Linux operating systems running with serial console access without issue. My point is simply I don't think it's an issue with this serial console setup barring a specific issue with pfSense Plus 22.05 or pfSense Plus 22.05 running on the Netgate 6100 as I noted that I have VyOS 1.3 running on a Netgate 6100 and it doesn't have issues with the serial console.

Actions #1

Updated by Steve Wheeler 3 months ago

Unable to replicate that in 22.05 or 22.09 on a 6100 using pfSense as a console server in a similar way.

Do you see the same when connected directly the 6100 console?

Do you see the same thing on both the USB and RJ-45 ports?

Actions #2

Updated by Chris Mirchandani 3 months ago

I didn't notice an issue when I was connected to the Serial Console via the USB connection on the 6100, just when connected to the RJ45.

I don't understand the distinction between your question "Do you see the same when connected directly the 6100 console?" and the following question. Could you clarify this question?

Since you couldn't reproduce the issue, could it be something in my config? This pfSense instance started ~10 years ago and has gone through many pfSense upgrades, config changes, and transfers between multiple systems with the 6100 being at least the 5th. If so is there a way to transfer my config to you securely to test it?

Actions #3

Updated by Steve Wheeler 3 months ago

  • Status changed from New to Confirmed
  • Target version set to 23.01
  • Affected Plus Version set to 22.05
  • Affected Architecture 4100 added

Ok, I replicated that using the RJ-45 console. And only with 'Password protect the console menu' enabled.

Tested 6100:

Tested 4100:

Actions #4

Updated by Steve Wheeler 3 months ago

CE devices with RJ-45 serial consoles seem unaffected. Tested 2.7 snaps.

Actions #5

Updated by Steve Wheeler 3 months ago

The USB console is also not displayed correctly on the 6100/4100 though to a far lesser extent:

Netgate pfSense Plus 22.09-DEVELOPMENT amd64 Fri Jul 29 06:14:54 UTC 2022
Bootup complete
)FreeBSD/amd64 (6100.stevew.lan) (ttyu0)

login: adminPassword:
Netgate 6100 - Serial: Q02080X202014 - Netgate Device ID: f242a685c67f87712345

There is a rogue ')' shown and the login and password entry appear on the same line.

It should appear as:

pfSense 2.7.0-DEVELOPMENT amd64 Fri Aug 12 00:02:48 UTC 2022
Bootup complete

FreeBSD/amd64 (m470-2.stevew.lan) (ttyu0)

login: admin
pfSense - Netgate Device ID: 922103ac9d4f1cd12345

*** Welcome to pfSense 2.7.0-DEVELOPMENT (amd64) on m470-2 ***

Actions #6

Updated by Chris Mirchandani 3 months ago

OK I didn't think about this before, but I'm pretty sure the USB console had the username and password prompts on the same line, but it was usable for everything I did.


Also available in: Atom PDF