I’ve been using a pair of Netgate XG-1541 in HA for some months as a test perimeter firewall and so far it’s been a smooth ride. This model comes with a dedicated onboard IPMI interface (Realtek RTL8201N) and while you can configure the IP parameters from the BIOS, once you changed the default credentials and then forgot them, you are pretty much locked out.
Luckily the ipmitool package is available for pfSense which is the key to recover forgotten IPMI credentials if you still have access to the GUI. The IPMI tool requires root access, to avoid using the root account login with your administrator user to the pfSense GUI.
1 In the GUI there’s a tool that allows you to interface directly with the underlying shell. This tool is at Diagnostics/Command Prompt.
2If you try to use the ipmitool command you will get an error prompt. This is because the IPMI driver is not yet loaded in Kernel.
3Temporarily load the IPMI driver using the kldload ipmi command. You can also force the driver to load in Kernel at startup modifying the “ipmi_load” parameter at /boot/loader.conf but for this how-to is not really necessary.
4Now you can use the ipmitool command with its options. The first step is to force the IPMI interface to use a static IP address with the ipmitool lan set 1 ipsrc static command (the 1 makes reference to the IPMI interface number).
5Next, use the ipmitool lan set 1 ipaddr command to set the new IP address.
6 Next, use the ipmitool lan set 1 netmask command to set the new subnet mask.
7Then use the ipmitool lan set 1 defgw ipaddr command to set the IP address of the IPMI default gateway.
8 For the access credentials, you first need to check which users are already created in the BMC database using the ipmitool user list command; take note of the ID of the user you want to modify.
9Finally, use the ipmitool user set password 2 command to reset the access password for that user. In this case, the “ADMIN” user password was reset because it allows to regain access to the IPMI GUI with administrator privileges and continue with any further changes from there instead of using the “command prompt” tool from the pfSense GUI.
If you have questions about how IPMI works, here is an excellent article from Thomas-Krenn: IPMI Basics. And remember, while IPMI is very useful, it can also be the worst of your cybersecurity nightmares.