Connecting a pfSense device (SG-1000) to console, on a mac

Hello, following the above thread (http://www.mac-forums.com/internet-networking-and-wireless/341976-replacing-airport-extreme-router-creating-guest-network-router.html), I just purchased a SG-1000 router (a pfSense device) for my home network. I received it yesterday, it works in its standard configuration (not yet with VLAN tagging and traffic shaping, so far).

At least as a contingency plan in the event I would forget my password, I want to be able to connect it to console in spite of the fact I do not do Linux and equivalent. Their advice seems rather complex:

Install an appropriate CP210x USB to UART Bridge VCP driver on my mac;
Use a Terminal program (screen, or ZTerm, or cu)

Before doing that, what would be the advice of serious mac users ? Can I just connect, do something fancy and get away with all of that (Is what I need already installed on the mac ?) TIA

Whenever I have the need to login to Cisco hardware via console i'll usually use screen since its built into the Mac anyway. Even so if im using USB to Serial converters I have had to install drivers for them. I have only once used console over a USB port once and I don't recall having to install the drivers for it, it might be different for the SG though.

I'd be interested to see what happens when you plug the console port to your computer and you run from terminal:

ls /dev/tty.*
ls /dev/cu.*

See if anything appears that resembles the SG and if so go with screen to try connect to it.

Thinking about it you could try doing it from one command:

ls /dev/{tty,cu}.*

I don't have my Mac in front of me to try it at the moment... all PC at work.

Magnifico halo200 ! This seems to produce results.

As a starter, I had Installed yesterday the appropriate CP210x USB to UART Bridge VCP driver on my mac from the Silicon Labs website as advised by pfSense (Netgate). That may be useful to you to better interpret the results.

Then I tried all three commands on terminal and each of them produced results, which seems promising to me (although I am not sure I understand what to do with them)

The command:
ls /dev/tty.*

Produces:
/dev/tty.Bluetooth-Incoming-Port /dev/tty.SLAB_USBtoUART

The command:
ls /dev/cu.*

Produces:
/dev/cu.Bluetooth-Incoming-Port /dev/cu.SLAB_USBtoUART

The command:
ls /dev/{tty,cu}.*

Produces:
/dev/cu.Bluetooth-Incoming-Port /dev/tty.Bluetooth-Incoming-Port
/dev/cu.SLAB_USBtoUART /dev/tty.SLAB_USBtoUART

I read you mentioning screen. I looked into my mac. A screen sharing.app is called partage d'ecran on my french OS. It requires an address to connect. That may be it.

I (1) post this intermediate post right away from my room and (2) will go to my basement (where the beast hides) with my macbook to try to connect to the pfSense box and (3) post my results. Muchas gracias.

No luck so far. I tried inputting /dev/tty.SLAB_USBtoUART or /dev/cu.SLAB_USBtoUART and it replied no success. "Verify your connections".

The pfSense notice mentions screen as well among its list of suggested Terminal programs (screen, ZTerm, cu). It says the setting to use with the terminal program are:

Speed: 115200 baud

Data bits: 8

Parity: none

Stop bits: 1

Flow control: Off or XON/OFF. Hardware flow control (RTS/CTS) must be disabled.

I wonder where to find these settings in screen.

I may have to allow this through the mac firewall, forgot to try with the mac firewall OFF. Any suggestion ?

If its a local connection then the firewall makes no difference since you are going in via the console.

What happens when you use one of these in the terminal with your machine connected to the console port?

screen /dev/tty.SLAB_USBtoUART 115200

screen /dev/cu.SLAB_USBtoUART 115200

Thanks. I will not bother about the firewall.

I did not try screen /dev/tty.SLAB_USBtoUART 115200

I tried screen /dev/cu.SLAB_USBtoUART 115200

... and it did not work.

So I tried

sudo screen /dev/cu.SLAB_USBtoUART 115200

Why ? One of the pfSense instructions (which I had not read carefully enough) stated, plainly: In many cases, screen may be invoked simply by using the proper command line: for Mac OS :

sudo screen /dev/cu.SLAB_USBtoUART 115200

<https://www.netgate.com/docs/sg-1000/connect-to-console.html>

So I tried that, got a request for a password, inputted the SG-1000 password and I got through. Here is what I received: (nearly, I changed the serial number)

<quote>

FreeBSD/arm (pfSense.localdomain) (ttyu0)

Netgate SG-1000 - Serial: xxxxxxxxxx

*** Welcome to pfSense 2.4.0-RC (arm) on pfSense ***

WAN (wan) -> cpsw0 -> v4/DHCP4: 192.168.0.33/24
LAN (lan) -> cpsw1 -> v4: 192.168.1.1/24

0) Logout (SSH only) 9) pfTop
1) Assign Interfaces 10) Filter Logs
2) Set interface(s) IP address 11) Restart webConfigurator
3) Reset webConfigurator password 12) PHP shell + pfSense tools
4) Reset to factory defaults 13) Update from console
5) Reboot system 14) Enable Secure Shell (sshd)
6) Halt system 15) Restore recent configuration
7) Ping host 16) Restart PHP-FPM
8) Shell

Enter an option:

<unquote>

So, objective reached ? nearly, thanks to your help. Yet, two questions bug me:

1 - How to quit in a clean manner, as a gentleman should do ?

I tried entering 0, quit, logout. None works. So far, I did quit by shutting off the terminal session. Seems reckless to me.

2 - Often, the printing stops in the middle of the above complete serie of words, as if the process under way was stumbling. A touch on "Enter" may unblock it, partially, totally or not at all. What could be wrong ? I tried tinkering with speed, replacing 115200 by 38400, 9600 or no mention at all, then it starts printing gibberish. So I kept 115200. I also tried both USB ports on the MacBook, both behave the same. The microUSB to USB cable is the one I received with the device from Netgate.

Last, I assume that if I lose my password or if some other horrible thing occurs, I would simply need to log in as above and enter 4 to immediately reset the device to factory default.

Thank you for your help. I believe my last questions above must be reserved for the intimidating pfSense forum, as they seem (to me) to depend on the SG-1000 side more than on the mac side.

Thanks, again.