I'm a newbie at OPNSense, though better-than-average at networking. Because I was replacing a Zyxel plus a Ubiquity EdgeRouter, which handled VLAN and PPPoE as well as firewall and VPN duties, I documented (nearly) everything and made constant config backups at each step.
Sadly, trying to get Wireguard working, I horked outside access. Probably screwed up a firewall rule. No worries, restore the configuration backup.
No dice. It took quite a while to get that puppy working again. I think it was a VLAN setting (Priority) that wasn't getting restored, but it might have been something else; certainly seems associated with the igc - VLAN - PPPoE train. And, now that I have it working again, I have no interest in reproducing.
Anyhow, do not rely on the configuration backup. Much to my amazement, a "successful" restore may miss some important factors.
I do agree with you on this. The restore config is not to be really trusted. It would only, if it ever works. I have tried it a couple of time with no luck on the same device.
TLDR: "My lack of understanding of how the product works and occasional breakage resulting from my actions make me an authoritative figure deeming your product broken"
Anyone interested in restoring or migrating would benefit from reading at least these two links:
https://docs.opnsense.org/manual/backups.html#backup (https://docs.opnsense.org/manual/backups.html#backup)
https://homenetworkguy.com/how-to/migrate-opnsense-to-new-hardware/ (https://homenetworkguy.com/how-to/migrate-opnsense-to-new-hardware/)
Thanks. Did you read the portion that said "IF ALL GOES WELL...."
LOL.
That's said, it may or may not work, not that it will always work as I personally seen it does not. :)
Most of this has to do with plugins. I wished that the config file could have been modularized to place the firewall configs in one main config in another and plugins in another.
The process is simple and can be summarized as follows:
1) Import config.xml - triggers automatic reboot
2) Check for updates - triggers automatic reinstall of all plugins in scope
3) Final reboot to have the system come up with all services as expected
Third party plugins configurations are not included in config.xml - the need to be addressed separately.
I admire your faith in the process. It is not infallible; it missed some non-plug-in settings. You simply must not have had to rely on the settings it's missing in the current version.
Quote from: RadioCat on August 13, 2023, 08:38:29 PM
I admire your faith in the process. It is not infallible; it missed some non-plug-in settings. You simply must not have had to rely on the settings it's missing in the current version.
Which ones exactly? This calls for filing an issue, doesn't it?
The #special ones Patrick, and we don't talk about Bruno ;)
Patrick, as I mentioned, I have no interest in trying to reproduce this. It definitely, and annoyingly, happened so I'm warning others, but to file an issue, I'd have to create another installation and go through that process again because I'm not willing to do this with my main system. I don't have the spare hardware or time to do that.
Consider it a warning to, as I said, document everything.
You don't need spare hardware:
https://github.com/punktDe/vagrant-opnsense
But if you have no incentive to put in the effort - you do you.
> I do agree with you on this. The restore config is not to be really trusted. It would only, if it ever works. I have tried it a couple of time with no luck on the same device.
First time I hear of multiple failures but no concrete evidence to the experience.
The whole config.xml is really just garbage in garbage out if you don't mind me saying that. The biggest caveat is restoring a config.xml on a system older than the one it's trying to restore, but here I think you'd know what you are doing.
All things not working as expected can be labelled bug and put into the GitHub tracker for further inspection. It would be nice to fix the actual issue encountered if it doesn't come to being a backwards-compat issue.
Cheers,
Franco