Good Morning,
So, I had some issues with one of my fibre providers and of course they wanted me to connect their router - rather than using my own.
I re-configured the WAN interface on opnsense to be 'em0' and regular DHCP - rather than PPPoE over a VLAN - set a manual gateway to the ISP router, made some firewall changes. Before doing so, I took a backup.
This morning I went to restore the original setup, as the ISP router didn't resolve the problem. Shock horror.
However, upon restoring the config I took before, the firewall rebooted, I seem to end up with a 'mash up' of the changes I made and the original config?
For example, the WAN interface is still em0/DHCP (although PPPoE has been restored, it's not assigned to the WAN) and the various firewall rules are not back as they were (had some gateway rule changes).
If I view the saved backup XML file, the em0/DHCP WAN and the manual gateway I made, are NOT present in the backup config. So I was hoping/assuming, they shouldn't be in the restored config!
Is there a restore log anywhere? So I can see if it's puking on something in particular? Nothing really 'fancy' just a basic firewall.
I tried a restore via the UI and also via option 13 on the CLI menu. In a bit of a mess at the moment, my fail safe seems to have failed - anyone any ideas?
Thanks,
If I check /conf/config.xml the manual gateway I made, to point to the ISP router, is still in the config after restore:
<gateway_item>
<interface>wan</interface>
<gateway>192.168.1.1</gateway>
<name>WAN_VODA</name>
<priority>255</priority>
<weight>1</weight>
<ipprotocol>inet</ipprotocol>
<interval/>
<descr/>
<defaultgw>1</defaultgw>
</gateway_item>
.... the above is NOT in the backup file I took.
Copied the backup to a FAT32 USB stick, ran the opnsense-importer -V - doesn't seem to show any obvious errors:
+ read -p 'Select device to import from (e.g. ada0) or leave blank to exit: ' DEV
Select device to import from (e.g. ada0) or leave blank to exit: da0
+ echo
+ [ -z da0 ]
+ [ da0 '=' ! ]
+ import_start da0
+ local 'DEV=da0'
+ export 'PART='
+ export 'TYPE='
+ export 'POOL='
+ [ -e /dev/da0s1a ]
+ [ -e /dev/da0p3 ]
+ echo zroot 2567126352270511923 110G
+ grep -c '^da0 '
+ [ 0 '!=' 0 ]
+ [ -e /dev/da0s1 ]
+ export 'PART=/dev/da0s1'
+ export 'TYPE=msdos'
+ return 0
+ mkdir -p /tmp/hdrescue
+ [ -n /dev/da0s1 -a -n msdos ]
+ echo $'Starting import for partition \'/dev/da0s1\'.'
Starting import for partition '/dev/da0s1'.
+ echo
+ [ msdos '=' ufs ]
+ mount -t msdos /dev/da0s1 /tmp/hdrescue
+ [ -n '' ]
+ [ -n '' ]
+ [ -f /tmp/hdrescue/conf/config.xml ]
+ grep -cx -- '---- BEGIN config.xml ----' /tmp/hdrescue/conf/config.xml
+ [ 0 '!=' 0 ]
+ rm -rf /conf/backup /conf/config.xml /conf/dhcpleases.tgz /conf/event_config_changed.json /conf/sshd
+ [ -f /tmp/hdrescue/conf/captiveportal.sqlite ]
+ [ -f /tmp/hdrescue/conf/config.xml ]
+ echo -n 'Restoring config.xml...'
Restoring config.xml...+ cp /tmp/hdrescue/conf/config.xml /conf
+ echo done.
done.
+ [ -f /tmp/hdrescue/conf/dhcpleases.tgz ]
+ [ -f /tmp/hdrescue/conf/dhcp6c_duid ]
+ [ -f /tmp/hdrescue/conf/netflow.tgz ]
+ [ -f /tmp/hdrescue/conf/rrd.tgz ]
+ [ -d /tmp/hdrescue/conf/backup ]
+ mkdir -p /conf/backup
+ [ -d /tmp/hdrescue/conf/sshd ]
+ mkdir -p /conf/sshd
+ find /conf/sshd -type f -name '*key'
+ break
+ [ -z '' ]
+ echo 'Please reboot.'
Please reboot.
+ bootstrap_and_exit 0
+ RET=0
+ mkdir -p /conf/backup
+ mkdir -p /conf/sshd
+ [ ! -f /conf/config.xml ]
+ mount
+ grep -cw /tmp/hdrescue
+ [ -d /tmp/hdrescue -a 1 '!=' 0 ]
+ [ -n /dev/da0s1 ]
+ umount /tmp/hdrescue
+ zfs_unload
+ [ -n '' ]
+ [ -z 0 ]
+ exit 0
This latest restore - using the USB stick and opnsense-importer, actually seems to have worked - it restored as it was meant to i.e WAN is back to PPPoE assign over the VLAN, manual gateway I made is no longer present.
However, when I reboot, I'm back to the weird 'mash-up' config :(
... not seeing any signs of write/disk errors.
zpool scrub potentially reveals all, single drive so no repair possibility - time to reinstall/find a spare drive I think
zpool status
pool: zroot
state: ONLINE
status: One or more devices has experienced an error resulting in data
corruption. Applications may be affected.
action: Restore the file in question if possible. Otherwise restore the
entire pool from backup.
see: https://openzfs.github.io/openzfs-docs/msg/ZFS-8000-8A
scan: scrub in progress since Tue Nov 14 07:01:02 2023
1.27G scanned at 41.9M/s, 396M issued at 12.8M/s, 1.27G total
0B repaired, 30.44% done, 00:01:10 to go
config:
NAME STATE READ WRITE CKSUM
zroot ONLINE 0 0 0
ada0p4 ONLINE 0 0 1.65K
errors: 747 data errors, use '-v' for a list
SMART test less helpful:
smartctl 7.4 2023-08-01 r5530 [FreeBSD 13.2-RELEASE-p5 amd64] (local build)
Copyright (C) 2002-23, Bruce Allen, Christian Franke, www.smartmontools.org
=== START OF READ SMART DATA SECTION ===
SMART overall-health self-assessment test result: PASSED
smartctl 7.4 2023-08-01 r5530 [FreeBSD 13.2-RELEASE-p5 amd64] (local build)
Copyright (C) 2002-23, Bruce Allen, Christian Franke, www.smartmontools.org
=== START OF READ SMART DATA SECTION ===
SMART Self-test log structure revision number 1
Num Test_Description Status Remaining LifeTime(hours) LBA_of_first_error
# 1 Short offline Completed without error 00% 4387 -
Out of curiosity, ran a opnsense-debootstrap before reinstalling - this was very slow, looks like the drive is hosed.
Re-install time.
Well, I would ditch that drive for sure.
# smartctl -A /dev/ada0
will probably have better information than running a short self-test.
Back up and running.
... SSD was taken outside and given the hammer treatment.
What a way to start the day!