OPNsense Forum
Archive => 22.7 Legacy Series => Topic started by: SecCon on September 06, 2022, 09:55:24 am
-
I went ahead and reinstalled OPNSense on my server, this time using ZFS drive mirroring.
After initial configuration of IP via prompt, I logged on to the interface, went to System > Configuration > Backups and restored a backup file that was made just before the new setup.
In that backup restore the following was NOT restored, that I have noticed so far:
- DNS adressess
- Interface plugins - like api-backup and etpro-telemetry (it did actually keep the Telemetry token)
Several other settings were restored, but what is the purpose of the backup xml if it does not backup all the settings? Ok, it does not contain the plugin files, but it should tell the system to get them? And the DNS, is that not a kinda important setting? In all fairness it does list the relevant plugins as missing but makes no effort to get them.
Seems to me the backup documentation, that is tiny (https://docs.opnsense.org/manual/backups.html), should include information about what is not backed up, why, and relevant workarounds.
-
This isn't true. At least all GUI settings are retained, but you may have to sync the plugins back that use them.
If not the backup is incomplete for other reasons.
Cheers,
Franco
-
Ok, thanks for reporting this to the moderator...
The reporter has made the following comment:
accusing me of lying
So first of all I don't know what you've done to your settings, backups, config changes, what "DNS addresses" means since you didn't reference a page that they are supposed to be on. You didn't provide a diff with the things that are now missing and you didn't check the backup.xml if the settings were there in the first place.
I can only assume what you concluded is not true based on all the lack of evidence you provided.
Now it's your turn.
Cheers,
Franco
-
I stated what I saw. My configuration is not that advanced. Still a work in progress.
Made one backup before installing. Disks were wiped in the process. Restored the backup to default 100% system but for a custom IP I use to access it.
My DNS is custom to Quad9, and that was one of the settings I checked first. Natural for me since I work with Security and Compliance.
As for the plugins, I already stated that some details were in place, at least for the Telemetry plugin, the plugin it self was not there, which already has an explanation.
What I felt needed correction was OPNSense's description of the backup functionality in the documentation.
-
> What I felt needed correction was OPNSense's description of the backup functionality in the documentation.
Fair enough and even for that we need more data. Check backup.xml for missing data, let us know which exact setting was gone (first it was dns addresses and now a custom IP), find the one that has this setting still and where it was removed. The GUI has a builtin history-diff feature for that exact reason.
Cheers,
Franco
-
So I can see that the DNS addresses are wrong in the xml export. Since I wiped the drives I can not check any other data, nor do I have any other backups available.
The mentioned IP adress is from the basic conf I did, and do, in the setup console, ipv4 networking options, to get connectivity to the OPNSense GUI. Don't know how that would be done otherwise.
I would suggest a complement to the documentation, writing that the backup creates an XML file with "all" data and settings from the current OPNSense installation, including most if not all data needed by plugins (as my example above with the ETPro-Telemetry token) once they have been restored, and will mark missing plugins that needs installation after an import of the backup xml. Restoration will neither install those plugins nor update the system, both of which will have to be done after the imoprt.
Basically, this is what the backup does, this is what it creates and this is what the backup does not do.
-
So I can see that the DNS addresses are wrong in the xml export. Since I wiped the drives I can not check any other data, nor do I have any other backups available.
The mentioned IP adress is from the basic conf I did, and do, in the setup console, ipv4 networking options, to get connectivity to the OPNSense GUI. Don't know how that would be done otherwise.
- For the DNS wrong in the xml export, it would be good to know which node you're looking at since there are multiple places where DNS settings can be configured using the UI.
- For the GUI ip address I would have thought the restore will put the backedup one back as long as the interfaces assigments match. Could it be an interface mismatch or change since the backup?
-
Hmm,
I followed the same path. Installed opnsense from scratch on zfs, then imported the Settings during the installatin.
After that went to Plugins --> autofix which installed all missing plugins and the confug was as before.
-
- For the DNS wrong in the xml export, it would be good to know which node you're looking at since there are multiple places where DNS settings can be configured using the UI.
- For the GUI ip address I would have thought the restore will put the backedup one back as long as the interfaces assigments match. Could it be an interface mismatch or change since the backup?
That is true. It is actually a bit hard to tell from the backup XML
Wrong entries from backup:
<language>en_US</language>
<dnsserver>8.8.8.8</dnsserver>
<dnsserver>1.1.1.1</dnsserver>
<thermal_hardware>coretemp</thermal_hardware>
In the GUI it was in the System > Settings > General > DNS Servers
Hmm,
I followed the same path. Installed opnsense from scratch on zfs, then imported the Settings during the installatin.
After that went to Plugins --> autofix which installed all missing plugins and the confug was as before.
That seems of course way easier, but not mentioned in the docs... which I guess is not surprising. Will add it. Ehm, what's it called again, can not seem to find it?
I made a new backup and it took the correct DNS to the XML. Might test a repeat of the whole scenario to see if it works or not. Repeatability is of course essential in any troubleshooting.
-
If it helps here is a nice article by teosoft who described the process:
https://forum.opnsense.org/index.php?topic=24174.msg115632#msg115632 (https://forum.opnsense.org/index.php?topic=24174.msg115632#msg115632)