OPNsense Forum
English Forums => General Discussion => Topic started by: Stril on February 02, 2017, 09:13:54 am
-
Hi!
I am running many remote sites and thinking about replacing the systems there with OPNsense systems, but there is one thing, I could not solve:
At the moment, the running systems are working like Cisco devices:
- Config changes are commited to "running-config"
- "running-config" must be copied to "startup-config"
- If "running-config" is not saved, a power-cycle reverts to "startup-config"
If i do something stupid on a system that leads to a big problem (e.g. VPN goes down), someone at the remote-location without any IT-knowledge can power-cycle the device.
Is there any mechanism to allow a config-revert WITHOUT console?
It would be great to save to an "approved" config, that will be loaded on boot.
Thank you and best wishes
Stril
-
Rather than a power cycle, with its risk of collateral damage to the file system, I would prefer something like ESXi which will revert a network change that locks it out of the management network.
HA may be easier with someone on site pulling out the network cable to force rollback.
Bart...
-
Hi!
Isn't HA the same problem? A fatal config-change would corrupt the config on both systems.
Another option would be to force a rollback on pressing the reset-button
What do you do in those situations? I think the "cisco-concept" with two configs is a very good thing...
Regards,
Stril
-
The basic rule is you can always trash your configuration, no matter how clever the system.
The things that help in my experience:
1) Quick console access, even for VMs using Remote Clients to the VM Hosts.
2) Unlock the console menu. If its hard for you to get to the console it's safe enough to be unlocked. ;)
3) There's a revert tool in the console menu or manually edit /conf/config.xml or skim through the backups at /conf/backups
4) SSH over GUI, GUI via VPN is nice, but only SSH should be going out "raw".
5) Reboot just to be safe.
I realise none of this is relevant to HA, but if HA doesn't work this is what it comes down to.
Cheers,
Franco
-
Hi Franco,
thank you for your answer.
Your experiences are good, but hard to use in my szenario. The systems are located in shops without any IT-stuff. It's not a problem to power-cycle a device, but it's hard to give a person without any techincal skills the advice on how to revert a config by console.
If access via SSH is possible, I do not see a problem, but if I am totally locked out, I need a "plan B".
It would be great to have a safe mode where config is reverted on reboot.
Regards,
-
I would create a USB drive with a nano image that has a basic firewall config for the site and set the remote OPNsense machine BIOS to boot from USB first and local hard disk second.
If the system locks up through a config change or a disk error, ask local staff to plug in the USB stick and reboot. That will restore the firewall quickly and give you a way in to diagnose.
Bart...
-
That's indeed a great idea from Bart. You hand out Nano-based images on USB sticks. If a configuration goes down the people there can switch out bad USB against a good spare one and reboot.
-
Hi!
I really, really appreciate your effort to find a solution, but having an emergency-config on a stick is not a solution in real life, if you have to work with 10s of sites or 100s of sites.
The "emergency" stick becomes more and more outdated until it does not help in case of emergency.
What if the PPPoE-Credentials change? My Team would have to change the config, ask the staff to insert the thumd-drive, copy the config, ask the staff....
It would just be great to be able to have a last "approved" config.
Stril
-
You're right. For that matter we are working on an improved configuration importer which would at least allow USB sticks to enclose a config only, no moving packages parts that become easily outdated.
A factory reset button is not a good solution as you need physical access and you will revert to a config you likely don't want...
Part of the practice is a regular backup schedule in some way and we can't provide this remotely, at least not out of the box. Yes, there's fancy stuff as Google Drive or FTP backup scripts here in the forum, but you have to set them up in any case.
Here is the ticket for further base for discussion.
https://github.com/opnsense/core/issues/1372
Cheers,
Franco