OPNsense Forum
English Forums => Tutorials and FAQs => Topic started by: Ben. on August 16, 2018, 07:40:58 am
-
Hi,
I am about to migrate from *sense to OPNsense and prepared a configuration in a VM to have as little downtime as possible. Afterwards I exported the configuration and wanted to import it with the opnsense-importer during startup of a live environment to test it.
First I put it on the OPNsense partition on the USB drive but I couldn't provide a path, only a drive name.
Secondly I put it with the original name on a second USB drive but it always said "No previous config found".
Thirdly I put it as "config.xml" on the second USB drive but it still said "No previous config found".
As I couldn't find anything in the documentation (man-page also not mentioning how to do it), I had a look at the code...
The configuration-file needs to be put in
conf/config.xml
of the USB drive.
I would suggest to add
- the option to provide a local path
- the option to download from a remote path (e.g. website)
-
1. opnsense-importer is for importing either full or partial installations. The layout is fixed for this reason.
2. this would require networking. opnsense-importer runs under the assumption that no network is available.
Cheers,
Franco
-
Thanks for your reply, Franco.
The Importer is expecting a OPNsense-installation on the USB drive?
Ok, this was not clear to me. I thought it's looking for a configuration only.
As the Importer can be run from shell, I still think it would be a nice feature, but I see your point.
-
The tool imports not only a single config as it can deal with all previous backups, DHCP leases, Captive Portal database, DUID, RRD and Insight data. You could backup /conf from a running machine and restore your system in a heartbeat with it beyond the mere import of a config.xml which can be easily done from the GUI. We don't want to solve every problem everywhere. :)
Cheers,
Franco
-
(Apologies for posting on an FAQ thread. Please do feel free to move it as seen fit)
I recently purchased a DEC4040 which came with OPNSense business edition. I have a Protectli box with well-configured settings running smoothly. To minimize disruption to the network, per recommendation here, I copied entire /conf contents onto a USB, changed interface names (igbX-igbY remained same, added ax0,ax1,ice0,ice1 to LAGG'ed config) + few other changes (to conform to business edition's schema/values), and ran opnsense-importer. I ran it both verbose and regular mode. Both times no errors were shown. A quick reboot (both times) from the console window. Both times, it booted to its default factory-shipped state. dmesg output doesn't show any major show stoppers. Is this the expected behavior from importer utility? Any idea on where/how to start troubleshooting? Below is a sample of the interface names/values.
<vlans version="1.0.0">
<vlan uuid="97c6384c-7339-46f3-bf83-149b14254cb0">
<if>lagg0</if>
<tag>2</tag>
<pcp>1</pcp>
<descr>VLAN tag for Esco Ghaar CCTV Cameras Traffic</descr>
<vlanif>vlan02</vlanif>
</vlan>
<vlan uuid="07eddf31-04cd-4a76-8377-57a667b56315">
<if>lagg0</if>
<tag>3</tag>
<pcp>2</pcp>
<descr>Original LAN untagged traffic </descr>
<vlanif>vlan03</vlanif>
</vlan>
<vlan uuid="19324450-009b-41ce-960a-2dcd840ffb3a">
<if>lagg0</if>
<tag>120</tag>
<pcp>2</pcp>
<descr>Storage</descr>
<vlanif>vlan0.120</vlanif>
</vlan>
<vlan uuid="ea3bdbc6-ff45-4e61-bc08-bca5c481dd06">
<if>lagg0</if>
<tag>140</tag>
<pcp>2</pcp>
<descr>Supervisor</descr>
<vlanif>vlan0.140</vlanif>
</vlan>
<vlan uuid="9d497323-d1c2-462b-b048-130d6d7eb2fa">
<if>lagg0</if>
<tag>250</tag>
<pcp>0</pcp>
<descr>IoT</descr>
<vlanif>vlan0.250</vlanif>
</vlan>
<vlan uuid="a4ea1ac8-71d2-4087-bb7e-d77491af6c9d">
<if>lagg0</if>
<tag>100</tag>
<pcp>7</pcp>
<descr>Servers</descr>
<vlanif>vlan0.100</vlanif>
</vlan>
<vlan uuid="3c94f447-b2ef-49b3-b807-cf52c48b7fa2">
<if>lagg0</if>
<tag>1</tag>
<pcp>0</pcp>
<descr>Default VLAN#1 traffic</descr>
<vlanif>vlan0.1</vlanif>
</vlan>
</vlans>
<laggs>
<lagg>
<members>igb0,igb2,ax0,ax1,ice0,ice1</members>
<descr>LAGGy_Interface</descr>
<laggif>lagg0</laggif>
<proto>lacp</proto>
<mtu/>
</lagg>
</laggs>
<dhcpdv6/>
<ifgroups>
<ifgroupentry>
<members>opt5 lan opt6 opt3 opt4 opt2</members>
<ifname>FG_ALL_VLANs</ifname>
</ifgroupentry>
<ifgroupentry>
<members>lan opt6 opt3 opt4</members>
<ifname>FG_CRITICAL_LAN</ifname>
</ifgroupentry>
</ifgroups>
<interfaces>
<wan>
<if>igb1</if>
<enable>1</enable>
<spoofmac/>
<ipaddr>dhcp</ipaddr>
<dhcphostname/>
<alias-address/>
<alias-subnet>32</alias-subnet>
<dhcprejectfrom/>
<adv_dhcp_pt_timeout/>
<adv_dhcp_pt_retry/>
<adv_dhcp_pt_select_timeout/>
<adv_dhcp_pt_reboot/>
<adv_dhcp_pt_backoff_cutoff/>
<adv_dhcp_pt_initial_interval/>
<adv_dhcp_pt_values>SavedCfg</adv_dhcp_pt_values>
<adv_dhcp_send_options/>
<adv_dhcp_request_options/>
<adv_dhcp_required_options/>
<adv_dhcp_option_modifiers/>
<adv_dhcp_config_advanced/>
<adv_dhcp_config_file_override/>
<adv_dhcp_config_file_override_path/>
</wan>
<lan>
<enable>1</enable>
<if>vlan03</if>
<ipaddr>192.168.1.1</ipaddr>
<subnet>23</subnet>
<ipaddrv6>track6</ipaddrv6>
<subnetv6>64</subnetv6>
<media/>
<mediaopt/>
<track6-interface>wan</track6-interface>
<track6-prefix-id>0</track6-prefix-id>
<descr>LAN</descr>
</lan>
<lo0>
<internal_dynamic>1</internal_dynamic>
<descr>Loopback</descr>
<enable>1</enable>
<if>lo0</if>
<ipaddr>127.0.0.1</ipaddr>
<ipaddrv6>::1</ipaddrv6>
<subnet>8</subnet>
<subnetv6>128</subnetv6>
<type>none</type>
<virtual>1</virtual>
</lo0>
<openvpn>
<internal_dynamic>1</internal_dynamic>
<enable>1</enable>
<if>openvpn</if>
<descr>OpenVPN</descr>
<type>group</type>
<virtual>1</virtual>
<networks/>
</openvpn>
<opt2>
<if>vlan02</if>
<descr>vCamsTraffic</descr>
<enable>1</enable>
<spoofmac/>
<ipaddr>192.168.2.1</ipaddr>
<subnet>27</subnet>
</opt2>
<opt1>
<descr>LAGGy_LAN</descr>
<if>lagg0</if>
</opt1>
<FG_ALL_VLANs>
<internal_dynamic>1</internal_dynamic>
<enable>1</enable>
<if>FG_ALL_VLANs</if>
<descr>FG_ALL_VLANs</descr>
<virtual>1</virtual>
<type>group</type>
<networks/>
</FG_ALL_VLANs>
<opt3>
<if>vlan0.120</if>
<descr>Storage</descr>
<enable>1</enable>
<spoofmac/>
<ipaddr>192.168.120.1</ipaddr>
<subnet>24</subnet>
</opt3>
<opt4>
<if>vlan0.140</if>
<descr>Supervisor</descr>
<enable>1</enable>
<spoofmac/>
<ipaddr>192.168.140.1</ipaddr>
<subnet>24</subnet>
</opt4>
<opt5>
<if>vlan0.250</if>
<descr>IoT</descr>
<enable>1</enable>
<spoofmac/>
<ipaddr>192.168.250.1</ipaddr>
<subnet>24</subnet>
</opt5>
<opt6>
<if>vlan0.100</if>
<descr>Servers</descr>
<enable>1</enable>
<spoofmac/>
<ipaddr>192.168.100.1</ipaddr>
<subnet>24</subnet>
</opt6>
<FG_CRITICAL_LAN>
<internal_dynamic>1</internal_dynamic>
<enable>1</enable>
<networks/>
<if>FG_CRITICAL_LAN</if>
<descr>FG_CRITICAL_LAN</descr>
<virtual>1</virtual>
<type>group</type>
</FG_CRITICAL_LAN>
<opt7>
<descr>default</descr>
<if>vlan0.1</if>
</opt7>
</interfaces>
-
Perhaps it's trying to recover from an interface mismatch still in the imported config.xml.
But not sure what is going on without you posting the output of the command (and perhaps subsequent boot).
Cheers,
Franco
-
Indeed, i didn't mean to waste your precious time. Please allow me a few hours and I'll have
opnsense-importer -V and dmesg output. I've already verified that physical interfaces match (per kernel loading as Decisio factory default settings).
-
Running Importer
root@OPNsense:~ # opnsense-importer -V
+ DO_DEV=''
+ DEVS=''
+ POOLS=''
+ [ -n '' ]
+ trap bootstrap_and_exit 2
+ [ -n '' ]
+ zfs_load
+ kldstat -qm zfs
+ zfs_probe
+ zpool import -aNf
+ zpool get -H cachefile
+ read ZPOOL ZMORE
+ zpool get -H guid zroot
+ awk '{ print $3 }'
+ ZGUID=3193628858977921937
+ zpool get -H size zroot
+ awk '{ print $3 }'
+ ZSIZE=945G
+ mount
+ grep -w /
+ grep -c zroot
+ [ 1 '=' 0 ]
+ echo 'zroot 3193628858977921937 945G'
+ read ZPOOL ZMORE
+ export 'POOLS=zroot 3193628858977921937 945G'
+ [ -n '' ]
+ camcontrol devlist
+ echo 'zroot 3193628858977921937 945G'
+ read ZPOOL ZGUID ZSIZE ZMORE
+ [ -z zroot ]
+ printf '%-35s%s\n' '<3193628858977921937 945G>' 'ZFS pool (zroot)'
+ read ZPOOL ZGUID ZSIZE ZMORE
+ gmirror status -s
+ graid status -s
+ DEVS='<SanDisk Extreme Pro 55AF 1084> at scbus0 target 0 lun 0 (da0,pass0)
<SanDisk SES Device 1084> at scbus0 target 0 lun 1 (ses0,pass1)
<3193628858977921937 945G> ZFS pool (zroot)'
+ :
+ [ -z '' ]
+ echo
+ echo '<SanDisk Extreme Pro 55AF 1084> at scbus0 target 0 lun 0 (da0,pass0)
<SanDisk SES Device 1084> at scbus0 target 0 lun 1 (ses0,pass1)
<3193628858977921937 945G> ZFS pool (zroot)'
<SanDisk Extreme Pro 55AF 1084> at scbus0 target 0 lun 0 (da0,pass0)
<SanDisk SES Device 1084> at scbus0 target 0 lun 1 (ses0,pass1)
<3193628858977921937 945G> ZFS pool (zroot)
+ echo
+ read -p 'Select device to import from (e.g. ada0) or leave blank to exit: ' DEV
Select device to import from (e.g. ada0) or leave blank to exit:
+ echo
+ [ -z da0 ]
+ [ da0 '=' ! ]
+ import_start da0
+ local 'DEV=da0'
+ export 'PART='
+ export 'TYPE='
+ export 'POOL='
+ [ -e /dev/da0s1a ]
+ [ -e /dev/da0p3 ]
+ echo zroot 3193628858977921937 945G
+ grep -c '^da0 '
+ [ 0 '!=' 0 ]
+ [ -e /dev/da0s1 ]
+ [ -e /dev/da0p1 ]
+ export 'PART=/dev/da0p1'
+ export 'TYPE=msdos'
+ return 0
+ mkdir -p /tmp/hdrescue
+ [ -n /dev/da0p1 -a -n msdos ]
+ echo $'Starting import for partition \'/dev/da0p1\'.'
Starting import for partition '/dev/da0p1'.
+ echo
+ [ msdos '=' ufs ]
+ mount -t msdos /dev/da0p1 /tmp/hdrescue
+ [ -n '' ]
+ [ -n '' ]
+ [ -f /tmp/hdrescue/conf/config.xml ]
+ grep -cx -- '---- BEGIN config.xml ----' /tmp/hdrescue/conf/config.xml
+ [ 0 '!=' 0 ]
+ rm -rf /conf/backup /conf/config.xml /conf/event_config_changed.json /conf/sshd
+ [ -f /tmp/hdrescue/conf/captiveportal.sqlite ]
+ [ -f /tmp/hdrescue/conf/config.xml ]
+ echo -n 'Restoring config.xml...'
Restoring config.xml...+ cp /tmp/hdrescue/conf/config.xml /conf
+ echo done.
done.
+ [ -f /tmp/hdrescue/conf/dhcpleases.tgz ]
+ [ -f /tmp/hdrescue/conf/dhcp6c_duid ]
+ [ -f /tmp/hdrescue/conf/netflow.tgz ]
+ [ -f /tmp/hdrescue/conf/rrd.tgz ]
+ [ -d /tmp/hdrescue/conf/backup ]
+ mkdir -p /conf/backup
+ [ -d /tmp/hdrescue/conf/sshd ]
+ mkdir -p /conf/sshd
+ find /conf/sshd -type f -name '*key'
+ break
+ [ -z '' ]
+ echo 'Please reboot.'
Please reboot.
+ bootstrap_and_exit 0
+ RET=0
+ mkdir -p /conf/backup
+ mkdir -p /conf/sshd
+ [ ! -f /conf/config.xml ]
+ mount
+ grep -cw /tmp/hdrescue
+ [ -d /tmp/hdrescue -a 1 '!=' 0 ]
+ [ -n /dev/da0p1 ]
+ umount /tmp/hdrescue
+ zfs_unload
+ [ -n '' ]
+ [ -z 0 ]
+ exit 0
config importer seems to have worked correctly due to presence of hostname of my choice
root@OPNsense:~ # cat /conf/config.xml | grep Morik
<hostname>MorikCage</hostname>
root@OPNsense:~ #
dmesg output post-boot
root@OPNsense:~ # dmesg
Copyright (c) 1992-2021 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
FreeBSD 13.1-RELEASE-p2 stable/22.10-n250241-9055fb5e5b4 SMP amd64
FreeBSD clang version 13.0.0 (git@github.com:llvm/llvm-project.git llvmorg-13.0.0-0-gd7b669b3a303)
VT(vga): resolution 640x480
CPU: AMD EPYC 3251 8-Core Processor (2495.44-MHz K8-class CPU)
Origin="AuthenticAMD" Id=0x800f12 Family=0x17 Model=0x1 Stepping=2
Features=0x178bfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,MMX,FXSR,SSE,SSE2,HTT>
Features2=0x7ed8320b<SSE3,PCLMULQDQ,MON,SSSE3,FMA,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AESNI,XSAVE,OSXSAVE,AVX,F16C,RDRAND>
AMD Features=0x2e500800<SYSCALL,NX,MMX+,FFXSR,Page1GB,RDTSCP,LM>
AMD Features2=0x35c233ff<LAHF,CMP,SVM,ExtAPIC,CR8,ABM,SSE4A,MAS,Prefetch,OSVW,SKINIT,WDT,TCE,Topology,PCXC,PNXC,DBE,PL2I,MWAITX>
Structured Extended Features=0x209c01a9<FSGSBASE,BMI1,AVX2,SMEP,BMI2,RDSEED,ADX,SMAP,CLFLUSHOPT,SHA>
XSAVE Features=0xf<XSAVEOPT,XSAVEC,XINUSE,XSAVES>
AMD Extended Feature Extensions ID EBX=0x1007<CLZERO,IRPerf,XSaveErPtr,IBPB>
SVM: NP,NRIP,VClean,AFlush,DAssist,NAsids=32768
TSC: P-state invariant, performance statistics
real memory = 68717379584 (65534 MB)
avail memory = 66675609600 (63586 MB)
Event timer "LAPIC" quality 600
ACPI APIC Table: <INSYDE WALLABY>
FreeBSD/SMP: Multiprocessor System Detected: 16 CPUs
FreeBSD/SMP: 1 package(s) x 2 cache groups x 4 core(s) x 2 hardware threads
random: registering fast source Intel Secure Key RNG
random: fast provider: "Intel Secure Key RNG"
random: unblocking device.
ioapic0: MADT APIC ID 128 != hw id 0
ioapic1: MADT APIC ID 129 != hw id 0
ioapic0 <Version 2.1> irqs 0-23
ioapic1 <Version 2.1> irqs 24-55
Launching APs: 13 7 2 11 14 3 6 5 9 10 1 4 12 8 15
random: entropy device external interface
wlan: mac acl policy registered
kbd0 at kbdmux0
WARNING: Device "spkr" is Giant locked and may be deleted before FreeBSD 14.0.
vtvga0: <VT VGA driver>
efirtc0: <EFI Realtime Clock>
efirtc0: registered as a time-of-day clock, resolution 1.000000s
smbios0: <System Management BIOS> at iomem 0x7945e000-0x7945e01e
smbios0: Version: 3.0, BCD Revision: 3.0
aesni0: <AES-CBC,AES-CCM,AES-GCM,AES-ICM,AES-XTS,SHA1,SHA256>
acpi0: <INSYDE WALLABY>
acpi0: Power Button (fixed)
cpu0: <ACPI CPU> on acpi0
hpet0: <High Precision Event Timer> iomem 0xfed00000-0xfed003ff irq 0,8 on acpi0
Timecounter "HPET" frequency 14318180 Hz quality 950
Event timer "HPET" frequency 14318180 Hz quality 350
Event timer "HPET1" frequency 14318180 Hz quality 350
Event timer "HPET2" frequency 14318180 Hz quality 350
atrtc0: <AT realtime clock> port 0x70-0x71 on acpi0
atrtc0: registered as a time-of-day clock, resolution 1.000000s
Event timer "RTC" frequency 32768 Hz quality 0
attimer0: <AT timer> port 0x40-0x43 on acpi0
Timecounter "i8254" frequency 1193182 Hz quality 0
Event timer "i8254" frequency 1193182 Hz quality 100
apei0: <ACPI Platform Error Interface> on acpi0
Timecounter "ACPI-fast" frequency 3579545 Hz quality 900
acpi_timer0: <32-bit timer at 3.579545MHz> port 0x408-0x40b on acpi0
acpi_button0: <Power Button> on acpi0
pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0
pci0: <ACPI PCI bus> on pcib0
pci0: <base peripheral, IOMMU> at device 0.2 (no driver attached)
pcib1: <ACPI PCI-PCI bridge> at device 1.3 on pci0
pci1: <ACPI PCI bus> on pcib1
nvme0: <Generic NVMe Device> mem 0x80900000-0x80903fff at device 0.0 on pci1
pcib2: <ACPI PCI-PCI bridge> at device 1.4 on pci0
pci2: <ACPI PCI bus> on pcib2
igb0: <Intel(R) I210 Flashless (Copper)> port 0x5000-0x501f mem 0x80800000-0x8081ffff,0x80820000-0x80823fff at device 0.0 on pci2
igb0: NVM V0.6 imgtype6
igb0: Using 1024 TX descriptors and 1024 RX descriptors
igb0: Using 4 RX queues 4 TX queues
igb0: Using MSI-X interrupts with 5 vectors
igb0: Ethernet address: f4:90:ea:00:a2:06
igb0: netmap queues/slots: TX 4/1024, RX 4/1024
pcib3: <ACPI PCI-PCI bridge> at device 1.5 on pci0
pci3: <ACPI PCI bus> on pcib3
igb1: <Intel(R) I210 Flashless (Copper)> port 0x4000-0x401f mem 0x80700000-0x8071ffff,0x80720000-0x80723fff at device 0.0 on pci3
igb1: NVM V0.6 imgtype6
igb1: Using 1024 TX descriptors and 1024 RX descriptors
igb1: Using 4 RX queues 4 TX queues
igb1: Using MSI-X interrupts with 5 vectors
igb1: Ethernet address: f4:90:ea:00:a2:07
igb1: netmap queues/slots: TX 4/1024, RX 4/1024
pcib4: <ACPI PCI-PCI bridge> at device 1.6 on pci0
pci4: <ACPI PCI bus> on pcib4
igb2: <Intel(R) I210 Flashless (Copper)> port 0x3000-0x301f mem 0x80600000-0x8061ffff,0x80620000-0x80623fff at device 0.0 on pci4
igb2: NVM V0.6 imgtype6
igb2: Using 1024 TX descriptors and 1024 RX descriptors
igb2: Using 4 RX queues 4 TX queues
igb2: Using MSI-X interrupts with 5 vectors
igb2: Ethernet address: f4:90:ea:00:a2:08
igb2: netmap queues/slots: TX 4/1024, RX 4/1024
pcib5: <ACPI PCI-PCI bridge> at device 1.7 on pci0
pci5: <ACPI PCI bus> on pcib5
igb3: <Intel(R) I210 Flashless (Copper)> port 0x2000-0x201f mem 0x80500000-0x8051ffff,0x80520000-0x80523fff at device 0.0 on pci5
igb3: NVM V0.6 imgtype6
igb3: Using 1024 TX descriptors and 1024 RX descriptors
igb3: Using 4 RX queues 4 TX queues
igb3: Using MSI-X interrupts with 5 vectors
igb3: Ethernet address: f4:90:ea:00:a2:09
igb3: netmap queues/slots: TX 4/1024, RX 4/1024
pcib6: <ACPI PCI-PCI bridge> at device 3.1 on pci0
pci6: <ACPI PCI bus> on pcib6
ice0: <Intel(R) Ethernet Network Adapter E810-XXV-2 - 1.34.2-k> mem 0x7fcfc000000-0x7fcfdffffff,0x7fcfe010000-0x7fcfe01ffff at device 0.0 on pci6
ice0: Loading the iflib ice driver
ice0: The DDP package was successfully loaded: ICE OS Default Package version 1.3.27.0, track id 0xc0000001.
ice0: fw 6.2.9 api 1.7 nvm 3.20 etid 8000d853 netlist 3.20.5000-1.e.0.495c77bc oem 1.3146.0
ice0: Using 8 Tx and Rx queues
ice0: Using MSI-X interrupts with 9 vectors
ice0: Using 1024 TX descriptors and 1024 RX descriptors
ice0: Ethernet address: f4:90:ea:00:9f:72
ice0: PCI Express Bus: Speed 8.0GT/s Width x8
ice0: Firmware LLDP agent disabled
ice0: link state changed to DOWN
ice0: netmap queues/slots: TX 8/1024, RX 8/1024
ice1: <Intel(R) Ethernet Network Adapter E810-XXV-2 - 1.34.2-k> mem 0x7fcfa000000-0x7fcfbffffff,0x7fcfe000000-0x7fcfe00ffff at device 0.1 on pci6
ice1: Loading the iflib ice driver
ice0: Module is not present.
ice0: Possible Solution 1: Check that the module is inserted correctly.
ice0: Possible Solution 2: If the problem persists, use a cable/module that is found in the supported modules and cables list for this device.
ice0: Module is not present.
ice0: Possible Solution 1: Check that the module is inserted correctly.
ice0: Possible Solution 2: If the problem persists, use a cable/module that is found in the supported modules and cables list for this device.
ice1: DDP package already present on device: ICE OS Default Package version 1.3.27.0, track id 0xc0000001.
ice1: fw 6.2.9 api 1.7 nvm 3.20 etid 8000d853 netlist 3.20.5000-1.e.0.495c77bc oem 1.3146.0
ice1: Using 8 Tx and Rx queues
ice1: Using MSI-X interrupts with 9 vectors
ice1: Using 1024 TX descriptors and 1024 RX descriptors
ice1: Ethernet address: f4:90:ea:00:9f:73
ice1: PCI Express Bus: Speed 8.0GT/s Width x8
ice1: Firmware LLDP agent disabled
ice1: link state changed to DOWN
ice1: netmap queues/slots: TX 8/1024, RX 8/1024
pcib7: <ACPI PCI-PCI bridge> at device 7.1 on pci0
pci7: <ACPI PCI bus> on pcib7
pci7: <unknown> at device 0.0 (no driver attached)
ice1: Module is not present.
ice1: Possible Solution 1: Check that the module is inserted correctly.
ice1: Possible Solution 2: If the problem persists, use a cable/module that is found in the supported modules and cables list for this device.
ice1: Module is not present.
ice1: Possible Solution 1: Check that the module is inserted correctly.
ice1: Possible Solution 2: If the problem persists, use a cable/module that is found in the supported modules and cables list for this device.
pci7: <encrypt/decrypt> at device 0.2 (no driver attached)
xhci0: <XHCI (generic) USB 3.0 controller> mem 0x80200000-0x802fffff at device 0.3 on pci7
xhci0: 64 bytes context size, 64-bit DMA
usbus0: waiting for BIOS to give up control
xhci_interrupt: host controller halted
usbus0 on xhci0
usbus0: 5.0Gbps Super Speed USB v3.0
pcib8: <ACPI PCI-PCI bridge> at device 8.1 on pci0
pci8: <ACPI PCI bus> on pcib8
pci8: <unknown> at device 0.0 (no driver attached)
pci8: <encrypt/decrypt> at device 0.1 (no driver attached)
hdac0: <AMD X370 HDA Controller> mem 0x80180000-0x80187fff at device 0.3 on pci8
ax0: <AMD 10 Gigabit Ethernet Driver> mem 0x80160000-0x8017ffff,0x80140000-0x8015ffff,0x80188000-0x80189fff at device 0.4 on pci8
ax0: Using 2048 TX descriptors and 2048 RX descriptors
ax0: Using 8 RX queues 8 TX queues
ax0: Using MSI-X interrupts with 12 vectors
ax0: Ethernet address: f4:90:ea:00:a2:0a
ax0: xgbe_config_sph_mode: SPH disabled in channel 0
ax0: xgbe_config_sph_mode: SPH disabled in channel 1
ax0: xgbe_config_sph_mode: SPH disabled in channel 2
ax0: xgbe_config_sph_mode: SPH disabled in channel 3
ax0: xgbe_config_sph_mode: SPH disabled in channel 4
ax0: xgbe_config_sph_mode: SPH disabled in channel 5
ax0: xgbe_config_sph_mode: SPH disabled in channel 6
ax0: xgbe_config_sph_mode: SPH disabled in channel 7
ax0: RSS Enabled
ax0: Receive checksum offload Enabled
ax0: VLAN filtering Enabled
ax0: VLAN Stripping Enabled
ax0: Checking GPIO expander validity
ax0: Input port registers: 0x0
ax0: Output port registers: 0x7777
ax0: Polarity port registers: 0x0
ax0: Configuration port registers: 0x77ff
ax0: xgbe_phy_sfp_signals: port_sfp_inputs: 0x7
ax0: xgbe_phy_sfp_detect: mod absent
ax0: netmap queues/slots: TX 8/2048, RX 8/2048
ax1: <AMD 10 Gigabit Ethernet Driver> mem 0x80120000-0x8013ffff,0x80100000-0x8011ffff,0x8018a000-0x8018bfff at device 0.5 on pci8
ax1: Using 2048 TX descriptors and 2048 RX descriptors
ax1: Using 8 RX queues 8 TX queues
ax1: Using MSI-X interrupts with 12 vectors
ax1: Ethernet address: f4:90:ea:00:a2:0b
ax1: xgbe_config_sph_mode: SPH disabled in channel 0
ax1: xgbe_config_sph_mode: SPH disabled in channel 1
ax1: xgbe_config_sph_mode: SPH disabled in channel 2
ax1: xgbe_config_sph_mode: SPH disabled in channel 3
ax1: xgbe_config_sph_mode: SPH disabled in channel 4
ax1: xgbe_config_sph_mode: SPH disabled in channel 5
ax1: xgbe_config_sph_mode: SPH disabled in channel 6
ax1: xgbe_config_sph_mode: SPH disabled in channel 7
ax1: RSS Enabled
ax1: Receive checksum offload Enabled
ax1: VLAN filtering Enabled
ax1: VLAN Stripping Enabled
ax1: Checking GPIO expander validity
ax1: Input port registers: 0x0
ax1: Output port registers: 0x7777
ax1: Polarity port registers: 0x0
ax1: Configuration port registers: 0x77ff
ax1: xgbe_phy_sfp_signals: port_sfp_inputs: 0x7
ax1: xgbe_phy_sfp_detect: mod absent
ax1: netmap queues/slots: TX 8/2048, RX 8/2048
isab0: <PCI-ISA bridge> at device 20.3 on pci0
isa0: <ISA bus> on isab0
uart2: <16x50 with 256 byte FIFO> iomem 0xfedc9000-0xfedc9fff,0xfedc7000-0xfedc7fff irq 3 on acpi0
uart2: console (115384,n,8,1)
hwpstate0: <Cool`n'Quiet 2.0> on cpu0
Timecounter "TSC-low" frequency 1247655590 Hz quality 1000
Timecounters tick every 1.000 msec
ZFS filesystem version: 5
ZFS storage pool version: features support (5000)
ugen0.1: <AMD XHCI root HUB> at usbus0
uhub0 on usbus0
uhub0: <AMD XHCI root HUB, class 9/0, rev 3.00/1.00, addr 1> on usbus0
nvd0: <TS1TMTE662T2> NVMe namespace
nvd0: 976762MB (2000409264 512 byte sectors)
Trying to mount root from zfs:zroot/ROOT/default []...
uhub0: 8 ports with 8 removable, self powered
Root mount waiting for: usbus0
usb_msc_auto_quirk: UQ_MSC_NO_PREVENT_ALLOW set for USB mass storage device SanDisk Extreme Pro 55AF (0x0781:0x55af)
ugen0.2: <SanDisk Extreme Pro 55AF> at usbus0
umass0 on uhub0
umass0: <SanDisk Extreme Pro 55AF, class 0/0, rev 3.20/10.84, addr 1> on usbus0
umass0: SCSI over Bulk-Only; quirks = 0x8000
umass0:0:0: Attached to scbus0
Root mount waiting for: usbus0 CAM
da0 at umass-sim0 bus 0 scbus0 target 0 lun 0
da0: <SanDisk Extreme Pro 55AF 1084> Fixed Direct Access SPC-4 SCSI device
da0: Serial Number 323232354534343031373436
da0: 400.000MB/s transfers
da0: 1907697MB (3906963617 512 byte sectors)
da0: quirks=0x2<NO_6_BYTE>
ses0 at umass-sim0 bus 0 scbus0 target 0 lun 1
ses0: <SanDisk SES Device 1084> Fixed Enclosure Services SPC-4 SCSI device
ses0: Serial Number 323232354534343031373436
ses0: 400.000MB/s transfers
ses0: SES Device
intsmb0: <AMD FCH SMBus Controller> at device 20.0 on pci0
smbus0: <System Management Bus> on intsmb0
lo0: link state changed to UP
amdsmn0: <AMD Family 17h System Management Network> on hostb0
amdtemp0: <AMD CPU On-Die Thermal Sensors> on hostb0
pflog0: permanently promiscuous mode enabled
Device hardware post-boot
root@OPNsense:~ # sysctl -a | grep dev.ice.0.%desc
dev.ice.0.%desc: Intel(R) Ethernet Network Adapter E810-XXV-2 - 1.34.2-k
root@OPNsense:~ # sysctl -a | grep dev.ice.1.%desc
dev.ice.1.%desc: Intel(R) Ethernet Network Adapter E810-XXV-2 - 1.34.2-k
root@OPNsense:~ # sysctl -a | grep dev.ax.0.%desc
dev.ax.0.%desc: AMD 10 Gigabit Ethernet Driver
root@OPNsense:~ # sysctl -a | grep dev.ax.1.%desc
dev.ax.1.%desc: AMD 10 Gigabit Ethernet Driver
root@OPNsense:~ #
End-result — booting to factory setting
root@OPNsense:~ # cat /conf/config.xml | grep Morik
root@OPNsense:~ # cat /conf/config.xml | grep localdomain
<domain>localdomain</domain>
<localdomains/>
root@OPNsense:~ #
-
If domain name is discarded I wonder if to be imported XML file is malformed and therefore not accepted. It wouldn't make sense otherwise.
Cheers,
Franco
-
Hello all,
I feel as if the Installation & Configuration wiki should have directions on how to use OPNsense Importer. (https://docs.opnsense.org/manual/install.html#opnsense-importer (https://docs.opnsense.org/manual/install.html#opnsense-importer)) The OPNsense Importer feature offers great flexibility in recovering failed firewalls quickly or testing new releases with existing configurations without installing. The problem is nowhere in the wiki does it demonstrate how to use OPNsense Importer correctly. So, I’m posting my findings here. I wouldn't mind updating the Installation Wiki, how can I submit changes?
To use OPNsense Importer during the installation boot-up process do the following:
1. You must have a 2nd USB drive formatted with FAT or FAT32 File system.
a. Preferable non-bootable USB drive.
2. Create a conf directory on the root of the USB drive
3. Put an unencrypted backup xml or configuration into /conf and rename the file to config.xml
/conf/config.xml4. Put both the Installation drive and the 2nd USB drive into the system and power up / reboot.
5. Boot the system from the OPNsense Installation drive via BIOS or Boot Menu.
6. Press a key when you see: “Press any key to start the configuration importer”
7. Type the device name of the 2nd USB Drive, e.g. da0 , and press Enter.
a. If Importer was successful the boot process will continue to boot into the OPNsense Live environment using the configuration you provided.
b. If unsuccessful importer will error and return you to the device selection prompt. Suggest repeating steps 1–3 again.
In case of failure, the Importer is a quick way to get OPNsense back up and running. Understand at this point the system is using the Live Environment from the installation media but using the configuration from a system backup. You will still need to repair or install OPNsense onto the firewall which will cause disruptions in network traffic. Once the installation finishes and the firewall reboots. OPNsense will be fully restored with the existing configuration.