When you fiddle and get locked out, what the easiest approach to restore access?

[P195]

Hi All,

If you change settings which end up locking you out where you can no longer access the web GUI, or login at the console, what is the easiest way to restore a backup or to regain access?

This has happened to me several times now by fiddling about, and yesterday I found myself in this scenario again where I think I changed from static IP to DHCP (I can't quite remember what I did) but I couldn't access web GUI and when in console my login and password was not allowing me to login. I tried various things for several hours but to no avail so I ended up reinstalling back to fresh install and loading a saved .xml config, but this also caused headaches due to missing plugins and their settings etc.

I've now managed to reconfigure everything again, but if I find myself in this scenario again, rather than having to reinstall, what's the easiest solution?

I know you can restore from console which I have done several times before, but this time I was unable to login to do that.
Is it possible to put a saved .xml config file on a usb pen drive and restore settings like that?
Can I backup the whole install including plugins (image?) rather than just the settings and restore like that?
Or is there a better way that I've overlooked?

Many Thanks
P195

[Patrick M. Hausen]

Save the settings and perform ZFS snapshots for the plugins etc.

You can boot into a prior version (named a "boot environment") from the console if you have taken a snapshot.

[P195]

Cool, I haven't used the snapshots feature before but sounds useful.

Only thing is, don't you have to login to get to the menu to select option 8? I'm pretty sure yesterday the reason I couldn't restore with option 13 was because I couldn't get to the menu because my login and password was not working.   

[P195]

Sorry spoke too soon before reading the whole document.


    If the WebGUI is unavailable:

            Boot the OPNsense, at the start of the boot sequence the Boot Menu will show up
            Press the Space Bar to pause it
            Press 8 to choose 8. Boot Environments which displays the current Snapshots
            Press 2 to select a different active Snapshot, it should now display zfs:zroot/ROOT/known-good
            Press 1 to go back to the main menu
            Press ENTER to select 1. Boot Multi user [ENTER]

Tip

If there are more Snapshots, press 2 repeatedly to cycle through them.

[Patrick M. Hausen]

If you use snapshots you can pick an older one right at the boot loader prompt.

[P195]

I assume then to capture the full state, you need a settings backup (.xml) and a snapshot, so it makes sense to create them both at the same time before fiddling / making changes?

[Patrick M. Hausen]

Precisely.

[P195]

Thanks. This is going to save me many times in the future, no doubt.

[dseven]

The snapshot should include whatever the config was at the time it was made, no? I've never tried recovering from a snapshot, so maybe my expectations are off...? Of course it's never a bad idea to have a backup of your current config too.

The other thing I wonder about is why you weren't able to login on the console. Are you using an authentication server (LDAP / RADIUS)? I'd have thought you should still be able to login as root (on the console) even if all network connectivity is down.

[Patrick M. Hausen]

The snapshot should include whatever the config was at the time it was made, no? I've never tried recovering from a snapshot, so maybe my expectations are off...? Of course it's never a bad idea to have a backup of your current config too.

If the boot environment contains /conf and /etc and friends, yes, absolutely. I did not have the time to check when I wrote that particular post so I gave the safest advice I could.

Just checked, yes, config at that particular time should be part of any snapshot.

The other thing I wonder about is why you weren't able to login on the console. Are you using an authentication server (LDAP / RADIUS)? I'd have thought you should still be able to login as root (on the console) even if all network connectivity is down.

Messed up root password?