Document Everything - Restore failed

Started by RadioCat, August 12, 2023, 10:36:28 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
August 12, 2023, 10:36:28 PM
I'm a newbie at OPNSense, though better-than-average at networking.  Because I was replacing a Zyxel plus a Ubiquity EdgeRouter, which handled VLAN and PPPoE as well as firewall and VPN duties, I documented (nearly) everything and made constant config backups at each step.

Sadly, trying to get Wireguard working, I horked outside access.  Probably screwed up a firewall rule.  No worries, restore the configuration backup.

No dice.  It took quite a while to get that puppy working again.  I think it was a VLAN setting (Priority) that wasn't getting restored, but it might have been something else; certainly seems associated with the igc - VLAN - PPPoE train.  And, now that I have it working again, I have no interest in reproducing.

Anyhow, do not rely on the configuration backup.  Much to my amazement, a "successful" restore may miss some important factors.
August 13, 2023, 02:32:09 AM #1
I do agree with you on this. The restore config is not to be really trusted. It would only, if it ever works. I have tried it a couple of time with no luck on the same device.
August 13, 2023, 03:59:52 AM #2
TLDR: "My lack of understanding of how the product works and occasional breakage resulting from my actions make me an authoritative figure deeming your product broken"


Anyone interested in restoring or migrating would benefit from reading at least these two links:

https://docs.opnsense.org/manual/backups.html#backup

https://homenetworkguy.com/how-to/migrate-opnsense-to-new-hardware/
August 13, 2023, 02:05:39 PM #3
Thanks. Did you read the portion that said "IF ALL GOES WELL...."

LOL.

That's said, it may or may not work, not that it will always work as I personally seen it does not. :)

Most of this has to do with plugins. I wished that the config file could have been modularized to place the firewall configs in one main config in another and plugins in another.
August 13, 2023, 07:04:15 PM #4 Last Edit: August 13, 2023, 07:06:37 PM by newsense
The process is simple and can be summarized as follows:


1) Import config.xml - triggers automatic reboot

2) Check for updates - triggers automatic reinstall of all plugins in scope

3) Final reboot to have the system come up with all services as expected


Third party plugins configurations are not included in config.xml - the need to be addressed separately.
August 13, 2023, 08:38:29 PM #5
I admire your faith in the process.  It is not infallible; it missed some non-plug-in settings.  You simply must not have had to rely on the settings it's missing in the current version. 
August 13, 2023, 09:11:20 PM #6
Quote from: RadioCat on August 13, 2023, 08:38:29 PM
I admire your faith in the process.  It is not infallible; it missed some non-plug-in settings.  You simply must not have had to rely on the settings it's missing in the current version.
Which ones exactly? This calls for filing an issue, doesn't it?
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
August 13, 2023, 09:27:14 PM #7
The #special ones Patrick, and we don't talk about Bruno ;)
August 14, 2023, 12:46:59 AM #8
Patrick, as I mentioned, I have no interest in trying to reproduce this.  It definitely, and annoyingly, happened so I'm warning others, but to file an issue, I'd have to create another installation and go through that process again because I'm not willing to do this with my main system.  I don't have the spare hardware or time to do that. 
Consider it a warning to, as I said, document everything. 
August 14, 2023, 12:53:20 AM #9
You don't need spare hardware:
https://github.com/punktDe/vagrant-opnsense

But if you have no incentive to put in the effort - you do you.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
August 14, 2023, 02:09:44 PM #10
> I do agree with you on this. The restore config is not to be really trusted. It would only, if it ever works. I have tried it a couple of time with no luck on the same device.

First time I hear of multiple failures but no concrete evidence to the experience.

The whole config.xml is really just garbage in garbage out if you don't mind me saying that. The biggest caveat is restoring a config.xml on a system older than the one it's trying to restore, but here I think you'd know what you are doing.

All things not working as expected can be labelled bug and put into the GitHub tracker for further inspection. It would be nice to fix the actual issue encountered if it doesn't come to being a backwards-compat issue.


Cheers,
Franco
Print
Go Up Pages1
User actions