Major issues after upgrade from 25.1.10 to 25.1.11

[AG_2023]

I happened to login to OPNsense this morning and noticed that there was a pending update. I applied the update and everything broke. My interface names changed to some some different names (bge0, bge1 etc.), total loss of internet connectivity. I was able to SSH into OPNsense and rename the interfaces to igc0 and igc1. This restored internet connectivity, but all other configuration is totally lost. It is like the firewall has been factory reset.

I am trying to restore from backups but the config.xml files seems to revert to default. Everything is down. I don't know what to do. Is there a way to revert back to an old version and restore backup?

[AG_2023]

The issue is resolved. I was able to restore a slightly older backup. But here is what I noticed:

The size of backup file, both local and uploaded to Google drive had suddenly increased from 4MB to 15MB over last couple of days.
When I tried to restore the 15MB file, it could not be restored, either locally from backup or from Google drive.
When I tried to select the 15MB backup file from webGUI, it threw an error saying that file could not be parsed or file could not be uploaded or file could not be restored.

So, I restored the 4MB file from local backup and it worked without any issue.

I was racking my brain to see what caused increase in file size.
Then I remembered that as I was going through some pages in webGUI, I noticed a Picture option under System:Settings:General. Just to test what it does, I uploaded a picture. That is what caused the configuration to go bad. Since OPNSense could not load the configuration, it switched to some default configuration. The backups also became unrestorable.

To test, I removed the picture sections from the backup xml file and the file size was reduced to 4MB.

This is something OPNsense developers should look at. I used a built-in feature which should not have caused any issues.

Also, I find the OPNsense backups system to be pretty crappy. It does not append date and timestamp to the backup files. So, there is no way to tell which file was created when. There is no way to verify a backup file unless I do a restore.

OPNsense is adding features but backup and restore of configuration reliably should be topmost.

[Patrick M. Hausen]

I use the Nextcloud backup plugin for automatic backups and OPNsense uses the hostname and the current date and time to create the filename. We backup all our OPNsense firewalls (8 in total) to the same Nextcloud account and the files are easily manageable.

[franco]

> This is something OPNsense developers should look at. I used a built-in feature which should not have caused any issues.

Fair, just need steps to reproduce please.


Cheers,
Franco

[AG_2023]

> This is something OPNsense developers should look at. I used a built-in feature which should not have caused any issues.

Fair, just need steps to reproduce please.


Cheers,
Franco

Steps to reproduce are simple:

Go to System:Settings:General and there is a Picture option. Choose a large picture file on the PC and upload. Then reboot the firewall. Most likely, it will fail to reboot as config.xml could not be read.

[AG_2023]

I use the Nextcloud backup plugin for automatic backups and OPNsense uses the hostname and the current date and time to create the filename. We backup all our OPNsense firewalls (8 in total) to the same Nextcloud account and the files are easily manageable.

I should not have to use a separate software to backup. This morning, when OPNsense switched to a default configuration, most devices on my local network also became inaccessible. OPNsense was down for like 4-5 hours. During this time, the devices which acquire their reserved DHCP IP addresses from OPNsense, all acquired some random IP and went off the network. No LAN access, no WAN access. Is it possible to restore from NextCloud without LAN/WAN access?

OPNsense is the hub of networking, at least for home user like me. When it fails, lot of things break. I have created my own procedures for restoring from backup without LAN/WAN access and I test them multiple times a year. I run OPNsense on a dedicated fanless hardware. In case that fails, I also have a VM as a backup which I can bring up just by switching cables and restoring the most recent backup. All tested and documented for my own use.

The problem is that I find it very difficult to identify the backup date/time just by looking at file names. This is a critical omission in OPNsense.

Also, I was not expecting that three backups would be corrupted because I uploaded a picture in OPNsense.

[meyergru]

I wonder what you are doing different from us.

Regardless of whether I save the file via the web UI or via sftp or Nextcloud, I can always see the timestamp in the name. And via Github, I even see the versions directly (together with the timestamps of the changes).

Also, in the history, I can diff any two versions.

Honestly, I do not understand how you cannot see the timestamps of your configuration backups. For me, the backups are named like "config-OPNsense.xxx.yy-20250718013839.xml", so I see both the timestamp and the hostname of the device I backup.

And of course, if you have to setup the device from scratch, you have to get the config.xml into your device first. You will have to fetch it from your storage server, be it Github, Nextcloud or an sftp server. Mind you, all of these are types of storage, not neccessarily cloud instances - you can well host any of them them in your own LAN and transfer the backups locally to a USB stick to use during install.

I use pictures as well with no problems - yet I have not tried one that uses >10 MByte in base64 coding.