Restoring backup from 22.01 breaks 23.01 installation

EndlessDIY

After a recent (accidental) attempt to upgrade my SG-3100 from 22.01 to 23.01, the new installation threw an error in the console and would not properly map any of my interfaces or do anything at all.

thrown in /etc/inc/interfaces.inc on line 1563
PHP ERROR: Type: 1, File: /etc/inc/interfaces.inc, Line: 1563, Message: Uncaught TypeError: Cannot access offset of type string on string in /etc/inc/interfaces.inc:1563
Stack trace:
#0 /etc/inc/interfacesNetgate 3100 

I opened the file and the second line of this snippet was line 1563:

foreach (config_get_path('ipsec/phase1', []) as $ph1ent) {
	if ($ph1ent['disabled']) {
		continue;
	}
	if (interface_ipsec_vti_configure($ph1ent, $gateways_status) &&
		!$bootmsg && platform_booting()) {
		echo gettext("Configuring IPsec VTI interfaces...");
		$bootmsg = true;
	}
}

I tried commenting out the lines and this led to another rabbit hole of ipsec related errors in other files. So I flashed the system clean to 23.01 and tried again. Same issue. So I decided to try modifying my backup file to remove any references to ipsec (I don't use anything IPsec related) and see if that would work. I removed the following contents from my backup:

pfsense -> system -> user (admin)

<ipsecpsk></ipsecpsk>

And removed the same empty line from 2 other users in the same section.

pfsense

<ipsec>
	<phase1>i</phase1>
	<logging>
		<dmn>1</dmn>
		<mgr>1</mgr>
		<ike>1</ike>
		<chd>1</chd>
		<job>1</job>
		<cfg>1</cfg>
		<knl>1</knl>
		<net>1</net>
		<asn>1</asn>
		<enc>1</enc>
		<imc>1</imc>
		<imv>1</imv>
		<pts>1</pts>
		<tls>1</tls>
		<esp>1</esp>
		<lib>1</lib>
	</logging>
	<vtimaps></vtimaps>
</ipsec>

These are the only lines I removed from the backup (3 empty ipsecpsk fields from users, and the ipsec top level object). I tried restoring the backup, and it worked perfectly, no issues at all.

This seems to me like a bug, I'm not sure where. Possibly a bug in 23.01 not parsing these ipsec fields properly? Possibly a bug in the 22.01 backup code making a bad config file?

SteveITS

@endlessdiy I’ve seen a handful of errors about similar issues with empty config sections. Presumably all due to the move to PHP 8. You could create a report at Redmine.pfsense.org.

There are also several patches in the System Patches package including at least one specifically for the 3100.

jimp

@endlessdiy said in Restoring backup from 22.01 breaks 23.01 installation:

<phase1>i</phase1>

That's the only one you probably had to remove. It's not a valid configuration entry. Not sure how it ended up there, but it's definitely broken.

It's hard to account for every possible way someone could break their config over the years (either due to bugs we fixed long ago, manual edits, or who knows what).

EndlessDIY

Thanks all. It's good to know there's a general "patches" package I can add for small fixes, and good to know there's an obviously invalid line in the config. It's very likely a remnant of something from years ago.

Is it worth filling a redmine bug for generic better config validation? It would have been much easier to debug if something said "invalid line in your config at line XX" instead of crashing with a generic PHP error where something made incorrect assumptions about the data it was trying to process.

stephenw10

If you're able to replicate it then a bug would be helpful. We would need to know what the config was in 22.01 in order to prevent it failing it upgrade.

Steve