Lost config but is still working - what to do.

glieberw

Hi, I have PFSense already installed for some time.  (I have a comcast * DSL internet) and everything was still fine up untill today.

I was in the process of making configuration changes and (fool that I am as I did not create backup first because the software is so stable) someway or another my configuration file got trashed.  However PFSense is still properly working.  Is there a way to pull the running values and store them back in a config?

If not, I will have to rebuilt my configuration manually.  :(

Thanks.

GruensFroeschli

What do you mean you trashed your config file?
Did you modify the config.xml manually?

What exactly do you mean with "pfSense is still working correctly" ?
The current configuration of pfSense gets created out of the config.xml.
If you change it, the config gets changed. It cannot be that you trash your config but the system runs on old values.

glieberw

One way or another, when I connect up to PFSence, none of my configuration is visible.  I don't see nay of my rules, don't see the second WAN I configured and don't see any of my port mappings, in or out.  However, PFSence still seems to have to correct configuration somewhere as I am still able to connect to it using my alternate SSL Port.  All my inbound routing ans scheduling does still work well.

How it got trashed, I have no idea.  I did not change the config.xml file manually.  What I do know is that I was trying to force DynDNS over my alternate WAN.  My primary WAN has a static IP, my secondary is dynamic.  I had created a rule for all traffic to DynDNS to go over that WAN.  As this rule was at the bottom, I tried to move it up.  Somewhere there the screens just completely got wiped out.

Is there a way to correct that config.xml file without loosing all my settings?  I am affraid that when I have to restart my PFSense box, I loose it all.

~Gerry

GruensFroeschli

You can download the config.xml and look at it.
If your rules are in there you might as well just restart and see what happens.

All configurations are within this file.

The worst case is that you have to rebuild ^^"
In the best case it just works after that.

glieberw

I am not too familiar with the internals of PFSense.  Two questions, where is the config.xml located?  And can I use standard FTP or do I need to use tftp.

~Gerry

GruensFroeschli

In the gui: "Diagnostics" –> "Backup/Restore"

glieberw

This is what is in the downloaded file:

<pfsense><revision><description>/firewall_rules.php made unknown change</description>
<time>1219109187</time></revision></pfsense>

-  again, PFSense seems to be still working  ???

So, I guess I have to start from scratch, right?  No other options, like somewhere for PFSense to rewrite the config based upon what's in memory?

If so, thanks for your help - just wish it was the answer I had hoped for :(

~Gerry

GruensFroeschli

Ok this is definitly NOT what should be in the config file.

It should look kind of like this:

<pfsense><version>3.0</version>
<lastchange><theme>pfsense</theme>
<system><optimization>normal</optimization>
<hostname>nashmau</hostname>
<domain>psymia.mine.nu</domain>
<username>xxx</username>
<password>xxxxxxxxxxxxxxxxxxx</password>
<timezone>Europe/Zurich</timezone>
<time-update-interval><timeservers>0.pfsense.pool.ntp.org</timeservers>
<webgui><protocol>https</protocol>
<port>yyy</port></webgui>
<disablenatreflection>yes</disablenatreflection>
<dnsserver>208.67.220.220</dnsserver>
<dnsserver>208.67.222.222</dnsserver>
<dnsallowoverride></dnsallowoverride></time-update-interval></system>
<interfaces><lan><if>sis1</if>
<ipaddr>10.0.0.1</ipaddr>
<subnet>24</subnet>
<media><mediaopt><bandwidth>100</bandwidth>
<bandwidthtype>Mb</bandwidthtype>
<bridge><disableftpproxy></disableftpproxy></bridge></mediaopt></media></lan>
<wan><if>sis0</if>
<mtu><media><mediaopt><bandwidth>100</bandwidth>
<bandwidthtype>Mb</bandwidthtype>
<spoofmac><disableftpproxy><ipaddr>192.168.20.6</ipaddr>
<subnet>29</subnet>
<gateway>192.168.20.1</gateway></disableftpproxy></spoofmac></mediaopt></media></mtu></wan>
<opt1><descr>WLAN</descr>
<if>ath0</if>
<wireless><standard>11g</standard>
<mode>hostap</mode>
<protmode>rtscts</protmode>
<ssid>keller</ssid>
<channel>11</channel>
<authmode><txpower>99</txpower>
<distance><wpa><macaddr_acl><auth_algs>1</auth_algs>
<wpa_mode>1</wpa_mode>
<wpa_key_mgmt>WPA-PSK</wpa_key_mgmt>
<wpa_pairwise>CCMP TKIP</wpa_pairwise>
<wpa_group_rekey>60</wpa_group_rekey>
<wpa_gmk_rekey>3600</wpa_gmk_rekey>
<passphrase>xxxxxxxxxxxxx</passphrase>
<ext_wpa_sw><enable></enable></ext_wpa_sw></macaddr_acl></wpa>
<apbridge><enable></enable></apbridge></distance></authmode></wireless>
<bridge><enable><ipaddr>10.0.1.1</ipaddr>
<subnet>24</subnet>
<gateway><spoofmac><mtu><disableftpproxy></disableftpproxy></mtu></spoofmac></gateway></enable></bridge></opt1></interfaces>
<staticroutes><pppoe><username><password></password></username></pppoe>
<pptp><username><password><local></local></password></username></pptp>
<bigpond><dyndns><type>dyndns</type>
<username><password></password></username></dyndns>
<dhcpd><lan><enable><range><from>10.0.0.100</from>
<to>10.0.0.200</to></range>
<defaultleasetime><maxleasetime><netmask></netmask>
<failover_peerip><gateway><ddnsdomain><next-server><filename><staticmap><mac>00:50:8d:50:5f:36</mac>
<ipaddr>10.0.0.10</ipaddr>
<hostname>whitemage</hostname>
<descr>sörwär</descr></staticmap>
<staticmap><mac>00:1a:92:82:43:29</mac>
<ipaddr>10.0.0.11</ipaddr>
<hostname>redmage</hostname></staticmap>
<staticmap><mac>00:60:b0:f3:ec:20</mac>
<ipaddr>10.0.0.50</ipaddr>
<hostname>LASERJET_4000N</hostname>
<descr>LASERJET_4000N</descr></staticmap></filename></next-server></ddnsdomain></gateway></failover_peerip></maxleasetime></defaultleasetime></enable></lan>
<opt1><range><from>10.0.1.100</from>
<to>10.0.1.200</to></range>
<defaultleasetime><maxleasetime><netmask><failover_peerip><gateway><enable><ddnsdomain><next-server><filename></filename></next-server></ddnsdomain></enable></gateway></failover_peerip></netmask></maxleasetime></defaultleasetime></opt1></dhcpd>
<pptpd><mode><redir><localip></localip></redir></mode></pptpd>
<ovpn><dnsmasq><enable><regdhcp><regdhcpstatic><hosts><host><domain>psymia.mine.nu</domain>
<ip>10.0.0.10</ip></host></hosts>
<hosts><host>www</host>
<domain>psymia.mine.nu</domain>
<ip>10.0.0.10</ip></hosts></regdhcpstatic></regdhcp></enable></dnsmasq>
<snmpd><syslocation><syscontact><rocommunity>public</rocommunity></syscontact></syslocation></snmpd>
<diag><ipv6nat><ipaddr></ipaddr></ipv6nat></diag>
<bridge><syslog><reverse><nentries>500</nentries></reverse></syslog>
<nat><ipsecpassthru><advancedoutbound><enable><rule><source>
<network>10.0.0.0/22</network>

<sourceport><descr><target><interface>wan</interface>
<staticnatport><destination><any></any></destination>
<natport></natport></staticnatport></target></descr></sourceport></rule></enable></advancedoutbound>
<rule><protocol>tcp</protocol>
<external-port>80</external-port>
<target>10.0.0.10</target>
<local-port>80</local-port>
<interface>wan</interface>
<descr>webserver</descr></rule>
<rule><protocol>tcp/udp</protocol>
<external-port>whitemage_VNC</external-port>
<target>10.0.0.10</target>
<local-port>whitemage_VNC</local-port>
<interface>wan</interface></rule></ipsecpassthru></nat>
<filter><rule><interface>wan</interface>
<protocol>tcp</protocol>
<source>
<any><destination><address>10.0.0.10</address>

<port>80</port></destination>
<descr>NAT webserver</descr></any></rule>
<rule><type>pass</type>
<interface>wan</interface>
<max-src-nodes><max-src-states><statetimeout><statetype>keep state</statetype>
<os><protocol>tcp</protocol>
<source>
<any><destination><network>wanip</network>
<port>yyy</port></destination>
<descr>access to webinterface</descr></any></os></statetimeout></max-src-states></max-src-nodes></rule>
<rule><type>pass</type>
<interface>wan</interface>
<max-src-nodes><max-src-states><statetimeout><statetype>keep state</statetype>
<os><protocol>udp</protocol>
<source>
<any><destination><network>wanip</network>
<port>1194</port></destination>
<descr>access to OpenVPN</descr></any></os></statetimeout></max-src-states></max-src-nodes></rule>
<rule><interface>wan</interface>
<protocol>tcp/udp</protocol>
<source>
<any><destination><address>10.0.0.10</address>

<port>whitemage_VNC</port></destination>
<descr>NAT</descr></any></rule>
<rule><type>pass</type>
<interface>opt1</interface>
<max-src-nodes><max-src-states><statetimeout><statetype>keep state</statetype>
<os><source>
<any><destination><any></any></destination>
<descr>WLAN –> any</descr></any></os></statetimeout></max-src-states></max-src-nodes></rule>
<rule><type>pass</type>
<interface>lan</interface>
<max-src-nodes><max-src-states><statetimeout><statetype>keep state</statetype>
<os><source>
<any><destination><any></any></destination>
<descr>LAN --> any</descr></any></os></statetimeout></max-src-states></max-src-nodes></rule></filter>
<shaper><ipsec><preferredoldsa></preferredoldsa></ipsec>
<aliases><alias><name>whitemage_VNC</name>

<address>5800 5900 5500</address>

<descr><type>port</type>
<detail>Entry added Sat, 09 Aug 2008 14:14:57 +0200||Entry added Sat, 09 Aug 2008 14:14:57 +0200||Entry added Sat, 09 Aug 2008 14:14:57 +0200||</detail></descr></alias></aliases>
<proxyarp><cron><minute>0</minute>
<hour></hour>
<mday></mday>
<month></month>
<wday></wday>
<who>root</who>
<command></command>/usr/bin/nice -n20 newsyslog
<minute>1,31</minute>
<hour>0-5</hour>
<mday></mday>
<month></month>
<wday></wday>
<who>root</who>
<command></command>/usr/bin/nice -n20 adjkerntz -a
<minute>1</minute>
<hour>3</hour>
<mday>1</mday>
<month></month>
<wday></wday>
<who>root</who>
<command></command>/usr/bin/nice -n20 /etc/rc.update_bogons.sh
<minute>/60</minute>
<hour></hour>
<mday></mday>
<month></month>
<wday></wday>
<who>root</who>
<command></command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshlockout
<minute>1</minute>
<hour>1</hour>
<mday></mday>
<month></month>
<wday></wday>
<who>root</who>
<command></command>/usr/bin/nice -n20 /etc/rc.dyndns.update
<minute>/60</minute>
<hour></hour>
<mday></mday>
<month></month>
<wday></wday>
<who>root</who>
<command></command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot
<minute>/60</minute>
<hour></hour>
<mday></mday>
<month></month>
<wday></wday>
<who>root</who>
<command></command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -t 3600 snort2c
<minute>/5</minute>
<hour></hour>
<mday></mday>
<month></month>
<wday></wday>
<who>root</who>
<command></command>/usr/local/bin/checkreload.sh
<minute>/5</minute>
<hour></hour>
<mday></mday>
<month></month>
<wday></wday>
<who>root</who>
<command></command>/etc/ping_hosts.sh
<minute>/140</minute>
<hour></hour>
<mday></mday>
<month></month>
<wday></wday>
<who>root</who>
<command></command>/usr/local/sbin/reset_slbd.sh</cron>
<wol><installedpackages><routed><config><enable><iface_array>lan,wan</iface_array>
<ripversion>2</ripversion>
<passwd>xxxx</passwd></enable></config></routed>
<openvpnserver><config><disable><protocol>UDP</protocol>
<dynamic_ip>on</dynamic_ip>
<local_port>1194</local_port>
<addresspool>10.0.3.0/24</addresspool>
<nopool><local_network><remote_network><client2client><crypto>BF-CBC</crypto>
<auth_method>shared_key</auth_method>
<shared_key>idontshowyou</shared_key>
<ca_cert><server_cert><server_key><dh_params><crl><dhcp_domainname><dhcp_dns><dhcp_wins><dhcp_nbdd><dhcp_ntp><dhcp_nbttype>0</dhcp_nbttype>
<dhcp_nbtscope><dhcp_nbtdisable><use_lzo>on</use_lzo>
<custom_options><description>connection zu SVN-PC</description></custom_options></dhcp_nbtdisable></dhcp_nbtscope></dhcp_ntp></dhcp_nbdd></dhcp_wins></dhcp_dns></dhcp_domainname></crl></dh_params></server_key></server_cert></ca_cert></client2client></remote_network></local_network></nopool></disable></config></openvpnserver>
<miniupnpd><config><enable>on</enable>
<iface_array>lan</iface_array>
<download><upload><overridewanip><logpackets><sysuptime><permdefault></permdefault></sysuptime></logpackets></overridewanip></upload></download></config></miniupnpd></installedpackages>
<rrd><enable></enable></rrd>
<revision><description>/services_dhcp.php made unknown change</description>
<time>1218995639</time></revision>
<captiveportal><page><timeout><interface>lan</interface>
<maxproc><idletimeout>15</idletimeout>
<auth_method>radius</auth_method>
<reauthenticateacct><httpsname><bwdefaultdn><bwdefaultup><certificate><private-key><logoutwin_enable><noconcurrentlogins><redirurl><radiusip>172.20.1.25</radiusip>
<radiusip2><radiusport><radiusport2><radiusacctport><radiuskey>contura08</radiuskey>
<radiuskey2><radiusvendor>default</radiusvendor></radiuskey2></radiusacctport></radiusport2></radiusport></radiusip2></redirurl></noconcurrentlogins></logoutwin_enable></private-key></certificate></bwdefaultup></bwdefaultdn></httpsname></reauthenticateacct></maxproc></timeout></page></captiveportal></wol></proxyarp></shaper></bridge></ovpn></bigpond></staticroutes></lastchange></pfsense>

cheesyboofs

Use WinSCP to connect to your router and the go to /cf/conf/backup there you should find all your old configs before the current one got screwed.
Just copy one of them to your desktop, check it in notepad or something then upload it via gui: "Diagnostics" –> "Backup/Restore"

glieberw

I'll check that out,

Thanks….......  :D

~Gerry