Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Lost config but is still working - what to do.

    Scheduled Pinned Locked Moved Off-Topic & Non-Support Discussion
    10 Posts 3 Posters 5.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      glieberw
      last edited by

      Hi, I have PFSense already installed for some time.  (I have a comcast * DSL internet) and everything was still fine up untill today.

      I was in the process of making configuration changes and (fool that I am as I did not create backup first because the software is so stable) someway or another my configuration file got trashed.  However PFSense is still properly working.  Is there a way to pull the running values and store them back in a config?

      If not, I will have to rebuilt my configuration manually.  :(

      Thanks.

      1 Reply Last reply Reply Quote 0
      • GruensFroeschliG
        GruensFroeschli
        last edited by

        What do you mean you trashed your config file?
        Did you modify the config.xml manually?

        What exactly do you mean with "pfSense is still working correctly" ?
        The current configuration of pfSense gets created out of the config.xml.
        If you change it, the config gets changed. It cannot be that you trash your config but the system runs on old values.

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • G
          glieberw
          last edited by

          One way or another, when I connect up to PFSence, none of my configuration is visible.  I don't see nay of my rules, don't see the second WAN I configured and don't see any of my port mappings, in or out.  However, PFSence still seems to have to correct configuration somewhere as I am still able to connect to it using my alternate SSL Port.  All my inbound routing ans scheduling does still work well.

          How it got trashed, I have no idea.  I did not change the config.xml file manually.  What I do know is that I was trying to force DynDNS over my alternate WAN.  My primary WAN has a static IP, my secondary is dynamic.  I had created a rule for all traffic to DynDNS to go over that WAN.  As this rule was at the bottom, I tried to move it up.  Somewhere there the screens just completely got wiped out.

          Is there a way to correct that config.xml file without loosing all my settings?  I am affraid that when I have to restart my PFSense box, I loose it all.

          ~Gerry

          1 Reply Last reply Reply Quote 0
          • GruensFroeschliG
            GruensFroeschli
            last edited by

            You can download the config.xml and look at it.
            If your rules are in there you might as well just restart and see what happens.

            All configurations are within this file.

            The worst case is that you have to rebuild ^^"
            In the best case it just works after that.

            We do what we must, because we can.

            Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

            1 Reply Last reply Reply Quote 0
            • G
              glieberw
              last edited by

              I am not too familiar with the internals of PFSense.  Two questions, where is the config.xml located?  And can I use standard FTP or do I need to use tftp.

              ~Gerry

              1 Reply Last reply Reply Quote 0
              • GruensFroeschliG
                GruensFroeschli
                last edited by

                In the gui: "Diagnostics" –> "Backup/Restore"

                We do what we must, because we can.

                Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

                1 Reply Last reply Reply Quote 0
                • G
                  glieberw
                  last edited by

                  This is what is in the downloaded file:

                  <pfsense><revision><description>/firewall_rules.php made unknown change</description>
                  <time>1219109187</time></revision></pfsense>

                  -  again, PFSense seems to be still working  ???

                  So, I guess I have to start from scratch, right?  No other options, like somewhere for PFSense to rewrite the config based upon what's in memory?

                  If so, thanks for your help - just wish it was the answer I had hoped for :(

                  ~Gerry

                  1 Reply Last reply Reply Quote 0
                  • GruensFroeschliG
                    GruensFroeschli
                    last edited by

                    Ok this is definitly NOT what should be in the config file.

                    It should look kind of like this:

                    <pfsense><version>3.0</version>
                    <lastchange><theme>pfsense</theme>
                    <system><optimization>normal</optimization>
                    <hostname>nashmau</hostname>
                    <domain>psymia.mine.nu</domain>
                    <username>xxx</username>
                    <password>xxxxxxxxxxxxxxxxxxx</password>
                    <timezone>Europe/Zurich</timezone>
                    <time-update-interval><timeservers>0.pfsense.pool.ntp.org</timeservers>
                    <webgui><protocol>https</protocol>
                    <port>yyy</port></webgui>
                    <disablenatreflection>yes</disablenatreflection>
                    <dnsserver>208.67.220.220</dnsserver>
                    <dnsserver>208.67.222.222</dnsserver>
                    <dnsallowoverride></dnsallowoverride></time-update-interval></system>
                    <interfaces><lan><if>sis1</if>
                    <ipaddr>10.0.0.1</ipaddr>
                    <subnet>24</subnet>
                    <media><mediaopt><bandwidth>100</bandwidth>
                    <bandwidthtype>Mb</bandwidthtype>
                    <bridge><disableftpproxy></disableftpproxy></bridge></mediaopt></media></lan>
                    <wan><if>sis0</if>
                    <mtu><media><mediaopt><bandwidth>100</bandwidth>
                    <bandwidthtype>Mb</bandwidthtype>
                    <spoofmac><disableftpproxy><ipaddr>192.168.20.6</ipaddr>
                    <subnet>29</subnet>
                    <gateway>192.168.20.1</gateway></disableftpproxy></spoofmac></mediaopt></media></mtu></wan>
                    <opt1><descr>WLAN</descr>
                    <if>ath0</if>
                    <wireless><standard>11g</standard>
                    <mode>hostap</mode>
                    <protmode>rtscts</protmode>
                    <ssid>keller</ssid>
                    <channel>11</channel>
                    <authmode><txpower>99</txpower>
                    <distance><wpa><macaddr_acl><auth_algs>1</auth_algs>
                    <wpa_mode>1</wpa_mode>
                    <wpa_key_mgmt>WPA-PSK</wpa_key_mgmt>
                    <wpa_pairwise>CCMP TKIP</wpa_pairwise>
                    <wpa_group_rekey>60</wpa_group_rekey>
                    <wpa_gmk_rekey>3600</wpa_gmk_rekey>
                    <passphrase>xxxxxxxxxxxxx</passphrase>
                    <ext_wpa_sw><enable></enable></ext_wpa_sw></macaddr_acl></wpa>
                    <apbridge><enable></enable></apbridge></distance></authmode></wireless>
                    <bridge><enable><ipaddr>10.0.1.1</ipaddr>
                    <subnet>24</subnet>
                    <gateway><spoofmac><mtu><disableftpproxy></disableftpproxy></mtu></spoofmac></gateway></enable></bridge></opt1></interfaces>
                    <staticroutes><pppoe><username><password></password></username></pppoe>
                    <pptp><username><password><local></local></password></username></pptp>
                    <bigpond><dyndns><type>dyndns</type>
                    <username><password></password></username></dyndns>
                    <dhcpd><lan><enable><range><from>10.0.0.100</from>
                    <to>10.0.0.200</to></range>
                    <defaultleasetime><maxleasetime><netmask></netmask>
                    <failover_peerip><gateway><ddnsdomain><next-server><filename><staticmap><mac>00:50:8d:50:5f:36</mac>
                    <ipaddr>10.0.0.10</ipaddr>
                    <hostname>whitemage</hostname>
                    <descr>sörwär</descr></staticmap>
                    <staticmap><mac>00:1a:92:82:43:29</mac>
                    <ipaddr>10.0.0.11</ipaddr>
                    <hostname>redmage</hostname></staticmap>
                    <staticmap><mac>00:60:b0:f3:ec:20</mac>
                    <ipaddr>10.0.0.50</ipaddr>
                    <hostname>LASERJET_4000N</hostname>
                    <descr>LASERJET_4000N</descr></staticmap></filename></next-server></ddnsdomain></gateway></failover_peerip></maxleasetime></defaultleasetime></enable></lan>
                    <opt1><range><from>10.0.1.100</from>
                    <to>10.0.1.200</to></range>
                    <defaultleasetime><maxleasetime><netmask><failover_peerip><gateway><enable><ddnsdomain><next-server><filename></filename></next-server></ddnsdomain></enable></gateway></failover_peerip></netmask></maxleasetime></defaultleasetime></opt1></dhcpd>
                    <pptpd><mode><redir><localip></localip></redir></mode></pptpd>
                    <ovpn><dnsmasq><enable><regdhcp><regdhcpstatic><hosts><host><domain>psymia.mine.nu</domain>
                    <ip>10.0.0.10</ip></host></hosts>
                    <hosts><host>www</host>
                    <domain>psymia.mine.nu</domain>
                    <ip>10.0.0.10</ip></hosts></regdhcpstatic></regdhcp></enable></dnsmasq>
                    <snmpd><syslocation><syscontact><rocommunity>public</rocommunity></syscontact></syslocation></snmpd>
                    <diag><ipv6nat><ipaddr></ipaddr></ipv6nat></diag>
                    <bridge><syslog><reverse><nentries>500</nentries></reverse></syslog>
                    <nat><ipsecpassthru><advancedoutbound><enable><rule><source>
                    <network>10.0.0.0/22</network>

                    <sourceport><descr><target><interface>wan</interface>
                    <staticnatport><destination><any></any></destination>
                    <natport></natport></staticnatport></target></descr></sourceport></rule></enable></advancedoutbound>
                    <rule><protocol>tcp</protocol>
                    <external-port>80</external-port>
                    <target>10.0.0.10</target>
                    <local-port>80</local-port>
                    <interface>wan</interface>
                    <descr>webserver</descr></rule>
                    <rule><protocol>tcp/udp</protocol>
                    <external-port>whitemage_VNC</external-port>
                    <target>10.0.0.10</target>
                    <local-port>whitemage_VNC</local-port>
                    <interface>wan</interface></rule></ipsecpassthru></nat>
                    <filter><rule><interface>wan</interface>
                    <protocol>tcp</protocol>
                    <source>
                    <any><destination><address>10.0.0.10</address>

                    <port>80</port></destination>
                    <descr>NAT webserver</descr></any></rule>
                    <rule><type>pass</type>
                    <interface>wan</interface>
                    <max-src-nodes><max-src-states><statetimeout><statetype>keep state</statetype>
                    <os><protocol>tcp</protocol>
                    <source>
                    <any><destination><network>wanip</network>
                    <port>yyy</port></destination>
                    <descr>access to webinterface</descr></any></os></statetimeout></max-src-states></max-src-nodes></rule>
                    <rule><type>pass</type>
                    <interface>wan</interface>
                    <max-src-nodes><max-src-states><statetimeout><statetype>keep state</statetype>
                    <os><protocol>udp</protocol>
                    <source>
                    <any><destination><network>wanip</network>
                    <port>1194</port></destination>
                    <descr>access to OpenVPN</descr></any></os></statetimeout></max-src-states></max-src-nodes></rule>
                    <rule><interface>wan</interface>
                    <protocol>tcp/udp</protocol>
                    <source>
                    <any><destination><address>10.0.0.10</address>

                    <port>whitemage_VNC</port></destination>
                    <descr>NAT</descr></any></rule>
                    <rule><type>pass</type>
                    <interface>opt1</interface>
                    <max-src-nodes><max-src-states><statetimeout><statetype>keep state</statetype>
                    <os><source>
                    <any><destination><any></any></destination>
                    <descr>WLAN –> any</descr></any></os></statetimeout></max-src-states></max-src-nodes></rule>
                    <rule><type>pass</type>
                    <interface>lan</interface>
                    <max-src-nodes><max-src-states><statetimeout><statetype>keep state</statetype>
                    <os><source>
                    <any><destination><any></any></destination>
                    <descr>LAN --> any</descr></any></os></statetimeout></max-src-states></max-src-nodes></rule></filter>
                    <shaper><ipsec><preferredoldsa></preferredoldsa></ipsec>
                    <aliases><alias><name>whitemage_VNC</name>

                    <address>5800 5900 5500</address>

                    <descr><type>port</type>
                    <detail>Entry added Sat, 09 Aug 2008 14:14:57 +0200||Entry added Sat, 09 Aug 2008 14:14:57 +0200||Entry added Sat, 09 Aug 2008 14:14:57 +0200||</detail></descr></alias></aliases>
                    <proxyarp><cron><minute>0</minute>
                    <hour></hour>
                    <mday>
                    </mday>
                    <month></month>
                    <wday>
                    </wday>
                    <who>root</who>
                    <command></command>/usr/bin/nice -n20 newsyslog
                    <minute>1,31</minute>
                    <hour>0-5</hour>
                    <mday></mday>
                    <month>
                    </month>
                    <wday></wday>
                    <who>root</who>
                    <command></command>/usr/bin/nice -n20 adjkerntz -a
                    <minute>1</minute>
                    <hour>3</hour>
                    <mday>1</mday>
                    <month>
                    </month>
                    <wday></wday>
                    <who>root</who>
                    <command></command>/usr/bin/nice -n20 /etc/rc.update_bogons.sh
                    <minute>
                    /60</minute>
                    <hour></hour>
                    <mday>
                    </mday>
                    <month></month>
                    <wday>
                    </wday>
                    <who>root</who>
                    <command></command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshlockout
                    <minute>1</minute>
                    <hour>1</hour>
                    <mday></mday>
                    <month>
                    </month>
                    <wday></wday>
                    <who>root</who>
                    <command></command>/usr/bin/nice -n20 /etc/rc.dyndns.update
                    <minute>
                    /60</minute>
                    <hour></hour>
                    <mday>
                    </mday>
                    <month></month>
                    <wday>
                    </wday>
                    <who>root</who>
                    <command></command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot
                    <minute>/60</minute>
                    <hour>
                    </hour>
                    <mday></mday>
                    <month>
                    </month>
                    <wday></wday>
                    <who>root</who>
                    <command></command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -t 3600 snort2c
                    <minute>
                    /5</minute>
                    <hour></hour>
                    <mday>
                    </mday>
                    <month></month>
                    <wday>
                    </wday>
                    <who>root</who>
                    <command></command>/usr/local/bin/checkreload.sh
                    <minute>/5</minute>
                    <hour>
                    </hour>
                    <mday></mday>
                    <month>
                    </month>
                    <wday></wday>
                    <who>root</who>
                    <command></command>/etc/ping_hosts.sh
                    <minute>
                    /140</minute>
                    <hour></hour>
                    <mday>
                    </mday>
                    <month></month>
                    <wday>
                    </wday>
                    <who>root</who>
                    <command></command>/usr/local/sbin/reset_slbd.sh</cron>
                    <wol><installedpackages><routed><config><enable><iface_array>lan,wan</iface_array>
                    <ripversion>2</ripversion>
                    <passwd>xxxx</passwd></enable></config></routed>
                    <openvpnserver><config><disable><protocol>UDP</protocol>
                    <dynamic_ip>on</dynamic_ip>
                    <local_port>1194</local_port>
                    <addresspool>10.0.3.0/24</addresspool>
                    <nopool><local_network><remote_network><client2client><crypto>BF-CBC</crypto>
                    <auth_method>shared_key</auth_method>
                    <shared_key>idontshowyou</shared_key>
                    <ca_cert><server_cert><server_key><dh_params><crl><dhcp_domainname><dhcp_dns><dhcp_wins><dhcp_nbdd><dhcp_ntp><dhcp_nbttype>0</dhcp_nbttype>
                    <dhcp_nbtscope><dhcp_nbtdisable><use_lzo>on</use_lzo>
                    <custom_options><description>connection zu SVN-PC</description></custom_options></dhcp_nbtdisable></dhcp_nbtscope></dhcp_ntp></dhcp_nbdd></dhcp_wins></dhcp_dns></dhcp_domainname></crl></dh_params></server_key></server_cert></ca_cert></client2client></remote_network></local_network></nopool></disable></config></openvpnserver>
                    <miniupnpd><config><enable>on</enable>
                    <iface_array>lan</iface_array>
                    <download><upload><overridewanip><logpackets><sysuptime><permdefault></permdefault></sysuptime></logpackets></overridewanip></upload></download></config></miniupnpd></installedpackages>
                    <rrd><enable></enable></rrd>
                    <revision><description>/services_dhcp.php made unknown change</description>
                    <time>1218995639</time></revision>
                    <captiveportal><page><timeout><interface>lan</interface>
                    <maxproc><idletimeout>15</idletimeout>
                    <auth_method>radius</auth_method>
                    <reauthenticateacct><httpsname><bwdefaultdn><bwdefaultup><certificate><private-key><logoutwin_enable><noconcurrentlogins><redirurl><radiusip>172.20.1.25</radiusip>
                    <radiusip2><radiusport><radiusport2><radiusacctport><radiuskey>contura08</radiuskey>
                    <radiuskey2><radiusvendor>default</radiusvendor></radiuskey2></radiusacctport></radiusport2></radiusport></radiusip2></redirurl></noconcurrentlogins></logoutwin_enable></private-key></certificate></bwdefaultup></bwdefaultdn></httpsname></reauthenticateacct></maxproc></timeout></page></captiveportal></wol></proxyarp></shaper></bridge></ovpn></bigpond></staticroutes></lastchange></pfsense>

                    We do what we must, because we can.

                    Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

                    1 Reply Last reply Reply Quote 0
                    • C
                      cheesyboofs
                      last edited by

                      Use WinSCP to connect to your router and the go to /cf/conf/backup there you should find all your old configs before the current one got screwed.
                      Just copy one of them to your desktop, check it in notepad or something then upload it via gui: "Diagnostics" –> "Backup/Restore"

                      Author of pfSense themes:

                      DARK-ORANGE

                      CODE-RED

                      1 Reply Last reply Reply Quote 0
                      • G
                        glieberw
                        last edited by

                        I'll check that out,

                        Thanks….......  :D

                        ~Gerry

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.