Restore issues: Apply Changes button missing, Save does not reboot
-
After some trouble restoring to various devices this week, I figured out that if I restore a config that prompts for an interface change, the Apply Changes button is missing by default:
Apply Changes only appears if I delete or add an interface, and then the original banner disappears:
[At that point the page reloaded but then I lost connection to the web GUI. The console shows the interfaces from the restored config in the menu (ix3) but ifconfig shows the old IPs from before the restore. At this point I can ping from pfSense to my laptop using the old/default IP range 192.168.1.12 but cannot ping or browse to pfSense. It should be allowed by the new and old firewall ruleset, and worked before. Restarting webConfigurator did not help.
I reset and tried this a second time and did not have this issue, the web GUI remained accessible. So, not sure what the difference was.]
Further, if one does not need to delete/add interfaces, and just clicks Save, the IP changes apply and access to pfSense is lost. pfSense does not restart at this point. If one is restoring a backup of the same router or at least IP range this won't be noticed but an IP change on LAN will disconnect the user. Of course one can then change to the correct IP range and connect again.
Now, one could argue the difference between the Save and Apply Changes buttons is obvious, and the behavior expected, however, since no Apply Changes button appears on the page at first, and Save is not disabled, it is a bit confusing.
Also of note, after Saving and before rebooting, the web GUI password for "admin" is different from the console password for "admin." The web GUI uses the password from the restore, while the console uses the old password.
I think there should also be wording on the Interfaces page during a restore, to the effect that Save applies changes but does not reboot.
I understand it does say a reboot is necessary on screen however there's not a way to reboot at that point without reconnecting and logging in again, and someone may incorrectly assume that changes have been applied once the IPs change. (and, there is no Apply Changes button in the original directions/banner)
-
Is that in 23.05.1?
-
Hmm, testing that here the system reboots as expected after I hit apply.
Were you connected via the LAN when you restored the config and that interface had to be reassigned?
-
@stephenw10 Apply does reboot, but Apply does not always appear. For instance if I restore a config with 6 interfaces to one with 4, I have to delete 2 so I see Apply. If I restore 3 to 3, I can just pick them in the dropdown but can only click Save since there is no Apply Changes button. (first screenshot)
Then, Save does not reboot but since the page says to reboot to apply the changes it's not immediately obvious that the IPs and (only) the GUI password changed. Or maybe I was just tired and should have realized that's what it would do.
This 2100 is on 23.05 per my console logs yesterday. So I have at least that record and I didn't document that I upgraded it.
I am pretty sure I saw similar issues with the 6100s I just set up though, since I had some similar oddities with the restore. (We replaced two, and were going to use those to replace two old PCs that were still in service, so 4 cross-hardware restores, plus another last week for the temp router we put in while waiting for the 6100s). Those 6100s I updated to .1 first, before the config restore.
In hindsight I think I was running into the situation where I would think to "click Save, then Apply Changes to reboot" and in reality one cannot do both if the LAN IP is also changing because that IP change happens when Save is clicked. It has seemed like inconsistent behavior for me so I was trying to figure it all out before posting, and am juggling three hardware models and two versions.
What may be the intent, is to not click Save, and only click Apply Changes to save and reboot, however that button is not always visible.
Regardless of whether the restore is working how it's supposed to or not, the instructions say to click a button that doesn't exist when that sentence is on the page. :) If you restore a config and it has to assign interfaces, does Apply Changes show for you or do you have to add or remove an interface first?
Edit:
-
What I expect to happen is that the Apply button appears after the changes have been saved. Before any changes have been saved there is nothing to apply.
However what I am seeing is that changes somehow get applied before I have chance to correct the interface order causing me to lose connection. I'm digging into that but that isn't what you saw as I understand it?
-
@stephenw10 It sounds similar I think? Saving changes the LAN IP, and I lose connection. Like Save is applying more than just interface changes, it assigns IPs and/or VLANs and the GUI password and whatnot that I’d expect to change after restart.
In my OP above, the italics are a scenario where it seemed to do that just deleting one interface…? But then it didn’t the next try.
I dunno it’s been…weird this week. Just trying to figure out if there’s a bug to fix or what. 🧐 The vast majority of clients have WAN and LAN so there are not a lot of interfaces to deal with so restores are trivial. These routers this week were all in our data center and all had several interfaces and mostly public IPs except the 2100 which Ryan converted to use VLANs for me.
-
@stephenw10 To be clear I’m past all this now, just trying to help figure out why I had issues/help others. So I appreciate your help.
AFAIK issues should be reproducible by:
- set a config with say 3 interfaces, with non-standard IPs
- restore on a default 2100 (2 interfaces)
- try to delete one during assignment
Or different interface/NICs etc to trigger the assignment. I can send a config, or if it’s saved in the ticket TAC has one from a couple weeks ago converting to a 2100. (In that specific case the restore to 2100 was fine because it was pre-converted, but the original file is what i was using on the 6100s.)
One thing that’s dawning on me, on the 4860 I had created the unused Opt interfaces. Then we used Opt4 for direct on site access. Perhaps that is not a good idea to leave unused ones in the file, for future migration reasons.
-
@SteveITS said in Restore issues: Apply Changes button missing, Save does not reboot:
Perhaps that is not a good idea to leave unused ones in the file, for future migration reasons.
Well it makes it easier to import into a device that has fewer interfaces certainly but you should still be able to remove unused interfaces. However I think that's what you were hitting, when you delete an interface it applies immediately and would also apply any other saved settings. That could easily lock you out.
-
@stephenw10 Yeah. I mean, I’ve done many restores over the last 15 years but this past week for every one that changed hardware I was like, “what just happened?”
Thinking about it all, it sounds like Save applies other changes such as IPs and passwords and maybe that is a separate bug, if those should apply after Apply Changes/reboot.
Also, per the above discussion, when changing out hardware with the same number of interfaces, then one would not add/delete any, and thus the Apply Changes button would never appear…? :) Maybe the page needs to detect when a dropdown value is changed, not just add/delete.
And/or the original banner text should say to “click Save, then click the Apply Changes button that will appear.”
-
@SteveITS said in Restore issues: Apply Changes button missing, Save does not reboot:
And/or the original banner text should say to “click Save, then click the Apply Changes button that will appear.”
This would also be more consistent with, say, firewall rule or alias edits.
-
It should present the existing config, which will be incorrect for the hardware, and allow you to change them and save that. Then the apply appears but you should have an oppotunity at that point to make any other changes needed before applying them which should then trigger the reboot.
There have always been edge cases here, the interface resignment cannot allow for all setups. If you have LAGGs and VLANs etc it's often easier to manually edit the config that try to add back all the interfaces and assign them without getting locked out. However I think there is a regression here.
-
@stephenw10
at least I’m not crazy :). Let me know if I can help. After swapping the routers I’m down to the 2100 being available but it is at the office currently. One of the configs may still be visible in a conversion ticket from me to TAC about two weeks ago. -
We converted it to the 2100?
-
@stephenw10 correct, and I used the same original config on the 6100s. It and its HA pair. The 2100 was a temp we put in service for a week when the backup died.
-
FWIW the (short) email chain with TAC doesn't have a ticket number but it was on June 25; Ryan's reply was 12:14 PM CDT. Subject "Config migration to 2100"
-
Circling back, I didn't see a Redmine yet so I created one: https://redmine.pfsense.org/issues/14591
-
I rediscovered this today restoring two 3100 configs to 2100s. Short version, clicking Save before clicking Apply does work. Clicking Apply first results in an inaccessible router (aside from console).
