SG-3100 - firewall choked on empty config.xml

chrisjx

Re: [config.xml empty](subsequent inability to restart properly)

This just happened to me. See log entries below. I've been rewiring my home network and this eve, I got stuck in what felt like a catch 22.

I have a SG-3100 running version 23.09.1-RELEASE (arm)
built on Thu Feb 15 21:44:00 PST 2024
FreeBSD 14.0-CURRENT

First was an error - etc/inc/config.lib.inc on line 1264 and defined in /etc/inc/util.inc:3748
Then subsequently an error: PHP Fatal error: Uncaught ValueError: Path cannot be empty in /etc/inc/notices.inc:135

I thought I had my wires crossed so checked and rechecked. Then realized, not getting anything on the LAN connection. Then used a console cable and the screen command.

screen /dev/ttyUSB0 115200

Zeroed in on

/cf/conf/config.xml

which was size, 0.

Many of the options in the console menu travers the errors so they fail to execute and just return to the console menu; even 15) Restore recent configuration - but Number 8, the shell command, still worked.

I found @scottmsilver notes and followed his approach:
Find a copy of config.xml (from /backup) and copy it over the empty one.

cd /cf/conf/backup
cp config-9999999999.xml ../config.xml   # numbered files, pick one you like
reboot

It worked!

I'm not sure what the backup scheme is. They are numbered. I picked one from the end of the last day. I did not manually save any configurations in the preceding day or so but the ones in /backup seem to be created every hour or so.

It is concerning that 1) there was a write problem of unknown origin, and 2) that so many menu options cannot get past the error. It pretty much hosed the web UI and many of the console menu options.

Hope this helps others...

The errors:

PHP ERROR: Type: 1, File: /etc/inc/util.inc, Line: 3748, Message: Uncaught TypeError: array_path_enabled(): Argument #1 ($arr) must be of type array, null given, called in /etc/inc/config.lib.inc on line 1264 and defined in /etc/inc/util.inc:3748
Stack trace:
#0 /etc/inc/config.lib.inc(1264): array_path_enabled(NULL, 'notifications/s...', 'disable')
#1 /etc/inc/notices.inc(379): config_path_enabled('notifications/s...', 'disable')
#2 /etc/inc/notices.inc(662): notify_via_smtp('No config.xml f...')
#3 /etc/inc/notices.inc(151): notify_all_remote('No config.xml f...')
#4 /etc/inc/config.lib.inc(95): file_notice('config.xml', 'No config.xml f...', 'pfSenseConfigur...', '')
#5 /etc/inc/config.inc(137): parse_config()
#6 /etc/inc/gwlb.inc(25): require_once('/etc/inc/config...')
#7 /etc/inc/functions.inc(35): require_once('/etc/inc/gwlb.i...')
#8 /etc/rc.ecl(25): require_once('/etc/inc/functi...')
#9 {main}
thrown @ 2024-08-12 17:01:55

12-Aug-2024 17:01:56 America/Los_Angeles] PHP Fatal error:  Uncaught ValueError: Path cannot be empty in /etc/inc/notices.inc:135
Stack trace:
#0 /etc/inc/notices.inc(135): fopen('', 'w')
#1 /etc/inc/config.lib.inc(95): file_notice('config.xml', 'No config.xml f...', 'pfSenseConfigur...', '')
#2 /etc/inc/config.gui.inc(53): parse_config()
#3 /etc/inc/auth.inc(34): require_once('/etc/inc/config...')
#4 /etc/inc/openvpn.inc(36): require_once('/etc/inc/auth.i...')
#5 /etc/inc/filter.inc(30): require_once('/etc/inc/openvp...')
#6 /etc/inc/ipsec.inc(25): require_once('/etc/inc/filter...')
#7 /etc/inc/gwlb.inc(27): require_once('/etc/inc/ipsec....')
#8 /etc/inc/functions.inc(35): require_once('/etc/inc/gwlb.i...')
#9 /etc/inc/notices.inc(26): require_once('/etc/inc/functi...')
#10 /etc/inc/config.inc(37): require_once('/etc/inc/notice...')
#11 /etc/rc.start_packages(25): require_once('/etc/inc/config...')
#12 {main}
  thrown in /etc/inc/notices.inc on line 135

Gertjan

@chrisjx said in SG-3100 - firewall choked on empty config.xml:

which was size, 0.

Yeah, that's bad.

I advise you (what I would do) :
Check if your disk has some space left.
Check if the filesystem isn't dirty (thus write protected !). See Youtube Netgate channel, the file system test video.

stephenw10

If the current config is bad the system will try to use the most recent backup config from /cf/conf/backup.

Since it's not doing that perhaps there are no backups present?

If there are try manually copying one back to /conf/config.xml

chrisjx

@stephenw10 is there an alternate location for config.xml backups other than:
/cf/conf/backup/

On my device there were a few dozen copies of numbered backups in this dir which were apparently automatically created. Glad they were there. Also, when I make changes to the pfsense configuration, I save a copy to my laptop so I guess there might be a way to use one of those locally stored backups.

stephenw10

Nope that's the only location on the firewall It will save up to 30 backup configs. It makes a backup any time you make a config change.

You can restore a backed up config file you have locally in Diag > Backup / Restore.