Pfsense cannot boot after restoring configuration
-
Hi,
Just now I migrated from an ordinary release setup(2.0.1, x64) from harddisk to an USB flash drive.
1. I backup everything on the original setup to a config file,
2. Put the nanoBSD(2.0.1, 4GB, x64) on the USB flash drive, with some effort it finally boot from USB successfully, webgui can be accessed from LAN
3. On setting the USB booting delay, unsupervised rebooting is possible4. In the webgui, restore everything using the config file prepared
5. On rebooting after the restoration, it stuck at configuring firewall…....What could have gone wrong? ???
Although it is possible for me to manually restore everything, that is undoubtedly painful and time-sucking.
Hope you would have an idea on it.
Thanks for reading. -
Did you have any packages installed before? Are you sure the NIC assignments are the same in the config that they were before?
It could be hanging there because it can't resolve DNS, which could happen if it has no WAN connectivity.
-
Did you have any packages installed before? Are you sure the NIC assignments are the same in the config that they were before?
It could be hanging there because it can't resolve DNS, which could happen if it has no WAN connectivity.
Thanks for replying,
For the packages, previously I have got only 2,
1. widescreen
2. pfblockerDoes it mean I have to first manually install them back on the new set up before applying the config file?
Also, I can confirm that the NIC assignment are correct as the new set up has the same hardware config and it can actually function as a router after the assignment as before.
The problem is applying the config when it was a harddisk based router it would stick.Luckily there weren't much to re do with the manual configuration, it has no longer been an issue now, just no idea would the same happen in the future. :-\
-
I'm not sure if pfBlocker could cause that or not, but if it's stuck at "Configuring firewall" it's quite possible. You might have to edit out the pfBlocker bits from the config, then restore it, then reinstall the package… Or perhaps installing it before you restore might work. Not sure there, as I don't use pfBlocker myself.
-
I'm not sure if pfBlocker could cause that or not, but if it's stuck at "Configuring firewall" it's quite possible. You might have to edit out the pfBlocker bits from the config, then restore it, then reinstall the package… Or perhaps installing it before you restore might work. Not sure there, as I don't use pfBlocker myself.
I see, if next time the same happens I may give a try on the mentioned.
Thanks for the advice ;) -
I just had this same issue. However, while web surfing for information (which is when I found this post), it suddenly became unhung, proceeded to install all of my packages, and complete booting. The only thing I had to do after that was make Snort check for rules updates (installing the package, even if an oinkcode is configured, does not prompt this action). The time the server was hung for was rather lengthy, but I can't give an exact figure. Two reasons, I was spacing out at the computer waiting for it to start for an unknown period of time, and then I was trying to find a good data signal for my phone so I could web surf for possible causes. So, let's say 20 minutes?
-
I know this is an old thread but it was a help to me resolving my issue.
Thanks for the post about allowing it to sit. I just got me a new system for my firewall.. Old was dual p3800eb system that was on its last leg so I got a SUPERMICRO SYS-5015A-EHF-D525 and put 4 gigs in it along with 2.5 inch wd Scorpio drive with a dual gigabit intel nic. (all of this for under 200$ … I backed up the old system then edited the interfaces to match the new nics since they were diff manufacturers and types.. re =>em
All appeared to go well until it would get to the configuring firewall.. I let it set there 45 mins at one point and thought it was locked up.. then i reinstalled and tried again a few times.. I thought it was dns issues or something or it not detecting connectivity to the internet.. Then i thought maybe since the two systems were quite a bit different there were other problems.
After ruling those out i did a google search and found this post.So i installed freshly, then restored the backup and let it sit there. It took around 1 hour 15 ish min for some reason and all was done and all packages finally installed and configured.. So the restore worked perfectly ... Guess I just needed more patience with the configuring step..
So just posting this incase anyone else runs into same situation.. Just let it sit and do its thing..
-
I know this is an old thread but it was a help to me resolving my issue.
Thanks for the post about allowing it to sit. I just got me a new system for my firewall.. Old was dual p3800eb system that was on its last leg so I got a SUPERMICRO SYS-5015A-EHF-D525 and put 4 gigs in it along with 2.5 inch wd Scorpio drive with a dual gigabit intel nic. (all of this for under 200$ … I backed up the old system then edited the interfaces to match the new nics since they were diff manufacturers and types.. re =>em
All appeared to go well until it would get to the configuring firewall.. I let it set there 45 mins at one point and thought it was locked up.. then i reinstalled and tried again a few times.. I thought it was dns issues or something or it not detecting connectivity to the internet.. Then i thought maybe since the two systems were quite a bit different there were other problems.
After ruling those out i did a google search and found this post.So i installed freshly, then restored the backup and let it sit there. It took around 1 hour 15 ish min for some reason and all was done and all packages finally installed and configured.. So the restore worked perfectly ... Guess I just needed more patience with the configuring step..
So just posting this incase anyone else runs into same situation.. Just let it sit and do its thing..
Thanks to the email notification which still works, it bought me to this important piece of info.
For my case, as the settings previously made were simple; I didn't try allowing it to hold for more than 10 mins…........
But if you have confirmed a long wait maybe necessary, there are two points we can check:
1. The long wait could be a hidden bug to be addressed;
2. If I am to restore next time(which is very likely, now I have got so many things configured), a long wait worthes a try. :P -
Lol yea gotta love notifications.
Maybe it is doing something. Maybe it would be nice to see a hash of exactly what it is doing so people dont get impatient.. I have alot of packages (openvpn/certs/ect) an extensive pfblocker along with extensive snort rules/settings running. So i am sure they contributed to the delay…
I made sure since it was a new system after install, there was internet connectivity.. I had to power cycle my modem to make sure it allowed a connection to the new system. Once that was verified, i did the restore and let it do its thing... Just not sure what all happens when configuring the firewall takes place.
-
(To help future folks struggling with this issue, I'm reposting this breadcrumb on the pages that are top hits for Google searches for this issue.)
It can take quite a bit longer than 5 minutes. One of the maintainers (marcelloc) explains why in this thread:
http://forum.pfsense.org/index.php?topic=60095.0
Pfblocker uses url table alias lists published on local web server, if it tries to load alias from webserver that is not up, the fetch connections waits a lot (maybe your 5 minutes issue) before timeout.
More details are there. The workaround is to make sure that the first boot doesn't invoke pfBlocker. This can be done by uninstalling pfBlocker prior to backup, or removing pfBlocker parts of the config before restoring, or just waiting it out (sometimes 30 minutes or more).
