Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Restore 1.2.3 Config to 2.1 fails "The Configuration Could Not Be Restored"

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    23 Posts 3 Posters 4.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      DLeVasseur
      last edited by

      Moving to a new PFSense install.

      Original box is a 32-bit 1.2.3-RELEASE Diagnostics->Backup/Restore->"All", Check "Do not backup package information"->Download

      New box is 64-bit SMP 2.1-RELEASE Diagnostics->Backup/Restore->"All", Choose File->Restore configuration = "The following input errors were detected: The configuration could not be restored"

      I ran the XML through two separate XML validation programs, both came out with 0 errors.
      Tried IE Instead of Chrome
      Installed i386 tried restore, same issue.

      Suggestions?  The 1.2.3 box has been up for years, I'd hate to have to reconfigure all of that, but it is possible.

      1 Reply Last reply Reply Quote 0
      • D
        DLeVasseur
        last edited by

        SO I guess this just can't be done?

        https://doc.pfsense.org/index.php/Can_I_restore_a_pfSense_configuration_to_a_different_version%3F

        1 Reply Last reply Reply Quote 0
        • P
          phil.davis
          last edited by

          That should be supported. Unfortunately the error message is not so helpful. The validation of the config is done in /etc/inc/config.lib.inc config_install($conffile), which calls config_validate($conffile), which (assuming it can open the config file at all)  puts some information about any problem into $xmlerr. But the contents of $xmlerr never gets displayed anywhere.
          If you can do a bit of PHP, in Diagnostics->Command Prompt, you should be able to manually call config_validate($conffile) and see what is $xmlerr - something like:

          • use Diagnostics->Edit (or whatever way you like) to put the old 1.2.3 config onto the 2.1 filesystem, say as /tmp/config123.xml
          • enter some PHP like this in Diagnostics->Command Prompt:
          $conffile = "/tmp/config123.xml";
          $result = config_validate($conffile);
          var_dump($result);
          var_dump($xmlerr);
          

          I just did this with a good config, which I then changed to be bad (put " <enable>somewhere - it should only be a single "/").
          The output of the above code was:

          bool(false)
          string(22) "> required at line 375"
          

          This might give you a way to see what the XML parser is complaining about when it tries to validate the old config.</enable>

          As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
          If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

          1 Reply Last reply Reply Quote 1
          • D
            DLeVasseur
            last edited by

            How do I get the XML file into the PFSense box?  the only thing I see is "edit file" which lets me look at files that are already on the box.

            1 Reply Last reply Reply Quote 0
            • D
              DLeVasseur
              last edited by

              OK I figured that out.  The output came back as:

              bool(true)
              null

              EDIT:  Nevermind.  Working on it…

              1 Reply Last reply Reply Quote 0
              • P
                phil.davis
                last edited by

                In "Save / Load from path" put the filename - e.g. /tmp/config123.xml
                Paste the file text into the big box
                Press Save.

                But you worked that out already.

                Earlier in config_validate is:

                        if (!($fp = fopen($conffile, "r"))) {
                                $xmlerr = gettext("XML error: unable to open file");
                                return false;
                        }
                

                But that should also tell you in $xmlerr that it cannot open the file.

                Then the while loop:

                while ($data = fread($fp, 4096)) {...
                

                I am not sure about the magic significance of reading up to 4096 bytes at a time - maybe this code fails if there is a line of text in the config that is longer than 4096 bytes? Not sure about how all that works feeding pieces to xml_parse.

                As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
                If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

                1 Reply Last reply Reply Quote 0
                • D
                  DLeVasseur
                  last edited by

                  SWEET!  Thanks for the help!

                  I think it is working.  The errors in the config were "invalid character" which turned out to be spaces after a "name" descriptor.  So I had apparently written a rule say "NAT Email " with the space on the end and that was bad.

                  Not sure if 2.x already does it but might want to strip leading and ending spaces.

                  1 Reply Last reply Reply Quote 0
                  • D
                    DLeVasseur
                    last edited by

                    The only problem I'm having now is that after the config load I cannot access the webadmin.  I can ping it, everything seems to be working, but 404.

                    1 Reply Last reply Reply Quote 0
                    • P
                      phil.davis
                      last edited by

                      From the console, try:
                      11) Restart webConfigurator

                      A 404 is a real response from the HTTP server, so I guess that indicates that the firewall rules have not locked you out completely  :)

                      As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
                      If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

                      1 Reply Last reply Reply Quote 0
                      • D
                        DLeVasseur
                        last edited by

                        Tried that.  I might be wrong about it being a real 404.  It I'm out of office now.  Any steps to unlock it if it is the firewall?

                        1 Reply Last reply Reply Quote 0
                        • P
                          phil.davis
                          last edited by

                          These are the standard ways to get back in: https://doc.pfsense.org/index.php/I_locked_myself_out_of_the_WebGUI,_help!

                          As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
                          If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

                          1 Reply Last reply Reply Quote 0
                          • D
                            DLeVasseur
                            last edited by

                            @phil.davis:

                            These are the standard ways to get back in: https://doc.pfsense.org/index.php/I_locked_myself_out_of_the_WebGUI,_help!

                            Thanks for the help so far.  None of those suggestions worked, so on a whim I used option 2 on the PFsense box directly to change the IP address of the LAN adapter, I think I read somewhere this resets the web settings.  I changed it to a different IP than was previously on the box and I was able to get in.  But if I change the LAN IP to what was originally on the box, I am locked out again.

                            Somewhere there's something preventing web access when it is running on that original IP address.

                            1 Reply Last reply Reply Quote 0
                            • P
                              phil.davis
                              last edited by

                              Maybe there is another device on the LAN that is also using that original LAN IP? Try accessing the original LAN IP when pfSense is not using it, and maybe you will still get a response?
                              Or did you use the bottom address in the LAN subnet? (like 192.168.1.0/24) I have done that to myself in the past while quickly going through the initial wizard and not thinking. (Note: In 2.1.1 the validation has been enhanced to catch that sort of thing)
                              Otherwise, I am struggling to think what would be special about a particular LAN IP, unless you have a particular rule that blocks it.

                              As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
                              If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

                              1 Reply Last reply Reply Quote 0
                              • D
                                DLeVasseur
                                last edited by

                                No, this is a standalone box with nothing by my laptop connected.

                                So here's what I did that managed to get it working.  I changed the address from .1.1 to .44.1, this allowed me into the webconfigurator on port 80.  I then created a security certificate and changed the webconfigurator over to https and port 443.  I then changed the address back to the original .1.1 and was able to get in using the original address.

                                Not sure why but the box just will not accept a port 80 connection if it's IP is the .1.1  443 connection is fine.

                                I ran a port scanner and the port is open.  Anyway, 443 should be what is used anyway, so I think all is fine now.

                                1 Reply Last reply Reply Quote 0
                                • L
                                  lfph
                                  last edited by

                                  Hi everyone,
                                  i guess i'm on the right section of the forum as me too cannot use my xml file from 1.2.x to 2.1 and i get "The Configuration Could Not Be Restored", not really familiar with xml so i just put it as an attachment if someone has the time to look at it.
                                  Thanks for the help,
                                  S.

                                  pfsense_xml.txt

                                  1 Reply Last reply Reply Quote 0
                                  • D
                                    DLeVasseur
                                    last edited by

                                    I'm not sure if it is the cause, but I noticed at the bottom of your XML there is a bunch of package information.  I believe the Wiki states to export the 1.2.3 configuration without package data.  Package data cannot be imported.

                                    1 Reply Last reply Reply Quote 0
                                    • L
                                      lfph
                                      last edited by

                                      thanks,
                                      i have 2 backups 1 with package and 1 without, none are working; here is the one without (i think)

                                      pfsense_xml1.txt

                                      1 Reply Last reply Reply Quote 0
                                      • D
                                        DLeVasseur
                                        last edited by

                                        The steps outlined by Phil earlier in the post worked out beautifully to find the error.  It's really simple, just copy, paste (change the file name), run.

                                        1 Reply Last reply Reply Quote 0
                                        • L
                                          lfph
                                          last edited by

                                          i'm sure it does but i don't understand it :-(

                                          1 Reply Last reply Reply Quote 0
                                          • D
                                            DLeVasseur
                                            last edited by

                                            The file even fails basic XML validation.  What options are you using when you export it?

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.