Backup 2.1.2 config and restore on pfsense 2.2 compatible?



  • I have a fresh install of 2.2 and would like to transfer the openvpn config settings. Is a 2.1.2 backup config compatible with pfsense 2.2?



  • I can not tell you for OpenVPN if it is working correctly.  Did not check that out yet.  But I do know that some things get corrupt when importing a 2.1.x file into 2.2

    In my case I had the following problems with corrupt files:

    • ssh host key files
    • unbound: root.key  (auto-trust-anchor-file)


  • Thank you for the info. I will do a manual config.


  • Netgate Administrator

    Hmm, generally speaking you should always be able to import an older config file into a newer version. There are exceptions such as the different character set allowed in 1.2.3 and earlier but this doesn't look like one.

    Steve


  • Rebel Alliance Developer Netgate

    ssh host keys are not stored in config.xml, and the unbound root.key likely isn't either.

    It is safe to import config.xml from an older version into 2.2, as it always has been for importing older configs to a current version. Any valid/known issues are covered in the release notes and upgrade guide on the wiki.



  • If you restore a whole config file, then the config file version stored is the config file is also restored. In that case the system recognizes that the config is an old version and will convert/upgrade it as the first thing when it boots - as JimP just said, it is safe to restore a whole config.
    If you just restore a section of the config, the system has no way to really know what version/format it was. So you have to restore only sections that are in the format consistent with the format used by the currently running config.
    If restoring a section from an old config into a new config, you have to know if there were any config format changes to the relevant section between the old and new versions.



  • @kdillen:

    But I do know that some things get corrupt when importing a 2.1.x file into 2.2

    In my case I had the following problems with corrupt files:

    • ssh host key files
    • unbound: root.key  (auto-trust-anchor-file)

    That's absolutely not true. Those two things don't even exist in the config.

    It's always safe to restore the full config from an older version to a newer version (but going backwards, say restoring 2.2 to 2.1, is not possible).

    Trying to snip out pieces of an old config backup and paste them into a new config isn't a good idea unless you really know what you're doing, as those pieces may require config upgrades when migrating to a new version that they won't get if you're pulling in partial config bits.


Log in to reply