Actions
Bug #16374
closed
Unable to restore 2.8.0 with static WAN IP
Status:
Duplicate
Priority:
High
Assignee:
-
Category:
Package System
Target version:
-
Start date:
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
2.8.0
Affected Architecture:
All
Description
(This is a rewrite of #16367)
There is no issue restoring a 2.8.0 installation with a static WAN IP in the exact same environment. The attached config.xml is a minimal CE install (user admin, password pfsense) and three packages are successfully reloaded upon restoration :
Package reinstall process finished successfully @ 2025-08-15 12:47:52
The configuration history shows:
8/15/25 13:15:20 24.0 14 KiB admin@192.168.18.31 (Local Database): Creating restore point before package installation. Current configuration
8/15/25 13:12:42 24.0 0 B (system): wan IP configuration from console menu
8/15/25 00:23:48 24.0 0 B (system): Installed System Patches package.
where the static WAN IP is entered from console menu as shown in the second line of the config history.
If the exact same harware installation is reinstalled using a different WAN IP (this example is using a virtual machine: please read if the WAN is assigned to a different VLAN), it is impossible to restore the installed packages and all package configurations will be removed on the next boot.
Specifically,
- the WAN IP is updated from console
--- /conf/backup/config-1755217428.xml 2025-08-15 13:12:42.233511000 +0000
+++ /conf/config.xml 2025-08-15 13:15:20.717682000 +0000
@@ -59,10 +59,10 @@
<enable></enable>
<if>hn0</if>
<mtu></mtu>
- <ipaddr>192.168.18.131</ipaddr>
+ <ipaddr>10.0.0.139</ipaddr>
<ipaddrv6></ipaddrv6>
<subnet>24</subnet>
- <gateway>WANGW</gateway>
+ <gateway>WANGW_2</gateway>
<dhcphostname></dhcphostname>
<media></media>
<mediaopt></mediaopt>
@@ -290,9 +290,9 @@
<vlans></vlans>
<qinqs></qinqs>
<revision>
- <time>1755217428</time>
- <description><![CDATA[(system): Installed System Patches package.]]></description>
- <username><![CDATA[(system)]]></username>
+ <time>1755263720</time>
+ <description><![CDATA[admin@192.168.18.31 (Local Database): Creating restore point before package installation.]]></description>
+ <username><![CDATA[admin@192.168.18.31 (Local Database)]]></username>
</revision>
<gateways>
<gateway_item>
@@ -313,7 +313,16 @@
<interval></interval>
<descr><![CDATA[Interface wan Gateway]]></descr>
</gateway_item>
- <defaultgw4>WANGW</defaultgw4>
+ <gateway_item>
+ <interface>wan</interface>
+ <gateway>10.0.0.3</gateway>
+ <name>WANGW_2</name>
+ <weight>1</weight>
+ <ipprotocol>inet</ipprotocol>
+ <interval></interval>
+ <descr><![CDATA[Interface wan Gateway]]></descr>
+ </gateway_item>
+ <defaultgw4>WANGW_2</defaultgw4>
</gateways>
<cert>
<refid>689e7b910ca66</refid>
- DNS resolution fails in this scenario and the unbound service is restarted from console
pfSsh playback svc restart unbound
- logging into the GUI, the notification is (please notice the 13:06 timestamp, the notification is issued before the WAN IP update at 13:12):
Package reinstall process was ABORTED due to lack of internet connectivity @ 2025-08-15 13:06:53
- Upon reboot, the General Log entries show:
Aug 15 13:34:21 php-fpm 437 /rc.start_packages: Restarting/Starting all packages. Aug 15 13:34:21 php-fpm 437 /rc.start_packages: The acme package is missing its configuration file and must be reinstalled. Aug 15 13:34:21 check_reload_status 507 Syncing firewall Aug 15 13:34:21 php-fpm 437 /rc.start_packages: Configuration Change: (system): Removed acme package. Aug 15 13:34:21 php-fpm 437 /rc.start_packages: The nmap package is missing its configuration file and must be reinstalled. Aug 15 13:34:21 php-fpm 437 /rc.start_packages: Configuration Change: (system): Removed nmap package. Aug 15 13:34:21 php-fpm 437 /rc.start_packages: The System Patches package is missing its configuration file and must be reinstalled. Aug 15 13:34:21 php-fpm 437 /rc.start_packages: Configuration Change: (system): Removed System Patches package. Aug 15 13:34:21 check_reload_status 507 Syncing firewall Aug 15 13:34:21 root 65632 Bootup complete
At that point, this would be a useless installation if the packages had significant information (certificates, identifiers, etc.).
Regards,
Files
Updated by Jim Pingle 28 days ago
- Status changed from New to Duplicate
Most likely the same root cause as #16367 in your environment (though I can't reproduce either one)
Updated by Serge Caron 28 days ago
Hello Jim,
That is why I provided a test case config.xml.
I tested this on two unrelated corporate network with the same results.
The key idea is that the newly installed firewall should have no working connection to the Internet.
That should be easy to reproduce.
Regards,
Updated by Serge Caron 25 days ago
- File Configuration Difference.txt Configuration Difference.txt added
- File 2ndBoot.log 2ndBoot.log added
- File 1stBoot.log 1stBoot.log added
Hello Jim,
I can reproduce this issue directly from console.
The attached "1stBoot.log" documents the change of WAN IP during the first boot after install. The interesting excerpt shows lack of DNS resolution, Internet connectivity and no attempt to start packages:
[2.8.0-RELEASE] [root@pfSense.home.arpa]/root: ping -c 2 dns.google ping: cannot resolve dns.google: Name does not resolve [2.8.0-RELEASE][root@pfSense.home.arpal/root: pfSsh.php playback svc restart unbound Attempting to issue restart to unbound service... unbound has been restarted. [2.8.0-RELEASE] [root@pfSense.home.arpal/root: ping -c 2 dns.google PING dns.google (8.8.8.8): 56 data bytes 64 bytes from 8.8.8.8: icmp_seq=0 ttl=119 time=9.690 ms 64 bytes from 8.8.8.8: icmp_seq=1 ttl=119 time=11.402 ms --- dns.google ping statistics --- 2 packets transmitted, 2 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 9.690/10.546/11.402/0.856 ms [2.8.0-RELEASE][root@pfSense.home.arpa]/root: grep -r "rc.start_packages" /var/log [2.8.0-RELEASE][root@pfSense.home.arpal/root: exit
The attached "2ndBoot.log" shows Internet connectivity and DNS resolution and all packages being removed:
[2.8.0-RELEASE] [root@pfSense.home.arpal/root: ping -c 2 dns.google PING dns.google (8.8.8.8): 56 data bytes 64 bytes from 8.8.8.8: icmp_seq=0 ttl=118 time=9.169 ms 64 bytes from 8.8.8.8: icmp_seq=1 ttl=118 time=10.042 ms --- dns.google ping statistics --- 2 packets transmitted, 2 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 9.169/9.605/10.042/0.436 ms [2.8.0-RELEASE][root@pfSense.home.arpa]/root: grep -r "rc.start_packages" /var/log /var/log/system.log:Aug 17 00:50:04 pfSense php-fpm[419]: /rc.start_packages: Restarting/Starting all packages. /var/log/system.log:Aug 17 00:50:04 pfSense php-fpm[419]: /rc.start_packages: The acme package is missing its configuration file and must be reinstalled. /var/log/system.log:Aug 17 00:50:04 pfSense php-fpm[419]: /rc.start_packages: Configuration Change: (system): Removed acme package. /var/log/system.log:Aug 17 00:50:04 pfSense php-fpm[419]: /rc.start_packages: The nmap package is missing its configuration file and must be reinstalled. /var/log/system.log:Aug 17 00:50:04 pfSense php-fpm[419]: /rc.start_packages: Configuration Change: (system): Removed nmap package. /var/log/system.log:Aug 17 00:50:04 pfSense php-fpm[419]: /rc.start_packages: The System Patches package is missing its configuration file and must be reinstalled. /var/log/system.log:Aug 17 00:50:04 pfSense php-fpm[419]: /rc.start_packages: Configuration Change: (system): Removed System Patches package. [2.8.0-RELEASE][root@pfSense.home.arpal/root: exit
Finally, the file "Configuration Difference.txt" documents the changes between the initial configuration supplied to the Netgate Installer and the final configuration after the 2nd boot.
Again, I am waiting for equipment to test this scenario against real NICs but I don't expect anything else than what is shown above.
Regards,
Actions