oe7drt-website/content/posts/2022/24-pfsense-restore-broken-config/index.md

---
title: "pfSense: restore broken config"
aliases:
  - /posts/2022-07-04-pfsense-restore-broken-config
  - /posts/2022-07-04-pfsense-restore-broken-config-file
summary: >
  Restoring a configuration file for pfSense when it actually stays in a
  boot-loop
date: 2022-07-04T18:14:13+02:00
categories: [computerstuff]
tags: [pfsense, networking]
---

My pfSense firewall at home got a pretty heavy misconfiguration by myself and
that resulted in an annoying boot-loop. This took me quite a while to research,
but I finally got it working again. Thank god pfSense makes backups of its
configuration so this recovery process works quite well.

## Follow these steps

1. Boot into **single user mode**

   Connect to your firewall (with a serial console) and choose option
   `5) Reboot system` and confirm with the letter `S` (capital s).

2. **ZFS version only**

   1. Remount root slice as read-write:

      ```console
      $ /sbin/mount -u /
      ```

   2. Mount all ZFS filesystems, datasets etc.

      ```console
      $ /sbin/zfs mount -a
      ```

   3. Working within the mounted filesystems

      1. Enter **/cf/conf**

         ```console
         $ cd /cf/conf
         ```

      2. Copy the newest backup file back

         ```console
         $ cp backup/config-1648889613.xml config.xml
         ```

      3. Clear the config cache

         ```console
         $ rm /tmp/config.cache
         ```

      4. Reload system and it's services

         ```console
         $ /etc/rc.reload_all start
         ```

         This may take a while. At this point we are done, we can now remove
         the single user mode boot configuration and reboot the firewall.

   4. Clear the single user mode boot configuration

      ```console
      $ /sbin/nextboot -D
      ```

      ZFS does not clear the single user mode boot configuration by itself,
      that's why we have to delete it after we are done with our work.

   5. Reboot the system

      ```console
      $ /sbin/reboot
      ```

      You could also use exit, but that would only continue booting into
      multi user mode without rebooting the system first. I personally think
      that we would benefit from a full reboot.

Okay, that's it all for now. Please note that I do not use the UFS filesystem
any more, so I won't add this to my little instruction set.

{{< alert circle-info >}}
This post was actually older, I've saved the instructions in a textfile until I
found the time to format it and publish it on my website.
{{< /alert >}}

## Sources

- <https://docs.netgate.com/pfsense/en/latest/troubleshooting/single-user-mode.html#ufs-systems>
- <https://www.agix.com.au/restore-pfsense-from-backup-using-the-cli-command-line/>
first commit; still need to update content/posts 2022-11-20 21:17:25 +01:00			`---`
prettier..content 2024-09-29 01:48:06 +02:00			`title: "pfSense: restore broken config"`
update posts aliases; fix some dates; fix some typography - post aliases instead of redirects - some dates were wrong, fixed and create multiple aliases to not brake the old date - fix some typography like newlines on end of file 2023-11-18 23:01:27 +01:00			`aliases:`
prettier..content 2024-09-29 01:48:06 +02:00			`- /posts/2022-07-04-pfsense-restore-broken-config`
			`- /posts/2022-07-04-pfsense-restore-broken-config-file`
first commit; still need to update content/posts 2022-11-20 21:17:25 +01:00			`summary: >`
			`Restoring a configuration file for pfSense when it actually stays in a`
			`boot-loop`
			`date: 2022-07-04T18:14:13+02:00`
			`categories: [computerstuff]`
prettier..content 2024-09-29 01:48:06 +02:00			`tags: [pfsense, networking]`
first commit; still need to update content/posts 2022-11-20 21:17:25 +01:00			`---`

			`My pfSense firewall at home got a pretty heavy misconfiguration by myself and`
			`that resulted in an annoying boot-loop. This took me quite a while to research,`
			`but I finally got it working again. Thank god pfSense makes backups of its`
			`configuration so this recovery process works quite well.`

			`## Follow these steps`

prettier..content 2024-09-29 01:48:06 +02:00			`1. Boot into single user mode`
first commit; still need to update content/posts 2022-11-20 21:17:25 +01:00
prettier..content 2024-09-29 01:48:06 +02:00			`Connect to your firewall (with a serial console) and choose option`
			`5) Reboot system` and confirm with the letter `S` (capital s).
first commit; still need to update content/posts 2022-11-20 21:17:25 +01:00
			`2. ZFS version only`

prettier..content 2024-09-29 01:48:06 +02:00			`1. Remount root slice as read-write:`
first commit; still need to update content/posts 2022-11-20 21:17:25 +01:00
prettier..content 2024-09-29 01:48:06 +02:00			```console
			`$ /sbin/mount -u /`
			```
first commit; still need to update content/posts 2022-11-20 21:17:25 +01:00
prettier..content 2024-09-29 01:48:06 +02:00			`2. Mount all ZFS filesystems, datasets etc.`
first commit; still need to update content/posts 2022-11-20 21:17:25 +01:00
prettier..content 2024-09-29 01:48:06 +02:00			```console
			`$ /sbin/zfs mount -a`
			```
first commit; still need to update content/posts 2022-11-20 21:17:25 +01:00
prettier..content 2024-09-29 01:48:06 +02:00			`3. Working within the mounted filesystems`
first commit; still need to update content/posts 2022-11-20 21:17:25 +01:00
prettier..content 2024-09-29 01:48:06 +02:00			`1. Enter /cf/conf`
first commit; still need to update content/posts 2022-11-20 21:17:25 +01:00
prettier..content 2024-09-29 01:48:06 +02:00			```console
			`$ cd /cf/conf`
			```
first commit; still need to update content/posts 2022-11-20 21:17:25 +01:00
prettier..content 2024-09-29 01:48:06 +02:00			`2. Copy the newest backup file back`
first commit; still need to update content/posts 2022-11-20 21:17:25 +01:00
prettier..content 2024-09-29 01:48:06 +02:00			```console
			`$ cp backup/config-1648889613.xml config.xml`
			```
first commit; still need to update content/posts 2022-11-20 21:17:25 +01:00
prettier..content 2024-09-29 01:48:06 +02:00			`3. Clear the config cache`
first commit; still need to update content/posts 2022-11-20 21:17:25 +01:00
prettier..content 2024-09-29 01:48:06 +02:00			```console
			`$ rm /tmp/config.cache`
			```
first commit; still need to update content/posts 2022-11-20 21:17:25 +01:00
prettier..content 2024-09-29 01:48:06 +02:00			`4. Reload system and it's services`
first commit; still need to update content/posts 2022-11-20 21:17:25 +01:00
prettier..content 2024-09-29 01:48:06 +02:00			```console
			`$ /etc/rc.reload_all start`
			```
first commit; still need to update content/posts 2022-11-20 21:17:25 +01:00
prettier..content 2024-09-29 01:48:06 +02:00			`This may take a while. At this point we are done, we can now remove`
			`the single user mode boot configuration and reboot the firewall.`
first commit; still need to update content/posts 2022-11-20 21:17:25 +01:00
prettier..content 2024-09-29 01:48:06 +02:00			`4. Clear the single user mode boot configuration`
first commit; still need to update content/posts 2022-11-20 21:17:25 +01:00
prettier..content 2024-09-29 01:48:06 +02:00			```console
			`$ /sbin/nextboot -D`
			```
first commit; still need to update content/posts 2022-11-20 21:17:25 +01:00
prettier..content 2024-09-29 01:48:06 +02:00			`ZFS does not clear the single user mode boot configuration by itself,`
			`that's why we have to delete it after we are done with our work.`
first commit; still need to update content/posts 2022-11-20 21:17:25 +01:00
prettier..content 2024-09-29 01:48:06 +02:00			`5. Reboot the system`
first commit; still need to update content/posts 2022-11-20 21:17:25 +01:00
prettier..content 2024-09-29 01:48:06 +02:00			```console
			`$ /sbin/reboot`
			```
first commit; still need to update content/posts 2022-11-20 21:17:25 +01:00
prettier..content 2024-09-29 01:48:06 +02:00			`You could also use exit, but that would only continue booting into`
			`multi user mode without rebooting the system first. I personally think`
			`that we would benefit from a full reboot.`
first commit; still need to update content/posts 2022-11-20 21:17:25 +01:00
			`Okay, that's it all for now. Please note that I do not use the UFS filesystem`
			`any more, so I won't add this to my little instruction set.`

updates; still not finished... 2022-12-05 22:32:44 +01:00			`{{< alert circle-info >}}`
first commit; still need to update content/posts 2022-11-20 21:17:25 +01:00			`This post was actually older, I've saved the instructions in a textfile until I`
			`found the time to format it and publish it on my website.`
updates; still not finished... 2022-12-05 22:32:44 +01:00			`{{< /alert >}}`
first commit; still need to update content/posts 2022-11-20 21:17:25 +01:00
			`## Sources`

			`- <https://docs.netgate.com/pfsense/en/latest/troubleshooting/single-user-mode.html#ufs-systems>`
			`- <https://www.agix.com.au/restore-pfsense-from-backup-using-the-cli-command-line/>`