Hello,
there is a bug in the backup/restore function of pfSense 2.0.2 which
makes it impossible to restore encrypted backups, rendering those
backups useless.
==================================
You can easily reproduce the bug by making a backup with the following
settings:
- Backup area: ALL
- Do not backup package information: YES/NO (irrelevant)
- Encrypt configuration file: YES
- Do not backup RRD data: NO (= Yes, backup RRD data!)
The combination of encryption and RRD data inside the backup file
corrupts the file:
- When trying to restore via Pre-Flight Installer (USB-stick), pfSense
states that the password is wrong.
- When trying to restore via Web GUI, it states: "You have selected to
restore the full configuration but we could not locate a pfsense tag."
==================================
Since the file is not encrypted as a whole, but only sections of it are
encrypted, I could open the file with a text editor and analyze it:
As it seems, the backup xml and the RRD are two sections which are
clearly separated of each other:
1. In an UNENCRYPTED backup file WITHOUT RRD date, the file structure is:
######################
<?xml version="1.0"?>
<pfsense>
... then the contens of the config.xml ...
... at the end some certificate data....
</cert>
</pfsense>
2. In an UNENCRYPTED backup file WITH RRD data, the file structure is:
######################
<?xml version="1.0"?>
<pfsense>
... then the contens of the config.xml ...
... at the end some certificate data....
</cert>
<rrddata>
.. then multiple RRD data blocks in the following format...
<rrddatafile>
<filename>some name</filename>
<data>some encrypted/hashed (?) RRD data</data>
</rrddatafile>
... and at the end of the file
</rrddata>
</pfsense>
3. In an ENCRYPTED backup file WITHOUT RRD data, the file structure is:
######################
---- BEGIN config.xml ----
... encrypted data....
---- END config.xml ----
4. In an ENCRYPTED backup file WITH RRD data (= the corrupted file which
won't restore!), the file structure is:
######################
---- BEGIN config.xml ----
... encrypted data....
---- END config.xml ----
.. then multiple RRD data blocks in the following format...
<rrddatafile>
<filename>some name</filename>
<data>some encrypted/hashed (?) RRD data</data>
</rrddatafile>
... and at the end of the file
</rrddata>
</pfsense>
Reminder: when trying to restore this file, the error message said:
"..we could not locate a pfsense tag". Analyzing the file, I noticed
that indeed the start tag "<rrddata>" is missing, since after "---- END
config.xml ----" it continues straight away with "<rrddatafile>". So i
tried to fix the file by manually inserting the missing start tag,
leading to the following result:
5. FIX ATTEMPT 1: ENCRYPTED backup file WITH RRD data (= the corrupted
file which won't restore!), with missing <rrddata> start tag inserted:
######################
---- BEGIN config.xml ----
... encrypted data....
---- END config.xml ----
<rrddata>
.. then multiple RRD data blocks in the following format...
<rrddatafile>
<filename>some name</filename>
<data>some encrypted/hashed (?) RRD data</data>
</rrddatafile>
... and at the end of the file
</rrddata>
</pfsense>
When trying to restore this file, I receive a new error message: "The
configuration could not be restored." So obviously I either fixed the
wrong thing, or there is something else wrong, too.
6. As a last resort I went over and cut off all RRD data: I deleted
everything that came after "---- END config.xml ----":
######################
---- BEGIN config.xml ----
... encrypted data....
---- END config.xml ----
This is similar to the way the file looks like in Nr. 3, i.e. the way it
would look like if you don't select any RRD data to be saved in the backup.
Result: The backup is accepted by pfSense and it restores the system!!!!!!!!
==================================
Questions:
1. I did this backup-restore-action because I wanted to go sure, that my
backup works fine, prior going productive with the system, as is
suggested to do so in the book. Obviously a good advice, since I don't
even want to imagine the stress I would have now in a recovery situation
of a productive system.
Nevertheless, I have worked quite some days on this configuration setup
and really do not want to loose all the work and start from scratch. So
can someone please tell me if it is safe for me to proceed with my
"trimmed" backup file, fixed in the way I described in point no. 6.? Did
I really just cut of the RRD data, when I cut off everything after "----
END config.xml ----", or did I damage the backup file in a way not
obvious to me which could lead to a misconfigured/instable/insecure
pfSense system in the future???
2. What encryption algorithm is used for the backup? Is there any way I
could decrypt it manually?
Thank you very much for any help/hint/information!!
Cheers
thinkerix
==================================
P.S.
1. A similar error had been reported by another fellow community member
in 2011-05-07, who run 2.0RC3, so it seems that the bug is already
existing since a while, see:
http://forum.pfsense.org/index.php?topic=38762.0;prev_next=next
2. I first tried to restore via the recommended Pre-Flight Installer.
When I encountered the "wrong password" message, I first tried to
exclude all possible pitfalls, such as reformatting the USB stick to
FAT16 instead of FAT32, because in the book on page 44 it just says
"FAT", leaving it unclear which kind of FAT is accepted. => Hint to the
authors of the book: it would be helpful if you would precisely write
that both FAT16 and FAT32 are accepted (or whatever is correct), so to
eliminate any doubts in this concern. There are many USB readers/
devices out there which can't read FAT32 and have FAT16 as mandatory.
3. I tried to enroll to the bug tracker of pfSense to file this bug, but
the system won't send me any confirmation email.
_______________________________________________
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list
