Community discussions

 
13hakta
just joined
Topic Author
Posts: 5
Joined: Thu Oct 11, 2018 2:40 pm

Duplicating device backup led to non-working IPSec

Wed Nov 06, 2019 2:19 pm

Hello!
We have bought additional HEX-S device for backup purposes, to make a replacement if previous one fails. I installed the same firmware (6.43.16) on the second and restored backup file from first device (through Winbox-Files-Backup). So, second device looks like a full copy including MAC addresses on interfaces. When I connect second device instead of first internet is working nice and it's able to connect with L2TP+IPSec from outside. But it's unable to make connection with static IPSec channels, also it's unable to connect with OpenVPN to device. When I turn back my first HEX-S everything becomes working.
Please tell me how to make a correct backup of device? Is it a manufacturing failure or some additional configuration required?
 
marisspringis
just joined
Posts: 12
Joined: Wed Dec 12, 2018 2:17 pm

Re: Duplicating device backup led to non-working IPSec

Wed Nov 06, 2019 2:33 pm

Hi,
correct backup if you wan't to use it on another device should be used using - export not backup.
you should never put one device backup to another device
 
13hakta
just joined
Topic Author
Posts: 5
Joined: Thu Oct 11, 2018 2:40 pm

Re: Duplicating device backup led to non-working IPSec

Thu Nov 07, 2019 6:03 am

Hi,
correct backup if you wan't to use it on another device should be used using - export not backup.
you should never put one device backup to another device
Why not?
So, this means that I also must export -> import all certificates and users?
 
marisspringis
just joined
Posts: 12
Joined: Wed Dec 12, 2018 2:17 pm

Re: Duplicating device backup led to non-working IPSec

Thu Nov 07, 2019 10:07 am

this has been discussed a lot of times allready ;)
look at this thread, it basically explains whoy you cannot put backup in other routerboard - viewtopic.php?f=2&t=153687&p=759104&hil ... up#p759104
 
13hakta
just joined
Topic Author
Posts: 5
Joined: Thu Oct 11, 2018 2:40 pm

Re: Duplicating device backup led to non-working IPSec

Thu Nov 07, 2019 1:03 pm

this has been discussed a lot of times allready ;)
look at this thread, it basically explains whoy you cannot put backup in other routerboard - viewtopic.php?f=2&t=153687&p=759104&hil ... up#p759104
But that's not my case. I use the same models with same firmware.
 
sindy
Forum Guru
Forum Guru
Posts: 3897
Joined: Mon Dec 04, 2017 9:19 pm

Re: Duplicating device backup led to non-working IPSec

Thu Nov 07, 2019 7:16 pm

But that's not my case. I use the same models with same firmware.
But they still differ in serial numbers and MAC addresses, and a restore of a backup interferes with that badly. So yes, you have to use /certificate export-certificate (which is not done along with the /export of configuration) and then /certificate import them for use on the destination machine. And don't forget that in order to have the private keys of certificates exported, you must provide a passphrase, otherwise the private key is not exported at all (which renders the imported certificates unusable).

And to my knowledge there is currently no way to export the user accounts.

Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.

Who is online

Users browsing this forum: Google [Bot], MSN [Bot] and 117 guests