Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    2100 Upgrade Plan

    Problems Installing or Upgrading pfSense Software
    2
    8
    788
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jrey
      last edited by

      So yes the 2100 is now offering the 23.01 upgrade.

      The best practices document associate with it, indicates that you should uninstall packages before upgrading (really?) It does say you can proceed without uninstalling and it "should be" okay.

      Okay, under packages the system 22.05 also shows that 4 of the 5 packages that are installed on system have updates available?

      Q. wouldn't that imply that the dependent items they would try and remove are not actually installed yet? Wouldn't that leave crud behind?

      Q. Can/should these package just be updated on the existing 22.05 release, since they are showing updates available? or do the 23.01 first, then the packages.

      Q. backup is one of those packages (but has no dependent items), so upgrade that before or after the OS update? since you want to force a manual backup before doing the update

      just really looking for some clarity on the order of steps required to be successful.

      Thanks

      S 1 Reply Last reply Reply Quote 0
      • S
        SteveITS Rebel Alliance @jrey
        last edited by

        @jrey Do not update packages if you are on 22.05 and pfSense is set to a later version. If you want to upgrade packages and not pfSense, change pfSense's branch to "previous stable version" so it's pulling from the correct repo. Otherwise if the new package is marked dependent on, say, PHP 8 you end up installing PHP 8 on 22.05 and breaking everything.

        What packages are you running? Many/most keep their settings so we generally uninstall Suricata and pfBlocker but leave others like the default IPSec export. Those two specifically have a checkbox to retain/delete package config upon uninstall and both default to keeping it.

        I have not looked into it much but I think the version upgrade uninstalls/reinstalls packages for you. The advice to uninstall yourself is just to avoid any potential problems during the upgrade. For instance 23.01 is upgrading both the OS and PHP.

        (I have not upgraded any to 23.01 yet)

        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
        Upvote ๐Ÿ‘ helpful posts!

        J 1 Reply Last reply Reply Quote 1
        • J
          jrey @SteveITS
          last edited by

          @steveits

          Hi Steve, thanks for the reply

          I haven't installed anything. Just noticed that packages are available to be updated as is 23.01 and was looking for guidance as to the correct order to update things.
          The best practice says to uninstall packages (perhaps, maybe, because it also says most should update). If they are set for update as shown, wouldn't attempting to uninstall leave stuff behind, or just fail? (certainly you are saying they would break if updated, and that's what I would expect)

          and with those packages it was php etc that caught my attention as the system is currently on 22.05 (which would be on some rev of php7 etc). I was more curious about what happens if I do attempt to uninstall (say pfBlocker) first.

          Pretty simply setup at this point. Maybe I should just "send-it" down the 23.01 path as is and hope all the packages just update correctly? Would packages (say pfBlocker or any of them really) have a better chance of successful update if they are disabled first? Maybe they need to be enabled to update.
          There doesn't seem to be clarity on what the status should be going into the process. (backup, uninstall packages - maybe/maybe not , reboot, send-it, reinstall packages, hope)

          (rounding up a console to recover would be challenging (inconvenient) at this point, so I'd prefer it just work, lol, and wouldn't we all)

          System Version

          Screen Shot 2023-02-16 at 10.22.16 AM.png

          Packages updates that are also currently being offered. None of these updates were available for update a few days ago. I literally just installed acme a couple of days ago and got it working.

          Screen Shot 2023-02-16 at 10.27.38 AM.png

          Thanks again I appreciate the feedback, JR

          S 1 Reply Last reply Reply Quote 0
          • S
            SteveITS Rebel Alliance @jrey
            last edited by

            @jrey said in 2100 Upgrade Plan:

            Would packages (say pfBlocker or any of them really) have a better chance of successful update if they are disabled first?

            That is the reason Netgate writes it as they do, to recommend uninstalling packages first. The upgrade will reinstall them anyway so there's not much time really being saved.

            I haven't used acme or Backup...I would uninstall pfBlocker and leave the others if it was me.

            @jrey said in 2100 Upgrade Plan:

            (backup, uninstall packages - maybe/maybe not , reboot, send-it, reinstall packages

            That's what we do.

            The reason the package list shows updates is because you have pfSense's update branch (System/Update) set to Latest Stable Version which is now 23.01 as of yesterday. Therefore all the packages in 23.01 are detected as newer. However installing them onto an older version of pfSense will likely cause problems.

            Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
            When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
            Upvote ๐Ÿ‘ helpful posts!

            J 1 Reply Last reply Reply Quote 0
            • J
              jrey @SteveITS
              last edited by

              @steveits

              "you have pfSense's update branch (System/Update) set to Latest Stable Version which is now 23.01"

              indeed - hadn't noticed the system had changed that before actually installing anything

              So change it back to previous version, backup, then uninstall pfBlocker (with the "keep settings" checked, which it already is), reboot, send-it for 23.01, after restoring reinstall pfBlocker

              therefore, assuming the pfBlocker settings would survive the 23.01 upgrade?

              sounds like a plan.

              Thanks again

              S 1 Reply Last reply Reply Quote 0
              • S
                SteveITS Rebel Alliance @jrey
                last edited by

                @jrey There's no need to change to the prior version to uninstall packages. That is only on your router anyway. The problem is installing packages intended for a later version.

                So back up, uninstall pfB, reboot, update 23.01, reinstall pfB (apparently, not -devel, because the two are the same on 23.01). I suppose you can reboot first or in the middle, doesn't matter.

                On a normal update I would expect it to take at least 10-15 minutes of time on a 2100. Might be longer on 23.01 when upgrading the OS...I haven't done one yet.

                If you want a recovery path you can ask for the install image at https://docs.netgate.com/pfsense/en/latest/solutions/netgate-2100/reinstall-pfsense.html

                Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
                Upvote ๐Ÿ‘ helpful posts!

                J 1 Reply Last reply Reply Quote 0
                • J
                  jrey @SteveITS
                  last edited by

                  @steveits

                  Thanks Steve

                  17 minutes start to finish,
                  after pfBlocker installed the main page said the DNSBL was down, and needed another force reload.. (included in the time above, so that's where the extra time above your high estimate came from, lol)

                  all seems normal.

                  well except for the [ pfB_PRI1_v4 - Talos_BL_v4 ] Download FAIL]
                  not worried about it. It has been intermittent for weeks, that one feed seems to come and go randomly on the best of days.

                  Really appreciate your answers,
                  JR

                  S 1 Reply Last reply Reply Quote 0
                  • S
                    SteveITS Rebel Alliance @jrey
                    last edited by

                    @jrey Nice, thanks for the feedback. I noted the time just to say to wait...in the past people have rebooted early and interrupted the update. The default page starts counting at something like 2-3 minutes implying that's all it should take.

                    Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                    When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
                    Upvote ๐Ÿ‘ helpful posts!

                    1 Reply Last reply Reply Quote 0
                    • S SteveITS referenced this topic on
                    • First post
                      Last post