I download to download a copy of "pfSense 2.4.2-RELEASE-p1"
-
This is not intended for production purposes; rather, it is required for our ongoing migration process. Once the migration is finalized, the previous release will be removed.
-
The quick, dirty and dangerous method :
Install Google : This did it for me : download pfSense 2.4.2-RELEASE
A couple of suggestions down you will find http://mirror.transip.net/pfsense/downloads/ although the P1 version doesn't seem to be listed.
Better method : Contact TAC support Netgate and try to convince them ....
-
I immediately resorted to searching on Google, but unfortunately, it did not yield any relevant results. Otherwise, I wouldn't have asked for assistance here. Nonetheless, I genuinely appreciate your suggestion.
-
@ipguy said in I download to download a copy of "pfSense 2.4.2-RELEASE-p1":
it is required for our ongoing migration process.
Now you have my Kuriosity Kat meowing at me ;)
Why would you need some very old version of pfsense to migrate to current?
I use to have the old versions saved.. But I recently cleaned that up and only have like the previous version - I was like when in the world would I ever want/need to go back that far, etc ;)
2.4.2-p1 came out end of 2017.. Going on 6 years ago..
-
Wonder if 2.4.2-p1 was ever released as an ISO ......
Netgate mention it as a "maintenance release"
https://www.netgate.com/blog/pfsense-2-4-2-release-p1-and-2-3-5-release-p1-now-availableOn Netgates "Official" hash server , it doesn't exist.
https://files.netgate.com/hashes/Wonder if it was a 2.4.2.iso , and then "only -p1 as upgrade"
You can DL 2.4.2 here
http://mirror.transip.net/pfsense/downloads/But i'd check it against the hash on the official Netgate site.
/Bingo
-
@johnpoz said in I download to download a copy of "pfSense 2.4.2-RELEASE-p1":
Why would you need some very old version of pfsense to migrate to current?
Ah, my inquisitive interlocutor, the journey from an antiquated version of pfSense to the latest iteration is indeed a peculiar one. Let me elucidate the rationale behind such an endeavor.
You see, the realm of technology is a dynamic one, ever-evolving and transforming. With each passing day, new features, enhancements, and security patches emerge, bestowing upon us the fruits of progress. Alas, those left behind on an ancient version of pfSense may find themselves bereft of these bountiful blessings.
To bridge this gap, one must traverse the realm of upgrades step by step, ascending the ladder of versions, each one building upon its predecessor. Skipping these intermediate stages can be treacherous, for dependencies, configurations, and underlying structures may have changed in unforeseen ways. By migrating gradually, from the old to the new, one ensures a smoother transition, minimizing the risks and perils that lie in wait.
Moreover, my dear inquirer, there exists an intangible wisdom in understanding the evolution of a system. By experiencing the journey from the past to the present, one gains insights into the historical underpinnings, the triumphs, and the tribulations faced along the way. It is a tale of technological maturation, a narrative that deepens our understanding and appreciation of the present state.
So, while it may appear counterintuitive to embark upon a voyage through older versions of pfSense in order to reach the current zenith, the wisdom and prudence behind such an approach reveal themselves upon closer inspection. Embrace the pilgrimage of progress, my friend, and let the currents of migration carry you to a brighter and more secure future.
:-)
-
@ipguy said in I download to download a copy of "pfSense 2.4.2-RELEASE-p1":
@johnpoz said in I download to download a copy of "pfSense 2.4.2-RELEASE-p1":
Why would you need some very old version of pfsense to migrate to current?
Ah, my inquisitive interlocutor, the journey from an antiquated version of pfSense to the latest iteration is indeed a peculiar one. Let me elucidate the rationale behind such an endeavor.
You see, the realm of technology is a dynamic one, ever-evolving and transforming. With each passing day, new features, enhancements, and security patches emerge, bestowing upon us the fruits of progress. Alas, those left behind on an ancient version of pfSense may find themselves bereft of these bountiful blessings.
To bridge this gap, one must traverse the realm of upgrades step by step, ascending the ladder of versions, each one building upon its predecessor. Skipping these intermediate stages can be treacherous, for dependencies, configurations, and underlying structures may have changed in unforeseen ways. By migrating gradually, from the old to the new, one ensures a smoother transition, minimizing the risks and perils that lie in wait.
Moreover, my dear inquirer, there exists an intangible wisdom in understanding the evolution of a system. By experiencing the journey from the past to the present, one gains insights into the historical underpinnings, the triumphs, and the tribulations faced along the way. It is a tale of technological maturation, a narrative that deepens our understanding and appreciation of the present state.
So, while it may appear counterintuitive to embark upon a voyage through older versions of pfSense in order to reach the current zenith, the wisdom and prudence behind such an approach reveal themselves upon closer inspection. Embrace the pilgrimage of progress, my friend, and let the currents of migration carry you to a brighter and more secure future.
:-)
Waste of time. Just save your current configuration, download latest ISO, perform clean install, and restore. Minor changes can be adjusted manually.
-
@nimrod said in I download to download a copy of "pfSense 2.4.2-RELEASE-p1":
Waste of time. Just save your current configuration, download latest ISO, perform clean install, and restore. Minor changes can be adjusted manually.
So, with a smile and a nod, let's embrace the silliness of the original question, I shall continue my exploration
Thank you, kind sir.
-
@ipguy said in I download to download a copy of "pfSense 2.4.2-RELEASE-p1":
one must traverse the realm of upgrades step by step, ascending the ladder of versions
Nope - while some software might require intermediate steps to get from A - Z.. Not with pfsense - just jump to the current..
So your saying your currently running older than 2.4.2? WTF dude really - 2.4.2 like I said is like 6 years old.. a There might be something said about not rushing into the latest and greatest release put out..
I never understand how someone could let their "firewall" fall so far behind current. Hey if you were on 22.05 understandable.. Shoot if you were on 2.4.4p3 you could maybe use covid as your excuse for being behind ;)
-
Dude, I inherited the firewall, it's now my problem.
Look, I get it. You're clearly frustrated that it's not up-to-date with the latest version. But seriously, is it really necessary to be so condescending about it?
-
@ipguy said in I download to download a copy of "pfSense 2.4.2-RELEASE-p1":
it's now my problem.
Then take them to current.. Why do you think you need some 6 year old copy of pfsense, liked your prose and all - but still haven't really answered the why you think you need to take steps to move from where your at to current.
Grab the lastest CE version if on whitebox hardware, if your on netgate appliances - contact tac and they will send you the current + version..
If you explained why you think you need to stop at G on your way from A to Z.. we could maybe alleviate your fears?
Grab a copy of your current config.. Grab a copy of current install.. Click upgrade on the device, in a worse case if it fails you can install clean and then restore you config.. The process should really only take a few minutes.
Didn't mean to sound condescending.. Maybe if you would of started out your thread with hey, I took over some really old pfsense on xyz version, can I go straight to current version, or do I need to do intermediate we wouldn't be curious on why your so far behind, etc. And could go over that you don't need to stop at versions between, etc.
edit: if you took over this setup, and the devices are running some version that is 6 years or older even - its prob time to just upgrade the hardware as well ;)
Get some new hardware, install current move your config over to them.. and bobs your uncle.
-
With all due respect, i think this is one of those users that is absolutely convinced that the only way to solve this issue is their own way. There is no other way
-
@johnpoz said in I download to download a copy of "pfSense 2.4.2-RELEASE-p1":
edit: if you took over this setup, and the devices are running some version that is 6 years or older even - its prob time to just upgrade the hardware as well ;)
The migration to the new server is successfully accomplished, save for a couple of troublesome elements: the aging CA and Server CRT certificates that are on the brink of expiration.
The issue lies in the fact that the migration process to the new server and the renewal of the Server CRT are causing issues for remote devices in the field. The devices are rejecting the renewed Server CRT.
The old CRT's are working as expected on the new server, but the renewed server CRT is not.
-
@ipguy said in I download to download a copy of "pfSense 2.4.2-RELEASE-p1":
The old CRT's are working as expected on the new server, but the renewed server CRT is not.
What does that have to do with anything? You understand there have been some major changes in openvpn from 6 years ago.. There might be some stuff you have to alter in a 6 year old config.
CA and the certs - if they are not actually expired as of yet has nothing to do with it.. If you are updating pfsense to current, prob be a good time to create new CA and certs that is for sure. 6 years ago they most likely were not using current settings for CA and certs.. I would prob use ECDSA certs now vs RSA, etc. Prob digest is sha1 from that long ago, etc.
It prob a good time to also go over the complete openvpn configuration - make sure settings are in line with current best practice.. Making sure compress is off is one that comes to mind. Ciphers for sure should be looked at from such an old config. I believe something has change in the topology settings as well.. Prob want to make sure your using ncp now, etc.
Prob good to just start from scratch in your openvpn config to be honest.
-
OK, let's cut to the case.
If you were in my shoes what would you do if you had >10k mobile device in the field with CRTs that will expire in 6 months?
-
@ipguy Get started now ;) heheheh Make that 6 months ago..
Without some details its hard to say to be honest.. I don't even know if I would use pfsense if had 10k some remote devices trying to vpn in..
Management of certs for that many devices is no small feat.. Openvpn in pfsense might not be the best choice from a management stand point. Your going to have to do some heavy lifting most likely.
Are they these all company controlled laptops (windows?) Are they byod, are there other device types like phones or tablets involved?
Managing that many remote devices for vpn is not your typical scenario for openvpn on pfsense would be my gut reaction..
Are these devices that come into the office now and then, or are they 100% remote workers? Where you could push new vpn stuff while they are on prem, or do you need to update them all remotely while they are connected to the vpn, etc.
-
LOL
Pfsense works perfectly well with that number, no issues at all
More than 10K modems, each modem has a unique username and password but they all share/use the same server CRT
-
@ipguy said in I download to download a copy of "pfSense 2.4.2-RELEASE-p1":
Pfsense works perfectly well with that number, no issues at all
Not saying it wouldn't work ;) What I am saying is the management of the certs for the clients could be a lot of heavy lifting ;)
Not using client certs makes it easier to manage.. How long was the original CA set for.. I never make a CA less than 10 years myself..
Getting the devices a new CA prob going to be painful..
-
Really the only reason to want that installer version would be to recover back to that version because you know that works. Which is not unreasonable IMO.
But otherwise you can import the config from 2.4.2p1 directly into 2.6 as others have said. I would at least try that as a test.
Steve
-
As mentioned earlier, I inherited this problem.
The new server has been successfully set up, thoroughly tested, and validated.
I have successfully transferred the CA (Certificate Authority) and CRTs (certificates) from the "old server" to the new one, ensuring seamless connectivity for remote modems.
Currently, I am facing a challenge related to CA/CRT renewal. I am exploring possibilities to avoid the need for updating CRTs on thousands of modems. My objective is to determine if there is a solution to update the CA/CRT without extensive updates required on the modems.
