My first time looking at upgrading pfsense (2.6.0-->2.7.0) and don't want to mess up current network in the process. Help?
-
@LAVenetz I would assume OP has pfSense virtualized so took a snapshot.
pfSense Plus on ZFS can do that in the web GUI. Technically it’s possible to do that via command line on CE.
By default all configuration info for packages is in the configuration file. It will survive an upgrade, or you can install new and restore from backup and get your settings back.
-
@SteveITS said in My first time looking at upgrading pfsense (2.6.0-->2.7.0) and don't want to mess up current network in the process. Help?:
By default all configuration info for packages is in the configuration file. It will survive an upgrade, or you can install new and restore from backup and get your settings back.
Unfortunately I'm not sure if I understood that. Because all the sources I checked tell me to uninstall all packages (haproxy, snort, openvpn-client-export) before upgrading. How can the upgrade process "take" these informations towards version 2.7.0 after the packages have been previously uninstalled? Since I'm using an "old" HP box (3GHz), I can only imagine cloning the HDD, either with rescuezilla or with partclone, so that in the event of a crash I can seriously restore the original state, which has been running stably for years!
So, can you guarantee me that I won't make a mistake when I back up the box (1) with the package info (checked), back up (2) with the RDD data (checked), back up (3) with backup extra data (ckecked), secure (4) with Backup SSH keys (checked), and with the following packages installed: haproxy, snort, and openvpn-client-export (with my own CA, learned how to do it at ETH Zurich)? Then I uninstall my three packages and upgrade to version 2.7.0. OK with this approach (please excuse my insecurity)?
-
@LAVenetz Uninstalling a package does not remove the data from the pfSense configuration. This is so a backup file can restore to a new router and get back to where you were.
A few larger packages like pfBlocker have a checkbox to actually remove the info during uninstall, to have a way to remove it. But is defaults to unchecked.
Re extra data, few bother. https://docs.netgate.com/pfsense/en/latest/backup/configuration.html DHCP clients will just get a new lease.
-
@SteveITS said in My first time looking at upgrading pfsense (2.6.0-->2.7.0) and don't want to mess up current network in the process. Help?:
pfSense Plus on ZFS can do that in the web GUI. Technically it’s possible to do that via command line on CE.
I can neither take a snapshot, nor do I have ZFS, nor do I know how to do this via the command line on CE. Can you help me how to do this via command line on CE?
-
@LAVenetz I don’t know, myself, you’d have to look up the commands.
It’s often easier to just reinstall and restore the config from backup.If you don’t have a copy of 2.6, go to pfSense.org/download, leave Architecture blank, and submit the form. That will show some older versions.
-
@SteveITS said in My first time looking at upgrading pfsense (2.6.0-->2.7.0) and don't want to mess up current network in the process. Help?:
If you don’t have a copy of 2.6, go to pfSense.org/download, leave Architecture blank, and submit the form. That will show some older versions.
If I can judge correctly, the upgrade from 2.6.0 to 2.7.0 went smoothly and relatively quickly. The settings of the packages were also adopted. However, I still have to check the whole thing! E.g. the HAProxy used to show 200 on the backends and now it shows 100 everywhere. What does 200 mean versus 100? The package Snort seems completely OK. to be. But with the VPN tunnel I have to regenerate and test the configuration files. Many thanks for your help!
-
@LAVenetz said in My first time looking at upgrading pfsense (2.6.0-->2.7.0) and don't want to mess up current network in the process. Help?:
@Kilted1 said in My first time looking at upgrading pfsense (2.6.0-->2.7.0) and don't want to mess up current network in the process. Help?:
I created a new restore point before and after removing all of the packages.
Hi @Kilted1 : That's what I'm afraid of. What do you mean by a "restore point before"? What did you do exactly? Would it be possible for you to give me/us more detailed information? Have you lost the settings of the packages after uninstalling the packages? Or, how did you manage that the package settings were still there when you reinstalled after upgrading to 2.7.0? Thanks a lot!
What I was referring to was, if you are at your home page on your pfsense machine, goto ->Services-->"Auto Config Backup."
When you enable this, it sets up a 'cloud' file with Netgate to store config backups of your system for crash recovery and such. Much the same as creating a restore point in Windows except that it gets saved for you on Netgate's servers for recovery in case you have to do some serious damage control and recovery. It will only save so many configs in it's history (100 total saves. Combining manual and auto savs with the older ones being over written once you get up to the 100) but, more than enough for most of us I'm sure. And I'm a bit more paranoid about data losses than most as I have lost a LOT of stuff in the past that I'll never get back.You can also access the data (and make some adjustments on what gets saved) by going to ->Diagnostics-->Backup & Restore.
As Steve replied to you as well, the data settings from the packages seem to have been retained in the OS settings during the update so, I have had no issues once the packages were re-installed and it has been working great so far.
Sorry for the delay in my response, been rather busy with life since this was so much easier that I had expected.
And as for you "old" machine, I set my pfsense up in an older Lenovo smaller computer (not the micro ones but the older mid sized one) with BIOS from 2013 / 8gb RAM / and I put a 214gb 2.5in SSD drive in for the system drive. It has dual core (2 core / 2 hardware threads= running as 4 core) IntelI I3-4130 CPU @ 3.40GHZ and, it's running great!
I could have gone newer or older but, tried to get best computer for the least cost. I got this second hand on ebay for $64 +tax if I remember right (+the SSD drive was extra too).
So, it's up to you if you think your computer is up for the task or not. Mine is working great. I also had to add a two port NIC card also. Currently not using the NIC port on the motherboard though, it is available for expansion if I decide to later.Hope this helps.
-
@LAVenetz I've never used HAProxy. You're talking about the "max sessions" value?
-
@Kilted1 said in My first time looking at upgrading pfsense (2.6.0-->2.7.0) and don't want to mess up current network in the process. Help?:
What I was referring to was, if you are at your home page on your pfsense machine, goto ->Services-->"Auto Config Backup."
Great thing, I didn't know! Thank you very much for this information. Even though backups are encrypted, I'm always a little hesitant to let things out of my hands. I too am one of those who have lost data in the course of their IT experience. But that was almost 30 years ago. BTW: I've been there since 1977. But one question: Is that only possible with a Netgate Cloud or may it be with Nextcloud or something?
Now, everything works (errors excepted). I survived the upgrade to 2.7.0 !!!
-
My upgrade from 2.6.x to 2.7.0 has failed twice so far, doing nothing and essentially blocking all traffic after the first reboot. I'm down to 3 core packages I can't live without, and I'm really annoyed that I can't even update the packages until after I update the OS, which has failed twice so far.
I'll try again with these instructions, but 2.4 -> 2.5 and 2.5 -> 2.6 seemed seamless... this one seems like it's a poorly executed experience in comparison. I hope this is the last "uninstall everything" upgrade for a while...
-
@LesserBloops one can change the update branch to Previous to install packages for 2.6; see my sig.
2.7 changes FreeBSD from 12 to 14, and to PHP 8. There are a lot of changes.
-
@SteveITS OK, entirely fair - but every response I've seen from official people so far has indicated it's the problem of the upgrader - nothing to see here. Explaining the magnitude of the upgrade seems sensible.
-
Got worried after 5 mins but read this post and waited. 7 mins good to go