Downgrade from pfSense+ to CE
-
2.7 has the same config version as 23.05.1 so it should import without issue.
See: https://docs.netgate.com/pfsense/en/latest/releases/versions.htmlSteve
-
Yeah - I'm in the same boat here - migrated my home-lab HA pair to Plus. More to see what the differences were. Now I have to go through the hassle of 'downgrading'.
I have two questions for Netgate:
- Why not provide a 'downgrade' option instead of forcing a fresh install and config restore? Especially given the config versions are the same. Granted we're probably looking at small community that is stuck in this mess. You made the registration to pfSense+ easy - why not the reverse? ;)
- Based on the announcement yesterday, Netgate will continue to provide the free pfSense+ license to AWS/Azure cloud instances. What's wrong with supporting on-prem instances hosted on ESX, etc... ? Maybe there is some revenue-sharing between these cloud providers and Netgate?
Not meaning to sound negative - I'll continue to run and post bugs as I run across them.
-
I think the current up/downgrade code would require some work to allow that. The Plus repo has some things in it that would probably remain even after a full forced reinstall. I can run some tests.
The official Netgate instances in AWS and Azure do provide revenue.
-
The ever-helpful Tom Lawrence has added a video on this subject an hour or two ago:
He too has pulled pfSense+ from his own system. As a prominent proponent of pfSense and pfSense+ it must really grate on him to do this.
️ -
@RobbieTT Thanks for the tip. It was Tom's video from yesterday that clued me in in the first place.
-
@KOM
I guess this self-immolation by Netgate is in its early stages* but this has all the elements of car-crash TV. I have no doubt this will be covered extensively by all those in the tech space.️*The executive team are probably in the 'denial' stage, ignoring any and all internal concerns.
-
Yeah - I was clued into this change from the live stream that Tom Lawrence did last night.
I'll take a look at his updated video when I have sometime this evening. Thanks.
On a side note - was trying to get the 'restore config on install' method to work. Doesn't seem to work for me in an ESX environment. I've attached a 'virtual USB key' with the files in the correct place (tried both FAT/FAT32. I wish the installer had a prompt - instead of just 'will restore -IF- we find a file'. I see the key being detected during bootup - and can manually mount after initial install. Made sure there's a partition on the USB device too. I have a dozen networks/vlans on my config so would love to just do a simple restore. Instead of having to get LAN interface configured and do web restore.
Again - I'm probably in the true home-lab space in that I'm running this virtually. Not expecting anything from Netgate here - just some feedback on what I've found anyways.
-
Hmm it shows the USB still detected but doesn't see the file on it? Does it see it as one of the expected device types, da0, da1 etc?
-
For what it's worth, a downgrade from Plus23.05.1 to CE2.7 worked fine for me (fresh install of 2.7 then restore config from 23.05.1), and will tide me over 'til I finish researching a suitable alternative.
-
yup - da0 is the 8gb virtual SCSI disk. da1 is the 1gb 'virtual usb key' I added. I can mount da1 after initial install and mount using 'mount_msdos' command from CLI - and see /conf/config.xml on the device as well.
I know there's way of moving config.xml manually to /cf/config,xml and rebooting. I've tried this and works well. I still have to go through initial WAN interface config at minimum before I can do this method of restore.
As @ScottishTom mentioned - I have done the web restore, and CLI restore mentioned above. They both work equally well. Was just curious why the 'restore during fresh install' feature was not working for me.
-
You also tried config.xml in root of da1?
-
Had a chance to try another fresh install in another test instance. Seems to work now - after I copied config.xml from /conf/ folder to root of USB key. Now it seemed to act like I expected it too.
- Booted pfSense 2.7.0
- Performed fresh install, chose reboot option
- Old config restored during initial boot of new install!
All my reading of the documents mentions using /conf/ folder - with an optional check of root.
-
Originally the ECL only looked for
/config/config.xmland the config recovery during install looked in/conf/config.xml.But now both also look in the root of the USB so I always just use that.
Steve
-
Good to know - I'll place my restore config files on root of USB key from now on! Haven't needed to do these types of restores too often.
Using the 'restore-on-install' I have migrated my HA pair to CE-2.7.0 without issue. Everything works as expected. I do see that some of the 'Hardware crypto' options are gone. The Polychacha is no longer in the list of 'Hardware crypto'. I do have some WireGuard tunnels but I have plenty of CPU if needed.
-
Just done the revert to 2.7.0 from Plus as well. The funniest thing is that doing a full reinstall from a USB stick takes less time and less downtime than doing an online upgrade… Must remember that next time.
-
@Vollans said in Downgrade from pfSense+ to CE:
Just done the revert to 2.7.0 from Plus as well. The funniest thing is that doing a full reinstall from a USB stick takes less time and less downtime than doing an online upgrade… Must remember that next time.
Glad it went so well. Of course, using CE is just a lily pad for now as Netgate has warned that it will not be as well supported going forward with development, updates and features focused on Plus.
Clearly I acknowledge that nothing much can be trusted to Netgate right now but they will have to work hard to restore that - and fast.
️ -
@RobbieTT Yeah, but at least it avoids rash decisions in the meantime. I’d be loathed to give up on pfBlockerNG, which the obvious product to move to would involve. The menu remembers my upgrade to Plus and offers to complete it if I wish to, so nothing lost so far really for me.
-
@Vollans Understood and the move to CE is probably a good place to be whilst Netgate continues to shoot itself in the haze of untrustworthy statements.
️ -
@RobbieTT And whilst the config file is still the same, the best time to do it.
-
those who took part in testing 23.09, like me, have a problem with returning to CE :)
