• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

To do 23.09 or not? That's the question.

Problems Installing or Upgrading pfSense Software
20
48
9.0k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • C
    chudak
    last edited by Nov 6, 2023, 4:20 PM

    Now that the new update 23.09 is available I'd like to ask the old question -- To do 23.09 or not? That's the question.

    After all changes related to the licensing, prices etc.

    I am personally interested in how the OpenVPN server is faring after the 23.09 migration to OpenSSL 3.

    Please share your feedback.

    TIA

    J J S G 4 Replies Last reply Nov 6, 2023, 4:22 PM Reply Quote 0
    • J
      johnpoz LAYER 8 Global Moderator @chudak
      last edited by Nov 6, 2023, 4:22 PM

      @chudak I will be moving to it, prob this weekend.. Or after work hours.. Sending a ticket to tac now to get a image, better to be prepared than sorry ;)

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 24.11 | Lab VMs 2.7.2, 24.11

      C M R 3 Replies Last reply Nov 6, 2023, 4:25 PM Reply Quote 1
      • C
        chudak @johnpoz
        last edited by Nov 6, 2023, 4:25 PM

        @johnpoz said in To do 23.09 or not? That's the question.:

        @chudak I will be moving to it, prob this weekend.. Or after work hours.. Sending a ticket to tac now to get a image, better to be prepared than sorry ;)

        Image of the current version 23.05.1-RELEASE? :)

        J 1 Reply Last reply Nov 6, 2023, 4:28 PM Reply Quote 0
        • J
          johnpoz LAYER 8 Global Moderator @chudak
          last edited by johnpoz Nov 6, 2023, 4:32 PM Nov 6, 2023, 4:28 PM

          @chudak no the new 23.09 I have 23.05 I can roll back to if worse comes to worse.. But whenever new version comes out, I like to have the install media for it just in case.

          To be honest I don't recall ever having to use it, but have done clean installs sometimes - back when zfs came out I did a clean, etc.

          I am on a netgate appliance.. So that is an option..

          edit:
          Look at that link already in my inbox - those tac guys are normally always johnny on the spot ;)

          edit2: I would prob just pull the trigger on the upgrade, after taking a backup config for sure. But my new gig is full remote, so prob not a good thing if things went south to be offline for any length of time ;)

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.7.2, 24.11

          1 Reply Last reply Reply Quote 0
          • J
            jimp Rebel Alliance Developer Netgate @chudak
            last edited by Nov 6, 2023, 4:53 PM

            @chudak said in To do 23.09 or not? That's the question.:

            I am personally interested in how the OpenVPN server is faring after the 23.09 migration to OpenSSL 3.

            If you are using modern ciphers/hashes on the OpenVPN instance and certs you'd never notice the difference in a lot of cases.

            Where you run into problems is with setups that had certs made a decade ago and that also use former OpenVPN default encryption and so on trying to deal with old/legacy clients. Thankfully less and less common these days.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 1
            • M
              michmoor LAYER 8 Rebel Alliance @johnpoz
              last edited by Nov 6, 2023, 4:56 PM

              @johnpoz said in To do 23.09 or not? That's the question.:

              Sending a ticket to tac now to get a image, better to be prepared than sorry ;)

              Im living life on the edge...Updating now.

              Firewall: NetGate,Palo Alto-VM,Juniper SRX
              Routing: Juniper, Arista, Cisco
              Switching: Juniper, Arista, Cisco
              Wireless: Unifi, Aruba IAP
              JNCIP,CCNP Enterprise

              J 1 Reply Last reply Nov 6, 2023, 4:57 PM Reply Quote 2
              • J
                johnpoz LAYER 8 Global Moderator @michmoor
                last edited by Nov 6, 2023, 4:57 PM

                @michmoor yeah - that can be fun, normally works without issue.. But I have meeting starting in like 4 mintues..

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                B M M 3 Replies Last reply Nov 6, 2023, 4:59 PM Reply Quote 1
                • B
                  Bob.Dig LAYER 8 @johnpoz
                  last edited by Bob.Dig Nov 6, 2023, 5:02 PM Nov 6, 2023, 4:59 PM

                  Running smoothly here on the (discontinued) Home/Lab-Version. 🤞

                  1 Reply Last reply Reply Quote 1
                  • M
                    MoonKnight @johnpoz
                    last edited by Nov 6, 2023, 4:59 PM

                    @johnpoz said in To do 23.09 or not? That's the question.:

                    @michmoor yeah - that can be fun, normally works without issue.. But I have meeting starting in like 4 mintues..

                    Cancel your meeting and tell them you have something more important to do 😁

                    --- 24.11 ---
                    Intel(R) Xeon(R) CPU D-1518 @ 2.20GHz
                    Kingston DDR4 2666MHz 16GB ECC
                    2 x HyperX Fury SSD 120GB (ZFS-mirror)
                    2 x Intel i210 (ports)
                    4 x Intel i350 (ports)

                    1 Reply Last reply Reply Quote 0
                    • M
                      mcury @johnpoz
                      last edited by mcury Nov 6, 2023, 5:05 PM Nov 6, 2023, 5:02 PM

                      @johnpoz said in To do 23.09 or not? That's the question.:

                      But I have meeting starting in like 4 mintues..

                      I think my update from 23.05.1 to 23.09 took less than 10 minutes, I would guess something around 7 minutes..

                      Edit:

                      It seems that this version is using less RAM in comparison to 23.05.1 ?

                      login-to-view

                      dead on arrival, nowhere to be found.

                      N R 2 Replies Last reply Nov 6, 2023, 5:43 PM Reply Quote 1
                      • N
                        NogBadTheBad @mcury
                        last edited by Nov 6, 2023, 5:43 PM

                        Worked fine for me apart from Suricata not starting @bmeeks

                        Andy

                        1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

                        N 1 Reply Last reply Nov 6, 2023, 7:19 PM Reply Quote 1
                        • M
                          michmoor LAYER 8 Rebel Alliance
                          last edited by Nov 6, 2023, 6:34 PM

                          OS upgrade went through without an issue.

                          Got to say I'm really feeling the lease utilization screen.......

                          login-to-view

                          Let me keep clicking around to see new things. haha

                          Firewall: NetGate,Palo Alto-VM,Juniper SRX
                          Routing: Juniper, Arista, Cisco
                          Switching: Juniper, Arista, Cisco
                          Wireless: Unifi, Aruba IAP
                          JNCIP,CCNP Enterprise

                          R 1 Reply Last reply Nov 7, 2023, 5:06 PM Reply Quote 0
                          • N
                            NogBadTheBad @NogBadTheBad
                            last edited by NogBadTheBad Nov 6, 2023, 7:19 PM Nov 6, 2023, 7:19 PM

                            @NogBadTheBad https://forum.netgate.com/topic/183878/after-upgrade-to-pf-23-09-surricata-says-it-s-starting-but/

                            Andy

                            1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

                            N 1 Reply Last reply Nov 6, 2023, 7:50 PM Reply Quote 0
                            • N
                              NRgia @NogBadTheBad
                              last edited by NRgia Nov 6, 2023, 7:52 PM Nov 6, 2023, 7:50 PM

                              @NogBadTheBad said in To do 23.09 or not? That's the question.:

                              @NogBadTheBad https://forum.netgate.com/topic/183878/after-upgrade-to-pf-23-09-surricata-says-it-s-starting-but/

                              No issues on my side with pfSense+ 23.09, also Suricata is running without issue on a white box with Intel® Atom® C3558 same as the Netgate 6100.

                              1 Reply Last reply Reply Quote 1
                              • R
                                Ramosel @johnpoz
                                last edited by Ramosel Nov 7, 2023, 1:20 AM Nov 7, 2023, 1:17 AM

                                @johnpoz said in To do 23.09 or not? That's the question.:

                                @chudak I will be moving to it, prob this weekend.. Or after work hours.. Sending a ticket to tac now to get a image, better to be prepared than sorry ;)

                                JP, as you pointed out years ago, support is quick. From ticket submission to message with download link was 6 minutes (and I even told them they could sit on the ticket if they were busy with upgrade issues). Image built on thumb drive, update done from a console (still use the RPi as console you helped with).

                                All went smooth on the old SG-4860. Ever since that issue a while back where the screens filled with errors on boot, I've been a bit gun shy, but pulled the trigger anyway. All my VLANs and interfaces are as built. Snort/pfBlockerNG are happy too. Some higher memory usage after update, but it's coming back down.

                                Don't miss the manual change to Kea DHCP if you do an update.

                                I'll build the backup SG-4860 from the thumb drive tomorrow.

                                I say gopher it.

                                Rick

                                1 Reply Last reply Reply Quote 0
                                • M
                                  mdthibodeau
                                  last edited by mdthibodeau Nov 7, 2023, 3:52 AM Nov 7, 2023, 3:52 AM

                                  I upgraded to 23.09 and started having problems with my VPN clients that were connected. I run three VPN clients as I pass traffic to various locations based on geography. That said I recreated them all, each would work as I created them, but as I would create the next the one before would stop working. It didn't appear to be a rule failure as I modified a rule to pass the traffic to the newly created known gateway and it would function. Rather than dig a deeper hole I ended up reverting back to 23.05.1. I still have to decide if I'm continuing on with pfSense or not with the latest licensing issues - so I'll stick at 23.05.1 at the moment until I decide how I want to proceed.

                                  R 1 Reply Last reply Nov 7, 2023, 6:03 AM Reply Quote 0
                                  • R
                                    Ramosel @mdthibodeau
                                    last edited by Nov 7, 2023, 6:03 AM

                                    @mdthibodeau said in To do 23.09 or not? That's the question.:

                                    I upgraded to 23.09 and started having problems with my VPN clients that were connected.

                                    Have you read through the release notes for 23.09? There are some specific sections on the new OpenSSL regarding changes to algorithms and ciphers that are no longer supported. You may need to change or rebuild your VPN clients to get them to work. I would imagine the OpenSSL 3.0x upgrade will be in the CE version as well due to security issues.

                                    M 1 Reply Last reply Nov 7, 2023, 1:29 PM Reply Quote 0
                                    • M
                                      mdthibodeau @Ramosel
                                      last edited by mdthibodeau Nov 7, 2023, 1:30 PM Nov 7, 2023, 1:29 PM

                                      @Ramosel
                                      @mdthibodeau said in To do 23.09 or not? That's the question.:

                                      That said I recreated them all, each would work as I created them, but as I would create the next the one before would stop working. It didn't appear to be a rule failure as I modified a rule to pass the traffic to the newly created known gateway and it would function.

                                      Yes, I recreated all three. And like I said, as I would build them they would work until the next was built as I have a total of three. I run Plus and not CE, not sure how that would apply.

                                      R 1 Reply Last reply Nov 7, 2023, 2:50 PM Reply Quote 1
                                      • H
                                        HuskerDu
                                        last edited by HuskerDu Nov 7, 2023, 1:39 PM Nov 7, 2023, 1:38 PM

                                        This post is deleted!
                                        1 Reply Last reply Reply Quote 0
                                        • R
                                          Ramosel @mdthibodeau
                                          last edited by Nov 7, 2023, 2:50 PM

                                          @mdthibodeau said in To do 23.09 or not? That's the question.:

                                          I run Plus and not CE, not sure how that would apply.

                                          You had mentioned in your post that you were having thoughts about the licensing issues.

                                          @mdthibodeau said in To do 23.09 or not? That's the question.:

                                          I still have to decide if I'm continuing on with pfSense or not with the latest licensing issues.

                                          I was just saying that if one of your choices (rather than paying license fees) was to drop back to CE, you'd still have to rebuild your VPN clients as I believe it is inevitable they will include OpenSSL 3.x in that version as well.

                                          M 1 Reply Last reply Nov 7, 2023, 3:16 PM Reply Quote 0
                                          1 out of 48
                                          • First post
                                            1/48
                                            Last post
                                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.