Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Single node to HA cluster -> Config migration

    Scheduled Pinned Locked Moved HA/CARP/VIPs
    5 Posts 2 Posters 834 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B Offline
      ballistic
      last edited by

      Hi all,

      I have an identical server on the way to act as a secondary node to my current standalone node. I am wondering how to perform this migration.
      Currently I run 2.6 and plan to upgrade to 2.7 while I am at it.

      1: Backup config of current 2.6 node
      2: (re)install 2.7 and both nodes and setup HA with a clean config
      3: Restore parts of the backup config xml to the primary's running config xml

      Parts that need to be restored are; Users, Certificates, IPsec and OpenVPN. Some other nice to haves might be DNS, DHCP, etc. I plan to rebuild all FW rules and packages with thier cofig.

      What is the best way to do this? Can I simply export the new config, add stuff to the file, and restore it back? Primary will reboot and changes are propogated to the secondary node?
      Any 2.6->2.7 stuff I need to be aware of?

      Thanks in advance!

      S 1 Reply Last reply Reply Quote 0
      • S Offline
        SteveITS Rebel Alliance @ballistic
        last edited by

        @ballistic In System>High Availability Sync there is a list of things router1 will sync to router2 including all of those.

        I would set the new addresses on router1 (new WAN and LAN, CARP/shared WAN and LAN), set up router2 with its unique WAN and LAN, and let pfSense sync the rest of the config for you.

        Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to reboot, or more depending on packages, and device or disk speed.
        Upvote ๐Ÿ‘ helpful posts!

        B 1 Reply Last reply Reply Quote 0
        • B Offline
          ballistic @SteveITS
          last edited by

          @SteveITS Thank you for your input. But that is not what my question is about.

          S 1 Reply Last reply Reply Quote 0
          • S Offline
            SteveITS Rebel Alliance @ballistic
            last edited by

            @ballistic OK, rereading... :) One can restore just sections of a config file via the "Restore area" dropdown on the backup/restore page. It doesn't work for package configs but has most or all standard sections.

            Editing a config file by hand is definitely possible if the info is added correctly. I've on occasion changed internal interface names for example, or copy/pasted sections. Is that what you're asking? Then on restore it should sync to the secondary. I am not sure if that happens during the restore, or after reboot, tbh. If nothing else save any change on the primary and it should sync.

            re: 2.7, there are a few notes at https://docs.netgate.com/pfsense/en/latest/releases/2-7-0.html about removed algorithms. 2.7.1 will update OpenSSL so there is another set of caveats there.

            Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
            When upgrading, allow 10-15 minutes to reboot, or more depending on packages, and device or disk speed.
            Upvote ๐Ÿ‘ helpful posts!

            B 1 Reply Last reply Reply Quote 0
            • B Offline
              ballistic @SteveITS
              last edited by

              @SteveITS Thank you!
              Unfortunately there does not seem to be a backup option for users and/or certificates only. So looks like i'm going to have to copy those sections of config over manually.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.