pfSense 2.3.5 64bit NanoBSD upgrade to p2 problem
-
You should not be installing an EOL version for "long term" use. That is not a secure practice.
We do make -pX installers for our factory version that goes on hardware we sell so they can ship with the latest versions installed. But that is not something we plan on offering for CE.
-
For me starting with the latest version is not a option for "in production" setup. Every latest version of any kind of software have hidden bugs. 2.3.5 is "in production" for few years and most of the bugs are resolved and for setup that I plan to use for the next 3 years before again make big upgrade of hardware and software it is the choice. For example in one place I use 2.1.5 because there is needed PPTP and for now this is the only choice - newer versions don't have PPTP server, but it is needed for very old factory machinery that is still in production.
-
That is a very, very wrong point of view. You are deliberately running insecure software, a practice we do not encourage and do not support.
One look at the changelog for any new version will show you dozens if not hundreds of bugs that were fixed after the version(s) you're using.
-
In working "in production" setup you can't push "Update" button as you can do in home and not every company can spend money to have backup hardware just sitting on the floor waiting if something went wrong to be used immediately.
-
That's why you test the upgrades in a lab setup with similar configurations and see what does or doesn't work for you long before a release, and then report said issues so they can be fixed in a release.
It helps nobody to run years-old versions of software and waiting for others to discover the issues.
-
Yes I agree. I test a lot of things in my home lab, but I will give you an example. Imagine that at this moment I have fully working setup with 2.3.5 p2 release and I decide to upgrade. O.K. lets do it, plan upgrade in the night when load of equipment is low, everything looks to be fine, but at 5:30 the phone rings - there is a problem. At this moment I have a backup of config xml file, but my problem is that I can't download my working version 2.3.5 p2 anymore, the company don't have money for spare equipment or don't want to spend money for it and in this situation what should I do? Report a bug and waiting for fix in second release? And with me all production department should wait, it is not possible. So I thing it is right to have an option to download every archived versions include Px releases just to be able to downgrade quickly to working setup while bug in new version is fixed.
-
@ilko-gd
Maybe a picture helps you to understand:
-
I mean...it's ugly, but you could just install the 32bit version and update that to 2.3.5p2. If you really have no other option.
What are you installing on that requires Nano?
Steve
-
@Grimson - 'In theory, there is no difference between theory and practice, in practice, there is'- Yogi Berra.
@stephenw10 - I can't use the 32bit version because in this setup I have 6GB of RAM, quad-core CPU and want to use the full power of the system. NanoBSD is great for me because it works with two partitions and after an upgrade, if there is a problem you can switch partition with good old one in minutes. This will be just router with firewall (2 WAN, VPN etc.) without any packages installed. Maybe I will give a try in the lab for 2.4.4 and search how to optimize full install for SSD drive.
-
If that's your worry, then swap the drive out for a blank drive, reinstall, then restore the config. If it blows up, put the old drive back in.
If you can't be down that long, you should have HA setup.
-
Yes, I think of it. Maybe I will buy 2 equal SSD drives and use one "in production" and another as a spare drive for upgrades. If after upgrade everything is working for two weeks I will reimage the spare drive with current version and config. Now I do the same thing with NanoBSD version.
-
If you install with ZFS, you can use zfs snapshots to get a similar effect with one drive.
We don't have any docs on that yet but if you search around, the info is out there.
-
Yup, you should move onto 2.4.4 now. At some point you will have no choice but to move to away from pfSense 2.3.X and it's better to do that now that wait until some disaster happens.
Though I'd be surprised if you actually need 6GB....
Steve
-
Yes actually I don't need 6GB RAM for this setup, but it is already there in server /Dell PowerEdge 840/. Next week I will make lab install of 2.4.4 on this hardware and will testing for some time. If everything looks good I will put it in production.