Upgrade from pfsense 2.4.2 to 2.4.4

ashima

I have two remote locations where we are running pfsense 2.4.2. Following packages are installed :

1. Freeradius
2. OpenVPn Client Export
3. Squid And Squidguard
4. Mailreport
5. Shellcmd
6. Sudo
7. Captive Portal
8. Watchdog

Is it possible to upgrade these devices to pfsense 2.4.4 remotely using OpenVpn.

Do I have to uninstall all the packages and reinstall after upgrade.

What would be the right way to do so ?

Any pointers.
As these boxes are at important locations I don't want to take a chance.
Of course, I'll take a backup of the configuration before proceeding.

Thank you,
Ashima

johnpoz

While sure you can update via a vpn connection to the box.. Have done it many many times over the years.. Keep in mind that something could go wrong..

Whats the saying
Expect the best, plan for the worst, and prepare to be surprised.

If the box is in production, you should for sure plan on something going wrong... Yes have a copy of the config handy.. You should also have the clean install media handy and someone there that could be your smart hands, in the worse case scenario..

Just saying..

What we have done in the past is just ship a new box all setup and ready to plug in... This way the local resource just needs to know how to plug in a few cables, etc.

If you plan for the worse - then you will never be "surprised"..

Grimson

https://www.netgate.com/docs/pfsense/install/upgrade-guide.html

ashima

Thank you for the pointers.

I am planning to keep a box ready and then try to update the box at remote using vpn . In case of any problem... I'll rush the box to location.

Just one more query :
Does it keep the basic configuration or it is reset to factory default after upgrade.

Thank you

johnpoz

You keep your config.. You just want to make sure you have a backup in case the worse case scenario happens and you have to clean install.

99 out 100 you will be fine with just clicking go... But if its really production you have to make sure if the worst happens the down time is minimal.. Or you get yelled at, worse case could be a PSGE (pink slip generating event)..

Any typical enterprise change control process would include backout plan, and recovery.

I have had to fly out to locations for "risky" upgrades of hardware.. And then doing the work at after hours so that you have enough time to even get new hardware onside in the 4 hour support window and back up before production starts again, etc.

The level of precautions needed to be taken depend on the level of production your talking about taking a risk with.. I click update on stuff all the time when there is no SLA for the service ;)

I would say 999 out 1000 just hitting clickity clickity on the update will be fine.. But always plan for the worse ;) Let us know how it goes..