Making a copy of my installation
-
I'd like to make a copy of my pfSense installation and would like some to confirm that my procedure is sound.
- On my current installation, go to the GUI and select
Diagnostics -> Backup & Restore -> Backup Configuration -> Download
- Download and install a copy of the latest release on another computer, then go to the GUI and select
Diagnostics -> Backup & Restore -> Restore Backup -> Choose File -> Restore configuration then after a reboot reinstall packages
Does that sound about right?
I notice that I can't download the version I'm running - ie 2.4.5_1 which I'm told by my system is the latest version, and people on this forum suggest that 2.5 is somewhat buggy...
-
The backup being downloaded is an XML file with the configuration. If you want the actual software for a full reinstall you'll need to have that also.
Edit: if it's a Netgate appliance you can get that from go.netgate.com without a support contract.
-
@balanga You can't make a backup of the "operating system" using the method you typed up. This simply makes a backup copy of your settings/configurations of the pfsense software.
To get a backup copy of the operating system, the actual pfsense software, you have to either download a new fresh copy and keep it stored on your hard drive or USB flash drive. Or, if you are using a Netgate appliance, you can ask them for a copy that you can keep for backup.
-
Good practice is to make sure you keep install media handy.. Be it for current install.. I have a directory where I keep old pfsense installs. At one point had pretty much all of them, but now just keep the latest couple of versions.
As mentioned if you are using a netgate appliance you can always open a ticket and they will send you a link to current, previous as well I do believe. (with in reason, don't think you could ask for say version 1)
If you have install media and copy of your config, you can be up and running again clean in a few minutes.
-
I made the point that I can only download 2.5 for my backup, but I am currently using 2.4.5. so even after copying the config, I don't have a drop in replacement.
-
Are you not on an appliance? Why did you not keep a copy when 2.4.5 was current?
You could email support for CE version on the appliance - They might send you a link.. What can they say no..
-
@johnpoz
I found a copy of pfSense-CE-2.4.4-RELEASE-p3-amd64 so I guess I could start from there... -
@balanga said in Making a copy of my installation:
pfSense-CE-2.4.4-RELEASE-p3-amd64
Make that 2.4.5-p1.
-
With one of these "sums"
Memstick - Serial SHA256 Checksum for compressed (.gz) file: 9ce90667f39f837df88e936aa0fd478c2aee8f96a8b8d54d13431a921e877cacMemstick - VGA SHA256 Checksum for compressed (.gz) file: aa40595d090465f20fff1890092e6a14a753cd9486ccc7101d81301cad8b8840And for the "OS Impaired"
, that doesn't have sha256sumcertutil -hashfile <pfSense-install-file-name> SHA256Example
certutil -hashfile pfSense-CE-memstick-2.4.5-RELEASE-p1-amd64.img.gz SHA256 SHA256 hash of pfSense-CE-memstick-2.4.5-RELEASE-p1-amd64.img.gz: aa40595d090465f20fff1890092e6a14a753cd9486ccc7101d81301cad8b8840 CertUtil: -hashfile command completed successfully. -
@gertjan said in Making a copy of my installation:
@balanga said in Making a copy of my installation:
pfSense-CE-2.4.4-RELEASE-p3-amd64
Make that 2.4.5-p1.
I didn't find a copy of that on my LAN. Installed what I had and tried to an upgrade from the console but got an error about packages for wrong OS version. With this version I couldn't even get DHCP working and have been unable to access files on my network. I'm thing of installing ISC-DHCP on one of my FreeBSD systems just to get up and runnng.
-
@balanga
Remember to go to System --> Updates and select the "old deprecated"
Else you might get 2.5.x packages
-
Of note when restoring a config, especially to a different piece of hardware, you may need to use the console to manually reassign the interfaces. When hardware changes, or even on new hardware, sometimes they'll reinitialize in an order that isn't what the config is expecting.
-
Once I have pfSense copied and a file with all the settings, I still need to install all the pkgs. Can I get a list and download them all? I guess pkg info should tell me what has been installed...
Also, I guess I need to copy all the files which tftpd provides access to.
Have I forgotten anything?
-
System - Package manager menu item will show you the packages installed. You can't download them ahead of time, it is just that ~sometimes the auto install fails when you shove in the config first.
-
So I have created a backup copy of pfSense, but AFAICS, to make it a copy of my working installation I still need to copy any existing packages and their configurations, my current settings and a copy of my tftp files.
As far as my tftp files go, can I simply logon to the pfSense box and mount the backup system and copy the tftp directory structure?
Also could I copy my settings like this as well?
-
Yeah the documented upgrade and backup procedures are pretty good: https://docs.netgate.com/pfsense/en/latest/install/upgrade-guide.html
Takes you through the whole thing...backup....removing packages...etc.
The mounting word concerns me...you're not mounting anything. The backup is a big fat xml file with all the settings. It just downloads to your desktop or wherever.
Obviously if you've got a ton of boot images or something else critical on tftp, copying the files themselves off is a necessity.
The restore is pretty easy. Get the machine up from a blank state, click through the setup webpages quick, load the packages, then shove in the config file. Reboots, then poof you're all set generally; just re-upload the tfpt stuff after.
-
Sorry to jump in here. We are in a similar situation. The hardware that our current install (2.4.0) is running on is failing. We have a new unit to use. We have succesfully installed 2.5.1 which was downloaded from the website and restored our current configuration. Unfortunately our current configuration does not work on the new version - i.e. internet access works but none of the NAT/Firewall rules work? All interfaces have been re-assigned correctly. I'm guessing a number of things have changed between releases - is there anything that I should check taking the above into account?
Thanks
MP -
@mpetts1 said in Making a copy of my installation:
works but none of the NAT/Firewall rules work?
Hard to see - meditate I should.
They show up under the correct interfaces ?@mpetts1 said in Making a copy of my installation:
current install (2.4.0)
This is what I would consider a close to perfect way to make sure that "upgrading" produces issues.
The config file is very readable.
It's very big because you also included the RRD stats into it.Most settings can be clearly read, and checked with the GUI "on screen" settings.
@mpetts1 said in Making a copy of my installation:
none of the NAT rules work
The new pfSense has the same WAN "RFC 1918" IP as before
AND
is there a router in front of pfSense ?If so, double check the WAN IP - as the upstream router still forwards to the IP used by the old pfSense. If the new pfSense install has another WAN IP, all is fine, it's totally normal NAT doesn't work.
Change your WAN IP by using a DHCP MAC Lease on the upstream router, or make your WAN IP settings static, so they correspond with the old setup. -
Thank you for getting back to me so quickly @Gertjan
@gertjan said in Making a copy of my installation:
@mpetts1 said in Making a copy of my installation:
works but none of the NAT/Firewall rules work?
Hard to see - meditate I should.
They show up under the correct interfaces ?Yes interfaces all appear to be OK. The first thing it said when it booted up after the restore was that the interfaces didn't exist and i needed to map the correct ports.
@mpetts1 said in Making a copy of my installation:
current install (2.4.0)
This is what I would consider a close to perfect way to make sure that "upgrading" produces issues.
The config file is very readable.
It's very big because you also included the RRD stats into it.Most settings can be clearly read, and checked with the GUI "on screen" settings.
Unfortunately I didn't really have a choice as I cannot find the same version anywhere! Netgate won't supply me with it as it isn't supported anymore.
@mpetts1 said in Making a copy of my installation:
none of the NAT rules work
The new pfSense has the same WAN "RFC 1918" IP as before
AND
is there a router in front of pfSense ?If so, double check the WAN IP - as the upstream router still forwards to the IP used by the old pfSense. If the new pfSense install has another WAN IP, all is fine, it's totally normal NAT doesn't work.
Change your WAN IP by using a DHCP MAC Lease on the upstream router, or make your WAN IP settings static, so they correspond with the old setup.Everything looks correct - the ip is correct. There is a router infront of pfSense. We were able to access the internet etc. but the NAT and Rules didn't work. Perhaps a reboot would of worked? I didn't have a huge amount of time so plugged the old one back in.
-
