Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Can pfSense 2.4.5 import a config backup from 2.5.1?

    Scheduled Pinned Locked Moved General pfSense Questions
    2.5.12.4.5
    6 Posts 3 Posters 1.4k Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R Offline
      rnmixon
      last edited by

      We are affected by bug #11805 on pfSense CE and would like to switch to our cold spare which is loaded with a clean version of pfSense CE 2.4.5

      Will a system running 2.4.5 import a 2.5.1 config backup successfully? Or are there changes that would make the config incompatible? If so would the changes be easy to adjust with a text editor?

      Thank you much - Richard

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG Offline
        Gertjan @rnmixon
        last edited by

        pfSense uses 'versions' for it's config files.

        You can modify them with a text editor.
        Look for the <version> xml tag.

        Keep in mind that there good be other changes as well.
        These are 'less' or not documented at all.
        So, the final result can not be known for sure.

        But, why bother ?
        Just use the latest backup you made when you were using "2.4.5" and you're good to go.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        R 1 Reply Last reply Reply Quote 0
        • R Offline
          rnmixon @Gertjan
          last edited by

          @gertjan said in Can pfSense 2.4.5 import a config backup from 2.5.1?:

          But, why bother ?
          Just use the latest backup you made when you were using "2.4.5" and you're good to go.

          Unfortunately we've made a fair number of changes since the last 2.4.5 backup. Oh well I can do a diff and see if it's reasonable to apply the changes to the old config file.

          Also, thank you the tip about the versions, I was hoping the changes might be documented somewhere.

          • Richard
          B 1 Reply Last reply Reply Quote 0
          • B Offline
            bigsy @rnmixon
            last edited by

            @rnmixon This link shows the config revision numbers for different pfSense versions.

            R 1 Reply Last reply Reply Quote 0
            • R Offline
              rnmixon @bigsy
              last edited by

              @bigsy Thank you - neat. Makes sense that the pfSense version number is in the config file.

              I gave up merging the change at first, but went back a second time and did just a few changes at a time and finally got all changes merged.

              We have been waiting a month hoping a release would be out with the #11805 patch. This morning we had an ISP down situation that we had to respond to since failover is not working (seems for both NAT'ed and non-NAT'ed services).

              It's time to go back to 2.4.5, even if the fix comes out the next day. Will swap in our cold backup on 2.4.5 this weekend and restore the newly adjusted 2.4.5 backup.

              Thanks again to all that contributed!

              R 1 Reply Last reply Reply Quote 0
              • R Offline
                rnmixon @rnmixon
                last edited by

                @rnmixon Ugh! After restoring the new config everthing is working except for one situation:

                1. We have a virtual IP with two rules that pass port 80/443 to the IP (IP#1) of an internal web server.
                2. We also have a number of NAT rules that override the destination for some ports (90x2, 90x3, 90x4, ...) on that virtual IP, routing to different IPs (IP#2, IP#3, IP#4, ...) on the LAN.
                3. NONE of the NAT rules appear to be working, the firewall log shows traffic being blocked on (for example) port 90x2 as it tries to route to IP#1 instead of following the NAT rule to IP#2.

                This all worked on our original config when we were running pfSense 2.4.5 and also when it was upgraded to version 2.5.1 (though failover was now broken).

                I'm guessing when I merged in the changes from 2.5.1 config file into my old 2.4.5 config file I must have muffed something, however not sure what - the syntax of the changes all looked to be the same as the 2.4.5 syntax.

                Any ideas from anyone before I restore to the old config that's size weeks old and lose all my changes?

                Thanks much - Richard

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.