Updating from 2.3 to 2.4?

  • At https://www.netgate.com/docs/pfsense/install/upgrading-pfsense-software-installations.html, the documentation claims that "In 2.3 and newer versions, the update system is pkg-based, changing the available update methods. Upgrades are performed either under System > Update in the webGUI, or option 13 at the console. "

    But my system running 2.3 claims it's at the latest rev (2.3.4-RELEASE-p1) even though that's 14 months old now, and not the slightest hint of how to upgrade to 2.4.

    What am I missing?

  • Banned

    I386 or wrong branch in the update settings.

  • Netgate Administrator

    Run the update check at the console, option 13, and let us know what error(s) you see.


  • I don't see any errors.

    But the update I did was via the web interface, not the console. I have 2 identical firewalls (trying to set them up with Carp) so I will do the other one via console option 13 and report back.


  • Rebel Alliance Netgate Administrator

    Grimson, this sounds like it could be a common configuration error on the HA pair.
    I would remove the "any" source on NAT rules, that will always cause problems. Limit the source to an RFC1918 alias or use your actual internal networks.

    Please see our documents for more information:

    Manual Outbound NAT

    HA Troubleshooting

    Or our YouTube Video on High Availability on 2.4

  • Chris, sorry but I don't see the relevance of your comment about outbound NAT to my issue. I finished the update on the 2nd firewall via the console and it too just brought me to the 2.3.4. No errors, it seem to quite happily find and update the repository, download a bunch of packages, and now I'm on 2.3.4 instead of the earlier rev (I think it was 2.3.1 but I don't have that documented anywhere.)

    How could outbound NAT affect which (external) repositories the router can find, and cause it to find the 2.3 repos but not the 2.4 ones?

    Again, how do I update to 2.4? The docs certainly don't suggest I have to reformat and install from scratch, but is that actually the case?

  • Rebel Alliance Netgate Administrator

    My apologies, I see these are 2 units you are setting up before putting to HA.

    Are you sure you are on 2.3.4, the latest branch is 2.3.5-p2: https://www.netgate.com/docs/pfsense/releases/versions-of-pfsense-and-freebsd.html#id1

    If you are on 2.3.4 it might be easier to take a backup, and install 2.4.3-p1 and restore your configuration.

    The outbound NAT was more for a HA setup.

  • Yes, I'm sure, says so right on the label. ;-) Both the console and the web interface report 2.3.4-RELEASE-p1.

    One pc plugged in still had the original screen up, so I see the previous version was 2.3.2.

    Is there a 32 vs 64 bit issue here (I see perhaps from reading elsewhere)? The current build is i386, the boxes are single-processor Atom D525 @ 1.8Ghz, 3G ram.

  • Netgate Administrator

    You should be able to get to 2.3.5p2 on 32bit but that is a 64bit CPU and you can't upgrade across architectures.

    I suggest you re-install straight to the most recent 64bit version which is currently 2.4.3 but 2.4.4 is imminent.

    You can restore you current config file into that if you have a lot setup already.


  • You should be able to get to 2.3.5p2 on 32bit

    Any idea as to how? Manual upgrades are no longer supported, right? And I've tried both methods: web interface on one, console on the other, and they both just brought me to 2.3.4p1.

    On the other hand, the need to put these firewalls in place isn't so urgent (and it's a first-time HA setup for me anyway, so factor in a little more time anyway). So I'll probably just go the wipe+install route.

  • Netgate Administrator

    First thing to do is check the repo branch is correctly set to 2.3.X in System > Update > Settings.

    If it is try forcing it to a different branch, go back to the dashboard and referesh the update check then go back and set the branch back to 2.3.X again.


  • None of the branch setting/resetting accomplished anything, so I just went ahead and did a new install instead.

    The install did correctly pick up the old config file, which was nice... BUT it didn't indicate success or failure after it was done getting it. Lots of verbiage on the screen scrolled by, but nothing persistent I could see that let me know I had, in fact, picked to correct disk to look for it on.

    The only way I had to know it worked was that it never asked me to set interfaces during the setup.

  • Netgate Administrator

    Hmm, it would normally show it has found the config just after the 'launching external config loader' line.

    It also gives you an alert on the dashboard but I think only if you restore the config after the initial boot.


Log in to reply