Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    pfSense 2.3.5 64bit NanoBSD upgrade to p2 problem

    Installation and Upgrades
    4
    23
    622
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      ilko-gd last edited by

      Hello. I setup new firewall with pfSense 2.3.5 64bit nanobsd. For some important reasons for me I need to use nanobsd version. My problem is update to p2 - I don't have option in branch firmware settings for 2.3.x, there is only option for 2.4.x. How can I resolve this issue and update firewall to p2? Thanks for help.

      1 Reply Last reply Reply Quote 0
      • jimp
        jimp Rebel Alliance Developer Netgate last edited by

        If it's 64-bit, you need to move to a full install of pfSense 2.4.4.

        There are ways to get a similar effect to NanoBSD on a full install, such as activating the option to use RAM disks for /var and /tmp.

        Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • I
          ilko-gd last edited by

          So if I understand updates for 2.3.x channel are stopped and not be available anymore?

          1 Reply Last reply Reply Quote 0
          • jimp
            jimp Rebel Alliance Developer Netgate last edited by

            Correct, 2.3 was obsolete the moment 2.4 was released. We maintained security updates for it for a year after that time, but that time has come. It's time to move forward.

            Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • I
              ilko-gd last edited by

              Yes I understand this, but I want to install this security updates only, not the 2.4.x version - is this possible with 2.3.5 64bit NanoBSD or not?

              1 Reply Last reply Reply Quote 0
              • jimp
                jimp Rebel Alliance Developer Netgate last edited by

                The "security updates" for 64-bit systems are all on 2.4.4. You need to upgrade.

                2.3 is EOL this month. There is not going to be a way to make it stay on 2.3.x because it is no longer secure to do so.

                Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                Need help fast? Netgate Global Support!

                Do not Chat/PM for help!

                1 Reply Last reply Reply Quote 0
                • I
                  ilko-gd last edited by

                  Thanks. Finally to be sure - 2.3.5 p2 version is ONLY for 32bit release. There is no p2 version for 64bit release. If I want this updates I need to install 2.4.x version, right?

                  1 Reply Last reply Reply Quote 0
                  • jimp
                    jimp Rebel Alliance Developer Netgate last edited by

                    There was never an installer for 2.3.5-p2 CE, only online updates, and at the moment, all of the update servers have been set to move compatible installs forward to 2.4.4 because that is the most secure option for them.

                    So before 2.4.4-RELEASE, it was possible to stay on 2.3.5-pX and get -p2, but not any more. Now any compatible hardware needs to be on 2.4.4-RELEASE or later.

                    Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                    Need help fast? Netgate Global Support!

                    Do not Chat/PM for help!

                    1 Reply Last reply Reply Quote 0
                    • I
                      ilko-gd last edited by

                      Now I understand the whole picture, but I think it will be good for people like me in current situation to be able to install p2 release of 2.3.5. Not everyone need latest versions for long term installs. Thanks for help jimp!

                      1 Reply Last reply Reply Quote 0
                      • jimp
                        jimp Rebel Alliance Developer Netgate last edited by

                        You should not be installing an EOL version for "long term" use. That is not a secure practice.

                        We do make -pX installers for our factory version that goes on hardware we sell so they can ship with the latest versions installed. But that is not something we plan on offering for CE.

                        Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                        Need help fast? Netgate Global Support!

                        Do not Chat/PM for help!

                        1 Reply Last reply Reply Quote 0
                        • I
                          ilko-gd last edited by

                          For me starting with the latest version is not a option for "in production" setup. Every latest version of any kind of software have hidden bugs. 2.3.5 is "in production" for few years and most of the bugs are resolved and for setup that I plan to use for the next 3 years before again make big upgrade of hardware and software it is the choice. For example in one place I use 2.1.5 because there is needed PPTP and for now this is the only choice - newer versions don't have PPTP server, but it is needed for very old factory machinery that is still in production.

                          1 Reply Last reply Reply Quote 0
                          • jimp
                            jimp Rebel Alliance Developer Netgate last edited by

                            That is a very, very wrong point of view. You are deliberately running insecure software, a practice we do not encourage and do not support.

                            One look at the changelog for any new version will show you dozens if not hundreds of bugs that were fixed after the version(s) you're using.

                            Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                            Need help fast? Netgate Global Support!

                            Do not Chat/PM for help!

                            1 Reply Last reply Reply Quote 0
                            • I
                              ilko-gd last edited by

                              In working "in production" setup you can't push "Update" button as you can do in home and not every company can spend money to have backup hardware just sitting on the floor waiting if something went wrong to be used immediately.

                              1 Reply Last reply Reply Quote 0
                              • jimp
                                jimp Rebel Alliance Developer Netgate last edited by

                                That's why you test the upgrades in a lab setup with similar configurations and see what does or doesn't work for you long before a release, and then report said issues so they can be fixed in a release.

                                It helps nobody to run years-old versions of software and waiting for others to discover the issues.

                                Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                                Need help fast? Netgate Global Support!

                                Do not Chat/PM for help!

                                1 Reply Last reply Reply Quote 0
                                • I
                                  ilko-gd last edited by

                                  Yes I agree. I test a lot of things in my home lab, but I will give you an example. Imagine that at this moment I have fully working setup with 2.3.5 p2 release and I decide to upgrade. O.K. lets do it, plan upgrade in the night when load of equipment is low, everything looks to be fine, but at 5:30 the phone rings - there is a problem. At this moment I have a backup of config xml file, but my problem is that I can't download my working version 2.3.5 p2 anymore, the company don't have money for spare equipment or don't want to spend money for it and in this situation what should I do? Report a bug and waiting for fix in second release? And with me all production department should wait, it is not possible. So I thing it is right to have an option to download every archived versions include Px releases just to be able to downgrade quickly to working setup while bug in new version is fixed.

                                  1 Reply Last reply Reply Quote 0
                                  • Grimson
                                    Grimson Banned last edited by

                                    @ilko-gd
                                    Maybe a picture helps you to understand:
                                    0_1539120257557_You are doing it wrong (small).png

                                    1 Reply Last reply Reply Quote 0
                                    • stephenw10
                                      stephenw10 Netgate Administrator last edited by

                                      I mean...it's ugly, but you could just install the 32bit version and update that to 2.3.5p2. If you really have no other option.

                                      What are you installing on that requires Nano?

                                      Steve

                                      1 Reply Last reply Reply Quote 0
                                      • I
                                        ilko-gd last edited by

                                        @Grimson - 'In theory, there is no difference between theory and practice, in practice, there is'- Yogi Berra.

                                        @stephenw10 - I can't use the 32bit version because in this setup I have 6GB of RAM, quad-core CPU and want to use the full power of the system. NanoBSD is great for me because it works with two partitions and after an upgrade, if there is a problem you can switch partition with good old one in minutes. This will be just router with firewall (2 WAN, VPN etc.) without any packages installed. Maybe I will give a try in the lab for 2.4.4 and search how to optimize full install for SSD drive.

                                        1 Reply Last reply Reply Quote 0
                                        • jimp
                                          jimp Rebel Alliance Developer Netgate last edited by

                                          If that's your worry, then swap the drive out for a blank drive, reinstall, then restore the config. If it blows up, put the old drive back in.

                                          If you can't be down that long, you should have HA setup.

                                          Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                                          Need help fast? Netgate Global Support!

                                          Do not Chat/PM for help!

                                          1 Reply Last reply Reply Quote 0
                                          • I
                                            ilko-gd last edited by

                                            Yes, I think of it. Maybe I will buy 2 equal SSD drives and use one "in production" and another as a spare drive for upgrades. If after upgrade everything is working for two weeks I will reimage the spare drive with current version and config. Now I do the same thing with NanoBSD version.

                                            1 Reply Last reply Reply Quote 0
                                            • jimp
                                              jimp Rebel Alliance Developer Netgate last edited by

                                              If you install with ZFS, you can use zfs snapshots to get a similar effect with one drive.

                                              We don't have any docs on that yet but if you search around, the info is out there.

                                              Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                                              Need help fast? Netgate Global Support!

                                              Do not Chat/PM for help!

                                              1 Reply Last reply Reply Quote 0
                                              • stephenw10
                                                stephenw10 Netgate Administrator last edited by

                                                Yup, you should move onto 2.4.4 now. At some point you will have no choice but to move to away from pfSense 2.3.X and it's better to do that now that wait until some disaster happens.

                                                Though I'd be surprised if you actually need 6GB....

                                                Steve

                                                1 Reply Last reply Reply Quote 0
                                                • I
                                                  ilko-gd last edited by

                                                  Yes actually I don't need 6GB RAM for this setup, but it is already there in server /Dell PowerEdge 840/. Next week I will make lab install of 2.4.4 on this hardware and will testing for some time. If everything looks good I will put it in production.

                                                  1 Reply Last reply Reply Quote 0
                                                  • First post
                                                    Last post