To 2.5.0 or not ? that is the question :)
-
I am seeing confusing messages about experiences people had upgrading to 2.5.0.
So asking people to reply with positive or negative feedback on 2.5.0 here (I think it will be helpful to all...)
(To be or not to be?)
To 2.5.0 or not ? that is the question :)Thx
-
Some good, some bad. Is it because of how they have it configured? Or because of some strange case the programmers did not think of?
I will crank up my VMs and load my config and find out if I am in the good or bad group to avoid wrecking the family and getting yelled at because the internet is down...
Good times.
-
There are a lot of pfSense users. A lot. We have heard from a handful that have had real issues (not user error or confusion). If you use ipsec there are threads you should read before upgrading. A patch has already been made available for at least one identified issue.
So, to answer your question. Yes. But only once you know what, exactly, you would do if it doesn't go well. Do you have a backup of your current working configuration? Do you have an install image of your current version ready to go? Do you know what to do with those things if the stuff hits the fan? You don't want to be knocked offline and then (after) find out you don't have the console cable needed to reinstall. It should take a just a few minutes to fall back to your current, running, configuration if you're properly prepared.
You're right, it would be good to have a thread of success stories. Including details about the configuration and any packages involved.
-
@jwj said in To 2.5.0 or not ? that is the question :):
There are a lot of pfSense users. A lot. We have heard from a handful that have had real issues (not user error or confusion). If you use ipsec there are threads you should read before upgrading. A patch has already been made available for at least one identified issue.
So, to answer your question. Yes. But only once you know what, exactly, you would do if it doesn't go well. Do you have a backup of your current working configuration? Do you have an install image of your current version ready to go? Do you know what to do with those things if the stuff hits the fan? You don't want to be knocked offline and then (after) find out you don't have the console cable needed to reinstall. It should take a just a few minutes to fall back to your current, running, configuration if you're properly prepared.
You're right, it would be good to have a thread of success stories. Including details about the configuration and any packages involved.
Good summary of a to-do-list.
Where do you get an install image 2.4.5 from ?
Maybe you can share it here ?Thx
-
NOT AVAILABLE AS OF 19-2 AM
https://nyifiles.netgate.com/mirror/downloads/This is one of the Netgate mirrorsOfficially, you should open a ticket with Netgate and request a download link to be emailed to you.
There is a readme with those images. Ummmm.... reading it is recommended ;) I know right, who actually reads those things... This one tells you what to do with your backed up config so that it will be automagically applied when you do a fresh install. Saves a step and some potential heartache.
-
2.5.0 seems to only be available on amd64 platforms. The arm upgrade path is to the new 21.02 train and there are enough smoldering piles of routers that I think I'm going to wait it out until there's another release which addresses the plethora of known upgrade bricking/failures.
-
@chudak take a backup, if upgrade fails roll back. Will take 30 minutes of your time to know for sure what if any issues you will face. No amount of users anecdotal experiences will with 100% certainty help you assess your config on your hardware.
PS my upgrade was flawless. Making use of multiple OpenVPN connections, vlans, IPV6, pfblocker, avahi and others.
-
My main pfSense router is running on Exsi VM which I didn’t upgrade it yet. I also have installed pfSense 2.4.5 with exactly same configuration as my main router on Odyssey x86 with dual NIC (as a replacement in case of any problem). I have replaced the main router with Odyssey and upgraded with pfSense 2.5 last night. All went well and didn’t have issues.
My pfsense routers have been configured with 7 VLANS and have pfBlockerNG devel and Suricata packages installed.
I don’t use VPN or IPSec.
I will test this router for another few days before upgrading my Exsi VM pfSense.
One thing I noticed after upgrading is that memory usage reduced from 60% to 20% of 8GB.
Hope it helps.
-
/usr/local/etc/rc.d/frr restart all Checking intergrated config... Checking vtysh.conf line 37: % Unknown command[4]: address-family ipv4 unicast line 38: % Unknown command[4]: network <ip>.64.0/20 line 39: % Unknown command[4]: neighbor <ip>.16.1 activate line 40: % Unknown command[4]: neighbor <ip>.16.17 activate line 41: % Unknown command[4]: neighbor <ip>.16.29 activate line 42: % Unknown command[4]: neighbor <ip>.16.1 send-community both line 43: % Unknown command[4]: neighbor <ip>.16.1 next-hop-self line 44: % Unknown command[4]: neighbor <ip>.16.1 soft-reconfiguration inbound line 45: % Unknown command[4]: neighbor <ip>.16.1 route-map Site_Kref_Primary_RMAP in line 46: % Unknown command[4]: neighbor <ip>.16.1 addpath-tx-bestpath-per-AS line 47: % Unknown command[4]: neighbor <ip>.16.17 send-community both line 48: % Unknown command[4]: neighbor <ip>.16.17 next-hop-self line 49: % Unknown command[4]: neighbor <ip>.16.17 route-map HDC-LOCAL-PREF80 in line 50: % Unknown command[4]: neighbor <ip>.16.29 send-community both line 51: % Unknown command[4]: neighbor <ip>.16.29 next-hop-self line 52: % Unknown command[4]: neighbor <ip>.16.29 route-map HDC-LOCAL-PREF90 in line 53: % Unknown command[4]: exit-address-family FAILEDIf somebody is using FRR for BGP be carefull - Zebra and BGPd won't come up and your network is fried if you rely on it. Thanks to virtualization and snapshot it's possible to minimize damage.
-
I'm waiting for 2.5.1.
I've been on 2.4.5 for so long, I can wait a little longer for the big issues to be discovered and fixed. It's about uptime and reliability right?
Anyway, I do understand why people (including myself) want to play with the new shiny 2.5.0 toy.
-
@trony
If you have only one router with pfSense then it’s better to wait until it’s tried and tested. Hence the reason I upgraded the spare router to test it. -
@trony said in To 2.5.0 or not ? that is the question :):
I'm waiting for 2.5.1.
I've been on 2.4.5 for so long, I can wait a little longer for the big issues to be discovered and fixed. It's about uptime and reliability right?
Anyway, I do understand why people (including myself) want to play with the new shiny 2.5.0 toy.
Wonder if devel guys saw any feedback from this community warranting releasing 2.5.1 soon.
Maybe @johnpoz knows ?
-
I have seen nothing mentioned.. But I did see some redmine in about something unbound maybe if your registering dhcp, and mention of fixing the widget for QAT..
But not sure if such things would warrant 2.5.1, maybe a 2.5.0p1 or something
While I have seen some issues with ipsec reported.. I updated my sg4860 and not seeing any problems at all.. Running haproxy, openvpn both server and client. I got wireguard up and running for my iphone in a few minutes.. Everything seems to be working from what I can tell.
Not seeing any issues.. I had some problem trying to migrate to zfs vs ufs during the install. But prob something stupid I was doing trying to load the previous config during install? I will re-address that at a later time. Prob this weekend.
Keep in mind - I am sure there are thousands and 100's of thousands of pfsense installs out there. If not million(s).. Would expect the vast majority of every upgraded with zero issues..
You always see the reports of one offs.. Someone with odd hardware, odd configs, etc.
With any upgrade of this nature.. Make sure you have your plan in order, backup of your config and install media and even if the worse things happens.. You can be up and running again in a few minutes.
This is a major update.. The whole freebsd base was updated.. Many many new things and changes.. If want to wait - sure wait.. Its been a long wait for 2.5.. A few more days or weeks isn't going to matter.. Not like 2.4.5p1 stops working tomorrow ;)
But if your waiting for .1 or p1 or something like that - that could be awhile.. But sure there are many a company out there that will not update OS until service pack 1 has been released ;)
As with all the previous upgrades - many of them very major in nature.. The pfsense/netgate team has done some amazing work..
edit: I still have some devices on 2.4.4p3.. They are remote offices, and nobody there - and since they are production. Its not worth risk, even if very small of trying to upgrade them while nobody is there to recover if the something goes wrong..
-
@johnpoz said in To 2.5.0 or not ? that is the question :):
a 2.5.0p1 or something
I did mean "a 2.5.0p1 or something" :)
Thanks for detail reply !
The purpose of my initial question was to help all
concerned partiesto avoid dramatic outcomes from uninformed decisions (including myself) -
Its never a good idea to upgrade such a system without some thought to it..
Even if not a "production" system in a corporation or business.. It quite often is your connection to the internet.. If that breaks in any way - it can have all kinds of consequences.. Even if that is just your significant other or kids screaming at you that netflix is not freaking working ;)
I pulled the trigger last night vs waiting til early morning (wife not up yet time frame)... And while playing with trying to get zfs working - I got that - hey you doing something with the internet yell ;)
So I just did UFS and was backup in a few minutes..
-
This post is deleted! -
This post is deleted! -
This post is deleted! -
This post is deleted! -
This post is deleted!
