Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    To 2.5.0 or not ? that is the question :)

    Scheduled Pinned Locked Moved General pfSense Questions
    104 Posts 26 Posters 25.6k Views 20 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • chudakC Offline
      chudak
      last edited by

      I am seeing confusing messages about experiences people had upgrading to 2.5.0.

      So asking people to reply with positive or negative feedback on 2.5.0 here (I think it will be helpful to all...)

      (To be or not to be?)
      To 2.5.0 or not ? that is the question :)

      Thx

      Q T chudakC 3 Replies Last reply Reply Quote 1
      • AndyRHA Offline
        AndyRH
        last edited by

        Some good, some bad. Is it because of how they have it configured? Or because of some strange case the programmers did not think of?

        I will crank up my VMs and load my config and find out if I am in the good or bad group to avoid wrecking the family and getting yelled at because the internet is down...

        Good times.

        o||||o
        7100-1u

        1 Reply Last reply Reply Quote 0
        • ? Offline
          A Former User
          last edited by

          There are a lot of pfSense users. A lot. We have heard from a handful that have had real issues (not user error or confusion). If you use ipsec there are threads you should read before upgrading. A patch has already been made available for at least one identified issue.

          So, to answer your question. Yes. But only once you know what, exactly, you would do if it doesn't go well. Do you have a backup of your current working configuration? Do you have an install image of your current version ready to go? Do you know what to do with those things if the stuff hits the fan? You don't want to be knocked offline and then (after) find out you don't have the console cable needed to reinstall. It should take a just a few minutes to fall back to your current, running, configuration if you're properly prepared.

          You're right, it would be good to have a thread of success stories. Including details about the configuration and any packages involved.

          chudakC 1 Reply Last reply Reply Quote 4
          • chudakC Offline
            chudak @Guest
            last edited by chudak

            @jwj said in To 2.5.0 or not ? that is the question :):

            There are a lot of pfSense users. A lot. We have heard from a handful that have had real issues (not user error or confusion). If you use ipsec there are threads you should read before upgrading. A patch has already been made available for at least one identified issue.

            So, to answer your question. Yes. But only once you know what, exactly, you would do if it doesn't go well. Do you have a backup of your current working configuration? Do you have an install image of your current version ready to go? Do you know what to do with those things if the stuff hits the fan? You don't want to be knocked offline and then (after) find out you don't have the console cable needed to reinstall. It should take a just a few minutes to fall back to your current, running, configuration if you're properly prepared.

            You're right, it would be good to have a thread of success stories. Including details about the configuration and any packages involved.

            Good summary of a to-do-list.
            Where do you get an install image 2.4.5 from ?
            Maybe you can share it here ?

            Thx

            ? 1 Reply Last reply Reply Quote 0
            • ? Offline
              A Former User @chudak
              last edited by A Former User

              @chudak

              NOT AVAILABLE AS OF 19-2 AM

              https://nyifiles.netgate.com/mirror/downloads/

              This is one of the Netgate mirrors

              Officially, you should open a ticket with Netgate and request a download link to be emailed to you.

              There is a readme with those images. Ummmm.... reading it is recommended ;) I know right, who actually reads those things... This one tells you what to do with your backed up config so that it will be automagically applied when you do a fresh install. Saves a step and some potential heartache.

              chudakC 1 Reply Last reply Reply Quote 1
              • lohphatL Offline
                lohphat
                last edited by

                2.5.0 seems to only be available on amd64 platforms. The arm upgrade path is to the new 21.02 train and there are enough smoldering piles of routers that I think I'm going to wait it out until there's another release which addresses the plethora of known upgrade bricking/failures.

                SG-3100 24.11-RELEASE (arm) | Avahi (2.2_6) | ntopng (5.6.0_1) | openvpn-client-export (1.9.5) | pfBlockerNG-devel (3.2.1_20) | System_Patches (2.2.20_5)

                1 Reply Last reply Reply Quote 0
                • Q Offline
                  q54e3w @chudak
                  last edited by

                  @chudak take a backup, if upgrade fails roll back. Will take 30 minutes of your time to know for sure what if any issues you will face. No amount of users anecdotal experiences will with 100% certainty help you assess your config on your hardware.

                  PS my upgrade was flawless. Making use of multiple OpenVPN connections, vlans, IPV6, pfblocker, avahi and others.

                  1 Reply Last reply Reply Quote 1
                  • R Offline
                    rameshk
                    last edited by

                    My main pfSense router is running on Exsi VM which I didn’t upgrade it yet. I also have installed pfSense 2.4.5 with exactly same configuration as my main router on Odyssey x86 with dual NIC (as a replacement in case of any problem). I have replaced the main router with Odyssey and upgraded with pfSense 2.5 last night. All went well and didn’t have issues.

                    My pfsense routers have been configured with 7 VLANS and have pfBlockerNG devel and Suricata packages installed.

                    I don’t use VPN or IPSec.

                    I will test this router for another few days before upgrading my Exsi VM pfSense.

                    One thing I noticed after upgrading is that memory usage reduced from 60% to 20% of 8GB.

                    02FB3BEF-9F04-4AC3-BA86-ECC9FA45E6D6.jpeg

                    Hope it helps.

                    1 Reply Last reply Reply Quote 2
                    • ? Offline
                      A Former User
                      last edited by

                      /usr/local/etc/rc.d/frr restart all
                      Checking intergrated config...
                      Checking vtysh.conf
                      line 37: % Unknown command[4]:  address-family ipv4 unicast
                      line 38: % Unknown command[4]:   network <ip>.64.0/20
                      line 39: % Unknown command[4]:   neighbor <ip>.16.1 activate
                      line 40: % Unknown command[4]:   neighbor <ip>.16.17 activate
                      line 41: % Unknown command[4]:   neighbor <ip>.16.29 activate
                      line 42: % Unknown command[4]:   neighbor <ip>.16.1 send-community both
                      line 43: % Unknown command[4]:   neighbor <ip>.16.1 next-hop-self
                      line 44: % Unknown command[4]:   neighbor <ip>.16.1 soft-reconfiguration inbound
                      line 45: % Unknown command[4]:   neighbor <ip>.16.1 route-map Site_Kref_Primary_RMAP in
                      line 46: % Unknown command[4]:   neighbor <ip>.16.1 addpath-tx-bestpath-per-AS
                      line 47: % Unknown command[4]:   neighbor <ip>.16.17 send-community both
                      line 48: % Unknown command[4]:   neighbor <ip>.16.17 next-hop-self
                      line 49: % Unknown command[4]:   neighbor <ip>.16.17 route-map HDC-LOCAL-PREF80 in
                      line 50: % Unknown command[4]:   neighbor <ip>.16.29 send-community both
                      line 51: % Unknown command[4]:   neighbor <ip>.16.29 next-hop-self
                      line 52: % Unknown command[4]:   neighbor <ip>.16.29 route-map HDC-LOCAL-PREF90 in
                      line 53: % Unknown command[4]:  exit-address-family
                      FAILED
                      
                      

                      If somebody is using FRR for BGP be carefull - Zebra and BGPd won't come up and your network is fried if you rely on it. Thanks to virtualization and snapshot it's possible to minimize damage.

                      yon 0Y 1 Reply Last reply Reply Quote 1
                      • T Offline
                        trony @chudak
                        last edited by

                        I'm waiting for 2.5.1. 👍

                        I've been on 2.4.5 for so long, I can wait a little longer for the big issues to be discovered and fixed. It's about uptime and reliability right?

                        Anyway, I do understand why people (including myself) want to play with the new shiny 2.5.0 toy. 🚒

                        R chudakC 2 Replies Last reply Reply Quote 1
                        • R Offline
                          rameshk @trony
                          last edited by

                          @trony
                          If you have only one router with pfSense then it’s better to wait until it’s tried and tested. Hence the reason I upgraded the spare router to test it.

                          1 Reply Last reply Reply Quote 1
                          • chudakC Offline
                            chudak @trony
                            last edited by

                            @trony said in To 2.5.0 or not ? that is the question :):

                            I'm waiting for 2.5.1. 👍

                            I've been on 2.4.5 for so long, I can wait a little longer for the big issues to be discovered and fixed. It's about uptime and reliability right?

                            Anyway, I do understand why people (including myself) want to play with the new shiny 2.5.0 toy. 🚒

                            Wonder if devel guys saw any feedback from this community warranting releasing 2.5.1 soon.

                            Maybe @johnpoz knows ?

                            johnpozJ 1 Reply Last reply Reply Quote 1
                            • johnpozJ Offline
                              johnpoz LAYER 8 Global Moderator @chudak
                              last edited by johnpoz

                              I have seen nothing mentioned.. But I did see some redmine in about something unbound maybe if your registering dhcp, and mention of fixing the widget for QAT..

                              But not sure if such things would warrant 2.5.1, maybe a 2.5.0p1 or something

                              While I have seen some issues with ipsec reported.. I updated my sg4860 and not seeing any problems at all.. Running haproxy, openvpn both server and client. I got wireguard up and running for my iphone in a few minutes.. Everything seems to be working from what I can tell.

                              Not seeing any issues.. I had some problem trying to migrate to zfs vs ufs during the install. But prob something stupid I was doing trying to load the previous config during install? I will re-address that at a later time. Prob this weekend.

                              Keep in mind - I am sure there are thousands and 100's of thousands of pfsense installs out there. If not million(s).. Would expect the vast majority of every upgraded with zero issues..

                              You always see the reports of one offs.. Someone with odd hardware, odd configs, etc.

                              With any upgrade of this nature.. Make sure you have your plan in order, backup of your config and install media and even if the worse things happens.. You can be up and running again in a few minutes.

                              This is a major update.. The whole freebsd base was updated.. Many many new things and changes.. If want to wait - sure wait.. Its been a long wait for 2.5.. A few more days or weeks isn't going to matter.. Not like 2.4.5p1 stops working tomorrow ;)

                              But if your waiting for .1 or p1 or something like that - that could be awhile.. But sure there are many a company out there that will not update OS until service pack 1 has been released ;)

                              As with all the previous upgrades - many of them very major in nature.. The pfsense/netgate team has done some amazing work..

                              edit: I still have some devices on 2.4.4p3.. They are remote offices, and nobody there - and since they are production. Its not worth risk, even if very small of trying to upgrade them while nobody is there to recover if the something goes wrong..

                              chudakC 1 Reply Last reply Reply Quote 3
                              • chudakC Offline
                                chudak @johnpoz
                                last edited by

                                @johnpoz said in To 2.5.0 or not ? that is the question :):

                                a 2.5.0p1 or something

                                I did mean "a 2.5.0p1 or something" :)

                                Thanks for detail reply !

                                The purpose of my initial question was to help all concerned parties to avoid dramatic outcomes from uninformed decisions (including myself)

                                johnpozJ 1 Reply Last reply Reply Quote 0
                                • johnpozJ Offline
                                  johnpoz LAYER 8 Global Moderator @chudak
                                  last edited by

                                  Its never a good idea to upgrade such a system without some thought to it..

                                  Even if not a "production" system in a corporation or business.. It quite often is your connection to the internet.. If that breaks in any way - it can have all kinds of consequences.. Even if that is just your significant other or kids screaming at you that netflix is not freaking working ;)

                                  I pulled the trigger last night vs waiting til early morning (wife not up yet time frame)... And while playing with trying to get zfs working - I got that - hey you doing something with the internet yell ;)

                                  So I just did UFS and was backup in a few minutes..

                                  T 1 Reply Last reply Reply Quote 4
                                  • ? Offline
                                    A Former User
                                    last edited by

                                    This post is deleted!
                                    chudakC johnpozJ 2 Replies Last reply Reply Quote 1
                                    • chudakC Offline
                                      chudak @Guest
                                      last edited by

                                      This post is deleted!
                                      1 Reply Last reply Reply Quote 0
                                      • johnpozJ Offline
                                        johnpoz LAYER 8 Global Moderator @Guest
                                        last edited by johnpoz

                                        This post is deleted!
                                        1 Reply Last reply Reply Quote 0
                                        • ? Offline
                                          A Former User
                                          last edited by

                                          This post is deleted!
                                          johnpozJ 1 Reply Last reply Reply Quote 1
                                          • ? Offline
                                            A Former User
                                            last edited by

                                            This post is deleted!
                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.