Can pfSense 2.4.5 import a config backup from 2.5.1?

rnmixon

We are affected by bug #11805 on pfSense CE and would like to switch to our cold spare which is loaded with a clean version of pfSense CE 2.4.5

Will a system running 2.4.5 import a 2.5.1 config backup successfully? Or are there changes that would make the config incompatible? If so would the changes be easy to adjust with a text editor?

Thank you much - Richard

Gertjan

pfSense uses 'versions' for it's config files.

You can modify them with a text editor.
Look for the <version> xml tag.

Keep in mind that there good be other changes as well.
These are 'less' or not documented at all.
So, the final result can not be known for sure.

But, why bother ?
Just use the latest backup you made when you were using "2.4.5" and you're good to go.

rnmixon

@gertjan said in Can pfSense 2.4.5 import a config backup from 2.5.1?:

But, why bother ?
Just use the latest backup you made when you were using "2.4.5" and you're good to go.

Unfortunately we've made a fair number of changes since the last 2.4.5 backup. Oh well I can do a diff and see if it's reasonable to apply the changes to the old config file.

Also, thank you the tip about the versions, I was hoping the changes might be documented somewhere.

• Richard

bigsy

@rnmixon This link shows the config revision numbers for different pfSense versions.

rnmixon

@bigsy Thank you - neat. Makes sense that the pfSense version number is in the config file.

I gave up merging the change at first, but went back a second time and did just a few changes at a time and finally got all changes merged.

We have been waiting a month hoping a release would be out with the #11805 patch. This morning we had an ISP down situation that we had to respond to since failover is not working (seems for both NAT'ed and non-NAT'ed services).

It's time to go back to 2.4.5, even if the fix comes out the next day. Will swap in our cold backup on 2.4.5 this weekend and restore the newly adjusted 2.4.5 backup.

Thanks again to all that contributed!

rnmixon

@rnmixon Ugh! After restoring the new config everthing is working except for one situation:

1. We have a virtual IP with two rules that pass port 80/443 to the IP (IP#1) of an internal web server.
2. We also have a number of NAT rules that override the destination for some ports (90x2, 90x3, 90x4, ...) on that virtual IP, routing to different IPs (IP#2, IP#3, IP#4, ...) on the LAN.
3. NONE of the NAT rules appear to be working, the firewall log shows traffic being blocked on (for example) port 90x2 as it tries to route to IP#1 instead of following the NAT rule to IP#2.

This all worked on our original config when we were running pfSense 2.4.5 and also when it was upgraded to version 2.5.1 (though failover was now broken).

I'm guessing when I merged in the changes from 2.5.1 config file into my old 2.4.5 config file I must have muffed something, however not sure what - the syntax of the changes all looked to be the same as the 2.4.5 syntax.

Any ideas from anyone before I restore to the old config that's size weeks old and lose all my changes?

Thanks much - Richard