Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Will pfSense Plus and CE continue to sync and CARP to work?

    Scheduled Pinned Locked Moved
    HA/CARP/VIPs
    3
    3
    727
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      giggio
      last edited by

      Hello everyone,

      I am trying to anticipate any problems when upgrading to 2.5.x and pfSense Plus.
      My current setup has a netgate machine with pfSense FE and a Dell machine with pfSense CE, both at 2.4.5-RELEASE-p1. They are in sync with High Availability Sync and CARP.
      I want to know if I can upgrade both machines to their respective versions and if sync and CARP will continue to work. Are pfSense Plus and CE compatible?
      Also, do they have to match versions? Can I upgrade one before I do the other or do I need to upgrade both at the same time so they are able to sync?
      Will they, at some point in the future, stop working together? Or are they always going to be equivalent and continue to sync?

      Thanks,

      Giovanni

      S 1 Reply Last reply Reply Quote 0
      • S
        SteveITS Rebel Alliance @giggio
        last edited by

        I can answer the part about versions, at least somewhat. We have two using FE/+ in our data center. Normally on the backup I uninstall packages, upgrade, enter maintenance mode on the primary, reinstall packages, and then upgrade the primary the same way. We had held off on 21.02 for a bit so this weekend I upgraded from 2.4.5 to 21.05. After the backup upgraded, the primary logged "Exception calling XMLRPC method host_firmware_version #-32602 : server error. invalid method parameters" several times. Have not seen that before (over several years). So I'd plan to upgrade both reasonably close together. Note though after the upgrade pfBlockerNG-devel version installed was 3.x (vs 2.x on the old version) so that could be related here as well. The CARP state sync from 2.4.5 to 21.05 seemed to be working fine (though for lurkers: state sync needs the same interface names on both devices).

        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
        Upvote ๐Ÿ‘ helpful posts!

        1 Reply Last reply Reply Quote 1
        • jimpJ
          jimp Rebel Alliance Developer Netgate
          last edited by

          It's never been supported to sync between different versions, either numerically or CE vs Plus (formerly Factory). It may work by coincidence, but it's always been a gamble.

          We (And FreeBSD) try hard to ensure that pfsync does not break between versions, so that isn't usually a concern. CARP is unlikely to break unless something major changes in the base OS between versions but that is also unlikely.

          XMLRPC / Configuration sync is more prone to be incompatible. Primarily because of Plus vs CE releases happening at different times. They may end up on different configuration revisions and there isn't a way around that. See https://docs.netgate.com/pfsense/en/latest/releases/versions.html and look at the "Config Rev" column. So long as that matches between two HA nodes, they can do config sync.

          Soon we'll have a way to run Plus on non-Netgate hardware and VMs, but it's still being worked on.

          tl;dr: The type and version must always match between HA nodes, same as always.

          Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post