Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Testing strategy for Plus versus CE

    Scheduled Pinned Locked Moved Official Netgate® Hardware
    7 Posts 3 Posters 878 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      candlerb
      last edited by

      I have some official Netgate hardware in active service: a HA pair of XG-1537 and a standalone SG-3100. No support contract, as we've never seen the need.

      These boxes haven't been upgraded for the last 18 months, due to Covid and limited data centre access.

      Now I'm in something of a quandry. These boxes are offering upgrades to pfSense Plus 21.02_1 - but since pfSense Plus has forked from CE, I have no way of testing this prior to deployment. Previously I would have tested the free version of pfSense on a physical server or virtual machine, but it's not the same thing any more.

      We do have some slightly unusual but important config, such as using the OpenBGPD package for handling failover of AWS tunnels.

      I wonder how others are dealing with this - or whether Netgate has some solution for its paid-support customers, to test pfSense Plus outside of official hardware? Is the solution simply "buy more boxes"?

      Alternatively, do people feel that Plus and CE are still sufficiently close to each other that this doesn't really matter? Web UI aside, are 21.02_1 and 2.5.1 the same internally, particularly with regard to kernel, pf rulesets, packages, and IPSEC handling? I note that there is a single release-notes page for both these versions. A white-box PC I have running 2.4.4-RELEASE-p3 is currently offering to upgrade to 2.5.1 (*).

      Thanks,

      Brian.

      (*) I also see that CE 2.5.2 and Plus 21.05/21.05.1 have since been released, but upgrades to those are not being offered. Maybe the upgrade has to be done in stages.

      johnpozJ 1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator @candlerb
        last edited by johnpoz

        This is a great question.. Pfsense+ is to be released for your own hardware/virtual at some point. The blog mentioned June of 2021 - which has hit a snag.. But latest I have seen is it is still planned just behind schedule is all.

        If you want to do testing before update of production systems (always a good idea) - it is prob prudent to just wait until this is available.

        I don't think there is much divergence as of yet, and seems if anything some stuff has been corrected in + before CE.. But if you are running stuff with some unusual configurations, I would prob just wait for ability to test on different hardware/virtual - or when you have a sufficient window to be able to do full testing inside your change window and ability to rollback if needed. I have some 3100s in locations that have really been unmanned since covid that also behind.. They are pretty vanilla installs, and while production - not critical production. But I have been holding off update until can be onsite..

        There was some issues with 3100 I do believe that was corrected in the latest 21.05.1 release. So its prob a good thing you waited, I believe at one point the update availability was even halted for the ARM based stuff..

        As to what 3100 might be showing for update - Mine is not showing any update, I believe you might have to change the branch.. You can see mine are not even at 2.4.5

        updaate.png

        While I would normally be current - the state of the world has put some things on the back burner for sure and without any specific need to upgrade, and no ability to be onsite or even have smart hands these will just have to wait..

        If I change the branch - it shows that 21.09 dev is available..

        branch.png

        If I was going to update today - I would most likely just do clean install with 21.05.1 image you can obtain via email/ticket to netgate.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        C 1 Reply Last reply Reply Quote 1
        • C
          candlerb @johnpoz
          last edited by

          @johnpoz: many thanks for the helpful reply.

          Here's what I see for upgrade branches on the 3100:

          a6cd9ceb-34e3-4a0e-b65a-41a5b5debc96-image.png

          So it considers 21.05.x "experimental" at this point.

          CE shows this:

          d4f0eaa8-253b-4c53-85f4-d3a7c9a74d1a-image.png

          johnpozJ 1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator @candlerb
            last edited by johnpoz

            That is a bit odd, mind doesn't show that 21.02.2-RC -- hmmm

            Wonder why we are not seeing the same thing? If I change my branch to 21.02 I see 21.02.2 as available

            21.png

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            C 1 Reply Last reply Reply Quote 0
            • C
              candlerb @johnpoz
              last edited by

              Yes that's odd. On the front page of the SG-3100:
              0b236d7a-711c-4557-835c-76f09c68656b-image.png
              Pressing that 'reload' icon doesn't change it.

              johnpozJ 1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator @candlerb
                last edited by johnpoz

                Mine shows .2

                update.png

                Might have to do with the state of pkg updates - I believe you can run a cmd line pkg update.. But to be honest - currently I don't want to mess with anything.. While the location is not really staffed at the moment... I don't want really want to mess with this system at all until I can be onsite, there are few people in and out and this system is firewall/router internet for wireless.. They would prob be a bit upset if I broke that ;)

                edit: If my decision, I would hold off until you can do enough testing to give you piece of mind that new version will work with your configuration. Unless there is something driving need to update? If this was home/lab I would say just go for it ;) But if any sort of production system, caution is always best..

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                1 Reply Last reply Reply Quote 0
                • stephenw10S
                  stephenw10 Netgate Administrator
                  last edited by

                  It shows that because you're on a version that is now several versions old. It needs to update the package that contains the available repos but can't get the latest version of that from the 2.4.4 branch.
                  If you run the update though you will probably go straight to 2.5.2 or 21.05.1 since it will be able to update the repo package as soon as it starts to pull in new packages.

                  Steve

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.