Clean install of pfSense 23.05 Plus (Non-Netgate hardware)
-
@emikaadeo perfect! Glad to hear that worked. Yes, that sounds like the only way.
-
@gwaitsi said in Clean install of pfSense 23.05 Plus (Non-Netgate hardware):
@emikaadeo i have put both CE 6 and CE 7 on. both can see the packages from its own branch. but when I select to upgrade to plus, it says unable to check for updates
Did you try following this doc from a fresh 2.6.0 CE?
https://docs.netgate.com/pfsense/en/latest/install/migrate-to-plus.html -
@emikaadeo said in Clean install of pfSense 23.05 Plus (Non-Netgate hardware):
@raffi_ said in Clean install of pfSense 23.05 Plus (Non-Netgate hardware):
https://docs.netgate.com/pfsense/en/latest/install/migrate-to-plus.html
I would think the best way to do this would be fresh install of latest CE. Then follow docs to migrate to Plus (don't worry about version for now). Once you're on Plus, you should then be able to update to latest 23.05 Plus. If you have the same issues other's had including myself, the GUI upgrade from 23.01 to 23.05 may not work, from console run "pfsense-upgrade". It should solve that.
This is what I did:
-
fresh install of 2.6.0 CE
-
upgrade to 23.01 Plus (23.05 wasn't available in GUI)
-
upgrade to 23.05
-
restore config
Whole process went without any problems.
Me too on PC Engines APU6B4 three time and
until now all is fine now. -
-
@emikaadeo said in Clean install of pfSense 23.05 Plus (Non-Netgate hardware):
So I managed to get back up with the help of TAC Lite. In addition to yours below, I add my experience:
This is what I did:
fresh install of 2.6.0 CEraise TAC Lite ticket to reset the authentication certificate (required if you can only get Update info/packages for Branch 2.6 or 2.7 - check from the console if you have athentication errors when running pfSense-upgrade
upgrade to 23.01 Plus (23.05 wasn't available in GUI) upgrade to 23.05
install missing packages i.e.pfblockerng, suricata, etc.
restore config
The original backup should have a different backup Device ID (from a fresh install). When selecting the last "Creating restore point before package installation." and install this version, you will probably get the error "The downloaded file does not appear to contain an encrypted pfSense configuration.Could not decrypt config.xml. Check the encryption key and try again: Could not decrypt. Different encryption key?"
- click on the Show Info for the version to be restored and you will should have both the encrypted and unencrypted version if you used correct password.
- copy and paste the unencypted version to a new file config.xml
- transfer config.xml to /conf
- remove /tmp/config.cache
- reboot
I forgot to install a couple of packages, are discovered after the reboot that again my authentication certiface was bad. i guess it probably restored the original. Had to request a 2nd reset, before i could see the available packages again.
the root cause for my issues appears to be, impatience. When the gui says restarting in 10s and i was watching on the serial connection, it was actually a couple of minutes before the reboot occured. Then the installation continues a short while. so once kicking off the upgrade. I suggest to go grab a coffee and let it do its thing
-
@gwaitsi said in Clean install of pfSense 23.05 Plus (Non-Netgate hardware):
upgrade to 23.01 Plus (23.05 wasn't available in GUI) upgrade to 23.05
install missing packages i.e.pfblockerng, suricata, etc.
If you do a default config backup you don't have to install missing packages before config restore. When restoring config pfSense will install this packages for you.
-
@emikaadeo interesting, but the restore didn't restore the two missing packages for me
-
@gwaitsi said in Clean install of pfSense 23.05 Plus (Non-Netgate hardware):
@emikaadeo interesting, but the restore didn't restore the two missing packages for me
My packages are only:
-
pfBlockerNG
-
System_Patches
-
WireGuard
Every time I restore the config on fresh install, pfSense also install this packages by himself.
-
-
@emikaadeo said in Clean install of pfSense 23.05 Plus (Non-Netgate hardware):
@gwaitsi said in Clean install of pfSense 23.05 Plus (Non-Netgate hardware):
@emikaadeo interesting, but the restore didn't restore the two missing packages for me
My packages are only:
-
pfBlockerNG
-
System_Patches
-
WireGuard
Every time I restore the config on fresh install, pfSense also install this packages by himself.
The packages i had forgot were wireguard and filer, but wouldn't make any difference, because the authentication certificate was no longer valid. It needed to be reset before any packages could be installed.
-
-
@gwaitsi re: timing, yes it can take a while especially for an OS upgrade. See my sig.
Re:packages, if for some reason the WAN isn’t up yet the package install will fail. But it’s supposed to try. Note the upgrade guide recommends removing packages before upgrading. I usually remove “big” ones like pfBlocker and Suricata.
https://docs.netgate.com/pfsense/en/latest/install/upgrade-guide-prepare.html#packages -
24.05.2023 - 20:29 h (8:29 PM)
The last upgrade went faster, it was not rebooting in 10 seconds, it went more smooth and liquid and on
top of all it was also upgrading 3 pkg`s, well done.