Clean install of pfSense 23.05 Plus (Non-Netgate hardware)
-
I want to do a clean install of pfSense 23.05 Plus on non-Netgate hardware (amd64)
Since 2.6.0 CE is far behind 23.05 Plus what upgrade process will be safer?- Install pfSense 2.6.0 CE and then upgrade to 23.05 Plus
or - Install latest development vesrion of pfSense 2.7.0 CE and then upgrade to 23.05 Plus ?
Or maybe we will finally have pfSense+ install images for non-Netgate hardware?
- Install pfSense 2.6.0 CE and then upgrade to 23.05 Plus
-
@emikaadeo Per other posts Netgate have said 2.7 to 23.05 will be possible but I think I read may not be available at release. So it may depend on how long you can wait to do this. :)
-
S SteveITS referenced this topic on
-
@steveits
Ok, so the safer upgrade process will be:- Install pfSense 2.6.0 CE and then upgrade to 23.05 Plus
-
This post is deleted! -
@gwaitsi said in Clean install of pfSense 23.05 Plus (Non-Netgate hardware):
@emikaadeo
Below is the response from opening a TAC Lite ticket.DO NOT UPGRADE TO PLUS - Stick with CE unless you want to wind up stuffed !!!
THIS SHOULD BE FULLY DISCLOSED BEFORE ENCOURAGING PEOPE TO UPGRADE.
"The process to migrate CE to Plus requires starting with at least pfSense CE 2.6-RELEASE. There is no pfSense+ software install image for third-party hardware at this time. More details on the process can be found at: https://docs.netgate.com/pfsense/en/latest/install/migrate-to-plus.html"
Hi, I'm aware of this. I know the migrating process.
I don't think Netgate will release Plus install images for third-party hardware on any near future,
even If they actively working on it since release 22.05 ;)
https://forum.netgate.com/post/1033310
https://forum.netgate.com/post/1083701 -
https://docs.netgate.com/pfsense/en/latest/install/migrate-to-plus.html
I would think the best way to do this would be fresh install of latest CE. Then follow docs to migrate to Plus (don't worry about version for now). Once you're on Plus, you should then be able to update to latest 23.05 Plus. If you have the same issues other's had including myself, the GUI upgrade from 23.01 to 23.05 may not work, from console run "pfsense-upgrade". It should solve that.
-
@raffi_ said in Clean install of pfSense 23.05 Plus (Non-Netgate hardware):
https://docs.netgate.com/pfsense/en/latest/install/migrate-to-plus.html
I would think the best way to do this would be fresh install of latest CE. Then follow docs to migrate to Plus (don't worry about version for now). Once you're on Plus, you should then be able to update to latest 23.05 Plus. If you have the same issues other's had including myself, the GUI upgrade from 23.01 to 23.05 may not work, from console run "pfsense-upgrade". It should solve that.
This is what I did:
-
fresh install of 2.6.0 CE
-
upgrade to 23.01 Plus (23.05 wasn't available in GUI)
-
upgrade to 23.05
-
restore config
Whole process went without any problems.
-
-
@emikaadeo i have put both CE 6 and CE 7 on. both can see the packages from its own branch. but when I select to upgrade to plus, it says unable to check for updates
-
@emikaadeo perfect! Glad to hear that worked. Yes, that sounds like the only way.
-
@gwaitsi said in Clean install of pfSense 23.05 Plus (Non-Netgate hardware):
@emikaadeo i have put both CE 6 and CE 7 on. both can see the packages from its own branch. but when I select to upgrade to plus, it says unable to check for updates
Did you try following this doc from a fresh 2.6.0 CE?
https://docs.netgate.com/pfsense/en/latest/install/migrate-to-plus.html -
@emikaadeo said in Clean install of pfSense 23.05 Plus (Non-Netgate hardware):
@raffi_ said in Clean install of pfSense 23.05 Plus (Non-Netgate hardware):
https://docs.netgate.com/pfsense/en/latest/install/migrate-to-plus.html
I would think the best way to do this would be fresh install of latest CE. Then follow docs to migrate to Plus (don't worry about version for now). Once you're on Plus, you should then be able to update to latest 23.05 Plus. If you have the same issues other's had including myself, the GUI upgrade from 23.01 to 23.05 may not work, from console run "pfsense-upgrade". It should solve that.
This is what I did:
-
fresh install of 2.6.0 CE
-
upgrade to 23.01 Plus (23.05 wasn't available in GUI)
-
upgrade to 23.05
-
restore config
Whole process went without any problems.
Me too on PC Engines APU6B4 three time and
until now all is fine now. -
-
@emikaadeo said in Clean install of pfSense 23.05 Plus (Non-Netgate hardware):
So I managed to get back up with the help of TAC Lite. In addition to yours below, I add my experience:
This is what I did:
fresh install of 2.6.0 CEraise TAC Lite ticket to reset the authentication certificate (required if you can only get Update info/packages for Branch 2.6 or 2.7 - check from the console if you have athentication errors when running pfSense-upgrade
upgrade to 23.01 Plus (23.05 wasn't available in GUI) upgrade to 23.05install missing packages i.e.pfblockerng, suricata, etc.
restore configThe original backup should have a different backup Device ID (from a fresh install). When selecting the last "Creating restore point before package installation." and install this version, you will probably get the error "The downloaded file does not appear to contain an encrypted pfSense configuration.Could not decrypt config.xml. Check the encryption key and try again: Could not decrypt. Different encryption key?"
- click on the Show Info for the version to be restored and you will should have both the encrypted and unencrypted version if you used correct password.
- copy and paste the unencypted version to a new file config.xml
- transfer config.xml to /conf
- remove /tmp/config.cache
- reboot
I forgot to install a couple of packages, are discovered after the reboot that again my authentication certiface was bad. i guess it probably restored the original. Had to request a 2nd reset, before i could see the available packages again.
the root cause for my issues appears to be, impatience. When the gui says restarting in 10s and i was watching on the serial connection, it was actually a couple of minutes before the reboot occured. Then the installation continues a short while. so once kicking off the upgrade. I suggest to go grab a coffee and let it do its thing
-
@gwaitsi said in Clean install of pfSense 23.05 Plus (Non-Netgate hardware):
upgrade to 23.01 Plus (23.05 wasn't available in GUI) upgrade to 23.05install missing packages i.e.pfblockerng, suricata, etc.
If you do a default config backup you don't have to install missing packages before config restore. When restoring config pfSense will install this packages for you.
-
@emikaadeo interesting, but the restore didn't restore the two missing packages for me
-
@gwaitsi said in Clean install of pfSense 23.05 Plus (Non-Netgate hardware):
@emikaadeo interesting, but the restore didn't restore the two missing packages for me
My packages are only:
-
pfBlockerNG
-
System_Patches
-
WireGuard
Every time I restore the config on fresh install, pfSense also install this packages by himself.
-
-
@emikaadeo said in Clean install of pfSense 23.05 Plus (Non-Netgate hardware):
@gwaitsi said in Clean install of pfSense 23.05 Plus (Non-Netgate hardware):
@emikaadeo interesting, but the restore didn't restore the two missing packages for me
My packages are only:
-
pfBlockerNG
-
System_Patches
-
WireGuard
Every time I restore the config on fresh install, pfSense also install this packages by himself.
The packages i had forgot were wireguard and filer, but wouldn't make any difference, because the authentication certificate was no longer valid. It needed to be reset before any packages could be installed.
-
-
@gwaitsi re: timing, yes it can take a while especially for an OS upgrade. See my sig.
Re:packages, if for some reason the WAN isn’t up yet the package install will fail. But it’s supposed to try. Note the upgrade guide recommends removing packages before upgrading. I usually remove “big” ones like pfBlocker and Suricata.
https://docs.netgate.com/pfsense/en/latest/install/upgrade-guide-prepare.html#packages -
24.05.2023 - 20:29 h (8:29 PM)
The last upgrade went faster, it was not rebooting in 10 seconds, it went more smooth and liquid and on
top of all it was also upgrading 3 pkg`s, well done.
