Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Single node to HA cluster -> Config migration

    Scheduled Pinned Locked Moved HA/CARP/VIPs
    5 Posts 2 Posters 726 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      ballistic
      last edited by

      Hi all,

      I have an identical server on the way to act as a secondary node to my current standalone node. I am wondering how to perform this migration.
      Currently I run 2.6 and plan to upgrade to 2.7 while I am at it.

      1: Backup config of current 2.6 node
      2: (re)install 2.7 and both nodes and setup HA with a clean config
      3: Restore parts of the backup config xml to the primary's running config xml

      Parts that need to be restored are; Users, Certificates, IPsec and OpenVPN. Some other nice to haves might be DNS, DHCP, etc. I plan to rebuild all FW rules and packages with thier cofig.

      What is the best way to do this? Can I simply export the new config, add stuff to the file, and restore it back? Primary will reboot and changes are propogated to the secondary node?
      Any 2.6->2.7 stuff I need to be aware of?

      Thanks in advance!

      S 1 Reply Last reply Reply Quote 0
      • S
        SteveITS Galactic Empire @ballistic
        last edited by

        @ballistic In System>High Availability Sync there is a list of things router1 will sync to router2 including all of those.

        I would set the new addresses on router1 (new WAN and LAN, CARP/shared WAN and LAN), set up router2 with its unique WAN and LAN, and let pfSense sync the rest of the config for you.

        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
        Upvote ๐Ÿ‘ helpful posts!

        B 1 Reply Last reply Reply Quote 0
        • B
          ballistic @SteveITS
          last edited by

          @SteveITS Thank you for your input. But that is not what my question is about.

          S 1 Reply Last reply Reply Quote 0
          • S
            SteveITS Galactic Empire @ballistic
            last edited by

            @ballistic OK, rereading... :) One can restore just sections of a config file via the "Restore area" dropdown on the backup/restore page. It doesn't work for package configs but has most or all standard sections.

            Editing a config file by hand is definitely possible if the info is added correctly. I've on occasion changed internal interface names for example, or copy/pasted sections. Is that what you're asking? Then on restore it should sync to the secondary. I am not sure if that happens during the restore, or after reboot, tbh. If nothing else save any change on the primary and it should sync.

            re: 2.7, there are a few notes at https://docs.netgate.com/pfsense/en/latest/releases/2-7-0.html about removed algorithms. 2.7.1 will update OpenSSL so there is another set of caveats there.

            Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
            When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
            Upvote ๐Ÿ‘ helpful posts!

            B 1 Reply Last reply Reply Quote 0
            • B
              ballistic @SteveITS
              last edited by

              @SteveITS Thank you!
              Unfortunately there does not seem to be a backup option for users and/or certificates only. So looks like i'm going to have to copy those sections of config over manually.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.