Downgrade from 23.6 to 22.9?
-
My SSD started failing on my 5100 and I just installed a new one.
After re-installing the OS and restoring my backups I've discovered a bunch of issues which have essentially broken my working firewall config. I want to give up on trying to fix all the issues and downgrade so I can have a working firewall again. Essentially the update broke my VLANS, DHCP, SQUID, and I am now getting flooded by notifications every 5 minutes telling me my UPS can't communicate with my server which has shut down for the night. WTF
Question 1: How do I figure out what release I was previously running?
My new install says I am running
24.11-RELEASE (amd64)
built on Wed Nov 27 13:22:00 EST 2024
FreeBSD 15.0-CURRENTbut the backup files say I am running
<pfsense>
<version>23.6</version>
<lastchange></lastchange>My previous install backup says
<pfsense>
<version>22.9</version>
<lastchange></lastchange>Question 2: Where can I find the OS release that gives me the backup for 22.9?
I found another link for the Pfsense CE but I can't navigate the directories in the mirror
-
@mike123 The config file version is here:
https://docs.netgate.com/pfsense/en/latest/releases/versions.htmlYou can try asking support for an old installer image. I thought the new Netgate Installer offered a choice of versions though…?
-
I contacted support and they said I could only downgrade to 24.03 via the installer.
I went back to 24.03 and it fixed my DHCP and SQUID problems. Turns out my VLAN issue was due to a new feature added in 24.03 and I've attached the excerpt for anyone else experiencing the same issues with VLAN giving firewall problems
I couldn't connect to my VLANs with the following appearing in my logs
VLAN123 Default deny rule IPv4 (1000000103)
I could ping devices but that's all.
"Beginning with pfSense Plus software version 24.03 and pfSense CE software version 2.8.0, the default configuration is explicitly set to an Interface-bound policy to enhance security. It appears that in your previous version, the default was configured as a Floating state type. You can read more details about this change here: https://www.netgate.com/blog/state-policy-default-change"
Changing the Firewall State Policy to Floating States (System>Advanced>Firewall & NAT - Advanced Options) solved the VLAN problems for me.