Does upgrade usually retain settings?



  • I am planning on upgrading our current pfSense v1.2.3 install to v2.0.2.  Problem right now is the Web GUI is not loading so I cannot easily take a backup of the config.  In general, when pfSense upgrades are done, do they usually keep the current settings (IE: vLAN settings, firewall rules, DHCP info, etc)??  I am new to pfSense so I have never done an upgrade before.

    I know anything can happen in the IT world when you do upgrades, but I was just curious if pfSense is generally good at keeping all settings in place after a successful upgrade.



  • Yep it should.    Can you console in?

    Option "11 restart webconfigurator"  might help you get to the gui…



  • Thanks for the reply.  Yea I tried that and restarting pfSense (option 5), but with no luck.  I kind of inherited the current setup after the last IT guy bailed, so I have never seen any of the settings from the GUI.  I want to upgrade, but am worried about losing settings that are currently in place.

    Do you know how to run a backup of the config from any of the console options?  I would like to get an updated config backup, then I should be able to winscp to copy the XML to a separate location before upgrading



  • Im not real strong in the console department.  But is it possible he has another port number for your GUI?

    Tried https:?

    The config.xml file wont be overwritten so if he has another port assigned then you could still be locked out. Seeing the config file however will tell you exactly what he has done.

    I usually know enough to get me in trouble.



  • I did try http and https, but did not work.  I guess anything is possible and maybe he assigned a different port.  If I got a copy of the XML and opened it could I tell if there is a custom port being used?



  • Yes- just several lines down from the top…

    <webgui><protocol>https</protocol>
    <certificate><private-key><port>443</port>
    <auth_method>session</auth_method>
    <backing_method>htpasswd</backing_method>
    <ssl-certref>XXXXXXXXXXXX</ssl-certref></private-key></certificate></webgui>



  • If you can access the console and login you can use the shell command scp to copy the configuration file (/conf/config.xml) to another system on the network; for example:```
    scp /conf/config,xml myuser@myhost:

    
    I suggest you save a copy of your configuration file then figure out why you can't access the GUI before you attempt to upgrade. I would help the readers to help you if you gave us the response from the browser when you attempt to access the pfSense GUI rather than the "executive summary": "doesn't work".


  • Agreed.  I want a copy of that XML file before thinking about an upgrade.  I'll update what the browser says asap, but it is basically Page cannot be displayed, or cannot load type message.  I also need to confirm from the XML that the Web GUIDE is not using a custom port.  Any attempt to connect to Web GUI using http, or https have not worked.

    Have you had any experience with this type of issue?



  • What response do you get when you ping the host you specify when you attempt to access the GUI? (Maybe there isn't a valid path to the GUI!)

    @rashley:

    Have you had any experience with this type of issue?

    I've had a lot of experience with many different network issues. I don't yet know enough about this issue to be able to describe it as one I have had experience with.



  • Pinging the default gateway (192.168.0.1) works fine.  I am hoping that when I get a copy of the XML file it will show the web GUI is is using a custom port (other than 80 or 443).

    I should have more information for you by end of week



  • One suggestion - you could try a prt scan to see what ports are open - to find out what port it is listening on?
    (Or I think you could run sockstat -4 -l from command line, but I am novice at bsd!)


  • Rebel Alliance Developer Netgate

    From the console/shell:

    sockstat | grep lighttpd
    

    That will show the port(s) that it is bound to. Then try http://x.x.x.x:yyyy and https://x.x.x.x:yyyy and one of them should respond, assuming you don't have a rule blocking the connection.

    And if you do… http://doc.pfsense.org/index.php/I_locked_myself_out_of_the_WebGUI,_help!


  • Netgate Administrator

    @jimp:

    assuming you don't have a rule blocking the connection.

    Exactly.
    Your predecessor may have been paranoid and locked down access to the webgui deliberately. You will see what he did or didn't do in the config.xml file though.

    Steve



  • Thanks for the help.  It was a custom port that was setup for the web GUI.  Now I can get a backup of the config and plan an upgrade to 2.0.2.

    Anyone try upgrading from v1.2.3 to 2.0.2 and notice any issues?



  • I went from 1.2.3 to 2.0.1 and then 2.0.2.  I am now on the 2.0.3 prerelease and it's much better than the 2.0.2 release.  Lots of bug fixes.  2.0.3 is stable, so you can download a copy and do a manual firmware upgrade.  If you search for my posts I have a lengthy one discussing how to do the manual upgrade.



  • Thanks.  There is an auto upgrade feature within the GUI.  Do you recommend a manual upgrade instead of the auto upgrade?



  • The auto-upgrade grabs the latest official release, so right now it'll grab the 2.0.2 release.  You need to do a manual upgrade to install the 2.0.3 or any other prerelease.

    It's a pretty painless process.  Grab the latest 2.0.3 release, upload it as new firmware.  I'm using the Feb 9 release.  A more current one is just as stable.

    I describe the manual update process toward the end of this post.

    http://forum.pfsense.org/index.php/topic,58933.msg316734.html#msg316734



  • Great.  Thanks for the info.  My company is slow at approving updates, so v2.0.3 might be an official release by then.  Either way, this is good to know


Log in to reply