How to upgrade from v1 to v2 (non-technical)

  • I am a brand new IT tech for my company. There are no other IT members as the manager has just left and i was hired. I have never used a firewall but have been working hard on familiarizing myself with PFSense, as it was installed at all facilities before i arrived. I have managed to troubleshoot many issues however many remote facilities use version 1.2.3-release whileas others use 2.1.2-release (i386).

    The reason i do not want to just use the "upgrade" files on the mirror is because i am told those can cause problems with the configuration upgrade process or even prevent the system from booting at all. I do not want to uninstall packages and then re-install them or i will lose the settings associated with those packages. This is why i am seeking guidance.

    I am not a Gold premium member so i do not have access to support. Is there anyone out there who can provide me with directions on how to upgrade a firewall from v1.2.3 to v2.1.2 without losing any of the current settings, certificates, VPN tunnels, etc?


  • Rebel Alliance Developer Netgate

    Most of that is not quite true.

    There are some potential gotchas for going from 1.2.x to 2.x but they mostly affect international users (some special characters in the wrong place can cause XML issues).

    Uninstalling a package does not remove its settings. The only exception is snort which will remove its own settings on reinstall unless you activate the option to save them.

    Any known issues are listed here:

  • Sounds like you've got yourself an interesting challenge  ;)

    Google is your friend for much of this, a little research will go a long way.

    jimp already got in before me, but my comments mostly stand.

    A few points of note to get you started:

    1. Always make a backup of the config.xml before you attempt any changes.  A good copy of your config will let you revert back to where you started from if an upgrade goes poorly.

    2. There's a reasonable doc page that should get you started.

    3. MAKE SURE YOU HAVE A BACKUP of your config.xml before you start attempting changes (you start to see the importance of #1 above)

    4)  You might consider spending $99 of the company's money to get Gold support and access to "The Definitive Guide to Pfsense V2.0", well worth the investment.

    Good luck, it's likely to be fun! (unless it isn't)  :)

  • Thank you. I backed up XML. I have Acronis can I image the firewall as well? I believe its Linux thou. Not sure if it saves all settings thou if the imaging does work.

    Gold appears to provide no support. Only access to the online book! I hear amazon will have the new book in a couple months for half that?

  • All you need is the XML, the way pfsense is structured, it's easier to reload a failed/munged box from scratch and then reload a known good XML.  It often works fine across versions, al though in your case you may want to set up a test environment you can play with to verify that a production conversion won't (shouldn't  ??? ) fail.

    Acronis is a great tool, just not in this case.  It's easier to do a fresh install that takes 3-7 mins typically.

  • Netgate Administrator

    Gold subscription also gives you access to Chris' monthly seminars (Jim has also done one) including recordings of those you have have missed, worth the money by themselves IMHO. It's also a good way to support the  project.

    It would be worth noting what hardware you have pfSense running on and what install type they are. Are they all the same? Virtual or baremetal? Full install to a harddrive or Nano running from flash. There may be additional gotchas if you're running some obscure hardware or have a customised install.


  • Moderator


    Uninstalling a package does not remove its settings. The only exception is snort which will remove its own settings on reinstall unless you activate the option to save them.

    Hi Jim,

    Is there a time frame when the next version of Snort will be released? I see the pull request was submitted awhile back.


Log in to reply