Update Protocol



  • 1st of off, I am a newbie to pfsense but I have Buechler's book which I have been going through.

    I am currently at version 2.1.3 since the person before me didn't keep up the updates.

    1. Should I go in chronological order and update that way and also, can I name the full backup to what I want to so I can keep track of the updates as I move from version to version?

    2. I realize that I could go for the gusto but I am leary this might be a complete leap of faith and possible disaster since this version is before 2.2.

    3. Any potential problems when going from 2.1xxx to 2.2?

    Thanks for your input.



  • 1. no, just go to the latest one
    2. yes, thats why you backup your config first, so you can always go back later in case it would go wrong
    3. depends on your specific configuration & packages. https://doc.pfsense.org/index.php/Upgrade_Guide
    3b. be extra careful with squid, squidguard, lightsquid, dansguardian. imho it's best to remove them before the upgrade and if needed reinstall from scratch them afterwards



  • 2.1 -> 2.2 was a large upgrade with many gotchas. Read up on the topic to see if any of those apply.



  • This may sound stupid but i like to take screenshots of all my config pages. It is nice to browse thru working config when setting up new config or confirming restored config..

    I would also do a disk image for anything critical before major upgrades… Only takes minutes in time and can be valuable for complete restore if needed..

    Most upgrade problems seem to stem from packages, so pay particular attention there.

    Many times I think to myself that --you could have  rebuilt your setup from scratch for all the time you put into saving a existing config gone wrong---

    Truthfully if you don't have VPN or some other complexities I would build from scratch. Get a new start. Who knows what your upgrading over top of. Do you? Start from a new disk and build your own with your 2.1.3 as a template. Swap inline when confident.

    Is this a large or complex install?


  • Netgate

    Sorry, but that does sound stupid.

    Config.XML has everything you need and is a helluva lot easier to maintain since the backups are automatically stamped with both the node name and the time/date. (Thinking about a feature request to add, say, "2.2.4-amd64" somewhere in there.)

    Plus many config pages span multiple screens. "Printing" to PDF might be a better option.



  • I would also take note of the version that is installed, Either Full Disk Install or NanoBSD image. The ugrade paths are different.



  • added to all that, Buechler's book is surly talking about 'updates' …. just apply  ;)