Updating old box from 2.0-rc1

  • We had a client that hired us a few years back and we installed a pfSense router with 2.0-rc1 on it.  It has a Celereon E3300 CPU for reference.  They nearly shut their doors from the recession and have slowly been coming back.  They now want us to block Facebook / Twitter, etc which requires us to put in something like Squid/SquidGuard.  To do that I need to update the box, but can't find a clear update path.  The auto-updater doesn't see anything.  It just replies back:

    Downloading new version information…done
    Unable to check for updates.
    Could not contact pfSense update server http://snapshots.pfsense.org/FreeBSD_RELENG_8_1/i386/pfSense_HEAD/.updaters/

    That's probably because the unit's 5 years old at this point and there aren't any files left in the 8.1 directory.  What's the safest way to get this box updated?  I'm assuming this is i386 and not x64 though it does appear the CPU is 64-bit.  Any help would be greatly appreciated!

  • In your situation I would take a backup and try to restore it onto newer hardware running the latest version (2.2.6, although 2.3 is just shy of a RC in the next few weeks (days?)).

    You'll find out very quickly if things look well enough when you translate a ver 2.0.x config to the latest release.

    You can then try a clean install of the new software on the old hardware and safely restore the old backup.

    Worst case scenario you should be able to reinstall the version you have and just get back to where you were, best case it gets you a clean install with nothing leftover from the old system.  You can likely upgrade the install to 64bit if the CPU allows as well.

    Is this a HD or a Nano install?

  • It's an HDD install.  What you're suggesting would be quoting them a new box.  I'm fine with that as the config isn't all that complicated (less so now that their Exchange is hosted) and there aren't any packages installed but the customer most likely won't want to pay for a new system if there is an upgrade path.  If there isn't a clear upgrade path then I'll quote the new box with labor.

    I could install from the latest ISO and just overwrite what's already there and try to restore the config.  I struggled with a config restore going from 2.0 to 2.1.4 a while back (I think that was the jump).  I can't believe it would be easier.  That could work.  Hadn't thought about that.

    I did find http://files.nyi.pfsense.org/mirror/downloads/old/ which seems to have everything.  I could upgrade to 2.0.2->2.1->2.2->2.2.6 checking the auto-upgrade at each step.  How can I tell if I have the i386 or amd64?  The Status page in the GUI doesn't seem to say.

  • You can just download the update you want and do a manual upgrade via the GUI, that way you get 386 or AMD64 as you want.

    The auto selector had been funky in the past so it may or may not grab the version you want under various conditions.
    As well there are various oddities with hardware, drivers,etc. that have been corrected through all those past versions and you might step on something going incrementally.
    You might as well bring them up to latest and get the benefits of all the fixes if possible.

    If you don't have a spare box lying about to test on, then I'd get the original version CD ready in case of major failure and try to bring them up to 2.2.6 via a manual GUI upgrade.

    It'd be worth checking if they do have a 64Bit CPU, you can go to the "hidden" /status.php page and look for the "System Message Buffer (Boot)" section.
    That'll will give the boot messages as FreeBSD recognizes the CPU and you can see what they've actually got in the box.

  • There are some gotcha's in the move to 2.2 ( https://doc.pfsense.org/index.php/Upgrade_Guide#pfSense_2.2_Upgrade_Notes ) so to prevent a major stuff up …
    Do a full backup of their current config, etc
    Download 2.2.6
    Grab a spare hard drive
    Pull their 2.0 drive out, label it, put it some where safe.
    Put the new HDD in
    Install pfsense 2.2.6
    restore backup
    SHOULD be all good to go.

    But if something goes completely pear shaped, you can just revert back to the previously functional HDD by putting it back in service

  • You started from a snapshot, where the update URL was pointed to snapshots. First I'd fix that, go to System>Firmware, Updater Settings tab, and uncheck the "use unofficial update server" box. That'll get you back to the stable update URL, and make sure you don't change architectures on upgrade if you restore that config to something different in the future. That's the only "various conditions" mentioned above where it doesn't pick the right architecture, where you have it hard coded to the wrong thing.

    But given you're on 32 bit and should be on 64, and have what's probably a 10 year old piece of hardware at this point, I'd consider swapping out the hardware for something new. I'd probably reinstall it with 64 bit since you need to switch architectures anyway, then restore your config backup. Do it on a different drive if you want, so if you need to go back for some reason you can.

    Short of any odd hardware-specific compatibility things with that system, upgrading in place via manual update straight to 2.2.6 would be fine.

    The most common "I upgraded and it broke" support requests we get from years-old systems is systems that get rebooted and are dead. The reboot on its own would have done the same. Hard drive disappears, system no longer completes POST, fans won't start spinning again after momentarily stopping during the reboot, among various other hardware failures. So if it's one that's been up and running for years without a reboot, have a plan for what you're going to do if you reboot the box and it's dead.

  • Well, the CPU is 64-bit.  I'm concerned about going to the 64-bit build if I may currently be running the 32-bit build.

    I've gone to the /status.php page but there is no "System Message Buffer (Boot)" section.  DMESG does state:
    Copyright © 1992-2010 The FreeBSD Project.
    Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
    The Regents of the University of California. All rights reserved.
    FreeBSD is a registered trademark of The FreeBSD Foundation.
    FreeBSD 8.1-RELEASE-p3 #1: Fri Apr 22 00:47:24 EDT 2011
        sullrich@FreeBSD_8.0_pfSense_2.0-snaps.pfsense.org:/usr/obj.pfSense/usr/pfSensesrc/src/sys/pfSense_SMP.8 i386
    Timecounter "i8254" frequency 1193182 Hz quality 0
    CPU: Intel(R) Celeron(R) CPU        E3300  @ 2.50GHz (2500.01-MHz 686-class CPU)
      Origin = "GenuineIntel"  Id = 0x1067a  Family = 6  Model = 17  Stepping = 10
      Features=0xbfebfbff <fpu,vme,de,pse,tsc,msr,pae,mce,cx8,apic,sep,mtrr,pge,mca,cmov,pat,pse36,clflush,dts,acpi,mmx,fxsr,sse,sse2,ss,htt,tm,pbe>Features2=0x400e3bd <sse3,dtes64,mon,ds_cpl,vmx,est,tm2,ssse3,cx16,xtpr,pdcm,xsave>AMD Features=0x20100000 <nx,lm>AMD Features2=0x1 <lahf>TSC: P-state invariant
    real memory  = 2147483648 (2048 MB)
    avail memory = 2072784896 (1976 MB)
    ACPI APIC Table: <a_m_i_ oemapic="">FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs
    FreeBSD/SMP: 1 package(s) x 2 core(s)
    cpu0 (BSP): APIC ID:  0
    cpu1 (AP): APIC ID:  1

    The Updater Settings page has nothing filled in and no check boxes checked.

    Can I go straight from 2.0-rc1 to 2.2.6?  I'll back up the config beforehand to be safe and bring an ISO with me, but I can make that big of a jump in versions?  I thought it had to be done in smaller steps?</a_m_i_></lahf></nx,lm></sse3,dtes64,mon,ds_cpl,vmx,est,tm2,ssse3,cx16,xtpr,pdcm,xsave></fpu,vme,de,pse,tsc,msr,pae,mce,cx8,apic,sep,mtrr,pge,mca,cmov,pat,pse36,clflush,dts,acpi,mmx,fxsr,sse,sse2,ss,htt,tm,pbe>

  • If there are no package issues, it should be doable.

    You'll hit the forced manual reboot issue if you update to 64 bit from 32bit, so you need to be onsite (or have someone on the phone).

    Personally, I'd do a CD or USB install of 2.2.6 64bit (2.3 is reeeeeeeal close to RC1 hmmmmmm.) and just restore a config.xml backup from 2.0.

    If you can give us a package list, we should be able to point out any pitfalls…

  • I thought I replied to this?  Guess not.  No, there aren't any packages installed and I'm leery about jumping on new revisions so quickly in case there are issues.  It seems like 2.1 to 2.2 was a big jump and I'd suspect 2.2 to 2.3 would be as well.  I'd hate to put it out there and something happens and for whatever reason I'm not able to fix quickly.  Paranoia and all.

  • I'd hate to put it out there and something happens and for whatever reason I'm not able to fix quickly.

    That's why I suggested you keep a 2.0 install CD on hand.
    Without any package issues, there's really very little to hold you back.

    If you've got a recent config.xml backup (which you need anyway) then you've got (2) scenarios:

    1. The best case, you load 2.2.6 2.3 from scratch, reload the backup and you're good to go.

    2. The worst case, the 2.2.6 2.3 install goes pear shaped and you reinstall 2.0 from scratch, reload the backup and your back to where you started.

    The worst you get is back to where you are today, but at least you'll learn something about how the hardware responds to a 2.2.6 2.3 install.

    Seeing as 2.3 is now RC (https://forum.pfsense.org/index.php?topic=109076.0) you're better off trying to get the advantages of the latest hardware fixes included w/ a current version of FreeBSD and the code improvements in pfSense 2.3

    I've got $0.05 that says you'll have a smooth upgrade if you do a fresh install and restore your config.xml to 2.3  ;)

Log in to reply