Hi Everyone,
I have a remote Netgate 6100 that is currently still running version 22.05 and wanted to get your help on the correct way to not only move to version 23.01 but also the correct way to update the installed packages.
So this is the current things I need to fix and without breaking my access or the OpenVPN users.
- Default Webconfigurator certificate has expired
- Snort, pfblocker-NG devel, ipsec profile wiz, openvpn client export and netgate firmware updater are all yellow ( I didnt know the packages didnt stay updated on their own)
- Update 22.05 to 23.01
I did watch Toms video on these steps to the actual major update:
- Take a backup
- Reboot the firewall
- Uninstall the installed packages
- Perform the 23-01 update
- Reinstall the packages
Would this suffice, oh can I simply hit the renew on the default webconfigurator certificate or as one source has said I must create a new certificate then delete the old, not 100% sure.
Thanks
I would export your config. Install 2.7.2, upgrade to 23.09.1, then import the config. Should take less then an hour to do the entire process.
Ping netgate support and ask if the 22.05 config will work in 23.09.1. They respond very quiickly and most likely within the hour.
Well this is PFSense Plus so I think at 22.05 I can only move to 23.01 first then proceed with further updates. You may have referenced the community pfsense update, I think.
You can go from community to plus with no issues as I have done it before and this is was recommended from Netgate.
Ahh yes, I’m already on Plus but good to know.
I had a 23.05 that would not upgrade and contacted netgate. They recommended starting with 2.7.2 and upgrading.
The process was really easy and all my packages were reinstalled automatically after importing the config file. Wireguard, Tailscale, and everything worked without issues.
The update to 23.09 is big as many changes were made. The stepped upgrade process may have issues so it is easier to just start from scratch.
The process I used was
1.) Download 2.7.2 to the NAS
2.) Mount Nas to VM and change boot order to select NAS first. If you use USB this just make sure it boots to it before the hard drive.
3.) Reboot and install is automatic. I have a handfull of Vlan’s but only setup the WAN and LAN interfaces as the configuration import will take care of those later.
4.) Upgrade from 2.7.2 to 23.09.1 and reboot
5.) Import configuration and just wait a bit for packages to download and install which is done automatically
6.) Unmount NAS from boot order
7.) Test - Everything worked
The entire process surprised at how easy it was and how quick it really was.
I run my PFSense in a VM and do backup every night of all my VM’s. I also have the comfort of knowing I can restore in any botched situations.
Just verify that a 22.05 config file will import with no issues into 23.09.1.
Your NID will not change so this is why you can go 2.7.2 to 23.09.1 which I confirmed with Netgate. Just do not make any hardware changes otherwise the NID will change. Seriously, open a support ticket with the question and you will get an answer within an hour.
One more thing.
If you are running PFSense on Bare Metal, request a 23.09.1 image and you can bypass the 2.7.2 to 23.09.1. I requested one and was told it will not work for me as I am running PFSense in a VM.
Good luck and I hope it is as easy for you as it was for me.
Nice, that is a slick setup. Good for remote updating if the host has an external IP. You could do anything you wanted to the pfsense vm worry free. One more perk of running it in a vm if you can get the nic’s to pass through cleanly.
Yes I use PCI pass through. This is a homelab so I have no need to upgrade remotely which also makes things a lot easier.