UpgradeGuide

From PFSenseDocs

This article is part of the HOWTO series.

Contents 1 pfSense Upgrade Guide 1.1 Full installation 1.2 Live CD 1.3 VMware Appliance 1.4 Embedded 1.4.1 Embedded upgrade from 1.2 to 1.2.1 1.5 SMP/Multiprocessor Users 1.6 Preparing a fall back plan 1.6.1 Downgrading to a previous release 1.6.2 Downgrading from pfSense 2.0 to 1.2 not possible 1.6.3 Reinstalling the previous release 1.7 Reinstalling packages

pfSense Upgrade Guide

The supported means of upgrading from one pfSense release to another depend on the platform being used. Any non-embedded version of pfSense can be reliably upgraded to any other version while retaining the existing configuration.

First, as you should always do before upgrading any sort of system, make sure you have a good, up to date backup. You just need to visit the Backup/Restore page and download a backup of your configuration. Those with a pfSense Portal subscription should consider using the AutoConfigBackup and making a manual backup noting the reason as prior to upgrade.

Full installation

Download the 1.2 full upgrade file from your favorite mirror. In the web interface, visit the System -> Firmware page and upload that file there.

Alternatively, the console upgrade mechanism is preferred by many users. Enable SSH on the Advanced page, SSH into your pfSense install, and choose the console upgrade menu option. It's easiest to paste the URL of the update file location there. The system then automatically downloads and installs the specified update, including verification of the md5.

Live CD

For live CD installations, just burn the new CD, put it in your firewall, and reboot the system with the same configuration storage medium.

VMware Appliance

The VMware Appliance can be upgraded using the same methods as a full installation.

Embedded

The only 100% guaranteed reliable way to upgrade embedded is to re-flash the CF and restore a previous configuration backup. An embedded upgrade file is available, though it has known issues. Specifically, it causes multiple processes to crash post-upgrade, which can cause some systems to hang while shutting down after finishing the upgrade, and not restart. Power cycling the hardware fixes the issue and the upgrade is still properly applied, however with this issue we did not want to put out an upgrade file classified as stable.

The embedded update file for 1.2 release is available here. Only the console upgrade mechanism is usable. Before upgrading, make sure you have a valid configuration backup and be prepared to re-flash if things go really badly (though we don't know of any problems requiring a re-flash, be prepared just in case).

This is a difficult problem to solve and will hopefully be resolved in the 2.0 release.

Embedded upgrade from 1.2 to 1.2.1

Upgrading embedded from 1.2 to 1.2.1 RC versions has not been well tested. You can try it, and report your experiences on the forum or mailing list, but be prepared to re-flash your CF.

SMP/Multiprocessor Users

Because of changes in the upgrade system between 1.0 and 1.2, after upgrading a 1.0 system to 1.2, you will be using a uniprocessor kernel. Previous installs defaulted to SMP kernels (and future releases will revert to that behavior) so if you are using a SMP system, it will now function as a single processor system. To install a SMP kernel, apply the 1.2 update file a second time. This time you will be prompted on the upgrade page for the kernel to use. Select SMP there, and apply the 1.2 update (though the install is already 1.2, it will still install the same 1.2 update and replace your kernel). If you are not prompted for which kernel to use, go to Diagnostics -> Command and run 'rm /boot/kernel/pfsense_kernel.txt'. Then go back to the upgrade screen and you will have that option.

Preparing a fall back plan

In case something goes wrong during the upgrade, plan for how you will recover prior to upgrading. There is a remote chance that a regression from one version to another, either in the pfSense or FreeBSD code, can leave your system unusable. With some advance planning, you can quickly return to the previous release.

Downgrading to a previous release

For those using a pfSense 1.2.x release, you can safely downgrade to a previous 1.2.x release by using the same upgrade methods, with the previous version's update file. If you upgrade to 1.2.1, you can safely use the 1.2 update file to downgrade back to 1.2. Your configuration will be retained.

Downgrading from pfSense 2.0 to 1.2 not possible

Because some of the changes in pfSense 2.0 bring vastly enhanced capabilities with significantly different configuration requirements, when upgrading from 1.2.x to 2.0, some portions of your configuration are converted to a structure that will not work correctly on any previous release. pfSense 2.0 is currently in ALPHA and not recommended for any production deployments at this time.

Reinstalling the previous release

The worst case scenario on upgrading is a FreeBSD regression leaving you with a system that no longer boots successfully, or no longer comes up on the network. In this case, you'll have to reinstall from CD. You may wish to have the live CD from the previous release available in case this is necessary. This is the least likely scenario, with maybe one in every ten or twenty thousand installs affected with upgrades containing significant FreeBSD release changes (such as pfSense 1.2 to 1.2.1, going from FreeBSD 6.2 to 7.0).

Reinstalling packages

After an upgrade, especially if you upgrade from 1.2 release to 1.2.1, 1.2.2 or 1.2.3, you should reinstall packages after the upgrade. To do so, browse to Diagnostics -> Backup/Restore and click "Reinstall packages".