OPNsense Forum

Archive => 22.1 Legacy Series => Topic started by: pes on July 28, 2022, 06:31:06 am

Title: OPNsense updates
Post by: pes on July 28, 2022, 06:31:06 am

I need some advice on OPNsense updates.
I plan to use OPNsense as a replacement for a real production router.
I hesitate to apply updates due to the risk of bugs that could affect OPNsense functionality.
What is the best strategy for applying updates to a production OPNsense router?

Title: Re: OPNsense updates
Post by: franco on July 28, 2022, 07:32:52 am

Some people find the update frequency enjoyable and those don't have much issues if at all.

Others don't like it but then simply don't update unless you have real world security concerns. You can really get away with only 2 updates per year to keep track of major updates at least.

Some forget to update at all. From a technical perspective that seems to work fine too if it fulfils your requirements.


Cheers,
Franco

Title: Re: OPNsense updates
Post by: elcocoloco on July 28, 2022, 09:34:37 am

• If virtualizing OPNSense, you can also make snapshots, for easy rollbacks
• Use a HA setup if budget allows it

To be honest I have 15 OPNsense VM's in production (6 /6 in HA, 3 single)with zero update issues in 2 years.

Title: Re: OPNsense updates
Post by: Patrick M. Hausen on July 28, 2022, 10:23:50 am

Quote from: pes on July 28, 2022, 06:31:06 am

What is the best strategy for applying updates to a production OPNsense router?

Have an additional test environment.  ;) With open source software that can be set up pretty cheap.

Use a ZFS install and boot environments, so you can roll back if necessary:
https://forum.opnsense.org/index.php?topic=25540

HTH,
Patrick

Title: Re: OPNsense updates
Post by: juere on July 28, 2022, 11:17:28 am

Quote from: elcocoloco on July 28, 2022, 09:34:37 am

To be honest I have 15 OPNsense VM's in production (6 /6 in HA, 3 single)with zero update issues in 2 years.

I can confirm this for another 19 production setups, only minor upgrade issues, none of them a real show stopper.
You might also consider to use the business edition

https://shop.opnsense.com/product/opnsense-business-edition/ (https://shop.opnsense.com/product/opnsense-business-edition/)

with an upgrade path lagging behind the community edition

Title: Re: OPNsense updates
Post by: phoenix on July 28, 2022, 11:18:49 am

This hasn't been mentioned but at the very least you should take a backup of your settings and a downloaded DVD of the latest installation media before you do an update - if it all goes haywire you can always get back to the last state of your firewall. All the other replies have great suggestions that you should also consider. :)