Clean upgrade from 25.1.7 to 26.1.1 via fresh install + config restore

Started by GambinoG1, February 12, 2026, 03:47:42 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 12, 2026, 03:47:42 PM
Hi,

I'm fairly new to OPNsense and would appreciate some advice regarding an upgrade plan.

I'm currently running 25.1.7 and am considering doing a clean install of 26.1.1 and restoring my configuration backup, instead of performing incremental upgrades (25.1.7 - 25.1.12 - 25.7 - 25.7.11 - 26.1.1).

This firewall is in production, so maintenance windows are limited. An incremental upgrade path would likely take 7+ hours, not including potential troubleshooting.

Our setup is relatively simple:

2 VLANs (IPv4)

1 WireGuard tunnel (multiple peers)

Unbound DNS

ISC DHCPv4

Zabbix agent

IDS

Since ISC DHCP is no longer supported in 26.1, I have already configured Kea DHCP to match the current ISC configuration. It is not enabled yet, but I plan to test it thoroughly before saving the final configuration backup.

My question is: would you advise against doing a clean 26.1.1 install and restoring the config? If so, what are the main risks, and what alternative approach would you recommend?

If this plan is reasonable, are there specific areas (services, plugins, config sections, etc.) that I should pay particular attention to after the restore?

Thanks in advance!
February 12, 2026, 04:32:59 PM #1 Last Edit: February 12, 2026, 07:53:50 PM by franco
> My question is: would you advise against doing a clean 26.1.1 install and restoring the config? If so, what are the main risks, and what alternative approach would you recommend?

There's no reals pros and cons except maybe the time you spend doing this. You'll lose historic logs but normally not a big deal either.

The most pressing reasons for a reinstall are change of file system (to ZFS) or a damaged install beyond repair or switching the disk.


Cheers,
Franc
February 12, 2026, 05:27:31 PM #2
How did you arrive at a 7+ hour estimate for 4 incremental upgrades? Is your current install on ZFS so you can leverage snapshots for rollback?
February 13, 2026, 09:12:25 AM #3 Last Edit: February 13, 2026, 09:30:28 AM by GambinoG1
I ran a test VM with OPNsense 25.1 installed and updated through GUI, each update took about 1-2 hours and there were 4 updates totaling 7 hours and 35 minutes. 

I dont mind losing historic logs.

Our main OPNsense is not a VM and our disks are raidz1 ZFS.

Ok I think i get it now.

I will:
1. Enable Kea (check so everything works with Kea)
3. Backup config
4. Clean install 26.1.1
5. Upload config
If it fails then do incremental updates starting from 25.1.7 creating snapshots with bectl at every incremental update.

If you think I'm wrong please let me know, if you have any suggestions on better ways please inform me I'm happy to learn more.
Otherwise this is the plan I'll execute.
February 13, 2026, 03:21:43 PM #4
Quote from: GambinoG1 on February 13, 2026, 09:12:25 AMOtherwise this is the plan I'll execute.
Sounds like a plan! :)
Weird guy who likes everything Linux and *BSD on PC/Laptop/Tablet/Mobile and funny little ARM based boards :)
February 13, 2026, 06:48:04 PM #5
I am surprised your upgrades took that long but I've never run OPNsense in a large production environment. Good luck with the migration. Let us know how it goes.
February 14, 2026, 01:03:38 AM #6
Quote from: julsssark on February 13, 2026, 06:48:04 PMI am surprised your upgrades took that long
Keep in mind that in some parts of the world something like 8/1 Mbps ADSL or 2/2 Mbps SDSL is all you can get... ;)
Weird guy who likes everything Linux and *BSD on PC/Laptop/Tablet/Mobile and funny little ARM based boards :)
February 14, 2026, 04:39:49 PM #7
Thanks for educating me. I didn't even think about bandwidth as a determinant of upgrade time.
Print
Go Up Pages1
User actions