Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
General Upgrade Procedure Questions
« previous
next »
Print
Pages: [
1
]
Author
Topic: General Upgrade Procedure Questions (Read 2728 times)
fw-admin
Newbie
Posts: 3
Karma: 1
General Upgrade Procedure Questions
«
on:
November 30, 2021, 11:24:52 am »
Hi everyone,
I'm quite new to OpnSense and this forum, therefore I already now "pre-apologize" for any stupid questions. However, I received the task to upgrade our corporate OpnSense firewall as I seem to be the only guy with firewall knowledge (but different vendors).
So, what I would like to do is to upgrade from the current version 19.7 to the most recent (supported) one. I definitely will do this via direct console access to see what is going on during the upgrade process. What I'm interested in are the following questions:
- Is it possible to upgrade from 19.7.x to 21.7.x directly or do I have to make an additional upgrade step between that? I'm looking for an upgrade path in general. Probably there's a documentation on that subject.
- I already found some release notes, but I'm missing some dependencies to other SW versions. We are using a larger number of OpenVPN clients and I would like to know whether this version will be compatible with OpnSense after the upgrade.
- What general preparations would you recommend? Of course I will do a config backup before the upgrade, but is there a way to jump back to the state before the upgrade in case an issue will occur?
- Related to the last question I'm interested in general of OpnSense specific best practices during upgrades. Most likely I want to know, what I can do if anything goes wrong during the upgrade procedure. What I'm afraid of is that during the installation of the new firmware, the upgrade process will fail and got stuck for whatever reason. Is there a way to jump back in such cases to a state before the upgrade was launched?
I do not expect full/perfect answers to my questions. Probably some hints/links to a related forum page or documentation might be sufficient.
Thanks a lot.
Logged
Greelan
Hero Member
Posts: 1028
Karma: 72
General Upgrade Procedure Questions
«
Reply #1 on:
November 30, 2021, 12:00:47 pm »
IMHO, you are best to use the GUI or at least the menu option in CLI to upgrade - this ensures that the process is managed by OPNsense, as opposed to if you try to do a manual upgrade via CLI. This will tell you what upgrade steps are possible (I would expect multiple steps) and also have the built in failsafes (eg aborting the upgrade if a problem is detected before the last step of upgrading the kernel/base)
Logged
cookiemonster
Hero Member
Posts: 1823
Karma: 95
Re: General Upgrade Procedure Questions
«
Reply #2 on:
November 30, 2021, 05:41:46 pm »
One thing that you might have "inherited" is additional plugins, packages and out-of-ui & undocumented changes. That's what would worry me the most. For that your best backup is a disk image because the config backup from the UI won't cover all.
Logged
fw-admin
Newbie
Posts: 3
Karma: 1
Re: General Upgrade Procedure Questions
«
Reply #3 on:
December 02, 2021, 09:34:11 am »
Thanks a lot for your answers.
Just to be sure if I understood everything well:
- Upgrade Path: Not really necessary to take care about it. As soon as I start to perform the upgrade through CLI (option 12 if I remember well) OPNsense itself takes care to download the right/correct version, correct?
Beside that, could you help me concerning my open questions, please?
- Is a kind of sw version compatibility list from OPNsense available? I want to know whether it is supported to use "this" particular OPNsense firmware version with "this" particular version of OpenVPN.
- Is there a way on OpenSENSE to determine which additional plugins / software has been installed?
Thanks a lot in advance!
Logged
Greelan
Hero Member
Posts: 1028
Karma: 72
General Upgrade Procedure Questions
«
Reply #4 on:
December 02, 2021, 09:40:34 am »
- Yes
- AFAIK, each version of OPNsense generally will upgrade with it the related packages - at least the core stuff. In some cases a plugin maintainer might need to do some subsequent work if they haven't been keeping up. If there is manual stuff installed, you are on your own
- At least for upgrades via the GUI, there is a log file. Using the CLI menu option probably generates the same file
«
Last Edit: December 02, 2021, 09:48:14 am by Greelan
»
Logged
fw-admin
Newbie
Posts: 3
Karma: 1
Re: General Upgrade Procedure Questions
«
Reply #5 on:
December 04, 2021, 02:01:13 pm »
Nice, I think I got it now...
One last question: What about sw-version dependencies between OPNsense firmware and OpenVPN versions? I wasn't able to find anything related to that on OPNsense's docu website.
Logged
Greelan
Hero Member
Posts: 1028
Karma: 72
Re: General Upgrade Procedure Questions
«
Reply #6 on:
December 04, 2021, 09:13:07 pm »
OpenVPN is a core package, not a plugin. So I think you can safely assume that compatibility will be fine. The only thing you might need to do is ensure that IP fields in OpenVPN don’t include whitespace - a recent update introduced stricter validation checks and existing configs with spaces causes it to choke
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
General Upgrade Procedure Questions