OPNsense updates

Started by pes, July 28, 2022, 06:31:06 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
July 28, 2022, 06:31:06 AM
I need some advice on OPNsense updates.
I plan to use OPNsense as a replacement for a real production router.
I hesitate to apply updates due to the risk of bugs that could affect OPNsense functionality.
What is the best strategy for applying updates to a production OPNsense router?
July 28, 2022, 07:32:52 AM #1
Some people find the update frequency enjoyable and those don't have much issues if at all.

Others don't like it but then simply don't update unless you have real world security concerns. You can really get away with only 2 updates per year to keep track of major updates at least.

Some forget to update at all. From a technical perspective that seems to work fine too if it fulfils your requirements.


Cheers,
Franco
July 28, 2022, 09:34:37 AM #2

  • If virtualizing OPNSense, you can also make snapshots, for easy rollbacks
  • Use a HA setup if budget allows it

To be honest I have 15 OPNsense VM's in production (6 /6 in HA, 3 single)with zero update issues in 2 years.
July 28, 2022, 10:23:50 AM #3
Quote from: pes on July 28, 2022, 06:31:06 AM
What is the best strategy for applying updates to a production OPNsense router?
Have an additional test environment.  ;) With open source software that can be set up pretty cheap.

Use a ZFS install and boot environments, so you can roll back if necessary:
https://forum.opnsense.org/index.php?topic=25540

HTH,
Patrick
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
July 28, 2022, 11:17:28 AM #4
Quote from: elcocoloco on July 28, 2022, 09:34:37 AM
To be honest I have 15 OPNsense VM's in production (6 /6 in HA, 3 single)with zero update issues in 2 years.

I can confirm this for another 19 production setups, only minor upgrade issues, none of them a real show stopper.
You might also consider to use the business edition

https://shop.opnsense.com/product/opnsense-business-edition/

with an upgrade path lagging behind the community edition
July 28, 2022, 11:18:49 AM #5
This hasn't been mentioned but at the very least you should take a backup of your settings and a downloaded DVD of the latest installation media before you do an update - if it all goes haywire you can always get back to the last state of your firewall. All the other replies have great suggestions that you should also consider. :)
Regards


Bill
Print
Go Up Pages1
User actions