A quick note on some best practices on how to upgrade OpnSense.
OpnSense Upgrade procedure
Yes, I moved to OpnSense. I needed a firewall with an up-to-date IGMP proxy package and PFSense’s current implementation has an annoying bug.
Also the general direction that NetGate seems to be going has given me an extra motivation to bite the bullet and rebuild my firewall on OpnSense.
Recipe for version upgrades:
As an example we are upgrading from 24.1.6 to 24.1.7. (For minor upgrades we could skip the creation of a new BE but we’ll do it anyway)
Make sure you have a current config backup stored somewhere safe.
Check the current boot environments after logging in through ssh:
1
2
3
root@opnsense:~ # bectl list
BE Active Mountpoint Space Created
24.1.6 NR / 1.23G 2024-04-20 19:07
The “N” stands for “Now” and the “R” is for “Reboot”, showing which Boot Environment is active now and after the next reboot.
- Create a new Boot Environment:
1 2
root@opnsense:~ # bectl create 24.1.7 root@opnsense:~ # bectl activate 24.1.7
1 2 3 4
root@opnsense:~ # bectl list BE Active Mountpoint Space Created 24.1.6 - 1.23G 2024-04-20 19:07 24.1.7 NR / 0G 2024-05-20 10:00 - Reboot the firewall:
1
shutdown -r now
Now perform the upgrade from the UI
When we upgrade to a newer version, we can remove older Boot Environments like so:
1
bectl destroy 24.1.6
- Done!