<div style="font-family: arial; font-size: 14px;"><div fr-original-style="" style="box-sizing: border-box;">Great insights Chad. thank you! Sounds like we have both been using Pfsense for awhile. I remember too when they were Electric Sheep Fencing. I don't have any major concerns this time around as Netgate has been really good with testing and bug fixing, especially on this release, they even purposely waited to bring 2.7 into RC until after BSDCan so they could clear a last few little details.</div><div fr-original-style="" style="box-sizing: border-box;"><br fr-original-style="" style="box-sizing: border-box;"></div><div fr-original-style="" style="box-sizing: border-box;">I, like you, will have a backup of the previous before upgrading my main, and then once i know the main is all working and everything is good, I will upgrade my backup and keep it in case of any failures. </div><div fr-original-style="" style="box-sizing: border-box;"><br fr-original-style="" style="box-sizing: border-box;"></div><div fr-original-style="" style="box-sizing: border-box;">I am also looking forward to the release as well.</div><div fr-original-style="" style="box-sizing: border-box;"><br fr-original-style="" style="box-sizing: border-box;"></div><div fr-original-style="" style="box-sizing: border-box;">In the release notes, it has quite a few fixes to Captive Portal. Hopefully these will be of use to your setups</div><div fr-original-style="" style="box-sizing: border-box;"><br fr-original-style="" style="box-sizing: border-box;"></div><div fr-original-style="" style="box-sizing: border-box;"><a data-fr-linked="true" href="https://docs.netgate.com/pfsense/en/latest/releases/2-7-0.html" id="isPasted" fr-original-style="" style="box-sizing: border-box; color: rgb(0, 102, 147); text-decoration: underline; user-select: auto;" target="_blank" rel="noopener noreferrer">https://docs.netgate.com/pfsense/en/latest/releases/2-7-0.html</a></div><div fr-original-style="" style="box-sizing: border-box;"><br fr-original-style="" style="box-sizing: border-box;"></div><div fr-original-style="" style="box-sizing: border-box;">Regards</div><div fr-original-style="" style="box-sizing: border-box;"><br fr-original-style="" style="box-sizing: border-box;"></div><div contenteditable="false" fr-original-style="" style="box-sizing: border-box;"><p style="margin: 0in 0in 0.0001pt; font-size: 15px; font-family: Calibri, sans-serif; box-sizing: border-box; color: rgb(68, 68, 68);" fr-original-style="margin:0in;margin-bottom:.0001pt;font-size:15px;font-family:"Calibri",sans-serif;">Ron Woods</p><p style="margin: 0in 0in 0.0001pt; font-size: 15px; font-family: Calibri, sans-serif; box-sizing: border-box; color: rgb(68, 68, 68);" fr-original-style="margin:0in;margin-bottom:.0001pt;font-size:15px;font-family:"Calibri",sans-serif;">Computer Services Manager</p><p style="margin: 0in 0in 0.0001pt; font-size: 15px; font-family: Calibri, sans-serif; box-sizing: border-box; color: rgb(68, 68, 68);" fr-original-style="margin:0in;margin-bottom:.0001pt;font-size:15px;font-family:"Calibri",sans-serif;">St. Clairsville Public Library</p><p style="margin: 0in 0in 0pt; font-family: Calibri, sans-serif; font-size: 15px; box-sizing: border-box; color: rgb(68, 68, 68);" fr-original-style="margin: 0in 0in 0pt; font-family: "Calibri",sans-serif; font-size: 15px;">740-695-2062 ext 619</p><div fr-original-style="" style="box-sizing: border-box;"><a data-fr-linked="true" href="https://www.stclibrary" fr-original-style="" style="box-sizing: border-box; color: rgb(0, 102, 147); text-decoration: underline; user-select: auto;" target="_blank" rel="noopener noreferrer">https://www.stclibrary</a>.org</div></div><div fr-original-style="" style="box-sizing: border-box;"><br fr-original-style="" style="box-sizing: border-box;"></div><hr id="previousmessagehr" fr-original-style="" style="box-sizing: border-box; clear: both; user-select: none;"><div fr-original-style="" style="box-sizing: border-box;"><span fr-original-style="" style="box-sizing: border-box;"><strong fr-original-style="" style="box-sizing: border-box; font-weight: 700;">From</strong>: "Chad Neeper via OPLINTECH" <oplintech@lists.oplin.org><br fr-original-style="" style="box-sizing: border-box;"><strong fr-original-style="" style="box-sizing: border-box; font-weight: 700;">Sent</strong>: 6/26/23 4:36 PM<br fr-original-style="" style="box-sizing: border-box;"><strong fr-original-style="" style="box-sizing: border-box; font-weight: 700;">To</strong>: OPLINTECH <oplintech@lists.oplin.org><br fr-original-style="" style="box-sizing: border-box;"><strong fr-original-style="" style="box-sizing: border-box; font-weight: 700;">Subject</strong>: Re: [OPLINTECH] Pfsense 2.7<br fr-original-style="" style="box-sizing: border-box;"></span></div><div fr-original-style="" style="box-sizing: border-box;"><br fr-original-style="" style="box-sizing: border-box;"></div><div id="ExternalSenderHeader" style="padding: 3px 6px; color: rgb(34, 34, 34); border: 2px solid rgb(248, 233, 114); background-color: rgb(255, 248, 193); box-sizing: border-box;" fr-original-style="padding: 3px 6px; color: #222; border: solid #f8e972 2px; background-color: #fff8c1;" fr-original-class="external-sender-warning-box"><em fr-original-style="" style="box-sizing: border-box;">CAUTION: This email originated from outside of this organization. Do not click on links or open attachments unless you recognize the sender and know the content is safe.</em></div><div fr-original-style="" style="box-sizing: border-box;"><br fr-original-style="" style="box-sizing: border-box;"></div><div dir="ltr" fr-original-style="" style="box-sizing: border-box;"><div fr-original-style="" style="box-sizing: border-box;">I've been using pfSense for a good long time myself... probably going on 20 years or so now, back when Netgate was Electric Sheep Fencing. I find it to be an absolutely perfect and scalable firewall for the libraries I work with. There have been some big sets of changes before, including upgrading the FreeBSD base. I've generally always looked forward to the updates and rarely have significant issues. Just follow sensible upgrade procedures, including reviewing any specific guidance offered by Netgate. Make your config backups, of course, for both your primary and secondary firewalls (assuming your CARP). I generally upgrade my secondary firewalls first, review the configuration and interface for interesting changes, then fail over to the secondary to ensure that everything is working as expected. Assuming all is fine on the secondary, I'll upgrade the primary and review its config. Then fail back to the primary, continuing to watch for issues. After upgrading both, I usually make a second set of backups with the upgraded pfSense, just so I have a baseline backup in the current (new) pfSense version. I always have the Auto Config Backup enabled on both primary and secondary firewalls, but I like to do the manual backups old-school style too.</div><div fr-original-style="" style="box-sizing: border-box;"><br fr-original-style="" style="box-sizing: border-box;"></div><div fr-original-style="" style="box-sizing: border-box;">My own typical config for the libraries I work is probably a little unique. I actually leverage linux host servers and run my pfSense boxes virtualized. It's an old tactic I've been using very successfully since the earliest days of virtualization. With some physical NICs in the servers dedicated to firewall activity, it works quite well for me. It also gives me the added advantage of being able to very simply make a complete and full backup of the full virtual machine for both my primary and secondary firewalls. So in the event of a major catastrophic upgrade failure, I can very easily just revert to the backup I (likely) made just before starting the upgrade and then everything is 100% back to normal. Leveraging the redundant firewalls, I can do everything (rebooting a firewall, backing up virtual machines, restoring virtual machines, whatever) live without end users ever noticing. (Redundancy is extremely useful!)</div><div fr-original-style="" style="box-sizing: border-box;"><br fr-original-style="" style="box-sizing: border-box;"></div><div fr-original-style="" style="box-sizing: border-box;">Honestly, I knew it has been under development, but I haven't really been paying all that much attention to specifically what's going on with the latest pfSense point release. I did skim the links you included to see if there was anything that seemed particularly scary. You're right about some major changes, but it's been done before. I'll take a little more care with this particular upgrade and ensure that I have my appropriate safety nets in place before I upgrade any of the firewalls, but I'm not overly concerned (in my own particular upgrade scenarios.)</div><div fr-original-style="" style="box-sizing: border-box;"><br fr-original-style="" style="box-sizing: border-box;"></div><div fr-original-style="" style="box-sizing: border-box;">What <u fr-original-style="" style="box-sizing: border-box;">will</u> concern me a bit more is when I need to upgrade single (non-CARP) firewall instances running on bare metal. I have a few libraries like that out there. I generally save those for last and try to ensure I have a safety net available if possible. I typically also upgrade a firewall like that only on-site at the library. I've been bitten before by a failed (semi-bricked) upgrade, where I wouldn't have been able to recover had I been trying to upgrade remotely. Ever since then, I've been a little more cautious with my choice of timing for the upgrade and my safety nets at those libraries.</div><div fr-original-style="" style="box-sizing: border-box;"><br fr-original-style="" style="box-sizing: border-box;"></div><div fr-original-style="" style="box-sizing: border-box;">Overall, I'm looking forward to the release. I'll be especially happy if it resolves a longstanding issue I've had with Captive Portal in 2.6.x!</div><div fr-original-style="" style="box-sizing: border-box;"><br fr-original-style="" style="box-sizing: border-box;"></div>Is there anything in particular that's concerning you with the 2.6 → 2.7 upgrade? Or is just intelligent due diligence and caution prompting your post?<div fr-original-style="" style="box-sizing: border-box;"><br fr-original-style="" style="box-sizing: border-box;"></div><div fr-original-style="" style="box-sizing: border-box;">Chad</div><div fr-original-style="" style="box-sizing: border-box;"><br fr-original-style="" style="box-sizing: border-box;"><div fr-original-style="" style="box-sizing: border-box;"><div dir="ltr" data-smartmail="gmail_signature" fr-original-style="" fr-original-class="gmail_signature" style="box-sizing: border-box;"><div dir="ltr" fr-original-style="" style="box-sizing: border-box;"><div fr-original-style="" style="box-sizing: border-box;"><div dir="ltr" fr-original-style="" style="box-sizing: border-box;"><div fr-original-style="" style="box-sizing: border-box;">______________________________<br fr-original-style="" style="box-sizing: border-box;"><strong fr-original-style="" style="box-sizing: border-box; font-weight: 700;">Chad Neeper</strong><br fr-original-style="" style="box-sizing: border-box;"><font size="1" fr-original-style="" style="box-sizing: border-box;">Senior Systems Engineer</font><br fr-original-style="" style="box-sizing: border-box;"><br fr-original-style="" style="box-sizing: border-box;"><strong fr-original-style="" style="box-sizing: border-box; font-weight: 700;">Level 9 Networks</strong><br fr-original-style="" style="box-sizing: border-box;"><font size="1" fr-original-style="" style="box-sizing: border-box;">740-548-8070 (voice)<br fr-original-style="" style="box-sizing: border-box;">866-214-6607 (fax)</font><br fr-original-style="" style="box-sizing: border-box;"><br fr-original-style="" style="box-sizing: border-box;"><font size="1" fr-original-style="" style="box-sizing: border-box;"><em fr-original-style="" style="box-sizing: border-box;">Full IT/Computer consulting services -- Specialized in public libraries</em></font></div></div></div></div></div></div><br fr-original-style="" style="box-sizing: border-box;"></div></div><div fr-original-style="" style="box-sizing: border-box;"><br fr-original-style="" style="box-sizing: border-box;"></div><div fr-original-style="" fr-original-class="gmail_quote" style="box-sizing: border-box;"><div dir="ltr" fr-original-style="" fr-original-class="gmail_attr" style="box-sizing: border-box;">On Mon, Jun 26, 2023 at 3:40 PM Ron Woods via OPLINTECH <<a href="mailto:oplintech@lists.oplin.org" fr-original-style="" style="box-sizing: border-box; color: rgb(0, 102, 147); text-decoration: underline; user-select: auto;" target="_blank" rel="noopener noreferrer">oplintech@lists.oplin.org</a>> wrote:</div><blockquote style="margin: 0px 0px 0px 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex; box-sizing: border-box; color: rgb(94, 53, 177);" fr-original-style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex;" fr-original-class="gmail_quote"><div style="font-family: arial; font-size: 14px; box-sizing: border-box;" fr-original-style="font-family:arial;font-size:14px;"><div style="box-sizing:border-box;" fr-original-style="box-sizing:border-box;">Hi,</div><div style="box-sizing:border-box;" fr-original-style="box-sizing:border-box;"><br style="box-sizing:border-box;" fr-original-style="box-sizing:border-box;"></div><div style="box-sizing:border-box;" fr-original-style="box-sizing:border-box;">Are any other libraries out there using Pfsense? We have been using it here in STC for many years, it is a very solid extensible open source firewall system.</div><div style="box-sizing:border-box;" fr-original-style="box-sizing:border-box;"><br style="box-sizing:border-box;" fr-original-style="box-sizing:border-box;"></div><div style="box-sizing:border-box;" fr-original-style="box-sizing:border-box;">The newest version 2.7 is getting ready to drop here in a few weeks. </div><div style="box-sizing:border-box;" fr-original-style="box-sizing:border-box;"><br style="box-sizing:border-box;" fr-original-style="box-sizing:border-box;"></div><div style="box-sizing:border-box;" fr-original-style="box-sizing:border-box;"><a href="https://www.netgate.com/blog/pfsense-rc-2.7.0-and-23.05.1" id="m_-3113927554073913650isPasted" style="box-sizing: border-box; color: rgb(0, 102, 147); text-decoration: underline; user-select: auto;" rel="noopener noreferrer" fr-original-style="box-sizing:border-box;color:rgb(0,102,147);text-decoration:underline;" target="_blank" rel="noopener noreferrer">https://www.netgate.com/blog/pfsense-rc-2.7.0-and-23.05.1</a></div><div style="box-sizing:border-box;" fr-original-style="box-sizing:border-box;"><a href="https://docs.netgate.com/pfsense/en/latest/releases/2-7-0.html" id="m_-3113927554073913650isPasted" style="box-sizing: border-box; color: rgb(0, 102, 147); text-decoration: underline; user-select: auto;" rel="noopener noreferrer" fr-original-style="box-sizing:border-box;color:rgb(0,102,147);text-decoration:underline;" target="_blank" rel="noopener noreferrer">https://docs.netgate.com/pfsense/en/latest/releases/2-7-0.html</a></div><div style="box-sizing:border-box;" fr-original-style="box-sizing:border-box;"><br style="box-sizing:border-box;" fr-original-style="box-sizing:border-box;"></div><div style="box-sizing:border-box;" fr-original-style="box-sizing:border-box;">It is a pretty big upgrade from previous versions. on the backend they have overhauled the entire FreeBSD base from version 12 to 14, and they also had to make quite a few compatibility changes moving from PP 7.4.x to 8.2.6. As I had been following the Redmine very closely over the last year. </div><div style="box-sizing:border-box;" fr-original-style="box-sizing:border-box;"><br style="box-sizing:border-box;" fr-original-style="box-sizing:border-box;"></div><div style="box-sizing:border-box;" fr-original-style="box-sizing:border-box;"><a href="https://redmine.pfsense.org/versions/70" id="m_-3113927554073913650isPasted" style="box-sizing: border-box; color: rgb(0, 102, 147); text-decoration: underline; user-select: auto;" rel="noopener noreferrer" fr-original-style="box-sizing:border-box;color:rgb(0,102,147);text-decoration:underline;" target="_blank" rel="noopener noreferrer">https://redmine.pfsense.org/versions/70</a></div><div style="box-sizing:border-box;" fr-original-style="box-sizing:border-box;"><br style="box-sizing:border-box;" fr-original-style="box-sizing:border-box;"></div><div style="box-sizing:border-box;" fr-original-style="box-sizing:border-box;">If anyone else out there is using it, what are your upgrade plans come post June 29th? I have a set of identical hardware to my production box that I plan to convert my existing configuration to the new 2.7, and then i will create a backup box based on 2.6 with my current set up before i upgrade my production box. If anyone has any suggestions or things they are going to do, i'd appreciate it if you would post. </div><div style="box-sizing:border-box;" fr-original-style="box-sizing:border-box;"><br style="box-sizing:border-box;" fr-original-style="box-sizing:border-box;"></div><div style="box-sizing:border-box;" fr-original-style="box-sizing:border-box;">Thanks!</div><div style="box-sizing:border-box;" fr-original-style="box-sizing:border-box;"><br style="box-sizing:border-box;" fr-original-style="box-sizing:border-box;"></div><div style="box-sizing:border-box;" fr-original-style="box-sizing:border-box;">Sincerely</div><div style="box-sizing:border-box;" fr-original-style="box-sizing:border-box;"><br style="box-sizing:border-box;" fr-original-style="box-sizing:border-box;"></div><div style="box-sizing:border-box;" fr-original-style="box-sizing:border-box;"><br style="box-sizing:border-box;" fr-original-style="box-sizing:border-box;"></div><div style="box-sizing:border-box;" fr-original-style="box-sizing:border-box;"><p style="margin:0in 0in 0.0001pt;font-size:15px;font-family:Calibri,sans-serif;box-sizing:border-box;color:rgb(68,68,68);" fr-original-style="margin:0in 0in 0.0001pt;font-size:15px;font-family:Calibri,sans-serif;box-sizing:border-box;color:rgb(68,68,68);">Ron Woods</p><p style="margin:0in 0in 0.0001pt;font-size:15px;font-family:Calibri,sans-serif;box-sizing:border-box;color:rgb(68,68,68);" fr-original-style="margin:0in 0in 0.0001pt;font-size:15px;font-family:Calibri,sans-serif;box-sizing:border-box;color:rgb(68,68,68);">Computer Services Manager</p><p style="margin:0in 0in 0.0001pt;font-size:15px;font-family:Calibri,sans-serif;box-sizing:border-box;color:rgb(68,68,68);" fr-original-style="margin:0in 0in 0.0001pt;font-size:15px;font-family:Calibri,sans-serif;box-sizing:border-box;color:rgb(68,68,68);">St. Clairsville Public Library</p><p style="margin:0in 0in 0pt;font-family:Calibri,sans-serif;font-size:15px;box-sizing:border-box;color:rgb(68,68,68);" fr-original-style="margin:0in 0in 0pt;font-family:Calibri,sans-serif;font-size:15px;box-sizing:border-box;color:rgb(68,68,68);">740-695-2062 ext 619</p><div style="box-sizing:border-box;" fr-original-style="box-sizing:border-box;"><a href="https://www.stclibrary" style="box-sizing: border-box; color: rgb(0, 102, 147); text-decoration: underline; user-select: auto;" rel="noopener noreferrer" fr-original-style="box-sizing:border-box;color:rgb(0,102,147);text-decoration:underline;" target="_blank" rel="noopener noreferrer">https://www.stclibrary</a>.org</div></div></div>_______________________________________________<br fr-original-style="" style="box-sizing: border-box;">OPLINTECH mailing list<br fr-original-style="" style="box-sizing: border-box;"><a href="mailto:OPLINTECH@lists.oplin.org" fr-original-style="" style="box-sizing: border-box; color: rgb(0, 102, 147); text-decoration: underline; user-select: auto;" target="_blank" rel="noopener noreferrer">OPLINTECH@lists.oplin.org</a><br fr-original-style="" style="box-sizing: border-box;"><a href="https://lists.oplin.org/mailman/listinfo/oplintech" rel="noreferrer" fr-original-style="" style="box-sizing: border-box; color: rgb(0, 102, 147); text-decoration: underline; user-select: auto;" target="_blank" rel="noopener noreferrer">https://lists.oplin.org/mailman/listinfo/oplintech</a><br fr-original-style="" style="box-sizing: border-box;"><br fr-original-style="" style="box-sizing: border-box;">****** Send text messages to your library's patrons for FREE: <a href="https://oplin.ohio.gov/sms******" rel="noreferrer" fr-original-style="" style="box-sizing: border-box; color: rgb(0, 102, 147); text-decoration: underline; user-select: auto;" target="_blank" rel="noopener noreferrer">https://oplin.ohio.gov/sms******</a></blockquote></div></div>