On Sat, Oct 13, 2012 at 11:47:50AM -0500, Matt Morrow wrote:
> After dealing with a number of issues due to an old 3.8 install which have
> been resolved in current releases, I think I'm going to do the individual
> release upgrades (3.8->3.9->4.0, etc etc)
>
> The 3.9 upgrade guide says:
>
> pfsync(4) <http://www.openbsd.org/cgi-bin/man.cgi?query=pfsync&sektion=4> has
> changed format, so it can not keep state between a 3.8 and a 3.9 box.
> Mismatched systems will lose all connections when you switch which box is
> master, as states will not be transfered between systems. You can minimize
> the impact of this by upgrading your backup boxes first, so there is only
> one loss of active states.
>
>
> Can anyone explain what that means in terms of my existing pf configuration
> working as a simple router with a port forward? Does this simply mean that
> during the upgrade, if I had multiple servers running, that boxes would
> temporarily lose connectivity during the upgrade as they wouldnt switch
> over to a backup server automatically?
Are you running carp? If so, syncing the two filrewalls will not
happen while you are upgrading.
BTW, I think it makes more sense to backup your exsting config, do a
fresh install and then do the work to rebuild the config.
Doing 10 or more upgrade steps looks like way to much time wasted.
-Otto
