1
Virtual private networks / Migrating OpenVPN from legacy to instance, no detailed information
« on: April 05, 2024, 12:39:36 am »
I have OpenVPN installed in server mode which has been working perfectly for the past year in OPNsense (and before that for almost ten years in Pfsense before I switched to OPNsense last year). I use the OpenVPN server on OPNsense to access my entire home network, including LAN and various other subnets, from a Linux Mint laptop acting as OpenVPN client when I'm away from home.
However, as of version 24.1 of OPNsense, the OpenVPN server shows as "legacy," and I will need to migrate to an "instance" rather than server.
Unfortunately, the official documentation on this, which is contained here https://docs.opnsense.org/manual/vpnet.html, is rather sparse. In addition, the official documentation only discusses setting up an instance from scratch, not migrating from a server in legacy mode to an instance.
Also, there are no online tutorials, at least that I can find, on setting up an OpenVPN instance on OPNsense.
I have looked at the configuration menu for an OpenVPN instance, and there are things about it that are confusing.
For one thing, there is no option to specify the interface, as there is in the legacy server menu. That's a problem for me because I have two WAN interfaces, WAN and WAN2, with WAN as primary and WAN2 for fail-over. I only want to access OpenVPN on WAN, not WAN2, because I plan to eventually set up another VPN on WAN2. However, I don't have static public IP addresses and use dynamic DNS to get to WAN, and there is only an option for a "Bind address" (which I assume means IP address), not Bind URL which I would need with dynamic DNS, to specify that I only want to use WAN for OpenVPN.
There are also other confusing things in the instance menu, like "Push options," which are not present in the legacy server menu.
If anyone has any thoughts on this or knows of a detailed tutorial on setting up an OpenVPN instance, I would appreciate learning about it. Also, does anyone know how soon the legacy server mode will be phased out? I hope it won't be in the next version of OPNsense due out this summer, because if it is, I suspect that there will be many surprised users.
However, as of version 24.1 of OPNsense, the OpenVPN server shows as "legacy," and I will need to migrate to an "instance" rather than server.
Unfortunately, the official documentation on this, which is contained here https://docs.opnsense.org/manual/vpnet.html, is rather sparse. In addition, the official documentation only discusses setting up an instance from scratch, not migrating from a server in legacy mode to an instance.
Also, there are no online tutorials, at least that I can find, on setting up an OpenVPN instance on OPNsense.
I have looked at the configuration menu for an OpenVPN instance, and there are things about it that are confusing.
For one thing, there is no option to specify the interface, as there is in the legacy server menu. That's a problem for me because I have two WAN interfaces, WAN and WAN2, with WAN as primary and WAN2 for fail-over. I only want to access OpenVPN on WAN, not WAN2, because I plan to eventually set up another VPN on WAN2. However, I don't have static public IP addresses and use dynamic DNS to get to WAN, and there is only an option for a "Bind address" (which I assume means IP address), not Bind URL which I would need with dynamic DNS, to specify that I only want to use WAN for OpenVPN.
There are also other confusing things in the instance menu, like "Push options," which are not present in the legacy server menu.
If anyone has any thoughts on this or knows of a detailed tutorial on setting up an OpenVPN instance, I would appreciate learning about it. Also, does anyone know how soon the legacy server mode will be phased out? I hope it won't be in the next version of OPNsense due out this summer, because if it is, I suspect that there will be many surprised users.