OPNsense Forum
English Forums => Tutorials and FAQs => Topic started by: inorx on March 03, 2023, 08:11:04 pm
-
Hi all
i'm just about to migrate an old pfsense installation with a rather complex and huge configuration which would be days of work to manually migrate.
I did a quick test with pfsense/export - opnsense/import but it failed (it corrupted the opnsense configuration, leaving the software crashing, so i had to reset it).
Also i found that i.e. for Aliases there seems to be no import option under those "parts of configuration restore" dropdown.
I read it might not be expected that the opnsense conf is compatible with the pfsense conf (correct?) and therefore it's adviced to import part after part. I'm wondering if there is something like a best practise guide on how to do this, i.e. order of parts, how do the conf files have to look lioke (pure xml? no header section? ...)? The latter would be helpful in case the import fails, so so reformating could be done manually in a text editor.
Any hint is very welcome.
Thanks for your support guys.
-
When trying to import parts of the configuration exported from pfsense, this is the error message i get:
(https://forum.opnsense.org/index.php?action=dlattach;topic=32793.0;attach=26238;image)
-
Back a few versions ago the underlying code was similar enough that a direct import was possible. That's not the case now
-
So what procedure is considered to be the most efficient today?
Is there any information on how to covert the pfsense conf xml to the opnsense json conf?
-
Not sure what json you are referring to. OPNsense's primary configuration file is /conf/config.xml
-
You're right, it's an XML file.
And as you wrote, it's not compatible with the pfsense format.
For someone not involved in the dev process and without a specification of the output format, it does not seem to be possible to write a converter script to automate i.e. rule conversion to opnsense.
So for anyone else having the same challenge as i do, after a couple of days i got two conclusions:
1) Think again if you want to move to opnsense. There sure are a couple of advantages opnsense offers, but it also comes with a couple of shortcomings in various aspects, not only regarding migration but i.e. also regarding management of DHCP clients and aliases (not automatically created), absence of automatically generated reportes or a missing content filter (no, a web proxy with URL filtering isn't a proper content filter) to mention some.
2) Read your pfsense configuration xml files into Excel or similar, get rid of all records and columns you don't need and migrate manually by copy/paste to the opnsense Web Gui. Reserve some time as the GUI doesn't really offer support for mass manipulation of records/configuration items.
-
The method I used was to spin up a VM with the same number of interfaces (virtual) and went page by page to replicate my configuration. I then exported the configuration and imported it and re-mapped the previously virtual interfaces to physical ones.
-
You can read this thread, one new user already digged into it.
https://forum.opnsense.org/index.php?topic=36683.0
Also somebody on github did a script to covert the PF config into OPN, there are however some caveats
https://github.com/CitraIT/migrate_pfsense
Regards,
S.