As per the page at https://docs.opnsense.org/manual/vpnet.html#migrating-from-tunnels-to-connections
1. Does it work exactly the same or will I see any loss/difference in functionality?
2. Do I need to change anything on the remote end?
3. If the IPSec tunnel is between two OPNSense gateways, what must I do to ensure I do not lose connectivity?
Worked as documented for me. You can compare the strongswan configuration files before and after.
Quote from: Patrick M. Hausen on July 02, 2025, 10:12:17 AMWorked as documented for me. You can compare the strongswan configuration files before and after.
Thanks for the conformation. These are all remote sites that I (obviously) can't be present at simultaneously. The risk are of course very high if something were to go wrong.
...slightly off topic, but maybe having some "out of the box" support for cellular modems to be configured for emergency remote access to the OPNsense instance itself only (rather than as a WAN gateway) could be a neat feature.
Quote from: tuaris on July 08, 2025, 04:17:19 AMThese are all remote sites that I (obviously) can't be present at simultaneously. The risk are of course very high if something were to go wrong.
You can configure the old and the new connections in parallel and enable/disable as needed.
You can of course make the remote UI available without the VPN tunnel.