Assuming I want to build/migrate a new HW FW based on the live OPNsense which is in use. Right now the FW looks like this:
OPNsense 25.1.12-amd64
FreeBSD 14.2-RELEASE-p4
OpenSSL 3.0.17
and has a couple of plugins installed:
os-acme-client (installed) 4.9 789KiB 3 OPNsense ACME Client
os-caddy (installed) 2.0.2 246KiB 3 OPNsense Modern Reverse Proxy with Automatic HTTPS, Dynamic DNS and Layer4 Routing
os-crowdsec (installed) 1.0.10 62.7KiB 3 OPNsense Lightweight and collaborative security engine
os-etpro-telemetry (installed) 1.7_5 50.3KiB 2 OPNsense ET Pro Telemetry Edition
os-realtek-re (installed) 1.0 409B 3 OPNsense Realtek re(4) vendor driver
os-sensei (installed) 2.0.5 248MiB 2 SunnyValley Enterprise Security Extensions for OPNsense (ZENARMOR)
os-sensei-agent (installed) 2.0.5 117MiB 2 SunnyValley ZENARMOR Connectivity Agent for Cloud Central Management
os-sensei-updater (installed) 1.18 4.09KiB 2 SunnyValley OPNsense ZENARMOR Plugin Updater
os-smart (installed) 2.3_1 22.8KiB 3 OPNsense SMART tools
os-sunnyvalley (installed) 1.5 2.44KiB 2 OPNsense Vendor Repository for Zenarmor (Enterprise Security Modules - NGFW, SSE, SASE, f.k.a Sensei)
os-wol (installed) 2.5_1 22.7KiB 3 OPNsense Wake on LAN Service
I understand building a live usb-stick from vga iso, booting in this, is able to import the config.xml. I assume, the config will not work proper without beeing updated from 25.1 to 25.1.12, and without the configured plugins installed.
What would be the correct approach, to have a working migration (or a proper live usb-stick) in case of a breakdown?
Thank's for showing the light and pointing in the right direction.
regrads,
stefan
1. plugins
2. hardware differences
Saving the config of the current hardware and importing it on the new one will work and request the syncing of the declared plugins, which will need to be downloaded and setup according to that config.
The caveats are for those plugins (1.) in that some require more work and I can think of corwdsec as an example. There are a number of settings for it that are not saved in the OPN config due to its state where most configuration after install is on CLI.
For (2.) if the interdfaces hardware is different, then the config import won't match. The usual workaround is to do a search and replace before import but requires an intermediate step to boot the new hardware to identify the hardware. You are looking for interfaces like ix, igb, etc. Lookingt at your realtek-re installed it suggests you have realtek nics at present so they'll be reX,reY.
Can you use a separate LiveUSB for testing ?
Thank you for hopping on.
To adjust ifaces on a new hardware that's clear to me.
But:
Quoteupdated from 25.1 to 25.1.12
How to update from 25.1 to 25.1.12
Quoterequest the syncing of the declared plugins, which will need to be downloaded and setup according to that config
Where/how do I download and install (from cli) the plugins.
You need to install to the new system, update to the same version as the current one, then import the configuration.
After that all missing plugins can be installed automtically with a single click in the UI.
It's not in the way:
1. upgrade to 25.1.12
2. install the plugins
3. import the config.xml
?
I think I remember while trying to install plugins to an outdated version, that'll not work?
If you import the configuration first, there is a one click function in the UI to install all missing plugins. Less work.
O.k. making sense. Didn't see/try this yet. Will try.
Thx so far, will report.