OPNsense Forum

English Forums => General Discussion => Topic started by: deasmi on February 14, 2018, 01:03:34 pm

Title: Migrating from pfsense - problem
Post by: deasmi on February 14, 2018, 01:03:34 pm
Up front I think I've done something stupid, so am really wanting to clarify that.

Having recently decided to make the switch to opnsense due to the 'dramas' I wanted a quick way to achieve this.

I run a PCEngines APU2 4gb, although doubt that will make any difference.

For some reason I had got it into my head I could just import a pfsense config to opnsense, and as it mainly worked off I went.

I probably wouldn't have done this were is not for my OpenVPN setups as I didn't want to have to reconfigure all my (and others) client devices.

That and I have quite a few firewall aliases defined that would be a pain to setup again.

I am now suffering from random UI lockups, firewalls behaving strangely and other issues.

I am assuming, and some quick forum reading supports this,  I should never have imported a full config.

Can someone confirm that I've gone down the wrong track?

My plan to rectify is to save current opnsense config, start again and make a basic NAT config, then import OpenVPN/letsencrypt/firewall aliases only from the backup. Then I'll setup firewall/NAT rules from scratch.

Does that sound reasonable, or do I have to go scorched earth?

Thanks in advance

Thanks
Title: Re: Migrating from pfsense - problem
Post by: elektroinside on February 14, 2018, 01:50:12 pm
I've faced the same dilemma when migrating to OPNsense from pfsense.
I ended up recreating everything from scratch, not just to make sure everything is done right, but also to accommodate myself with the new firewall. Turned out it was a good decision :)

Basically, I can't answer your question, but I can (and I did) tell you how I mitigated this :)
Title: Re: Migrating from pfsense - problem
Post by: Ciprian on February 14, 2018, 03:26:22 pm
There are more than 3 years since OPNsense forked pfsense. That amount of time, and the fact that the purpose of the fork was/ is exactly code cleanup and optimization, as well as a more flexible (read "different") approach to plugins and etc., would make a start from scratch mandatory.

Even more, I have set for myself the habit of starting from scratch with every new major release (twice a year).

Until proven otherwise, your hiccups are from that complete inter-platform config export - import.
Title: Re: Migrating from pfsense - problem
Post by: dcol on February 14, 2018, 10:39:47 pm
A lot of the pages are similar between the two. Once I setup my interfaces, what I did was put up screens from both systems and just manually copy the setup. The Firewall section is almost identical. PFblockerNG is different as is the way IDS works. But there are ways to do the same thing in OPNsense. Actually IDS is much easier to use in OPNsense, and IPS actually works mainly because of the redesign and not supporting Snort, just Suricata.

I am sure someday, with all the defectors coming from 'you know where', someone will make an import feature. Even if it is just for the firewall section, that would be nice. Shouldn't be too difficult because it's just XML.
Title: Re: Migrating from pfsense - problem
Post by: seamus on February 23, 2018, 10:13:47 am

Having recently decided to make the switch to opnsense due to the 'dramas' I wanted a quick way to achieve this.

I run a PCEngines APU2 4gb, although doubt that will make any difference.

For some reason I had got it into my head I could just import a pfsense config to opnsense, and as it mainly worked off I went.

I'm also a former pfSense user, and wondered if I could import my pfSense backup file to OPNsense. Unlike you, I was fortunate in that my OPNsense install clearly communicated this was not a good idea!

But the real reason for my reply here is to ask you a question :)   What is your impression of the new PCEngines  APU2? I used its predecessor for years, and I loved the hardware.

~S