31
General Discussion / Re: New user - Migrating from "The Other One" to OPNsense
« on: October 29, 2023, 09:39:32 am »
Initial Vlan/Vlan-Interface name adapting of the pfS "full config file".
Currently only needed if vlans are present in the pfSense config.
It turns out that pfSense and OPNsense doesn't use the same VLAN and Interface VLAN naming anymore.
And even though the OPNsense importer will import the current CE-2.7.0 Vlan names, the new pfSense naming might create other issues on the OPNsense.
Franco explains:
Before the pfS config file is being imported to OPNsense:
Vlan and interface names/referrals like the below:
igb1.100
must be changed to
igb1_vlan100
So we have to manually edit the pfS config file, and change some vlan and interface vlan names.
pfSense CE-2.7.0 naming of vlans.
Adapted pfSense naming of vlans, before OPNsense import
pfSense CE-2.7.0 naming of vlan-interfaces.
Adapted pfSense CE-2.7.0 naming of vlan-interfaces, before OPNsense import.
Remember to do your own adaptations
Ie. I have connected my OPNsense WAN (dhcp) to my "Inside Vlan".
And i have changed the "Inside Vlan ip net" in my pfS config file, that's going to be used for OPNsense.
Else i would have same ip on the OPNsense Inside , as on the OPNsense Wan (connected to my pfS Inside Vlan).
The OPNsense Inside will get the original lan restored, as soon as it goes into prod.
Currently only needed if vlans are present in the pfSense config.
It turns out that pfSense and OPNsense doesn't use the same VLAN and Interface VLAN naming anymore.
And even though the OPNsense importer will import the current CE-2.7.0 Vlan names, the new pfSense naming might create other issues on the OPNsense.
Franco explains:
Quote
At a quick glance it's the new (incompatible) way the VLANs are named in CE-2.7.0:
<if>igb1.899</if>
The old compatible way would be igb1_vlan899, but that also requires
changing the VLAN device names as well. This is going to be a manual
process. Otherwise the device will never be fully understood as a VLAN
and it could have more side effects during operation.
Before the pfS config file is being imported to OPNsense:
Vlan and interface names/referrals like the below:
igb1.100
must be changed to
igb1_vlan100
So we have to manually edit the pfS config file, and change some vlan and interface vlan names.
Quote
I made a manual search replace of these two combinations, as I only have vlans on em1 and em2
Watch out if you use "Replace All" ...
em1.
em1_vlan
em2.
em2_vlan
pfSense CE-2.7.0 naming of vlans.
Code: [Select]
<vlans>
<vlan>
<if>em1</if>
<tag>100</tag>
<pcp></pcp>
<descr><![CDATA[inside]]></descr>
<vlanif>em1.100</vlanif>
</vlan>
<vlan>
<if>em1</if>
<tag>110</tag>
<pcp></pcp>
<descr><![CDATA[new_inside]]></descr>
<vlanif>em1.110</vlanif>
</vlan>
<vlan>
<if>em2</if>
<tag>10</tag>
<pcp></pcp>
<descr><![CDATA[inet_only]]></descr>
<vlanif>em2.10</vlanif>
</vlan>
Adapted pfSense naming of vlans, before OPNsense import
Code: [Select]
<vlans>
<vlan>
<if>em1</if>
<tag>100</tag>
<pcp></pcp>
<descr><![CDATA[inside]]></descr>
<vlanif>em1_vlan100</vlanif>
</vlan>
<vlan>
<if>em1</if>
<tag>110</tag>
<pcp></pcp>
<descr><![CDATA[new_inside]]></descr>
<vlanif>em1_vlan110</vlanif>
</vlan>
<vlan>
<if>em2</if>
<tag>10</tag>
<pcp></pcp>
<descr><![CDATA[inet_only]]></descr>
<vlanif>em2_vlan10</vlanif>
</vlan>
pfSense CE-2.7.0 naming of vlan-interfaces.
Code: [Select]
<interfaces>
<lan>
<enable></enable>
<if>em1.110</if>
<descr><![CDATA[LAN]]></descr>
<spoofmac></spoofmac>
<ipaddr>192.168.110.1</ipaddr>
<subnet>24</subnet>
</lan>
<opt1>
<descr><![CDATA[inside_em1_VL100]]></descr>
<if>em1.100</if>
<spoofmac></spoofmac>
<enable></enable>
<ipaddr>192.168.17.1</ipaddr>
<subnet>24</subnet>
</opt1>
<opt2>
<descr><![CDATA[mgmt_em1_VL120]]></descr>
<if>em1.120</if>
<enable></enable>
<spoofmac></spoofmac>
<ipaddr>192.168.120.1</ipaddr>
<subnet>24</subnet>
</opt2>
<opt3>
<descr><![CDATA[inet_only_em2_VL10]]></descr>
<if>em2.10</if>
<spoofmac></spoofmac>
<enable></enable>
<ipaddr>192.168.11.1</ipaddr>
<subnet>24</subnet>
</opt3>
Adapted pfSense CE-2.7.0 naming of vlan-interfaces, before OPNsense import.
Code: [Select]
<interfaces>
<lan>
<enable></enable>
<if>em1_vlan110</if>
<descr><![CDATA[LAN]]></descr>
<spoofmac></spoofmac>
<ipaddr>192.168.110.1</ipaddr>
<subnet>24</subnet>
</lan>
<opt1>
<descr><![CDATA[inside_em1_VL100]]></descr>
<if>em1_vlan100</if>
<spoofmac></spoofmac>
<enable></enable>
<ipaddr>192.168.17.1</ipaddr>
<subnet>24</subnet>
</opt1>
<opt2>
<descr><![CDATA[mgmt_em1_VL120]]></descr>
<if>em1_vlan120</if>
<enable></enable>
<spoofmac></spoofmac>
<ipaddr>192.168.120.1</ipaddr>
<subnet>24</subnet>
</opt2>
<opt3>
<descr><![CDATA[inet_only_em2_VL10]]></descr>
<if>em2_vlan10</if>
<spoofmac></spoofmac>
<enable></enable>
<ipaddr>192.168.11.1</ipaddr>
<subnet>24</subnet>
</opt3>
Remember to do your own adaptations
Ie. I have connected my OPNsense WAN (dhcp) to my "Inside Vlan".
And i have changed the "Inside Vlan ip net" in my pfS config file, that's going to be used for OPNsense.
Else i would have same ip on the OPNsense Inside , as on the OPNsense Wan (connected to my pfS Inside Vlan).
The OPNsense Inside will get the original lan restored, as soon as it goes into prod.