Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
[OpenVPN] Upgrading to OPNsense from Pfsense
« previous
next »
Print
Pages: [
1
]
Author
Topic: [OpenVPN] Upgrading to OPNsense from Pfsense (Read 2241 times)
tuaris
Jr. Member
Posts: 61
Karma: 4
[OpenVPN] Upgrading to OPNsense from Pfsense
«
on:
December 05, 2020, 05:01:24 am »
I would like to change an existing firewall/router that is running Pfsense to OPNsense. I'm not looking for automatic migration.
I will be manually re-configuring the new firewall by having the two running simultaneously, but isolated from each other using VLAN's on my switch. Then once everything is setup I do a cut-over by swapping VLAN's on the switch.
I've done this many times, moving to and from other firewalls (m0n0wall, t1n1wall, smallwall, opnsense, and pfsense). Usually moving between different firewall platform's isn't a major undertaking, even with the vast amount of rules, and configurations I have in place.
In this specific instance I am using this firewall as an OpenVPN server.
How do I migrate the OpenVPN configuration from Pfsense to OPNsense without having to reconfigure each client?
Logged
bartjsmit
Hero Member
Posts: 2017
Karma: 194
Re: [OpenVPN] Upgrading to OPNsense from Pfsense
«
Reply #1 on:
December 05, 2020, 08:20:40 am »
It's all about the crypto. You need to use/migrate the same PKI as you had before. Since the name that your clients use through public (dynamic) DNS won't change, you need to copy across the X.509 certificate from your old firewall and its private key. If you can't, then your CA needs to issue a new cert with the same CN/SAN/Wildcard to cover the external FQDN.
If your CA was hosted on your old firewall, you need to copy that across as well. Same procedure; import the cert and key. You will need it to roll out new clients. If you don't have (access to) it, you need to import its root and intermediate certs at least. The clients will have a copy of those. As you may know if you've used it before, all OPNsense PKI management is through System, Trust.
Lastly, you need to copy the OpenVPN server config. Things that matter most are tun/tap, port, and compression settings. If you had niceties for your clients, like pushed routing and DNS, then they'll need to be copied as well.
Test, tweak, deploy
Bart...
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
[OpenVPN] Upgrading to OPNsense from Pfsense