Migrating to a new OPNsense appliance

Started by Shoresy, February 17, 2023, 02:14:42 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 17, 2023, 02:14:42 AM Last Edit: February 17, 2023, 02:17:18 AM by Shoresy
I plan on migrating to a new Mini PC appliance for running OPNsense as my primary firewall/router. I have a fairly simple setup overall, but do have quite a few static mappings, some port forwarding rules, as well as a multi-wan configuration on my current appliance. The new appliance has a couple of extra NICs, a better CPU, more RAM/NVMe SSD space, etc.

Current OPNsense appliance is running 23.1.1-amd64, new appliance will run the same version. Right now I have both devices up and running, but there's only so much I can configure on the new device without causing conflicts since the devices are both on the same network (can't enable DHCP on the new device yet for obvious reasons).

Short of taking screenshots from my current appliance and reconfiguring the new one from scratch, which obviously will involve a chunk of time, is there an easy way to pull some of the configuration over from the old appliance to the new once, so that I don't have to redo all of my static DHCP mappings, etc.? I understand certain configs can't be migrated over because interface names and assignments will vary from one to the other. If I could simply pull over static DHCP mappings, perhaps firewall aliases, and a few other bits of config (without doing the manual screenshot method), that would be quite helpful.

Any suggestions/recommendations appreciated as always.
OPNsense 25.1.x-amd64
Intel(R) Celeron(R) N5105CPU @ 2.00GHz
Intel I226-V 2.5Gbe ports x6
16GB DDR4 RAM
256GB NVMe SSD
Dual WAN 1Gb symmetrical Fiber + 1Gb Cable
February 17, 2023, 06:18:32 AM #1 Last Edit: February 17, 2023, 06:20:12 AM by tiermutter
Have a look at System/Configuration/Backups. Here you can restore a config selecting the section you want to restore, eg firewall config or DHCP config.

However, if time permits, I would always prefer configuring from scratch, making a list of configs that need to be done later. Another idea is to set up the new device completely but seperated from actual network.
i am not an expert... just trying to help...
February 17, 2023, 02:45:41 PM #2
I just want to add please be aware if you chose to restore only the firewall section it will only restore your rules without the aliases.
To backup/restore aliases we need to do it through the Aliases tab, there are separate download & upload buttons on the lower right corner.
February 17, 2023, 03:53:45 PM #3 Last Edit: February 17, 2023, 03:56:32 PM by Shoresy
Appreciate the tips!

Since I have both appliances running side-by-side right now, with my new appliance having a temporary IP, I have been re-doing the config from scratch on the new device. Problem is certain things can't be done until I actually swap the appliances out, because I can't create Gateway groups, etc. until the new appliance is actually connected to the cable modem/network terminals in order to get WAN connections online. I have been able to reconfigure DHCP static entries and port forwarding rules however on the new appliance without problems, as well as creating aliases for certain devices that I force out through my primary WAN (I just use those devices' MAC addresses and alias them).

Another challenge will be the LAGG config...I have 3 LAGG'd ports used between the appliance/managed switch...won't be able to flip those over on the new device until I swap it out with the older one.
OPNsense 25.1.x-amd64
Intel(R) Celeron(R) N5105CPU @ 2.00GHz
Intel I226-V 2.5Gbe ports x6
16GB DDR4 RAM
256GB NVMe SSD
Dual WAN 1Gb symmetrical Fiber + 1Gb Cable
February 18, 2023, 03:38:10 PM #4
The instructions in this article worked perfectly for me. I moved to different hardware and switching from 1Gbps to 2.5Gbps interfaces with different names as well as locations for WAN, etc. This article lays out what to look for when making changes. Highly recommend reviewing it.
https://homenetworkguy.com/how-to/migrate-opnsense-to-new-hardware/
February 20, 2023, 06:56:52 PM #5
Unfortunately, I can't help you at all with this.  However, I did want to thank you for posting as I will be starting the exact same exercise once some new equipment I have on order arrives.
February 21, 2023, 12:14:47 AM #6
Quote from: SpinningRust on February 18, 2023, 03:38:10 PMHighly recommend reviewing it.  https://homenetworkguy.com/how-to/migrate-opnsense-to-new-hardware/

+1 to @SpinningRust posted

I too recently went through the same process.  I wish I had found this link before my migration.  As I had a hell of a time getting the Importer to work.  Piecing the config like you are doing is a much harder way to go.  I would install OPNsense using the importer as this link said on your new hardware while not connected to the network.   Then migrating is either disconnecting the old and plugging in the new, or in my case, shutting down some ports and enabling the new on some switches. 

Really curious why you would piece the configuration in? 
February 21, 2023, 04:42:07 AM #7 Last Edit: February 21, 2023, 04:44:53 AM by Shoresy
Quote from: SpinningRust on February 18, 2023, 03:38:10 PM
The instructions in this article worked perfectly for me. I moved to different hardware and switching from 1Gbps to 2.5Gbps interfaces with different names as well as locations for WAN, etc. This article lays out what to look for when making changes. Highly recommend reviewing it.
https://homenetworkguy.com/how-to/migrate-opnsense-to-new-hardware/

Great link! I ended up following some of it, some config I did from scratch. Fortunately my setup wasn't terribly complex. Once I physically swapped the appliances, I had to spend an hour or so finishing off the config when the new device was live and connected to the WANs. One thing that drove me nuts for awhile was a typo in one of my port forwarding rules that kept redirecting all web traffic on my LAN to an internal web server...turned out I was forwarding all port 80 and 443 traffic to an internal web server on the LAN/WAN, instead of just the WAN. I ended up figuring out the problem after disabling reflection for port forwards, then it quickly became obvious. Good thing I use a custom https port for OPNsense.
OPNsense 25.1.x-amd64
Intel(R) Celeron(R) N5105CPU @ 2.00GHz
Intel I226-V 2.5Gbe ports x6
16GB DDR4 RAM
256GB NVMe SSD
Dual WAN 1Gb symmetrical Fiber + 1Gb Cable
February 21, 2023, 03:42:18 PM #8
Perhaps we should ask for a more all-encompassing migration feature to be added :-)
February 21, 2023, 04:32:21 PM #9
I didn't read the networkguy thing, I hate scripts on simple how-to pages...

My recipe:

- do a table:

                  old              new

WAN       em1             igb1

LAN        em0             em1

WIFI       em3              igb0

etc.

- export the config of your old appliance and replace the old interface names with a text editor of your choice with the new interface according to your table above (take care for identical interface names in old/new appliance, mind the order of interface renames ;-)

- shut down old appliance

- boot new appliance with the needed plugins and import the edited config.xml

- reboot

...and you should have moved to the new appliance imho.I had no problems with my straight-forward setups yet.
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare

felix eichhorns premium katzenfutter mit der extraportion energie

A router is not a switch - A router is not a switch - A router is not a switch - A rou....
Print
Go Up Pages1
User actions