Questions to Migrate OpenVPN Servers legacy to Instances New

Started by teo88, February 02, 2024, 09:35:53 AM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions
November 16, 2024, 10:10:24 AM #15
Quote from: lostpacket on August 31, 2024, 06:17:30 PM
I recently migrated from the "legacy" OpenVPN client configuration to the "instance" one.

I have an existing, working client setup under legacy that it would be nice to be able to migrate, but since the old one was set up with the help of the wizard and includes both the VPN setup, firewall rules and a dedicated interface, I am a bit daunted how to replicate the legacy client in the new Instances setup, without the wizard to guide me.

The documentation I found mentions two examples (site-to-site tunnel and road warrior) but neither fits my scenario. I just need to route traffic from a specific client on my LAN to a tunnel to my VPN provider.

Has anyone found improved documentation to guide them?
OPNsense 24.7.7-amd64 on APU2E4 using ZFS
March 04, 2025, 04:47:18 PM #16 Last Edit: March 09, 2025, 09:11:06 AM by dish
As a long time user and having seen OPNsense grow; it certainly shows a level excellence and quality from the team(s) and everyone contributing; thank you - keep up the good work.

Time to time though its frustrating when things get simplified to a point its confusing/ less usable. The UI is keeping up with the times but removing configurability doesnt make it polished, i expect many rely on some of the lesser used functions...  As a backup we had the 'insecure' option in some places that have too many options to cover but it continues to gets phased out and this is one of them; imo an authentic 'advanced' feature for those that needed it. Its been asked too frequently over the years to keep it and it makes sense in certain places.

My earlier experience with instances was successful but finicky; anyway its looks better now and I tried to setup a client vpn and i am missing the following few things:

explicit-exit-notify - please add; my provider requires it to close session
bind address - option to select interface instead of specifying an address
fast-io - not sure if still relevant
key-direction - useful for vpn in some countries
data-ciphers / data-ciphers-fallback / tls-cipher - option to select
pull-filter
March 07, 2025, 12:04:11 AM #17
Hi all,

It looks like the options are much more robust now than when i looked last.  eventually ill be migrating over. 

Thanks
May 07, 2025, 10:00:13 AM #18
Has anyone tried using a DNS name instead of an IP for the binding address?

According to the OpenVPN, the two options are host or IP. I looked around some on my router using legacy, and the config file in use had the local option (where the binding is set) to the address assigned by my providers DHCP server, so someone is doing some kind of magic.

The OpenVPN 2.4 manual does not allow assigning an interface, as far as I can tell.
Print
Go Up Pages 1 2
User actions