[SOLVED] OpenVPN and IPSec moving to plugins

[mg85]

Hello,

Thanks first of all for the hard work put into 25.7 - it's much appreciated and it feels rock solid!

I have a clarifying question on moving the IPSec and OpenVPN options to plug-ins.
After a fresh install of 25.7 and restoring my 25.1 configuration, I see both options still visible in the VPN menu, and can even configure them if I want to. Both options are visible also in the plugins section. I thought they would be removed from the menu unless you install them as a plugin. Or is this part of a next step?

[franco]

IPsec and OpenVPN are obviously still core components. Their "[legacy]" menu entries, however, are now in the plugins.


Cheers,
Franco

[mg85]

Thank you Franco.
If you say "Their "[legacy]" menu entries, however, are now in the plugins.", does this mean they will only be visible once you decide to install the plugins?
Both menu options are visible next to Wireguard, and configurable on my system even without installing the plugins.
Apologies for asking again in a different way, I just want to understand whether I am mistaken in the interpretation of the explanation or whether this could maybe be a "bug" :)

[franco]

Short answer: yes.

Long answer:

The config.xml holds configuration for both MVC and legacy components in the case of IPsec and OpenVPN. In 25.1 these 4 would still live side by side in the GUI.

Now if you update to 25.7 and have active legacy configurations for IPsec or OpenVPN you automatically get the plugin installed pre-upgrade in order to keep the GUI pages for 25.7. If you don't have active legacy configurations you don't, but if you want you can still install the plugins and configure them.

The trick here is that the IPsec and OpenVPN backend in core still know both implementations, but only configure the legacy ones when a file of the plugin is installed in the system. This was a precaution for when you still have active legacy tunnels and migrate to a new install so that the legacy tunnels do not suddenly start without visibility and a way to disable them.


Cheers,
Franco

[mg85]

Ok, thanks!
This is a bit odd then, as I did not have any of both actively configured on my 25.1 system. In fact, no VPN at all was ever configured.
It must have been the import of the 25.1 configuration then. This I assume would be the same for others that are executing the same steps?
Can I somehow adjust the config.xml in any way or is this not advised?

[franco]

There is likely nothing to fix. If you haven't configured the "[legacy]" pages you do not need them either.


Cheers,
Franco

[Patrick M. Hausen]

@mg85 - do you really have the *legacy* options visible in your UI?

IPsec and OpenVPN in general will remain in OPNsense core, of course, as already explained by @franco.

Refer to the screenshots for what is meant with "legacy options". These should be gone if you did not install the plugin(s).

HTH,
Patrick

[mg85]

@mg85 - do you really have the *legacy* options visible in your UI?

IPsec and OpenVPN in general will remain in OPNsense core, of course, as already explained by @franco.

Refer to the screenshots for what is meant with "legacy options". These should be gone if you did not install the plugin(s).

HTH,
Patrick

Apologies for the ignorance, after verifying your screenshots Patrick, it became clear to me. I was wrong, as I thought the full menu items would be removed and only return after you install relevant plugins, not that "a part of the menu items which are considered legacy" were removed in this version :).

Thanks Patrick and Franco for clarifying!