Changing NIC caused me a whole load of pain

[jonm]

I changed the NIC in my OPnsense box from a quad Gbit to a dual 10Gbit card. This meant the interfaces changed - what were previously igb0/1 became ix0/1 after the change.

So I logged in on the console and ran option 1) Assign interfaces.

But this caused Unbound and ISC to be disabled and Dnsmasq to be enabled. It took a lot of faffing around to sort this out. Should this have happened? Or did I do the wrong thing when I changed the NIC? I'd like to learn from this experience... 

Thanks :)

[Monviech (Cedrik)]

You could have change the assignment in "Interface - Assignment" in the dropdown of WAN/LAN/OPT1. It's abstracted so all of your rules would have moved as well and all services would have used the new interfaces.

[jonm]

But I couldn't connect to the web interface because I had no network connections - only the console.

[Monviech (Cedrik)]

I guess not having a management interface can make things harder.
So next time, OOB makes a change easier too.

[mooh]

For a while I had an old mac mini with additional thunderbolt ethernet ports as a backup for a DEC750. I used to download the config from the DEC750 and run it through sed (global search and replace tool) to replace all interface names, like "s/igb0/bge1/g" and so on. One may even map multiple interfaces from the old setup to one in the new one. Worked like a charm for me.

Just note down the interface names on the originating machine, log into a default installation on the destination machine and you'll see which interface names need to be replaced and how. Modify the config file and restore it on the new hardware. Same in your case, when changing interface adaptor cards.

[Monviech (Cedrik)]

Careful with replacements I know of people who replaced strings inside certificates that way.

But if you're careful thats viable.

[mooh]

Good advice. Of course it is best to search for <if>igb0</if> while replacing

[jonm]

For a while I had an old mac mini with additional thunderbolt ethernet ports as a backup for a DEC750. I used to download the config from the DEC750 and run it through sed (global search and replace tool) to replace all interface names, like "s/igb0/bge1/g" and so on. One may even map multiple interfaces from the old setup to one in the new one. Worked like a charm for me.

Just note down the interface names on the originating machine, log into a default installation on the destination machine and you'll see which interface names need to be replaced and how. Modify the config file and restore it on the new hardware. Same in your case, when changing interface adaptor cards.

That's a neat trick  - thanks.

[franco]

Note the port assignment is a tool for initial assignment, not for changing configurations on the fly. It can work, but it's not designed to care much and never has been since.


Cheers,
Franco

[jonm]

Note the port assignment is a tool for initial assignment, not for changing configurations on the fly. It can work, but it's not designed to care much and never has been since.


Cheers,
Franco

Thanks Franco. Duly noted. How should
I have done this properly?

[Patrick M. Hausen]

What I do in such cases is "hack it" on the command line - "ifconfig <interface> inet 192.168.1.1/24" followed by "pfctl -d" (with all untrusted networks disconnected). Then connect to the UI and step by step fix things. If necessary repeat that "pfctl -d" (disable all firewalling) on the console until you get to a stable configuration.

[franco]

How should I have done this properly?

For an inline replacement: Make a backup of your latest config. Make sure your new NICs work and are numbered correctly (perhaps using a live media boot to inspect this). Boot the old system again (with the old NICs plugged again). Change /conf/config.xml interface instances like suggested here already. Shut down (not reboot). Switch NICs if needed. Boot up.


Cheers,
Franco