Migrate or convert from pfSense to OPNsense

Started by nzkiwi68, April 14, 2020, 03:28:16 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 14, 2020, 03:28:16 AM
Hi,

Sorry if this has been asked and answered.

I'm a long time pfSense user but I'm quite keen looking at how far OPNsense has come to look at migrating across a number of large customers with signifiant networks. I really am impressed with OPNsense roadmap, speed of development and release cycle.

Is there any migration tools for pfSense to OPNsense?

Really, all I really need is a method to import / migrate;

  • address objects
  • firewall rules

I can easily export firewall rules and address objects from pfSense. If I could easily import address objects and firewall rules that could be built against interfaces that had the same name in OPNSense, that would massively reduce the migration effort.

I'm quite happy to manually rebuild packages like FRR and HAPROXY and manually create all the right VLANs and interfaces inside OPNsense, it's just the large number loss of the many firewall rules and address objects.
If that bit of heavy lifting can be done, then migration from pfSense to OPNsense becomes a very real possibility and not the mammoth project if would be without this bit of importing rules and address objects.


April 15, 2020, 12:53:49 AM #1
And... one site has a larger number of traditional IPSEC VPN tunnels (over 140)


  • Is there an easy way to import VPN tunnels from pfSense to OPNsense?
April 17, 2020, 01:42:27 PM #2
Hi,

Config formats have diverged between projects quite a lot.

However, you can import alias contents via JSON import from the GUI.

You should also be able to partially import firewall rules using selective import. But in order to do this you need to setup interfaces almost identical for it to make sense... the risk of breakage is given if you do not know your config.xml content well.

IPsec also diverged a lot. I don't think we support their new tunnel parameter format.


Cheers,
Franco
April 22, 2020, 10:18:33 PM #3
Thank you for your reply.

The VPN's could be a big issue though, for smaller sites no real problem to hand rebuild, but, 1 site now has 170+ traditional IPSEC VPN tunnels.

*** Is there any chance of tool to convert them?

I think that becomes a show stopper when a pfSense installation runs many VPN tunnels.
Print
Go Up Pages1
User actions