Migration Instruction for "VPN: IPsec: Tunnel Settings [legacy]"

tuaris · July 02, 2025, 02:17:18 AM

As per the page at https://docs.opnsense.org/manual/vpnet.html#migrating-from-tunnels-to-connections

1. Does it work exactly the same or will I see any loss/difference in functionality?
2. Do I need to change anything on the remote end?
3. If the IPSec tunnel is between two OPNSense gateways, what must I do to ensure I do not lose connectivity?

Patrick M. Hausen · July 02, 2025, 10:12:17 AM

Worked as documented for me. You can compare the strongswan configuration files before and after.

tuaris · July 08, 2025, 04:17:19 AM

Quote from: Patrick M. Hausen on July 02, 2025, 10:12:17 AMWorked as documented for me. You can compare the strongswan configuration files before and after.

Thanks for the conformation. These are all remote sites that I (obviously) can't be present at simultaneously. The risk are of course very high if something were to go wrong.

...slightly off topic, but maybe having some "out of the box" support for cellular modems to be configured for emergency remote access to the OPNsense instance itself only (rather than as a WAN gateway) could be a neat feature.

Patrick M. Hausen · July 08, 2025, 07:04:23 AM

Quote from: tuaris on July 08, 2025, 04:17:19 AMThese are all remote sites that I (obviously) can't be present at simultaneously. The risk are of course very high if something were to go wrong.

You can configure the old and the new connections in parallel and enable/disable as needed.
You can of course make the remote UI available without the VPN tunnel.

Migration Instruction for "VPN: IPsec: Tunnel Settings [legacy]"

tuaris

July 02, 2025, 02:17:18 AM

Patrick M. Hausen

July 02, 2025, 10:12:17 AM #1

tuaris

July 08, 2025, 04:17:19 AM #2

Patrick M. Hausen

July 08, 2025, 07:04:23 AM #3