Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Build second FW identical to the first
« previous
next »
Print
Pages: [
1
]
Author
Topic: Build second FW identical to the first (Read 949 times)
RichJacot
Newbie
Posts: 12
Karma: 0
Build second FW identical to the first
«
on:
January 06, 2024, 04:01:14 pm »
Hello,
1st post here. I've been on pfsense over a year and a half to two years now and now I'm on OPNsense. So far I'm really liking it and only have a couple things I was doing on my pfsense that I need to figure out on OPNsense.
Anyway, my pfsense box just up and died and I was thinking about going to OPNsense a few months before that. So I took the opportunity to make the switch. Now I would like to build a second OPNsense just like the first. What's the best way to go about that? The part I'm having trouble with is the interfaces? How can I build up the second one BEHIND the first? I could use different IPs for the LAN and WAN during the build but how do I get the correct IPs before taking it down? The end goal is to have the second one sitting ready to power up, apply the lastest backup from the first, which is stored on the NAS and not on itself, switch the cables and be running again with minimal downtime.
Of course I'd have to plug it in once in a while to apply updates and maybe apply the latest backup and power off again. Oh and I'll be sure to install all of the same plugins I have on the 1st/production one.
Any help or ideas are greatly appreciated!
Logged
cookiemonster
Hero Member
Posts: 1823
Karma: 95
Re: Build second FW identical to the first
«
Reply #1 on:
January 06, 2024, 11:39:44 pm »
If the hardware is identical, then restoring the config backup from the first will set the second up, without plugins, etc. of course.
If they hardware is not identical, then you have to modify the backed up config first manually. Search and replace type of thing.
Logged
RichJacot
Newbie
Posts: 12
Karma: 0
Re: Build second FW identical to the first
«
Reply #2 on:
January 07, 2024, 01:02:11 am »
Thinking about it more, I should be able to plug the WAN port onto the production FWs LAN and just get a DHCP IP like the WAN is normally setup. Then plug my laptop, with a fixed LAN IP into the backup FWs LAN port. From there I should be able to install all of the packages and restore the backup. Sound feasible? Do you think this will cause any issues on the existing LAN/VLANs if I leave it plugged in very long? I'd be nice I could power it up once in awhile to do updates and slap a current backup on it.
Logged
meyergru
Hero Member
Posts: 1684
Karma: 165
IT Aficionado
Re: Build second FW identical to the first
«
Reply #3 on:
January 07, 2024, 10:49:59 am »
In fact, even on the same hardware, there are still things to consider: The MACs of the NICs will differ. This in turn will affect any MAC-based rules and aliases, including dynamic IPv6 hosts.
You may get away with assigning artificial MACs to your interfaces from the get-go, but they do not work for all NIC types.
But, since the config backup is text-based, you can search and replace the MACs before a restore.
Logged
Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005
1100 down / 440 up
,
Bufferbloat A+
RichJacot
Newbie
Posts: 12
Karma: 0
Re: Build second FW identical to the first
«
Reply #4 on:
January 07, 2024, 03:26:55 pm »
Thank you. I hadn't thought of that.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Build second FW identical to the first