Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
Migrating OpenVPN from legacy to instance, no detailed information
« previous
next »
Print
Pages: [
1
]
Author
Topic: Migrating OpenVPN from legacy to instance, no detailed information (Read 1196 times)
patrick3000
Jr. Member
Posts: 87
Karma: 6
Migrating OpenVPN from legacy to instance, no detailed information
«
on:
April 05, 2024, 12:39:36 am »
I have OpenVPN installed in server mode which has been working perfectly for the past year in OPNsense (and before that for almost ten years in Pfsense before I switched to OPNsense last year). I use the OpenVPN server on OPNsense to access my entire home network, including LAN and various other subnets, from a Linux Mint laptop acting as OpenVPN client when I'm away from home.
However, as of version 24.1 of OPNsense, the OpenVPN server shows as "legacy," and I will need to migrate to an "instance" rather than server.
Unfortunately, the official documentation on this, which is contained here
https://docs.opnsense.org/manual/vpnet.html
, is rather sparse. In addition, the official documentation only discusses setting up an instance from scratch, not migrating from a server in legacy mode to an instance.
Also, there are no online tutorials, at least that I can find, on setting up an OpenVPN instance on OPNsense.
I have looked at the configuration menu for an OpenVPN instance, and there are things about it that are confusing.
For one thing, there is no option to specify the interface, as there is in the legacy server menu. That's a problem for me because I have two WAN interfaces, WAN and WAN2, with WAN as primary and WAN2 for fail-over. I only want to access OpenVPN on WAN, not WAN2, because I plan to eventually set up another VPN on WAN2. However, I don't have static public IP addresses and use dynamic DNS to get to WAN, and there is only an option for a "Bind address" (which I assume means IP address), not Bind URL which I would need with dynamic DNS, to specify that I only want to use WAN for OpenVPN.
There are also other confusing things in the instance menu, like "Push options," which are not present in the legacy server menu.
If anyone has any thoughts on this or knows of a detailed tutorial on setting up an OpenVPN instance, I would appreciate learning about it. Also, does anyone know how soon the legacy server mode will be phased out? I hope it won't be in the next version of OPNsense due out this summer, because if it is, I suspect that there will be many surprised users.
«
Last Edit: April 05, 2024, 12:43:14 am by patrick3000
»
Logged
patrick3000
Jr. Member
Posts: 87
Karma: 6
Re: Migrating OpenVPN from legacy to instance, no detailed information
«
Reply #1 on:
April 05, 2024, 06:27:24 am »
As a follow-up, I am making some progress on this. I haven't deployed instance configuration yet, but some things are becoming clearer.
First, I have realized that the lack of ability to specify an interface with instance configuration is not a problem, at least for me, because in the client export menu, I will specify a hostname associated with WAN, which will ensure that any authorized connection will arrive on the WAN, rather than WAN2, interface.
Second, some of my questions were answered in this thread:
https://forum.opnsense.org/index.php?topic=38532.0
.
The bottom line is that there does not appear to be a comprehensive, detailed source of information regarding migration from legacy server to instance configuration, but it's possible to piece it together from the official Decisio documentation here
https://docs.opnsense.org/manual/how-tos/sslvpn_instance_roadwarrior.html
and the other thread in this forum that I mentioned.
«
Last Edit: April 05, 2024, 06:51:20 am by patrick3000
»
Logged
Monviech (Cedrik)
Global Moderator
Hero Member
Posts: 1613
Karma: 176
Re: Migrating OpenVPN from legacy to instance, no detailed information
«
Reply #2 on:
April 05, 2024, 02:51:00 pm »
The knowledge and information you gathered could be used for a comprehensive guide.
You could write one and submit it here:
https://github.com/opnsense/docs
Logged
Hardware:
DEC740
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
Migrating OpenVPN from legacy to instance, no detailed information