[SOLVED] Migrating from pfSense

Started by dwasifar, February 03, 2018, 03:37:17 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 03, 2018, 03:37:17 AM Last Edit: October 17, 2018, 10:44:14 PM by franco
Is it possible to migrate from pfSense to OPNsense using a pfSense backup xml file?
February 03, 2018, 03:50:16 AM #1
Yes.  There are a few caveats regarding 3rd party packages (such as pfBlockerNG), but all of the settings that exist on a base install of pfSense should come over fine.

That having been said, OPNsense has a slightly different design philosophy than pfSense.  To clean up after my pfBlockerNG config, all I did was disable the aliases and firewall rules created by pfBlockerNG and remove the extra settings it added to the Unbound config.

If you're looking to duplicate pfBlockerNG, here is a good page on that.

http://www.routerperformance.net/opnsense/using-pfblocker-features-in-opnsense/

It will also open your eyes to the different design theories followed by OPNsense.
February 05, 2018, 11:59:44 AM #2
I was testing in VirtualBox importing config from pfsense 2.3.x:
- my problem was that if I imported all settings or only system section with users data-account-password I was unable to log in GUI, for some reason old passwords from pfsense 2.3.x did not work in opnsense 18.1.

To solve this problem I have to add original/default root user and password from a saved OPNsense config, then I can log and after that I can change passwords back for all imported users.

p.s.
Importing all settings seem to retain all old packages and data even are not used by OPNsense so I do not recommend.

suggestion:
will be nice to have option to select multiple sections at import list.
February 05, 2018, 01:41:46 PM #3
The password was changed in an incompatible way: we still use the old style so that naturally breaks when trying to go backwards with a newer config. I would guess the other way around still works fine. ;)


Cheers,
Franco
October 11, 2018, 03:44:37 AM #4 Last Edit: October 11, 2018, 03:46:25 AM by dwasifar
I finally got around to trying this.  As mentioned, I had to paste an OPNsense user into the pfSense config file to be able to log in afterwards, but on cursory examination it looks like everything else came over fine.

In case anyone is wondering why I'm switching, there are two reasons: 1) The opnsense.com story, and  2) AES-NI.  'Nuff said, I think.
October 12, 2018, 06:22:58 AM #5
Success!  OPNsense operating with very few tweaks needed.  Right now it's on an interim device (an old PC, actually) so I can watch it for a day or two before switching the actual production device (a Watchguard 515).
December 01, 2018, 09:57:14 PM #6
Now, December 2018, every attempt to migrate from 2.2.4 to 18.7 via backup fails in early stages. Even with single parts like Interfaces, DHCP or Rulesets. Trying with spare APU. Sometimes even fully freeze after startup beep. Have many Rules, many dhcp fixed leases. Fully IPv4 and IPv6 usage. Multiple subnets. Three physical interfaces, one with 5 VLAN's. Im not complaining, but i think the differences are now too big. For me the effort to rebuild the configuration is too expensive. Maybe there is a way over API.
December 01, 2018, 11:15:25 PM #7
No, API wont do this. To be honest, if the system itself doesnt convince you to do the extra work setting up from scratch, you should stay with it :) every system has it's advantages
December 03, 2018, 09:39:28 AM #8
It's been 4 years, for better or worse. ;)


Cheers,
Franco
Print
Go Up Pages1
User actions