I do love VMware… ESXi lets you test many things with a few clicks of the mouse…. So, I had been testing moving from Sonicwall TZ300 to OPNsense for my home setup. While I still recommend Sonicwall for professional businesses, for home use, Sonicwall’s pricing is way over the standard home budget.
OPNsense proved to be very powerful and a perfect fit for a IT professional’s home. I started with OPNsense a few months ago under ESXi. After proving that OPNsense is reliable for home use, I decided to move it to a physical box to give it dedicated resources and in case I want to take down my home ESXi box, I don’t lose internet.
In moving from one system [in this case Virtual] to physical, the actual network device names will change. Under the ESXi, the network devices show up as “vmx0”, “vmx1”, etc… Under the physical hardware, I preloaded OPNsense and found the new network devices will be “igb0”, “Igb1” and “re0” for example. This is actually your first step, you will need to map out the old device names to new device names.
This is the critical part, go to [Interfaces -> Overview]. Look at each devices actual name. Example: WAN2 interface, (opt1,vmx2), NVR interface, (opt2,vmx3), etc. For each interface, you need to make note of the “OPT” interface associated with that device.
To start the migration, map out the names and figure out a one to one move. The best news is LAN and WAN will automatically match up. You will do this under the fresh new load of OPNsense on the new router. Presetup LAN and WAN first, you do not have to set an IP address on WAN, just tell OPNsense which physical network device will be LAN and WAN. For the rest, it’s critical to map the new interfaces and keep the opt”x” numbers aligned.
- Make a back of your old OPNsense server [under System -> Configuration -> Backups] . Click on [Download Configuration] should result in downloading a config-<name-of-server>-<long-date-format>.xml .
- On your new OPNsense server, load in this .xml file under the same area, System -> Configuration -> Backups, under restore. After you load it, the server will reboot.
- After rebooting, do not try to assign devices from the command/console. Let the system reboot and enter the web interface on your new system.
- Go to Interfaces -> Assignments. You will need to find the interface above that used OPT1. It’s critical that you add this interface back into the new server first. In our example, we would add WAN2 [it was OPT1] first. Make sure to call it same thing as what was on the old server under description [in this case, WAN2]. You should be able to go back under Interfaces -> Overview, and now see WAN2 as (opt1, igb2).
- Rinse, Lather, Repeat… Do the same for the opt2, opt3, etc… Add interfaces in the opt order from the original server. When you are done, under Interfaces -> Overview, the old server’s opt”x” should match your new server’s opt”x” listings.
- OH NO, they don’t match?!?!? Don’t feel bad… Just factory reset the OPNserver, and start over… Best/easiest way to fix this.
- Ok, we have all the network devices, now what? Go under Interfaces -> [name-of-interface] and check that they are enabled. Check the settings against the old server.
- If the interface had DHCP enabled on it, check that it’s enabled and settings match the old one. Failure to get the OPTx matched up will result in this being blank or using the wrong interface’s static/dynamic IPs.
- REBOOT… Time to get a reboot under out belt and if things look right. You should be able to check your NAT and Firewall rules, they should all be present [guess what boys and girls, firewall rules use the OPTx as the interface, so that’s why getting them correct is critical].
- Now, time to look at something we all may have missed…. Plugins…
- Go to System -> Firmware -> Plugins. Look for any missing plugins, and add them back in… Don’t worry, OPNsense keeps your settings from the old config file, just add the plugin back in, and voila, it comes back up looking like it did under your old server.
That’s about it for moving from one OPNsense server to another.