wikiOPNsense migration to new hardware
This article uses an example to explain how to migrate your OPNsense firewall from existing infrastructure to new hardware. We use version 1.0 of 1HE Intel Single-CPU RI1102D-F and replace the system with version 2.1, which contains a more current mainboard and different interface descriptions. This guide covers the creation of a backup configuration, the customization of interfaces including VLANs, the preparation of a USB stick for import and the actual migration process.
Backup Configuration Download
Before you start the migration, a copy of the current OPNsense configuration for safety should be created. Visit system ‣ configuration ‣ backups in the OPNsense surface in order to do so. Click on download configuration to safe a copy of the XML configuration file.
XML configuration adjustment
Before the XML configuration file is adjusted, names of the interfaces on the new hardware should be known. If Thomas-Krenn hardware is used, you can refer to the article Thomas-Krenn OPNsense firewalls network interfaces.
important: If additional network cards are being used, the assignment of the interface labels may change. With an RI1102H/RI1104H, for example, the igb-labels are shifted by 2 digits if an Intel I350-T2 is installed. This also applies when installing an X710-DA2, e.g. in the RI1102D-F (version 2.1), in which case the ixl-labels are shifted by 2 digits. This also applies to bnxt interfaces, for example if a Broadcom P225p is installed. The assignment of the interface labels starts with the additional cards.
-
existing hardware
1HE Intel Single-CPU RI1102D-F (version 1.0) -
new hardware
1HE Intel Single-CPU RI1102D-F (version 2.1)
| Label | old | new |
|---|---|---|
| WAN | ix0 | ixl2 |
| MGMT | igb5 | ixl1 |
| Office | ix1_vlan5 | ixl3_vlan5 |
| Labor | ix1_vlan10 | ixl3_vlan10 |
| VoIP | ix1_vlan15 | ixl3_vlan15 |
Look for the interfaces in your XML file and adjust the name in the <if>tag. In our example, the WAN- & MGMT interface is adjusted.
The interfaces of our VLANs are changed from tag <vlans version="1.0.0">. The VLAN configuration is adopted based on the tag assignment.
Preparation of USB stick
In our example, the configuration is imported via USB stick during the installation. The stick must be prepared accordingly.
As the OPNsense installation programm expects a FAT data system for the configuration import, a second USB stick in FAT32 formatting is needed. A file called conf is created and the configuration file in config.xml is renamed. Both USB sticks are plugged in before the OPNsense installation programm is started.
Example path:
/conf/config.xml
Configuration Import
After starting the OPNsense installation program, we can import a configuration file. Click on any button to start the import and enter the name of the drive with the configuration file, in our example da1. Alternatively the installation can be performed regularly and the configuration can be imported via WebGUI afterwards.
-
query of the configuration import -
Device selection -
Import Overview -
Backup was successfully acquired
Notes
- The plugin configuration is applied. However, plugins like WireGuard must be installed later.
- Since version 24.1 the proxy can no longer be found under services by default.
 |
Author: Thomas-Krenn.AG At Thomas-Krenn.AG we pay attention to the best possible service. To do justice to this, we have created our Thomas-Krenn Wiki. Here we share our knowledge with you and inform you about basics and news from the IT world. You like our knowledge culture and want to become part of the team? Visit our job offers.
|
 |
Translator: Alina Ranzinger Alina has been working at Thomas-Krenn.AG since 2024. After her training as multilingual business assistant, she got her job as assistant of the Product Management and is responsible for the translation of texts and for the organisation of the department.
|
