Migrate from generic pfsense hardware to SG-3100
-
My customer has a generic router running pfSense CE 2.4.4. We would like to replace it with a Netgate SG-3100, but don't want to recreate all the rules and setup OpenVPN install OpenVPN on the client computers. Only one WAN port and one LAN port are being used. Aside from OpenVPN, it is not a complicated setup.
Is there a way to backup and restore the current pfSense configuration on a new SG-3100 running pfSense Plus? Is this something that I can do, or would I need to involve Netgate support to change the backup file before it restored to the SG-3100?
-
-
Yes, with only two interfaces you can just import the config into the 3100. It will ask you to re-assign the interfaces in the gui before rebooting. They should be:
WAN: mvneta2
LAN: mvneta1And you should be good.
If you have any problems though you can open a ticket and we can convert the config in advance so it just imports without changes.
Steve
-
@stephenw10 Thanks, I will give that a try.
-
@stephenw10 When restoring to the SG-3100 there is an option to "Preserve switch configuration". The previous device did not have the internal switch like the SG-3100 does. Should that box be checked or unchecked?
-
You don't need a switch config, the defaults without one will work fine for you. So you can leave it unchecked.
Steve
-
@stephenw10 Changed the router and everything works with the exception of OpenVPN. The client tries to connect, but cannot. Any suggestions as to what I can look at? This is kind of urgent, since I don't want to put the old pfSense router back.
-
Check the OpenVPN logs on the server side, do you see any logs when the client tries to connect?
If not check the firewall logs for block entries, check the state table for the client's public IP to see if it's opening states.
How is the client trying to connect? By public IP address dircetly? Does the 3100 have that IP?
If it's connecting by hostbname is it resolving to the correct IP?Steve
-
@stephenw10 The original pfsense device had multiple IP addresses on the WAN interface. When I migrated to the SG-3100, rather that using the primary public IP address, it was using one of the other IP addresses on the WAN interface. Once I realized this, I modified the WAN interface, then the clients were able to connect again.
The SG-3100 in now in place and all is well.
Thanks for your assistance.