Lan IP change

froussy

Good day,

I actually run multiple sites with PFS, linked through VPN

I will need to change the ip's on each of those site..

I always change the ip's at the PFS setup, but not while in production

What is the easiest way ?

I was thinking creating a VLAN with then new subnet, create a new IPSEC Phase 2, then change my switch to that new VLAN..

But one site, I cant do Vlan..

What do you suggest me.

Thanks

Frank

johnpoz

@froussy do you have devices on this remote site that are not dhcp? If you do, can you change their IP - be it via ssh or rdp or something?

If all dhcp - just lower the lease to something really low, like 10 minutes. Wait til all the devices would be using new short lease.

Then connect to different IP on pfsense, create a vip if you need to that you can get through the vpn.

Once your connected to that IP, change your pfsense lan IP to your new scheme. This should remind you to change your dhcp, etc.

Now things should should switch over to your new IP range. Worse case create a vip now with the old IP for things that haven't gotten new lease with new info, or for stuff you need to change manually, etc.

You would of course updated your vpn settings for your new network range.

There you go - other than say changes to dns entries to reflect new IPs, and routing for your other sites to this new network you should be good to go.

JKnott

@johnpoz said in Lan IP change:

If all dhcp - just lower the lease to something really low, like 10 minutes. Wait til all the devices would be using new short lease.

Or just do it over a weekend, if there are no users then, assuming you haven't set a very long lease time. Default is 7200 seconds. You might also send an email before hand, explaining it might be necessary to reboot, if the computers are left running. If there are static devices, change them before you change the DHCP range.

johnpoz

@JKnott sure if you can wait out the lease - sure 2 hours is default, but mine has been set to 8 days.. Why have clients ask for dhcp ever hour if unless your making changes all the time.

I would do it over a weekend or after hours still sure, but a few days before your going to do it - I would lower the lease so you know right away that all your devices will or should have moved..

If you have a short lease - vs having to wait a hour or so to know your clients have moved, you should know in like 10 minutes tops if clients are going to move or not. Then you can go back to enjoying your weekend or off hours. ;)