Package idea: Autoconfig of site-to-site VPN using other ends backup configs as source?



  • Tried this in the Packages in the forum, with zero traction. 5 views or something like that and no replies.

    Is there any traction with this idea or should I just "shut it!" ? 😲

    As the title says. Read config from other install to semi-auto configure ipsec or openvpn endpoints as example.
    What I look for is mentioned down below also. But when you for example move, wan-address change, change encryption (vpns) on a pfsense install the other end could by it self reconfigure by reading from the config file from the installation that changed.

    Post from Packages:
    Hi,

    Back story:
    Played around with Cisco Meraki in a project I was involved with. Setting up IPsec site-to-site was so simple. They've got a central cloud management system for their stuff. And through that everything was relayed to the other "hub" (as they call it).
    WAN IP, PSK, Routes, LAN everything just configured it self on the second site. Very nice!
    I also moved the primary site to a new WAN IP and before I knew it the second site was connect as it had received the new WAN IP address from the cloud. Impressive I think.

    Idea:
    So I though, pfSense doesn't have a central cloud in the same way but we have centrally backed configs!

    Would it be possible with minimal config at a second site to pick up everything else from the primary sites config backups (given that you got the backup-key) and though that configure everything else needed for site-to-site as the Meraki did (PSK, maybe even Cert, LAN, WAN ... you catch my drift)
    My though that this could be applicable on both IPsec and OpenVPN site-to-site configs.

    I got no experience in building packages. Or have no idea if this is even feasible to configure these components through a package.

    Enlighten me! Should I bury this idea and go back to munching glue and configure site-to-site the old and gritty way?

    Brgs,

    Edit:
    Or should this be submitted as an idea for a built in function in pfSense?


Log in to reply