Moving pfsense to different hardware



  • Hello!

    Can anyone tell me in case of hardware failure (mobo crash) how easy is to migrate all pfsense (via acronis or ghost for ex) to a different machine with completely different hardware?Do i have to do a fresh install and restore the config?

    thank you



  • Very easy.
    You dont need ghost.
    Just backup the config from the backup-page and then restore the config on the new machine.
    If the new machine has other interfaces you might have to reassign them.



  • not to hijack–

    but what about Open Vpn stuff

    from what i can tell that data doesnt come with on the backups...
    and the /root/easyrsa4pfsense is a folder that has all the custom ca in it and the script that we can run now ./build-key uname
    how does that get to a new machine? /better build
    upgrading from 1.2rc2 to 1.2rc4 ? can i just insert the iso in to the upgrade file pointer?



  • In your case ghost might just make more sense considering we do not backup openvpn certs and such as you say.  We'll get that fixed in the future for sure.



  • Thanks For adding the Open Vpn options!  that will be what i  will wait for

    also what can i do to upgrade from 1.2 rc2 to 1.4 rcfinal?  i would like to keep all the VPN settings with out rebuilding and sending all the new certs to the clients.



  • also if you have chained certificate, you have to add/edit your configuration manually after a restore.



  • well i figured out how to move the easyrsa4pfsense and set all the permissions
    in the case of New Hardware and Software Like a migration from 1.2 rc2 to 1.2.rc4 or what ever until they get the webgui up and going for the cert management

    i used winscp and pulled the easyrsa4pfsense folder out of the old machine (copy)
    and pasted it in the new machine (same location) /root/easyrsa4pfsense

    set the permissions to 755 (i think)
    login to the machine via putty or (8) on the cli

    then cd /root/easyrsa4pfsense

    source ./vars

    ./build-key XXXXX (xxxx would be the user name)

    all done

    on the new machine i would do a restore to get all the interfaces and firewall settings correct
    and now you just need to copy and paste all the certs that you have in the Actual VPN pages to the new machine.
    this is atleast what i did, and it worked. moved from 12.rc2 to 1.2 rc4.


Log in to reply