this post was submitted on 28 Oct 2023
2 points (100.0% liked)

Homelab

947 readers
1 users here now

Rules

founded 2 years ago
MODERATORS
 

TL;DR - www.pf2opn.com

I read about the desire for a converter here in r/homelab and on r/selfhosted this morning and I thought it would be an interesting Saturday afternoon project. I did not write this to claim a bounty.

pf2opn accepts a configuration file from pfsense in xml, does some basic sanity checks, and renders the result which you can copy. You can also download the generated xml, if you wish. The conversion happens in-memory, there are no trackers on the site, and I don't use any external services to convert your configuration. Reading and converting your configuration happens and stays on your machine. It does not cache the converted file.

I'm not running either platform in my own homelab, but I was able to find a few example configurations for pfsense and opnsense. I'd appreciate some feedback from you all as I don't think the mappings are 100% correct yet. But I think it'll spit out a nearly-usable opnsense configuration as is. However, the more sample feedback we get, the closer we can nail the conversion.

Don't forget to create backups and please don't deploy straight to prod.

top 28 comments
sorted by: hot top controversial new old
[–] ethanjscott@alien.top 1 points 2 years ago

yo i saw a call out for someone to make this like less than a week ago. mad props broh, doing gods work.

[–] Garcon_sauvage@alien.top 1 points 2 years ago (1 children)

Source? And something like this should really just be a script…

[–] KellyKlarkson@alien.top 1 points 2 years ago (1 children)
[–] Garcon_sauvage@alien.top 1 points 2 years ago (1 children)

Good work just need to add a license.

[–] sh0ckwavevr6@alien.top 1 points 2 years ago

Not all heroes wear capes! :)

[–] Thenuttyp@alien.top 1 points 2 years ago (3 children)

“Don’t deploy straight to prod”

Um…do you even homelab??? 😂

Still, an important reminder for those of us who get caught up in the excitement of new and shiny.

[–] bencos18@alien.top 1 points 2 years ago

I hate that that is relatable

[–] Pyro919@alien.top 1 points 2 years ago (1 children)

Must not have a spouse or kids that ride the same internet connection/network

[–] Thenuttyp@alien.top 1 points 2 years ago

Not on the lab.

I do on HomeProd, which is why I have announced down time and my OPNsense is set up in a HA cluster, so if the load fails on one, the whole connection isn’t down.

But that doesn’t make as good a joke.

[–] ency@alien.top 1 points 2 years ago (1 children)

Almost spit out my coffee reading this. I have never not yolo'ed my home lab.

[–] gundog48@alien.top 1 points 2 years ago (1 children)

HOLD MY BEER, I PROBABLY HAVE A BACKUP

[–] Thenuttyp@alien.top 1 points 2 years ago (1 children)

Good thing you tested the backup first…….

You did test the backup…right???

[–] gundog48@alien.top 1 points 2 years ago

Yes, 5 minutes after saying that.

[–] jaskij@alien.top 1 points 2 years ago (1 children)

Do pfSense configs include passwords? I'd think so, at least some. An instruction how to scrub them manually before uploading would be a welcome addition.

[–] kelthuzad12@alien.top 1 points 2 years ago

password

Just a heads up at one point the haproxy stats didn't redact the user's password in the configs. I noticed in config export (on 2.7.0 now) that it contained both my username and password in these fields. Either way I wouldn't feel too comfortable using a 3rd party for this purpose.

https://redmine.pfsense.org/issues/10794

Edit: Looks like the openvpn-client-export package had it saved in there too =/

[–] vivekkhera@alien.top 1 points 2 years ago (1 children)

Is there a way to preload the converted file onto the USB stick so it auto-deploys on the machine after installing?

[–] superslomotion@alien.top 1 points 2 years ago (3 children)

You should put it on GitHub and let people do it themselves, trusting a website is difficult

[–] skynet_watches_me_p@alien.top 1 points 2 years ago

Underrated comment

homelab and /r/selfhosted is usually overlap

[–] ziggo0@alien.top 1 points 2 years ago

Should be a no brainer.

[–] radiantxero@alien.top 1 points 2 years ago (1 children)
[–] jsaumer@alien.top 1 points 2 years ago (1 children)

Please consider a self-hosted version. Even though you have great intentions, I do not want to upload my configs to a website.

[–] KellyKlarkson@alien.top 1 points 2 years ago

Here's the source - you can clone it and run it yourself if you'd like: https://github.com/mwood77/pf2opn

[–] thekrautboy@alien.top 1 points 2 years ago (1 children)

This is great! I added a link to this thread in my pfSense post on /r/selfhosted

But i would really like this on Github or similar, have it as a basic script i can run locally.

[–] KellyKlarkson@alien.top 1 points 2 years ago

I've made the source available, see here: https://github.com/mwood77/pf2opn