Closed gspannu closed 3 years ago
@gspannu Hello! IKEv2 related configuration and data such as generated certificates and keys are stored in folder /etc/ipsec.d
. You should be able to copy this entire folder to the new machine (with the same permissions), then restart the IPsec service.
In addition, if you are using a DNS name (e.g. vpn.example.com) for IKEv2, no additional action is needed (other than updating DNS records). On the other hand, if you are using the server's IP address for IKEv2, you will need to generate a new server certificate, update ikev2.conf
accordingly and restart the IPsec service.
@gspannu Hello! IKEv2 related configuration and data such as generated certificates and keys are stored in folder
/etc/ipsec.d
. You should be able to copy this entire folder to the new machine (with the same permissions), then restart the IPsec service.In addition, if you are using a DNS name (e.g. vpn.example.com) for IKEv2, no additional action is needed (other than updating DNS records). On the other hand, if you are using the server's IP address for IKEv2, you will need to generate a new server certificate, update
ikev2.conf
accordingly and restart the IPsec service.
Thank you for your response. My IKEv2 server uses IP addresses and not a DNS name.
However, my new machine is going to have the same IP address (both private & public), essentially I am replacing the existing machine with a new one - with all network settings being the same - I guess I should not need to generate a new server cert or update ikev2.conf Will just copying the /etc/ipsec.d/ folder across and restarting the IPSec service be sufficient?
Steps, What I am planning to do...
@gspannu Yes, I think what you described should work, assuming that you were using IKEv2 mode only, and the IPTables rules were not customized after install. Make sure that you keep a backup of your "old" machine, and test the VPN after migration to confirm that it works as intended, in case anything goes wrong unexpectedly.
I wish to transfer my existing installation of a IKEv2 VPN server with many users to a new machine.
I can install on a new machine using the 2 script files (vpnsetup and ike2setup); however how do I transfer the existing certs, keys and users to the new machine?
Thanks...