VyOS Migration: pfSense → VyOS HA

Executive Summary

Item	Details
Project	pfSense → VyOS Migration with VRRP High Availability
Scope	DNS records (43 hosts) + VyOS deployment (20 phases) + validation
Current State	VyOS HA OPERATIONAL - vyos-01.inside.domusdigitalis.dev (master) + vyos-02.inside.domusdigitalis.dev (backup) with VRRP VIP (10.50.1.1)
Target State	VyOS HA cluster (vyos-01.inside.domusdigitalis.dev on kvm-01.inside.domusdigitalis.dev, vyos-02.inside.domusdigitalis.dev on kvm-02.inside.domusdigitalis.dev) with VRRP VIP (10.50.1.1)
Migration Status	COMPLETE - pfSense decommissioned 2026-03-07, VyOS handling all routing/firewall/DHCP

Item

Details

Project

pfSense → VyOS Migration with VRRP High Availability

Scope

DNS records (43 hosts) + VyOS deployment (20 phases) + validation

Current State

VyOS HA OPERATIONAL - vyos-01.inside.domusdigitalis.dev (master) + vyos-02.inside.domusdigitalis.dev (backup) with VRRP VIP (10.50.1.1)

Target State

VyOS HA cluster (vyos-01.inside.domusdigitalis.dev on kvm-01.inside.domusdigitalis.dev, vyos-02.inside.domusdigitalis.dev on kvm-02.inside.domusdigitalis.dev) with VRRP VIP (10.50.1.1)

Migration Status

COMPLETE - pfSense decommissioned 2026-03-07, VyOS handling all routing/firewall/DHCP

Phase Status

Phase	Description	Status	Notes
A: DNS Infrastructure	BIND9 record migration — A, PTR, CNAME records	✅ Complete	All records resolving
B: VyOS VM Deployment	VM deploy, interfaces, firewall, NAT, DHCP, DNS	✅ Complete	vyos-02 on kvm-02
C: Security & Observability	Threat intel, IDS, monitoring, SSH, API, git tracking	⚠️ Partial	SSH hardening done; rest deferred
D: Pre-Cutover Testing	Parallel testing + controlled cutover	✅ Complete	Zero-downtime cutover
E: VRRP High Availability	vyos-01 deployment + VRRP failover	✅ Complete	Tested both directions
F: Advanced Features	k3s, BGP, HA secondaries, segmentation, WLC HA	⚠️ Partial	bind-02 + Vault HA done; rest planned

Phase

Description

Status

Notes

A: DNS Infrastructure

BIND9 record migration — A, PTR, CNAME records

✅ Complete

All records resolving

B: VyOS VM Deployment

VM deploy, interfaces, firewall, NAT, DHCP, DNS

✅ Complete

vyos-02 on kvm-02

C: Security & Observability

Threat intel, IDS, monitoring, SSH, API, git tracking

⚠️ Partial

SSH hardening done; rest deferred

D: Pre-Cutover Testing

Parallel testing + controlled cutover

✅ Complete

Zero-downtime cutover

E: VRRP High Availability

vyos-01 deployment + VRRP failover

✅ Complete

Tested both directions

F: Advanced Features

k3s, BGP, HA secondaries, segmentation, WLC HA

⚠️ Partial

bind-02 + Vault HA done; rest planned

Metadata

Field	Value
PRJ ID	PRJ-2026-02-VyOS-Migration
Author	evanusmodestus
Date Created	2026-02-26
Last Updated	2026-04-03
Status	Complete (core) / Partial (C, F)
Migration Complete	2026-03-07
pfSense Decommissioned	2026-03-07
Primary Hosts	vyos-01.inside.domusdigitalis.dev (master), vyos-02.inside.domusdigitalis.dev (backup)
VIP	10.50.1.1
Next Review	2026-05-03

Field

Value

PRJ ID

PRJ-2026-02-VyOS-Migration

Author

evanusmodestus

Date Created

2026-02-26

Last Updated

2026-04-03

Status

Complete (core) / Partial (C, F)

Migration Complete

2026-03-07

pfSense Decommissioned

2026-03-07

Primary Hosts

vyos-01.inside.domusdigitalis.dev (master), vyos-02.inside.domusdigitalis.dev (backup)

VIP

10.50.1.1

Next Review

2026-05-03

VyOS Migration: pfSense → VyOS HA

Executive Summary

Phase Status

Related Documentation

Core Runbooks

Change Requests

Supporting Documentation

Reference

Metadata