Personal tools

Remote Config Backup

From PFSenseDocs

Jump to: navigation, search
This article is part of the HOWTO series.

Contents

Buy a Subscription and use the Auto Config Backup

The easiest choice. Install the Auto Config Backup package, and enter your subscription information, and rest easy knowing it's being taken care of on your behalf. Sit back, have a cup of coffee, and read on to see what the other guys have to do.

Pull it

Create a script on a server/pc to pull the config, it wouldn't have to be much more than this: 

wget -q --no-check-certificate --post-data 'Submit=download' \ 
  https://admin:pfsense@192.168.1.1/diag_backup.php \
  -O config-router-`date +%Y%m%d%H%M%S`.xml

Obviously, replace "pfsense" with your password, and substitute the IP of your pfSense router after the @. You could run this periodically with cron to make regular backups. Note: The above is for a pfSense router with the WebGUI using HTTPS. If you are using http, you may need something more like: 

wget -q --post-data 'Submit=download' \ 
  http://admin:pfsense@192.168.1.1/diag_backup.php \ 
  -O config-router-`date +%Y%m%d%H%M%S`.xml

Pulling on 2.0

The authentication system on 2.0 is different than 1.2.3, so it requires a little extra work with wget, such as this: 

# wget -qO/dev/null --keep-session-cookies --save-cookies cookies.txt \ 
 --post-data 'login=Login&usernamefld=admin&passwordfld=pfsense' \
 --no-check-certificate https://192.168.1.1/index.php
# wget --keep-session-cookies --load-cookies cookies.txt \
 --post-data 'Submit=download' https://192.168.1.1/diag_backup.php \
 --no-check-certificate -O config-router-`date +%Y%m%d%H%M%S`.xml

The first line authenticates, and the second line grabs the configuration.

Push it

The details of this approach are covered elsewhere on the web, and it isn't really recommended, but you could also do something such as this:

  • Generate an ssh key for the root pfSense user without a passphrase. (That's the potentially dangerous part)
  • Add a user to a remote system, and add the pfSense root user's new public key to its ~/.ssh/authorized_keys
  • Create a cron job on the pfSense box that would copy /cf/conf/config.xml to the remote system with scp
  • If you choose to do this, be careful to manage the remote users as such that they have limited access, perhaps lock them down to a single directory to which they can only write the config and do nothing else. Use chroot if you can.
Retrieved from "http://doc.pfsense.org/index.php/Remote_Config_Backup"