Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Automated local backups

    Scheduled Pinned Locked Moved General pfSense Questions
    1 Posts 1 Posters 926 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M Offline
      MakOwner
      last edited by

      I need a way to create an automated backup of pfsense that goes to a local backup target.  I know there is a backup function available in the pfSense subscription, however, for various reasons, that can't be used. 
      Googling finds a windows based executable that probably does it, but I need a unix shell type function.

      In poking around, I see that /cf/conf/ carries a config.xml with some history and some out of date logs and package information.

      Is it safe to assume /cf/conf/config.xml is the latest running version of the config?
      That file can be used to recover?
      What triggers changes to that file?

      No idea why search didn't show this – finally used google and it popped up  - this is what I was looking for:

      Link: https://doc.pfsense.org/index.php/Remote_Config_Backup

      
      Push it
      
      The details of this approach are covered elsewhere on the web, and it isn't recommended, but it is possible to make it work over ssh.
      
          Generate an ssh key for the root pfSense user without a passphrase. (That's the potentially dangerous part)
          Add a user to a remote system, and add the pfSense root user's new public key to its ~/.ssh/authorized_keys file
          Create a cron job on the pfSense box that would copy /cf/conf/config.xml to the remote system with scp
          If this is implemented, be careful to manage the remote users as such that they have limited access, perhaps lock them down to a single directory to which they can only write the config and do nothing else. Use chroot if possible.
      
      
      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.