Backup PFSense to a FTP/SFTP server everynight. (How-To Guide)
-
Hi hoba
100% absolutely agree, SFTP should be used.
When I started to test with this, I wanted to start basic to make sure the concept worked.
At first, I was not going to post the steps because it was not SFTP, but I figured somebody might want to jump in and try SFTP to help.I think I will change the post to state that this is a starter doc and beware SFTP should be used. (something like that)
SFTP is next on my list and I will certainly up date the directions for this.
Simplebackup also has an option to encrypt the data before sending, but was not sure if that would work yet on pfsense.
Edit: 3/21/2008: Seems to work fine and i will update the docBTW, did you see anything that I should not be doing in these steps or something that might make it easier?
Thanks again for your input!!
Edit: added a note to the post about SFTP :)
-
You should make it a package ;D
-
lol… i know.. :)
-
Ok,
Trying to get SFTP going.
I need to get these perl mods installed…
Expect-1.20 (or 1.21 since i can not find 1.20 on the server)
and
IO-Tty-1.07Both packages would like to have perl 5.8.8.1 but i would think 5.8.8 would work also... (a guess)
I saw them as packages on the FreeBSD Ftp server, so i tried to install them
pkg_add ftp://ftp4.freebsd.org/pub/FreeBSD/ports/packages/perl5/p5-Expect-1.21.tbz
It looks like IO-Tty-1.07 is installed with Expect because it is needed.
here is what i get (this is after the second time i tried, so i think they are installed now, but Simplebackup still errors trying to find Except)
pkg_add ftp://ftp4.freebsd.org/pub/FreeBSD/ports/packages/perl5/p5-Expect-1.21.tbz
Fetching ftp://ftp4.freebsd.org/pub/FreeBSD/ports/packages/perl5/p5-Expect-1.21.tbz... Done.
Fetching ftp://ftp4.freebsd.org/pub/FreeBSD/ports/packages/All/p5-IO-Tty-1.07.tbz... Done.
pkg_add: warning: package 'p5-IO-Tty-1.07' requires 'perl-5.8.8_1', but 'perl-5.8.8' is installed
pkg_add: warning: package 'p5-Expect-1.21' requires 'perl-5.8.8_1', but 'perl-5.8.8' is installed
pkg_add: package 'p5-Expect-1.21' or its older version already installedi do see them in the list when i do pkg_info
I am doing something wrong...i just do not know yet..been google'n and searching....
Thanks!! -
pkg_add -r http://62.4.17.14/pub/FreeBSD/ports/i386/packages-6.2-release/All/p5-Expect-1.20.tbz
You can ask pkg_add to go to a different location by modifying the PACKAGESITE environmental variable by typing this as one line:
setenv PACKAGESITE ftp://62.4.17.14/pub/FreeBSD/ports/i386/packages-6.2-release/Latest/ -
Seems like a ton of dependencies for something so simple that could be scripted with one line of shell code + fetch!?
Not trying to put down your efforts at all, just wondering.
-
Hi sullrich
I don’t think your question downs my efforts at all. It a good question and I hope I can explain why. ;)Yes, I am sure this can be done with a script, but the simplebackup already has everything I thought someone could use. We use this on our web servers (and some windows servers) and have found it to be a nice program that fit our need. So that is why i wanted to try it on PFsense.
With simplebackup, you have the option to use FTP, SFTP, WEBDEV, and Email backups. Plus the option to encrypt the backups and email the reports to you. It also able to use Full, Incremental, and differential backup sets. (Yes, just backing up the config.xml you would not really need the diff and incremental) But, if you need to backup more then just the config, this certainly could help someone. I am by far not the right person to say this can not be done another way (since my programming skills are very lacking), but I did not want to reinvent the wheel when I thought I found what I needed.
The idea I had for the whole thing was to have something that was easy to configure with one file. I am guessing here, but I would think if I made a package down the road, I could just manipulate the config file so users can pick the options in the GUI.
All the options Simple backup has to offer could give many options to users. (thought I saw posts about remote/auto backups and a few people needing to backup other things then just the config.xml. I could be wrong)Just curious, when you say dependencies, do you mean Perl mods or just the amount of steps to get this to work? Besides Perl which a few packages look like they use and install anyway, I only needed to add the p5-expect/ IO-tty package. (So far that I have tested)
It may look like a lot of steps, but it really is not. (first try maybe)
We are going to start using PFSense more in the field (moving from our current firewalls) and wanted to make sure we get good backups of systems.
Even if it is to a local FTP/SFTP server and the PFSense backup is included in an office current backup rotation. (encrypted of course) ;)Again, thanks for your question. This might not be the perfect setup but right now it is the only one I thought might work. ;)
-
Another option (one I use) is to install the rsync package (or just the binary) and then use rsync over SSH (in the form of rsnapshot). It does make it a pull rather than a push. I may document the steps at some point in case it helps others.
-
I'm currently using a simple bash script calling wget with some POST parameters (auth + backup page parameters).
working well since november 2005. ;) -
I'm currently using a simple bash script calling wget with some POST parameters (auth + backup page parameters).
working well since november 2005. ;)I finally have time to get this integrated into my RANCID backup environment and was looking to do JUST that. Rather than recreating the wheel, could you post your code to do what you're doing? It'll save me time and likely a headache.
nb