Backing up a pfsense machine
-
I am wondering what would be the best way to back up a pfsense machine (router, dhcp server, etc) via network? Of course, the machine needs to be on and functional because it is my network's dhcp server and router…
I will be backing up TO a slackware server. I am thinking about a rsync script via ssh tunnel to a NFS share on the slackware server. The only concern I have is potential problems to copy files in use and other PID files....
Has anybody tried to do that ? I want to do this because pfsense is currently running on an older machine and I fear hard drive crash in the future...
Please advise!
Thanks in advance!
-
The only file you need to back up is the config.xml file. From this one file, you can quickly put a freshly installed pfSense box into production. There is a backup/restore feature in the webGUI for you to save a copy of the config to your local machine, which I recommend you use every time you make significant changes to your pfSense configuration.
No reason for an automated system here unless you REALLY want one.
-
Thanks for your reply!
I agree with you, in term of config, the XML file might be all I need to backup, but I was thinking about the binaries (pfSense itself) in case the HDD dies. Having some kind of image would not reduce downtime? That would not be faster than reinstalling pfsense?
Maybe I'm pushing the limits…
-
Its much less complicated to have a spare HD with a fresh pfSense install. Although if downtime is really that big a concern, consider running a CARP cluster so that a single hardware failure does not result in downtime. Again, you can do all of what you're thinking, including creating a bitwise disk image of your current pfSense install, but probably not worth the effort involved.
-
If you have a spare hdd of the same size, use gmirror:
http://doc.pfsense.org/index.php/Create_a_Software_RAID1_%28gmirror%29
Otherwise just grab the config.xml:
http://doc.pfsense.org/index.php/Remote_Config_Backup
Or even better, get a support subscription and use AutoConfigBackup ;)
Seriously though, keep a CD handy, and a small USB key, and you can be back up from bare metal in probably less than 5 minutes with just a backup of config.xml:
http://doc.pfsense.org/index.php/Automatically_Restore_During_Install
There's really no reason to worry about backing up the system binaries unless you made custom changes to them that need to be reapplied after install or firmware update. It's not like a windows box where you have to install, configure it all, run updates, fiddle, run more updates, etc. You just install to hdd with the old config and bam, it's back to its old self.
-
I think it's also worth pointing out that there is no need to reinstall packages after a restore either, as the system will (re)download and (re)install them at boot. The whole process is, as others stated, very quick and easy. I would second the support subscription option for AutoConfigBackup.
-
I do love my ESX-installation, and I enjoy having the snapshotfunctionality avaliable if I'm implementing larger changes on the system.
Five second recovery is the shizzle fo nizzle.
-
I recently had a hardware failure on my pfSense box and had it installed and up and running within ten minutes by having the config.xml saved. IMO it is worth keeping a second box around for failures like this. So Simple!
-
The way I'm proceeding is:
Have a live CD burned with the ISO of pfSense.
Back up the config file via the web interface.
If the machine crashes and burns, reinstall from the live CD. Then restore the settings (config file) via web interface.
If you have added different NIC drivers than what is included at some point, maybe you back those up and document the steps to reinstall those.