Pfsense backup - automated without Gold on Windows Only
-
Hi all
not sure where to post this, but found a neat little command line tool for windows to backup pfsense config.xml. you can create Task Schedule based on this.
https://github.com/KoenZomers/pfSenseBackup
just download & unzip the file.
run pfsensebackup.exe with these options
pfSense Backup Tool v2.4.1 by Koen Zomers
ERROR: No arguments provided
Usage:
pfSenseBackup.exe -u <username>-p <password>-s <serverip>[-v <pfsense version="">-o <filename>-usessl -norrd -nopackage]u: Username of the account to use to log on to pfSense
p: Password of the account to use to log on to pfSense
s: IP address or DNS name of the pfSense server
v: PFSense version. Supported are 1.2, 2.0, 2.1, 2.2 and 2.3 (2.2 = default, optional)
o: Folder or complete path where to store the backup file (optional)
e: Have pfSense encrypt the backup using this password (optional) RECOMMENDED
t: Timeout in seconds for pfSense to retrieve the backup (60 seconds = default, optional)
usessl: if provided https will be used to connect to pfSense instead of http
norrd: if provided no RRD statistics data will be included
nopackage: if provided no package info data will be included
silent: if provided no output will be shownExample:
pfsenseBackup.exe -u admin -p mypassword -s 192.168.0.1
pfsenseBackup.exe -u admin -p mypassword -s 192.168.0.1:8000
pfsenseBackup.exe -u admin -p mypassword -s 192.168.0.1 -usessl
pfsenseBackup.exe -u admin -p mypassword -s 192.168.0.1 -o c:\backups -norrd
pfsenseBackup.exe -u admin -p mypassword -s 192.168.0.1 -o c:\backups\pfsense.xml -norrd -nopackage
pfsenseBackup.exe -u admin -p mypassword -s 192.168.0.1 -o "c:\my backups"
pfsenseBackup.exe -u admin -p mypassword -s 192.168.0.1 -e "mypassword"
pfsenseBackup.exe -u admin -p mypassword -s 192.168.0.1 -t 120Output:
A timestamped file containing the backup will be created within this directory unless -o is being specifiedIf you use SSL then make sure you use the -usessl flag otherwise you'll get this error
Error: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.</filename></pfsense></serverip></password></username>
-
I would not encourage anyone to pass their firewall credentials to a pre-compiled binary of any kind, especially one for windows.
-
Also if you need to run an .exe via Tasks anyway you could - without much effort - run an scp oder sftp client, that copies the config.xml from the config directory to the local drive (or any other config.xml file that is available via config history). As you could run this with a "normal" pfSense user that only needs ssh / shell usage and can run via SSH private keys, that feels like a safer variant of using some precompiled binary with your admin credentials. But that may be just me.
-
I tend to agree with both previous replies, even 'though I know Koen is a good guy :)
-
I love this but I do have a questions.
This works great on our local network, but we have VPN's setup to other pfsense routers when i try to back them up I get this.
pfSense Backup Tool v2.4.1 by Koen Zomers
Connecting using protocol version 2.3
Authenticating
Requesting backup file
Retrieving backup file
No valid backup contents returnedThis is what I ran and the IP is going over ipsec VPN
I:\pfsense\pfSenseBackup\pfSenseBackup2.4.1.exe -u admin -p removed -s 192.168.50.1 -v 2.3 -o I:\pfsense\backups\kron\
I can access the IP via SSH and http over our VPN but the backup fails with "No valid backup contents returned" never seen this but never tried to backup over the PVN before.
EDIT I also tried v2.4.2 and we are on pfsense 2.3.3-RELEASE-p1
EDIT Number2: Never mind I found it in the readme go figure.
2.4.2 - released February 22, 2017 - download - 10 kb
There was a minor modification to the backup page in pfSense 2.3.3. Added support for 2.3.3 and made it the default version. So if you're on 2.3.3 you don't need to provide the -v flag. If you're still on 2.3 you need to provide the -v 2.3 still.
