Improvement (idea) : Configuration backup/restore , Encryption and ECL

bingo600

Reading a bit about Confiuration restore from USB device : /conf/config.xml
And especially ECL, as recovery ....
https://docs.netgate.com/pfsense/en/latest/backup/restore-during-install.html#auto-restore-usb

I would love to be able to use that feature ECL Restore Config ,on remote sites, but my "tinfoil hat" is not happy with handing out a config in clear text.
And since an ECL Restore probably isn't designed to magically know my encryption password, entered when taking the backup.

Would it be possible to get an additional encryption method, based on ???
pfSense Device id or "Mac address of first network adapter" or CPU Serial .

I would like to be able to select "Auto Encryption via device id"
And then pfSense would/should be able to "Auto Decrypt" the config file using the same key used above.

I have no idea how to signal to pfSense that the file is Auto/Device encrypted.
But maybe the filename could be config.enc as opposed to config.xml.

Would that be something Netgate would be interested in implementing ?

What does other users say to such a feature ?

Am i the only one with a "Tight TinFoil Hat" ?

Edit: I have added a feature request : Feature #12684

/Bingo

Gertjan

@bingo600 said in Improvement (idea) : Configuration backup/restore , Encryption and ECL:

Would it be possible to get an additional encryption method, based on ???

Yeah !!! and store that password ... also on the usb drive.
Let's slam-dunk the solution : pfSense needs TPM, so sensible ID is available at boot without storing any sensible info on whatever drive ! ;)

Btw : ECL is nice .... see the other recent ECl thread (the drive was to slow to mount on boot so ECL couldn't do it's work) the system's config.xml isn't only updated when an admin change a setting : it happens many time a day. Rebooting will get the 'ancient' config file back in, all recent stats / modifications lost.

Personally, I prefer a local trusted LAN local device, like an admin PC, or a NAS, to get a copy of my config file every day. The day my pfSense 'on drive' config.xml is lost, there is probably more lost : the drive itself can die any moment anyway.
Let me check :

Works !

ECL is nice when you install from scratch a new pfSense on the identical device, after, for example, a disk failure, and have a the backup up config.xml ready on a USB drive.

What about a simple scripts that 'encrypts' the local config.xml file, and delivers it somewhere by mail ? This way you can actually check that the backup was successfully stored.
The local USB drive is something that thends to be forgotten, and months or years later the USB drive did long before pfSense did .... => no backup.

You could do both btw.

Netgate/pfSEnse offers also the "Auto Configuration Backup" : keep the device ID on safe place, and we're good ( ? never test it actually ).

@bingo600 said in Improvement (idea) : Configuration backup/restore , Encryption and ECL:

Am i the only one with a "Tight TinFoil Hat" ?

Guess not.
The whole idea behind pfSense is : keep a recent copy of the single config.xml file, and you can kick-start another instance in a blink of an eye. Or get back to a stable situation if you manage to destroy your routing table. Just back back the lasted saved version and your ok.
Like the restore points of Windows. With the difference that it actually works for pfSense..

bingo600

Well the feature was rejected , due to a local (HW) obtained key was not secure , if the person performing the ECS had access to the hardware.

Too bad .. I was never aiming for an unbreakable config , just something that would not give it away openly.

/Bingo