Simple local Config Backup?

jhg

I've seen all the config backup threads that advocate using curl to manipulate the UI (get login page; submit login... etc). I've played with something much simpler:

scp admin@my.pfsense.box:/conf/config.xml /backups/conf-YYYYMMDD-HHMMSS.xml

... run from a secure system on the LAN, which can then encrypt the file and upload it to the cloud.

From experimentation I've determined that if I use the minimal backup settings ...

Backup Area:         All
Skip Packages:       False
Skip RRD Data:       True
Include Extra Data:  False
Backup SSH Keys:     False
Encryption:          False

... the file downloaded via scp is identical to what is downloaded via the UI.

The raw config.xml seems to contain everything I would need to restore the system. It wouldn't have Captive Portal data (we don't use it), DHCP leases (not important in our scenario) or client ssh keys (also unimportant here).

This seems like a quick and easy scheme to automate a local backup. Is this a viable strategy, or am I missing something?

Gertjan

@jhg

Read also Alternate Remote Backup Techniques.