Configuring pfSense for RANCID

  • Has anyone had success grabbing the config.xml with RANCID? I've found modified m0n0login and m0n0rancid and pflogin and pfrancid through my searches. Can get pflogin to access, but the ssh session halts on the pfrancid scripting. I can manually ssh in and get to the config.xml, but for some reason the pfrancid seems to just hang the ssh session until timeout. If anyone has any success with RANCID and pfSense let me know.

  • Realizing I am opening up an old post, but this is one that keeps ending up high in the resultlist of google answers for rancid and pfsense…

    What worked for me is the following:

    • I created a new user on the pfsense boxes that will be used by rancid.
    • I logged in as that user and created a directory in its homedir named 'bin' (mkdir -p ~/bin)
    • In that directory I downloaded the rancid-compat file from and made it executable for the user (chmod 750 rancid-compat)
    • I modified the .tcshrc file for the user to
    #set prompt="%{\033[0;1;33m%}[%{\033[0;1;37m%}`cat /etc/version`%{\033[0;1;33m%}]%{\033[0;1;33m%}%B[%{\033[0;1;37m%}%n%{\033[0;1;31m%}@%{\033[0;1;37m%}%M%{\033[0;1;33m%}]%{\033[0;1;32m%}%b%/%{\033[0;1;33m%}(%{\033[0;1;37m%}%h%{\033[0;1;33m%})%{\033[0;1;36m%}%{\033[0;1;31m%}:%{\033[0;40;37m%} "                                                                  
    set prompt="pfsense# "
    set autologout="0"
    set autolist set color set colorcat
    setenv CLICOLOR "true"
    setenv LSCOLORS "exfxcxdxbxegedabagacad"
    exec /home/rancid/bin/rancid-compat
    exit 0[/code]
     * In the router.db file I modified the config for the pfsense box to: [code]pfsense2.x-box:cisco:up[/code]
     * In the .cloginrc I added the following: [code]add autoenable pfsense2* 1
    add noenable pfsense2*
    add method pfsense2* {ssh:222}
    add cyphertype * {des}[/code]
    And after waiting for the cronjob to kick off a new rancid-run... presto, the config appeared in the cvs :)
    Hope that helps someone

  • Netgate Administrator

    Nice.  :)


  • Hi

    The website to the rancid-compat file is no longer available - any chance you could post this file - this is exactly what I'm looking for!

    Thanks very much

  • Netgate Administrator

    The file appears to be here:
    However since the blog is down I cannot compare it with the originally linked version. It is dated 30th Aug. 2012 though.

Log in to reply