Configuration portability



  • I'm just wondering is there a way to take some of the configs say "core" configs and blast those onto a box so that you can get a base config up for example:

    • LDAP configuration
    • username/password
    • package downloads
    • LAN IP
    • Open VPN Connections

    things like this, stuff that would be independent of the hardware that is in the PfSense box, this could save a lot of time for deployment scenarios.

    As a side note it would be nice if you could take firewall rules and export them and then import them onto another box I'm sure this is not as easy as it sounds because of the different NICs in different boxes but maybe there would be some kind of wizard for exporting and importing rules.



  • Check diagnostic->Backup/Restore.



  • Wow I have backed up settings many times and never noticed the drop down. I see IPsec but not Open VPN, L2TP, PPTP, maybe we can get a section that says VPN. The last thing is could it be possible to select multiple areas instead of having to do one at a time? I'm assuming I could take a full backup file and edit it to my needs and restore that without corrupting the whole system right? Assuming I don't make any mistakes.



  • @mikeisfly:

    I'm assuming I could take a full backup file and edit it to my needs and restore that without corrupting the whole system right? Assuming I don't make any mistakes.

    That's the only way it can reasonably work. What you want is the separation of Interface Assignments (e.g. LAN is em0, WAN is em1) and "the rest". So you can prepare a new box with Interface Assignments (e.g. LAN: ra0, WAN: ra1) and pull all the additional information from an Interface-Assigment-less configuration file.

    Well, it should work in such a simple case. But what about VLANs? Ouch. An automated decision which VLANs to keep and which to ignore would be quite complex, if not immpossible.

    The only safe way is to manually edit the configuration file with a text editor before restoring it on the target machine. It's quite simple, in most cases. In some more complex cases, I did a partial pre-configuration of the target machine and then manually merged the config fiels from the old and the new machine.


Log in to reply