User Tools

Site Tools


other:networking:opnsense:manualbackup

Manual Config Backup

The configuration file for opnSense is stored in /conf/config.xml. To back up this file, simply use scp to copy it. The directory /conf/backup contains all of the configurations back to the first one you did, so if you want that, grab that entire directory (plus /conf/config.xml).

On our servers, we have nightly backup runs, so we created a special ssh key and put it in the .ssh/authorized_keys file on the firewall, then our process can rsync the configuration (I just grab the whole /conf directory). This is inherently insecure as anyone with cli access to the server “owns” the router, so I create a special user for only this purpose, then create an ssh key for them. You could be a bit more secure by using the “allow root login for command only” but I'm not going to cover that here.

NOTE: you must manually install rsync if you want to do this. The full procedure is:

su specialuser
# on client machine, as special user
ssh-keygen -t rsa -b 4096
# leave password blank (just press enter)
cat ~/.ssh/id_rsa.pub
# ssh to router
ssh root@router
vi ~/.ssh/authorized_keys
# copy/paste the key you cat'd earlier, then save the file
chmod 700 ~/.ssh/authorized_keys
exit
# following should log in without asking for password
ssh root@router
# install rsync
pkg install rsync
exit

Now, you can simply create a script on your server which will grab the config. It only has one line

rsync -av --delete router:/conf /home/routerbackups/router/

Setting a cron job to run occasionally means you'll always have a copy of your router configuration someplace else!

other/networking/opnsense/manualbackup.txt · Last modified: 2017/12/10 14:45 by 127.0.0.1