pfSense Remote Config Backup (Advanced)

Posted by

Based on the original post

As of pfSense 2.3, the method to perform a remote config backup has changed. The article above details the multiple requests needed to perform a remote config backup from a terminal however it leaves a bit out and doesn’t give an easy way to backup multiple sites or routers.

I’ve created a bash script which can be used as a tool to download multiple sites and fix a few issues with the original article.
To use, copy the code and save as a shell file (such as then chmod +x the script file.
Run the script like this:

./ 443 admin ‘pAsSwD’ ‘myEnCKeY’ ~/configbackups

Always make sure to check your config file after you run this script. If the script fails to login, it will still generate a config file but the contents will not be what you expect.

#!/bin/bash #Remote Backup of pfSense 2.3+ config files #Updated: 2016-12-16 #Requires: wget,sed,grep,head echo "Remote Backup pfSense 2.3+ config file" if (( $# != 6 )); then echo "" echo "Illegal number of parameters" echo "" echo "usage: command [ADDRESS Like] [PORT] [USER] '[PASSWORD]' [ENCRYPTIONKEY] [SAVEPATH]" exit else ADDRESS=$1 PORT=$2 USER=$3 PASS=$4 ENCSTRING=$5 SAVEPATH=$6 #Convert password input ampersand character to utf URL Code PASS=$(echo $PASS | sed -e 's/\&/%26/g') echo $PASS read wget -d -qO- --keep-session-cookies --save-cookies cookies.txt --no-check-certificate https://$ADDRESS:$PORT/diag_backup.php | grep "name='__csrf_magic'" | sed 's/.*value="\(.*\)".*/\1/' > csrf.txt wget -d -qO- --keep-session-cookies --load-cookies cookies.txt --save-cookies cookies.txt --no-check-certificate --post-data "login=Login&usernamefld=$USER&passwordfld=$PASS&__csrf_magic=$(cat csrf.txt)" https://$ADDRESS:$PORT/diag_backup.php | grep "name='__csrf_magic'" | sed 's/.*value="\(.*\)".*/\1/' > csrf2.txt wget -d --keep-session-cookies --load-cookies cookies.txt --no-check-certificate --post-data "Submit=download&donotbackuprrd=yes&encrypt=yes&encrypt_password=$ENCSTRING&__csrf_magic=$(head -n 1 csrf2.txt)" https://$ADDRESS:$PORT/diag_backup.php -O $6/config-router-`date +%Y%m%d%H%M%S`.xml echo "done." fi