Based on the original post https://doc.pfsense.org/index.php/Remote_Config_Backup
As of pfSense 2.3, the method to perform a remote config backup has changed. The article above details the multiple requests needed to perform a remote config backup from a terminal however it leaves a bit out and doesn’t give an easy way to backup multiple sites or routers.
I’ve created a bash script which can be used as a tool to download multiple sites and fix a few issues with the original article.
To use, copy the code and save as a shell file (such as backupscript.sh) then chmod +x the script file.
Run the script like this:
./backupscript.sh 192.168.1.1 443 admin ‘pAsSwD’ ‘myEnCKeY’ ~/configbackups
Always make sure to check your config file after you run this script. If the script fails to login, it will still generate a config file but the contents will not be what you expect.
#!/bin/bash
#Remote Backup of pfSense 2.3+ config files
#Updated: 2016-12-16
#Requires: wget,sed,grep,head
echo "Remote Backup pfSense 2.3+ config file"
if (( $# != 6 )); then
echo ""
echo "Illegal number of parameters"
echo ""
echo "usage: command [ADDRESS Like 192.168.1.1] [PORT] [USER] '[PASSWORD]' [ENCRYPTIONKEY] [SAVEPATH]"
exit
else
ADDRESS=$1
PORT=$2
USER=$3
PASS=$4
ENCSTRING=$5
SAVEPATH=$6
#Convert password input ampersand character to utf URL Code
PASS=$(echo $PASS | sed -e 's/\&/%26/g')
echo $PASS
read
wget -d -qO- --keep-session-cookies --save-cookies cookies.txt --no-check-certificate https://$ADDRESS:$PORT/diag_backup.php | grep "name='__csrf_magic'" | sed 's/.*value="\(.*\)".*/\1/' > csrf.txt
wget -d -qO- --keep-session-cookies --load-cookies cookies.txt --save-cookies cookies.txt --no-check-certificate --post-data "login=Login&usernamefld=$USER&passwordfld=$PASS&__csrf_magic=$(cat csrf.txt)" https://$ADDRESS:$PORT/diag_backup.php | grep "name='__csrf_magic'" | sed 's/.*value="\(.*\)".*/\1/' > csrf2.txt
wget -d --keep-session-cookies --load-cookies cookies.txt --no-check-certificate --post-data "Submit=download&donotbackuprrd=yes&encrypt=yes&encrypt_password=$ENCSTRING&__csrf_magic=$(head -n 1 csrf2.txt)" https://$ADDRESS:$PORT/diag_backup.php -O $6/config-router-`date +%Y%m%d%H%M%S`.xml
echo "done."
fi