pfSense Remote Config Backup (Advanced)

Dec 16, 2016

Based on the original post https://doc.pfsense.org/index.php/Remote_Config_Backup

As of pfSense 2.3, the method to perform a remote config backup has changed. The article above details the multiple requests needed to perform a remote config backup from a terminal however it leaves a bit out and doesn’t give an easy way to backup multiple sites or routers.

I’ve created a bash script which can be used as a tool to download multiple sites and fix a few issues with the original article.
To use, copy the code and save as a shell file (such as backupscript.sh) then chmod +x the script file.
Run the script like this:

./backupscript.sh 192.168.1.1 443 admin ‘pAsSwD’ ‘myEnCKeY’ ~/configbackups

Always make sure to check your config file after you run this script. If the script fails to login, it will still generate a config file but the contents will not be what you expect.

<div>
<p>
#!/bin/bash
#Remote Backup of pfSense 2.3+ config files
#Updated: 2016-12-16
#Requires: wget,sed,grep,head
echo "Remote Backup pfSense 2.3+ config file"
if (( $# != 6 )); then
echo ""
echo "Illegal number of parameters"
echo ""
echo "usage: command [ADDRESS Like 192.168.1.1] [PORT] [USER] '[PASSWORD]' [ENCRYPTIONKEY] [SAVEPATH]"
exit
else

ADDRESS=$1
PORT=$2
USER=$3
PASS=$4
ENCSTRING=$5
SAVEPATH=$6

#Convert password input ampersand character to utf URL Code
PASS=$(echo $PASS | sed -e 's/\&amp;/%26/g')
echo $PASS
read

wget -d -qO- --keep-session-cookies --save-cookies cookies.txt --no-check-certificate https://$ADDRESS:$PORT/diag_backup.php | grep "name='__csrf_magic'" | sed 's/.*value="\(.*\)".*/\1/' &gt; csrf.txt
wget -d -qO- --keep-session-cookies --load-cookies cookies.txt --save-cookies cookies.txt --no-check-certificate --post-data "login=Login&amp;usernamefld=$USER&amp;passwordfld=$PASS&amp;__csrf_magic=$(cat csrf.txt)" https://$ADDRESS:$PORT/diag_backup.php | grep "name='__csrf_magic'" | sed 's/.*value="\(.*\)".*/\1/' &gt; csrf2.txt
wget -d --keep-session-cookies --load-cookies cookies.txt --no-check-certificate --post-data "Submit=download&amp;donotbackuprrd=yes&amp;encrypt=yes&amp;encrypt_password=$ENCSTRING&amp;__csrf_magic=$(head -n 1 csrf2.txt)" https://$ADDRESS:$PORT/diag_backup.php -O $6/config-router-`date +%Y%m%d%H%M%S`.xml
echo "done."
fi

<div>

<p>

#!/bin/bash

#Remote Backup of pfSense 2.3+ config files

#Updated: 2016-12-16

#Requires: wget,sed,grep,head

echo "Remote Backup pfSense 2.3+ config file"

if (( $# != 6 )); then

echo ""

echo "Illegal number of parameters"

echo ""

echo "usage: command [ADDRESS Like 192.168.1.1] [PORT] [USER] '[PASSWORD]' [ENCRYPTIONKEY] [SAVEPATH]"

exit

else

ADDRESS=$1

PORT=$2

USER=$3

PASS=$4

ENCSTRING=$5

SAVEPATH=$6

#Convert password input ampersand character to utf URL Code

PASS=$(echo $PASS | sed -e 's/\&/%26/g')

echo $PASS

read

wget -d -qO- --keep-session-cookies --save-cookies cookies.txt --no-check-certificate https://$ADDRESS:$PORT/diag_backup.php | grep "name='__csrf_magic'" | sed 's/.*value="$.*$".*/\1/' > csrf.txt

wget -d -qO- --keep-session-cookies --load-cookies cookies.txt --save-cookies cookies.txt --no-check-certificate --post-data "login=Login&usernamefld=$USER&passwordfld=$PASS&__csrf_magic=$(cat csrf.txt)" https://$ADDRESS:$PORT/diag_backup.php | grep "name='__csrf_magic'" | sed 's/.*value="$.*$".*/\1/' > csrf2.txt

wget -d --keep-session-cookies --load-cookies cookies.txt --no-check-certificate --post-data "Submit=download&donotbackuprrd=yes&encrypt=yes&encrypt_password=$ENCSTRING&__csrf_magic=$(head -n 1 csrf2.txt)" https://$ADDRESS:$PORT/diag_backup.php -O $6/config-router-`date +%Y%m%d%H%M%S`.xml

echo "done."

Gridstorm

Technology and Network Solutions