Backup pfSense with Restorepoint

April 29, 2021

While Restorepoint doesn't support backing up pfSense out-of-the-box, you can configure it as a generic device and back it up over SCP.  Here's how to set it up!

In this example, we'll be using:

  • Restorepoint v5.3
  • pfSense v2.5.1

Configure pfSense

Create Service Account

  1. Login to pfSense's web UI and browse to System > User Manager.
  2. Under Users, click Add.
  3. We'll give this service account user a name and password. For this example, we'll use restorepoint as the username.
  4. Once done, click Save.
  5. When the page reloads, edit the new service account user.
  6. Under Effective Privileges, select Add.
  7. Select the following privileges:
    • User - System: Copy files (scp)
    • User - System: Copy files to home directory (chrooted scp)
    • User - System: Shell account access
  8. Once done, click Save.

Tweak Shell Prompt for Compatibility

Next, we need to tweak the shell prompt because at the time of this writing, with Restorepoint v5.3, a ":" is not recognized as being the "waiting for user to type in command" type of character. Restorepoint is expecting something like ">" or "#" - so let's fix that.

  1. Navigate to Diagnostics > Edit File.
  2. Select Browse and open up /home/restorepoint/.tcshrc.
  3. Update the line that begins with set prompt= to have a "#" at the end.
  4. Once done, click Save.

Configure Restorepoint

  1. Lastly, we can now browse to our Restorepoint instance and login.
  2. Navigate to Devices and select Add Device.
  3. Set the Type to Generic File Copy.
  4. Fill out everything as you would a normal device.
  5. On the Connection tab, set the Protocol to SCP. Then set Filelist to /conf/*. This includes all backups. You can alterantively set this to only backup the current config which can be found at /conf/config.xml.

©2024 Tyler Wright