Correction #11162
Feedback on Backup and Recovery — Making Backups in the GUI
0%
Description
Page: https://docs.netgate.com/pfsense/en/latest/backup/configuration.html
https://docs.netgate.com/pfsense/en/latest/backup/restore.html
Feedback:
Add:
1) note about the possibility of restoring from a pre-2.5 encrypted backup but not vice versa;
2) command line to decrypt the backup manually:
pre-2.5: `grep -v "config.xml" config-encrypted.xml | base64 -d | openssl enc -d -aes-256-cbc -out dencryptedfile.xml -pass pass:<PASSWORD> -salt -md md5`
2.5: `grep -v "config.xml" config-encrypted.xml | base64 -d | openssl enc -d -aes-256-cbc -out dencryptedfile.xml -pass pass:<PASSWORD> -salt -md sha256 -pbkdf2`
see #9421
History
#1
Updated by Jim Pingle about 1 month ago
Unless I'm misreading the intent here, the first note (point 1) is irrelevant. It has never been possible to restore a new config to an older system. Doesn't matter if it's encrypted or not. Thus, it's not necessary to mention that the new encryption method cannot be read by older systems.
Would be OK to note the commands to manually decrypt the configuration, though, so I'll leave this open for that.
#2
Updated by Jim Pingle about 1 month ago
- Status changed from New to Feedback
Added section on encrypted backups with the commands:
https://docs.netgate.com/pfsense/en/latest/backup/restore.html#encrypted-configuration-files
#3
Updated by Viktor Gurov about 1 month ago
Jim Pingle wrote:
Unless I'm misreading the intent here, the first note (point 1) is irrelevant. It has never been possible to restore a new config to an older system.
This is what I meant and it's better to note it on the page.