I'd like to routinely clone my live pfSense 2.0 server for backup purposes. I am a FreeBSD n00b.
What I'm doing now: 1. Manually install pfSense to an identical hardware 2. Backup config file from live machine 3. Restore config file to backup machine
Works OK but is cumbersome, since I have to "clone" the network environment also for the backup server while performing a restore.
Is there a more "elegant" way to do this?
If you have an identical hardware and could find some time for maintence (at night) you could do an image of entire hard drive with clonezilla and restore it on second identical machine. Its much faster than installing and configuring everything manualy.
If you have another machine with you with low resources, then you can configure the pfsense to sync everything with that machine, so all the time you will have 100% synces configuration of pfsense.
Also, i would not recommend clonezilla, as, no doubt it is very good but the thing is that it lack a very important functionality, that you cannot clone a live system, you have to shutdown the system and then clone.
But when PfSense already provides you with a realtime cloning solution with atleast 1 other machine, then why not use it?
I believe the "real time cloning" Frank refers to is actually running a CARP cluster - having a redundant box ready to take over in case of issue with the primary. To do this you need a spare box, as well as a spare IP address on LAN and WAN side for the secondary router, and then another IP for the CAP virtual IP on each side. Works very nicely - state tables are synced so sessions stay open, but first time you fail over Windows 7 / Server 2008 machines will detect a new network due to different MAC address for default gateway, and traffic may stop until the machine is told whether it is a home/work/private network.
You could take an offline image using something like Clonezilla or Acronis. This should work as *nix builds are less fussy about being moved from one box to another than Windows - even on the pfSense forums it's recommended for people having problems installing to remove the hard drive, install with the drive plugged to another machine, then bring the drive back to original machine.
However I've found pfSense installs pretty quick unless you have a massive hard drive. I prefer using the backup/restore functionality mentioned in the question as it means the file restored to backup is much much smaller.
http://doc.pfsense.org/index.php/Remote_Config_Backup suggests to use a wget or a paid account.
To redeploy, install PFSense and restore the configuration from backup.
