OPNsense is a free and open-source firewall and routing platform that provides advanced features such as traffic shaping, VPNs, and intrusion detection. It is essential to backup your configuration in case of a system failure or in the event of needing to restore your settings. The configuration file can be saved in XML format, which is a standard format for storing and exchanging data, making it easy to transfer your settings between systems. You can save the configuration file locally on your PC using a USB stick or remotely in the Google Drive cloud service, which allows you to access your backup from anywhere with an internet connection.
Check out my YouTube channel if you prefer video content over written posts. Here’s the link to the video:
Prerequisites
You will need a Google Account to set up a Google Project and Google API. Create a Google Account.
1. Set up a Google Project
To begin with, you must create a project in the Google Developer Console.
- Visit developer console and log into your Google account.
- Select CREATE PROJECT
- Enter a Project name.
- Select CREATE.
2. Enable the Google Drive API
- Search for Google Drive API.
- Select Google Drive API.
- Make sure OPNSense Config backups is selected if you have multiple projects.
- Select Enable.
3. Create a Service Account
- Search for Service Accounts.
- Select Service Accounts.
- Select CREATE SERVICE ACCOUNT.
- Service account name: Enter a service account name.
- Service account ID: Automatically populates based on service account name.
- Service account description: Enter a description.
- Select DONE when finished.
4. Create a private key in P12 format
- Select Action.
- Select Manage keys.
- Select ADD KEY, then select Create new key.
- Select P12, then select CREATE.
- Save the P12 to a folder. You will upload this key to OPNSense Portal later on.
- Select CLOSE when done.
- Select DETAILS.
- You will need the email for the next step so the BackupAgent can access the Google Drive folder.
- The Unique ID will be the Email Address on the OPNSense Admin Portal.
5. Create a Google Drive Folder
- Open Google Drive. You should be still logged into your Google account, otherwise log in.
- Select New.
- Select New folder.
- Name the folder: OPNSense Backups (or whatever you choose).
- Select Create.
- Select Share.
- Paste the service account BackupAgent into Add people, groups, and calendar events.
- Your Service Account email should look like this: backupagent@opnsense-config-backups-418316.iam.gserviceaccount.com
- Make sure the Editor is selected.
- Select Share.
- Double-click on the folder you created for OPNSense Backups to open the folder.
- Below is the Folder ID you will need to input on OPNSense Admin Portal.
6. Set up the account in OPNsense
- Navigate to System ‣ Configuration ‣ Backups
- Enable: checked.
- Email Address: Client-ID in the Google Cloud console (refer to step 4).
- P12 key: Browse and select the downloaded PK12 Key (refer to step 4).
- Folder ID: Copy and Paste the folder ID from step 5.
- Prefix hostname to backupfile: checked.
- Backup Count: select number of backup (Default is 60).
- Password: Enter and confirm password to encrypt your backup, you will need this password to restore the configuration.
- Select Setup/Test Google Drive.
- If everything is correctly input, you should receive the message below.
- On your Google Drive you should have a new config uploaded to the OPNSense backups folder.
- After set-up, the backup feature will run a first backup of the OPNsense configuration file. Then, if the configuration is subsequently changed, a new backup will be run once daily, early in the morning.
- You may consider specifying additional Cronjobs when more frequent remote backups or remote backups at different times of the day would be required.